BRKCRS 2501 PDF

Campus QoS Design-Simplified
Tim Szigeti, Principal Engineer - Technical Marketing

BRKCRS-2501
Agenda
• Campus QoS Design Considerations and Best Practices
• Cisco Catalyst 2960-X QoS Design
• Cisco Catalyst 3650/3850 QoS Design
• Cisco Catalyst 4500 QoS Design
• Cisco Nexus 7000/7700 QoS Design
• Campus WLAN QoS Design Considerations and Best Practices
• Cisco IOS XE WLC AVC/QoS Design
• Cisco AireOS WLC AVC/QoS Design
• What are we doing to make this simpler?

• Summary and References
Campus QoS Design
Considerations and Best Practices
What Do You Consider First?
BRKRST-2056: The QoS Paradigm Shift

https://cisco.box.com/s/8izevlg4k6gaggh3cmrc16lugm6sdr8y
https://www.ciscolive.com/online/connect/sessionDetail.ww?SESSION_ID=83633&backBtn=true
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Start by Defining Your QoS Strategy
Articulate Your Business Intent, Relevant Applications and End-to-End Strategy
https://cisco.box.com/s/rprjqxtyzqvrbyy8keazk1gntefaxvql
BRKCRS-2501 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 6
The Case for Campus QoS
• The primary role of QoS in campus networks is to manage packet loss

• In campus networks, it takes only a few milliseconds of congestion to cause drops
• Rich media applications are extremely sensitive to packet drops
• Queuing policies at every node can prevent packet loss for real-time apps
• The secondary role of QoS in campus networks is to condition traffic at the access
edge, which can include any of the following:
• Trust
• Classify and Mark
• Police
Why Is Video So Sensitive to Packet Loss?
1920 lines of Vertical Resolution (Widescreen Aspect Ratio is 16:9)
1080p60
1080 lines of Horizontal Resolution
1080 x 1920 lines =
2,073,600 pixels per frame
x 24 bits of color per pixel
x 60 frames per second
= 2,985,984,000 bps
or 3 Gbps Uncompressed!
Cisco (H264/H.265) codecs transmit 3-5 Mbps per 1080p60 video stream
which represents over 99.8% compression (~ 1000:1)
Packet loss is proportionally magnified by compression ratios
Users can notice a single packet lost in 10,000—
Making HD Video One Hundred Times More Sensitive to Packet Loss than VoIP!
VoIP vs. HD Video—At the Packet Level
Voice Packets Video Packets
1400 1400
Video Video Video
Frame Frame Frame
1000 1000
Bytes
600 Audio 600

Samples
200 200
Time
20 msec 33 msec
Campus QoS Design Considerations
How Long Can Queue-Buffers Accommodate Line-Rate Bursts?
GE Linecard Example Begin dropping at 11 ms
but overall utilization is only 1%!
140
Gbps Line Rate GE Linecard Example (WS-X6148)
120
100 Total Per-Port Buffer: 5.4 MB
KBytes Per ms
80
60 Total Per-Queue Buffer*: 1.35 MB
40
20 Gbps Line Rate: 1 Gbps = 125 MB/s
0 or 125 KB/ms
50
10
90
490
570
130
170
210
250
290
330
370
410
450
530
610
650
690
730
770
810
850
890
930
970
Total Per-Queue Buffering Capacity: 10.8 ms
ms
*Assuming (4) equal-sized queues

1 second
How Long Can Queue-Buffers Accommodate Line-Rate Bursts?
10-GE Linecard Example Begin dropping at 9 ms
but overall utilization is still only 1%!
1400
1200
10 Gbps Line Rate 10 GE Linecard Example (WS-X6908)
1000
Total Per-Port Buffer: 90 MB
KBytes Per ms
800
600
Total Per-Queue Buffer*: 11.25 MB
400
200
Gbps Line Rate: 10 Gbps = 1.25 GB/s
0
or 1250 KB/ms
10
50
90
130
170
210
250
290
330
370
410
450
490
530
570
610
650
690
730
770
810
850
890
930
970
Total Per-Queue Buffering Capacity: 9.0 ms
ms
*Assuming (8) equal-sized queues

1 second
Oversubscription in the Campus GE Link
10GE Link
40GE Link
10GE Link
40GE Link
x 11
10GE Link
40GE Link
10GE Link
40GE Link
Know Your Tools
• Catalyst and Nexus switch hardware
• Software and Syntax
• Global Default QoS Settings
• Trust States and Conditional Trust
• Logical vs. Physical Interface QoS
• Network Based Application Recognition (NBAR2)
• Domain Name System—Authoritative Source (DNS-AS)
• Ingress and Egress Queuing Models
Economy
Hardware Varies
American Version
2016 Cisco Live Las Vegas
Utility
Performance
Economy
Hardware Varies
Italian Version
2015 Cisco Live Milan
Utility
Performance
Economy
Hardware Varies
German Version
2017 Cisco Live Berlin
Utility
Performance
Economy
Hardware Varies
Canadian Version
2015 Cisco Connect Toronto
Utility
Performance
Software and Syntax Variations
• Catalyst 2960-X / 3560 / 3750 are the last platforms to use Multilayer Switch QoS (MLS QoS)
• QoS is disabled by default and must be globally enabled with mls qos command
• Once enabled, all ports are set to an untrusted port-state
• Catalyst 3650/3850 and 4500 use IOS Modular QoS Command Line Interface (MQC)
• QoS is enabled by default
• All ports are trusted at layer 2 and layer 3 by default
• Catalyst 6500/6800 use Cisco Common Classification Policy Language (C3PL) QoS
• QoS is enabled by default (Sup2T) – Disabled by default (Sup720)
• C3PL presents queuing policies similar to MQC, but as a defined “type” of policy
• Nexus 7000/7700 use NX-OS QoS

