If data travels over even a small portion of a network where different policies (or no policies) are applied,
the entire QoS policy is destroyed.
A trust boundary is
the point within the network where markings such as CoS or DSCP begin to be accepted.
the trust boundary must be implemented
at one of three locations in a network as shown:
Endpoint or end system
Trusted endpoints have the capabilities and intelligence to mark
application traffic to the appropriate CoS and/or
and remark traffic
endpoints connected to a switch command
mls qos trust dscp interface command.
if end point is not trusted then boundry should be at the
classification should be done as close to the
network edge as possible.
IP phones are trusted devices while
pcs are not
to discover weather the device can be trusted
Cisco Discovery Protocol (CDP)
Network-Based Application Recognition (NBAR)
classification and protocol discovery feature of Cisco IOS
software that recognizes a wide variety of applications, including
web-based applications and client/server applications that dynamically
assign TCP or UDP port numbers.
the ability to guarantee bandwidth
to critical applications, limit bandwidth to other applications, drop
selective packets to avoid congestion, and mark packets appropriately
so that the network and the service provider's network can provide QoS
from end to end.
. NBAR ensures that network bandwidth is used
efficiently by classifying packets and
then applying QoS to the classified traffic.
NBAR performs the following two functions:
Identification of applications and protocols (Layer 4 to Layer 7)
NBAR introduces several new classification features that
identify applications and protocols from Layer 4 through Layer 7:
Statically assigned TCP and UDP port
Non-UDP and non-TCP IP protocols.
Dynamically assigned TCP and UDP port
NBAR includes a Protocol Discovery feature that
provides an easy way to discover application protocols that are transversing an interface.
Protocol Discovery maintains the following
per-protocol statistics for enabled interfaces:
Total number of input and output packets and bytes
Input and output bit rates
Packet Description Language Module (PDLM)
that can be loaded at run time to extend the NBAR list of recognized protocols. PDLMs can also be used
to enhance an existing protocol-recognition capability
You must enable Cisco Express Forwarding (CEF) before you configure
NBAR cannot support the following:
More than 24 concurrent URLs, hosts, or
Multipurpose Internet Mail Extension (MIME)-type matches
Matching beyond the first 400 bytes in a
Multicast and switching modes other than
URL, host, or MIME classification with
Packets originating from or destined to
the router running NBAR
NBAR is not supported on Fast EtherChannel,
but is supported on
Gigabit Ethernet interfaces.
Interfaces configured to use tunneling or
do not support NBAR;that is, you cannot use NBAR to
classify output traffic on a WAN link where tunneling or encryption is
NBAR looks into the TCP/UDP payload itself and classifies packets on content within the
payload such as transaction identifier, message type, or
other similar data.
HTTP URL matching in NBAR supports most HTTP request methods such as
GET, PUT, HEAD, POST, DELETE, and TRACE
NBAR protocal discovery provides an easy way to discover
application portocals transmitting on the interface
NBAR protocal discoverycan be applied to an interface
to monitor both input and output traffic
Modular QoS CLI
simple configuration manual configured.
deeper packet recgnition
NBAR can classify applications that use:
Statically assigned TCP and UDP port numbers
Non-UDP and non-TCP IP protocols
Dynamically assigned TCP and UDP port numbers negotiated during connection establishment (requires stateful inspection)
Subport and deep packet inspection classification
Can customize TCP and UDP port numbers to an application
Packet Description Language Module
§PDLMs allow NBAR to recognize new protocols
matching text patterns in data packets without requiring a new Cisco IOS
software image or a router reload.
§An external PDLM can be loaded at run time to
extend the NBAR list of recognized protocols.
§PDLMs can also be used to enhance an existing
protocol recognition capability.
§PDLMs must be produced by Cisco engineers.
look at 250/424 4.2.3
NBAR get statistics from
polling Simple Network Management Protocol (SNMP) statistics from the NBAR Protocol Discovery
(PD) Management Information Base (MIB).
NBAR Protocol Discovery
Analyzes application traffic patterns in real
time and discovers which traffic is running on the network
Provides bidirectional, per-interface, and per-protocol statistics
Important monitoring tool supported by Cisco QoS
Generates real-time application statistics
Provides traffic distribution information at key network locations
NBAR Protocol Discovery can be applied to
interfaces and can be used to monitor both
input and output traffic.helps in defining QoS classes and policies
he NBAR feature has two components:
One component monitors applications traversing a network.
The other component classifies traffic by protocol.
