Cisco QoS

Jump to: navigation, search

There's lots of talk about Quality of Service (QoS). It lets you adjust traffic flow to give priority to some traffic, and limit others. It's not the magical cure to network issues, that some people think it is. It's more like overdraft protection on your bank account: it's good for those little emergencies, but you do not want to depend on it. If your QoS is constantly adjusting packets to compensate for congestion or high latency, you need a better pipe.

That being said, here's how to set up a basic policy that will optimize various types of traffic.

QoS works on a two step process: classify packets then optimize their flow.

The policies like this get applied to the outbound traffic on the WAN interface of the router on each end of the connection. You need to know what the actual available bandwidth is on the link, not just what it's specified as. If you set the line rate in the policy to be higher than what the usable capacity is, the QoS policy will never kick in. With Cisco, the QoS policy is only activated during times of congestion.

Traffic Classification

Depending on the software revision, you can identify traffic by almost any attribute. In the example below, the class-maps match on packets that have their DSCP values set, or ones that are of a certain protocol. In this case, I'm going by the assumption that the DSCP values are set by the device sourcing the packets (a phone in this example). Remember that I said above that this is applicable to traffic leaving the WAN interface. If a device isn't setting the DSCP values on packets, ingress policies can also be created which will identify packets and set the DSCP accordingly. I'm not going to cover that though.

class-map match-any DSCP-VOICE
 match dscp ef
class-map match-any DSCP-VOICE-SIGNALLING
 match dscp af41
class-map match-any NETWORK-CONTROL
 match protocol ospf
 match protocol snmp
 match protocol icmp
 match protocol telnet

The Inner Policy

There are two policies: inner and outer. The inner policy takes the traffic classes and allocates bandwidth to them. The outer allocates the total amount of bandwidth to the inner policy.

There are multiple actions that can be used when applying bandwidth to a traffic flow:

  • Priority - "Priority" traffic is sent to the egress queue before all other traffic (in kbps). The priority is also a rate limiter, so during congestion, anything in excess of the value will be dropped. You'll want to be sure to have this high enough that you won't cause any packet drops, but not so high that you wont have enough bandwidth for any other traffic classes. That's called "queue starvation".
  • Bandwidth - This is the traffic that's given the second-best treatment. It's given a reserved amount of bandwidth, like priority traffic, but it's packets aren't expedited through the queue. It's allowed to exceed the amount allocated, stealing it from unclassified traffic, providing the priority traffic has already been serviced.
  • Police - This limits the amount of bandwidth a type of traffic can use.
  • Unallocated - This isn't a parameter to configure, it's just the remaining amount of bandwidth that hasn't been assigned. Any unclassified packets get their bandwidth from this remainder.
  priority 1100
  ! Bandwidth values can be in kbps or percentages of the overall bandwidth
  bandwidth 100
  bandwidth 8

The Outer Policy

This policy defines the overall usable bandwidth on the interface in kbps, as it may be less than the interface's physical bandwidth. Note that the sum of the bandwidth values defined in the inner policy must not exceed this value. If you used percentages in the inner policy, they are calculated against this number. Note that it is a shaper, not a policer, so all packets that get queued should get transmitted instead of dropped. It's possible that packets can still time out in the queue due to queue starvation.

The inner policy is embedded in this policy.

policy-map WAN_POLICY
 class class-default
  shape average 1300000
  service-policy CLASSIFY_TRAFFIC

The Interface Config

The last step is to apply it to the WAN interface.

A major problem with high-latency, low-bandwidth links like T1's is that small, time-sensitive VoIP packets get held up behind big data packets that take a long time to send. One solution is to break up the big packets, and interleave the voice packets. This is done by lowering the IP MTU on the WAN interface of the router. Once this is done, big packets that come in to the LAN interface get broken up (fragmented) by the CPU, which mixes in the voice packets according to the priority statements in the QoS policy. 600 bytes is a value I have found that generally works well. Your mileage may vary.

In some cases, it may be necessary to adjust the hardware transmit queue. These commands limit the number of packets that can be in the hardware transmit queue. This gives the CPU more control over which packets are sent over the wire first. This would help in the case where there is already a number of data packets in the hardware queue, but a VoIP packet comes in. This allows the VoIP packet to jump in line at the very last moment.

interface FastEthernet1
 description WAN CONNECTION
 service-policy output WAN_POLICY
 ip mtu 600
 tx-ring-limit 3
 tx-queue-limit 3