Steps for Configuring NBAR for Static Protocols
Enable NBAR Protocol
Configure a traffic class.
Configure a traffic policy.
Attach the traffic policy
to an interface.
Enable PDLM if needed.
Steps for Configuring Stateful NBAR for Dynamic Protocols
Configure a traffic class.
Configure a traffic policy.
Attach the traffic policy to an
The ability of NBAR to classify traffic by protocol and then apply QoS to that traffic uses
the MQC class map match criteria.
Real-Time Transport Protocol (RTP) consists
of a data part and a control part.
The data part of RTP is a
thin protocol providing support for applications with real-time properties (such as continuous media [audio
and video]), which includes timing reconstruction, loss detection, and security and content identification.
NBAR RTP payload classification not only allows you to
statefully identify real-time audio and video traffic, but it also can differentiate on the basis of audio and video codecs to provide more granular QoS.
can occur at any point in the network where
there are points of speed mismatches or aggregation
manages congestion to provide bandwidth and delay guarantees.
to sort the traffic and then determine some method of prioritizing it onto an output link.
Speed mismatches are the most common reason for
Speed mismatches are the most typical cause of congestion.
•Possibly persistentwhen going from LAN to WAN.
•Usually transient when going from LAN to LAN.
in WANs when multiple remote sites feed into a central
a congestion-management mechanism that allows you to control congestion on interfaces.
designed to accommodate temporary congestion on an interface of a network device by storing excess
packets in buffers until bandwidth becomes available.
Complex queuing generally happens on
outbound interfaces only. A router queues packets it sends out an interface.
First-in, first-out (FIFO)
Priority queuing (PQ)
Weighted round robin (WRR)
first-out; the simplest algorithmPriority queuing
(PQ): Allows traffic to be prioritizedRound robin:
Allows several queues to share bandwidthWeighted round
robin (WRR): Allows sharing of bandwidth with prioritization
First packet in is first packet out
Simplest of all
All individual queues are FIFO
all interfaces except serial interfaces at E1 (2.048 Mbps) and below use
FIFO by default.
Serial interfaces at E1 (2.048 Mbps) and below
use weighted fair queuing (WFQ) by default.
§Uses multiple queues
§Always empties first queue before going to
the next queue:
§Empty queue number 1.
§If queue number 1 is empty, then dispatch one
packet from queue number 2.
§If both queue number 1 and queue number 2 are
empty, then dispatch one packet from queue number 3.
§Queues number 2 and number 3 may “starve”
PQ gives priority queues absolute preferential
A priority list is a set of rules that describe how packets
should be assigned to priority queues
Keepalives sourced by the network server are always assigned to the
PQ provides absolute preferential treatment to
high-priority traffic, ensuring that mission-critical traffic traversing various WAN links gets priority treatment
PQ introduces extra
Round robin refers to an
arrangement that involves choosing all elements in a group equally in some rational order, usually starting from the top to the bottom of a list and then starting again at the top of the list and so on.
Round Robin Queuing
Uses multiple queues
Dispatches one packet from each queue in each round:
One packet from
queue number 1
One packet from
queue number 2
One packet from
queue number 3
Weighted Round Robin Queuing
§Assign a weight to each queue
§Dispatches packets from each queue
proportionately to an assigned weight:
§Dispatch up to four from
queue number 1.
§Dispatch up to two from
queue number 2.
§Dispatch 1 from
queue number 3.
§Go back to queue number 1.
weighted round robin (WRR) algorithm provides
prioritization capabilities for round-robin queuing
drawbacks of WRR queuing
it does not allocate bandwidth accurately
ratio between the byte count and the MTU is too large, WRR queuing will cause long delays.
Problem with WRR:
Some implementations of WRR dispatch a configurable number of bytes (threshold) from each queue for each round—several packets can be sent in each turn.
The router is allowed to send the entire packet even if the sum of all bytes is more than the threshold.
Router Queuing Components
Hardware queue: Uses FIFO strategy,
which is necessary for the interface drivers to transmit packets one by one. The hardware queue is sometimes referred to as the transmit
Software queuing system: Schedules
packets into the hardware queue based on the quality of service (QoS) requirements.
Router queuing is needed bc
The input interface is faster than the output interface.
The output interface is receiving packets from multiple other interfaces.
The software queue activates
only when data must wait to be placed into the hardware queue.
The hardware queue (transmit queue) is a
final interface FIFO queue that holds frames to be immediately transmitted by the physical interface
The Software Queue
Generally, a full hardware queue indicates
interface congestion, and software queuing is used to manage it.
When a packet is being forwarded, the router
will bypass the software queue if the hardware queue has space in it (no congestion).
Reducing the size of the hardware queue has
It reduces the maximum amount of time that packets wait in the FIFO queue before being transmitted.
It accelerates the use of QoS in Cisco IOS software.
Improper tuning of the hardware queue may produce undesirable results:
A long transmit queue may result in poor performance of the software queuing system.
A short transmit queue may result in a large number of interrupts, which causes high CPU utilization and
low link utilization.
The Hardware Queue
§Routers determine the length of the hardware
queue based on the configured bandwidth of the interface.
§The length of the hardware queue can be
adjusted with the tx-ring-limit command.
Congestion on Software Interfaces
Subinterfaces and software interfaces (dialers, tunnels, Frame Relay subinterfaces) do not have their own
separate transmit queue.
Subinterfaces and software interfaces congest when the transmit queueof their main hardware interface congests.
The tx-ring state (full, not-full) is an indication of hardware interface congestion.
The terms “TxQ” and “tx-ring” both describe the hardware queue and are interchangeable.
Weighted Fair Queuing (WFQ)
A queuing algorithm should share the bandwidth fairly among flows by:
Reducing response time for
interactive flows by scheduling them to the front of the queue
Preventing high-volume flows ( shares flow) from monopolizing an interface
Weighted Fair Queuing (WFQ)
Reducing response time for interactive flows by scheduling them to the front of the queue
Preventing high-volume flows from monopolizing an interface
In the WFQ implementation, conversations are sorted into flows and transmitted by the
order of the last bit crossing its channel
Unfairness is reinstated
by introducing weight to give proportionately more bandwidth to flows with
higher IP precedence
WFQ is a dynamic scheduling method that provides
fair bandwidth allocation to all network traffic.
weights to identified traffic, classifies traffic into flows,
determines how much bandwidth each flow is allowed, relative to other
WFQ allows you to give low-volume traffic, such as Telnet sessions,
priority over high-volume traffic, such as FTP sessions.
concurrent file transfers balanced use of link capacity; that is, when
multiple file transfers occur,
The WFQ method works as the default
queuing mode on serial interfaces configured to run at or below E1
speeds (2.048 Mbps)
WFQ provides the solution for situations
to provide consistent response times to heavy
and light network users alike, without adding excessive bandwidth
WFQ can manage duplex data flows,
WFQ classification has to identify
from the IP header and the TCP or User Datagram Protocol (UDP) headers:
Source IP addressDestination IP addressProtocol number (identifying TCP or
UDP)Type of service fieldSource TCP or UDP port numberDestination TCP or UDP port number
WFQ uses a fixed number of queues. The
hash function is used to assign a queue to a flow. There are eight
additional queues for system packets and optionally up to 1000 queues
for Resource Reservation Protocol (RSVP) flows. The number of dynamic
queues that WFQ uses by default is based on the interface bandwidth.
With the default interface bandwidth, WFQ uses 256 dynamic queues
WFQ uses the following two parameters that affect
the dropping of packets:
The congestive discard threshold (CDT) is used to start dropping
packets of the most aggressive flow, even before the hold-queue limit
The hold-queue limit defines the maximum number of packets that can be
held in the WFQ system at any time.
There are two exceptions to the WFQ insertion and drop policy:
If the WFQ system is above the CDT limit, the packet is still enqueued
if the specific per flow queue is empty.
The dropping strategy is not directly influenced by IP precedence.
§A fixed number of per-flow queues is
§A hash function is used to translate flow
parameters into a queue number.
§System packets (eight queues) and RSVP flows
(if configured) are mapped into separate queues.
§Two or more flows could map into the same
queue, resulting in lower per-flow bandwidth.
number of queues configured should be significantly larger than the expected
number of flows.
benifites and draw backs of wfq
configuration (no manual classification is necessary) and guarantees
throughput to all flows. It drops packets of the most aggressive flows.
Because WFQ is a standard queuing mechanism, most platforms and most
Cisco IOS versions support WFQ
Multiple flows can end up in a single queue.
WFQ does not allow a network engineer to
manually configure classification. Classification and scheduling are
determined by the WFQ algorithm.
WFQ is supported only on links with a
bandwidth less than or equal to 2 Mb.
WFQ cannot provide fixed guarantees to
Cisco routers automatically enable WFQ on all interfaces that have a
default bandwidth of less than 2.048 Mbps