• QoS is enabled by default
• NX-OS presents queuing policies similar to MQC, but as a defined “type” and with default class-map names
Trust Boundary
Trust Boundaries Untrusted / User-Administered Devices

no mls qos trust
Trust Boundary
The trust boundary is the edge where

• Layer 2 (CoS / UP) and/or
• Layer 3 (DSCP) Trusted Centrally-Administered Devices
mls qos trust dscp
markings are accepted or rejected
Trust Boundary
Centrally-Administered &
Conditionally-Trusted Devices
mls qos trust device
• cisco-phone
• cts
• ip-camera
© 2017 Cisco and/or its•affiliates.
media-player
All rights reserved. Cisco Public
Conditional Trust
Trust Boundary Extension to Cisco Devices If a Cisco IP Phone is detected then
Access Switch CoS-to-DSCP the trust boundary extends to the IP
Phone
Mapping Table
CoS 7  DSCP CS7 (56)
CoS 6  DSCP CS6 (48) The IP Phone sets CoS for Voice and
IP Phone CoS 5  DSCP EF (46)* Signaling and resets all else to 0
CoS Mapping Table CoS 4  DSCP CS4 (40)
CoS 6-7  CoS 0 CoS 3  DSCP CS3 (24)
The access switch maps CoS-to-
Voice  CoS 5 CoS 2  DSCP CS2 (16) DSCP
Signaling  CoS 3 CoS 1  DSCP CS1 (8)
CoS 0-4  CoS 0 CoS 0  DSCP DF (0)
* Non-Default Mapping
Trust Boundary
Policy Enforcement Points (PEPs)
• The Policy Enforcement Point (PEP) is the edge where classification and marking policies are enforced
• The PEP may or may not be the same as the trust boundary
• Multiple PEPs may exist for different types of network devices
• e.g. switch PEP vs. router PEP
Note: For the sake of simplification, in this deck PEP will refer to
Trust Boundary
classification and marking policy enforcement points (only)
Switch Router and will not include other policy enforcement points (e.g. queuing).
PEP PEP
Per-Port QoS vs. Per-VLAN QoS
Per-VLAN QoS
Per-Port QoS
Policy map is applied to the
logical VLAN interface
VLAN Interfaces VLAN Interfaces
VLAN 10 VLAN 20 VLAN 10 VLAN 20
Physical Ports Physical Ports
Policy map is applied to the interface gig 1/1-48

physical switch port mls qos vlan-based
interface Vlan 10
interface gig 1/1-48
service-policy input MARKING
Per-Port/Per-VLAN QoS
VLAN Interfaces
DVLAN 10
VVLAN 110
DVLAN policy map is applied Trunked Physical Ports

to the Data VLAN (only)
on a given trunked switch port VVLAN policy map is applied
to the Voice VLAN (only)
on a given trunked switch port
Network Based Application Recognition (NBAR)
Business
applications types
of services
Content types of
services
Multi-Media &
Communications
services
SMB Commercial Enterprise Service Provider
NBAR2 Scale & Performance Improvements
40% performance improvement in just 2 releases
NBAR2 Packet Processing
5%
Fast-Path
Processed
95%
Measured on EMIX (SFR) benchmark NBAR2 Protocol-Discovery runs in Line Rate
Supported platforms: ISR-G2 (86x, 88x, 89x, 19xx, 29xx, 39xx), ISR 44xx, ASR1000, CSR 1000V,
WLC (2508, 8500, 7500, 55xx, 5760, 3850/5760 (AP based), IOS AP
ASA-CX
DNS-Authoritative Source (DNS-AS)
What is DNS-AS?
• Application visibility end-to-end in the network

• Light-weight application detection process
• A scalable means of identifying encrypted & cloud applications
• An efficient means to distribute application metadata
• No client software requirement
• Simplified end-to-end policy enforcement
DNS Lookup
DNS+Lookup:
TXT Record Request:
mail.timco.com
mail.timco.com
DNS-AS Operation TXT Record:
DNS A-Record:
172.16.0.7
mail.timco.com is 172.16.0.7
mail.timco.com
App ID = 378
1) Client requests a DNS Lookup App Class: BULK-DATA
Business Relevance: YES
2) Access Switch examines the DNS request
DNS
Server App
3) Internal DNS Server returns a DNS response (A-Record) Internal Server
Network
4) Access Switch requests application metadata information by
generating its own DNS query
5) Internal DNS Server returns application metadata
(A-Record + TXT Record)
6) Access Switch maintains a Binding Table of application metadata
IP Address PTR App-ID App-Class Business-

Relevance
172.16.0.7 mail.timco.com 378 Bulk Data YES
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 30
DNS Lookup:
mail.timco.com
DNS-AS Operation
1) Client requests a DNS Lookup
DNS
Server App
Internal Server
Network
DNS Lookup:
mail.timco.com
DNS-AS Operation

DNS
Server App
Internal Server
Network
DNS Lookup:
mail.timco.com
DNS-AS Operation
DNS A-Record:

DNS
Server App
Network
DNS Lookup
DNS+Lookup:
TXT Record Request:
mail.timco.com
mail.timco.com
DNS-AS Operation
DNS A-Record:

DNS
Server App
Network
DNS Lookup
DNS+Lookup:
TXT Record Request:
mail.timco.com
mail.timco.com
DNS A-Record:
172.16.0.7
mail.timco.com
App ID = 378
DNS
Server App
Network
DNS Lookup
DNS+Lookup:
TXT Record Request:
mail.timco.com
mail.timco.com
DNS A-Record:
172.16.0.7
mail.timco.com
App ID = 378
DNS
Server App
Network
6) Access Switch maintains a Binding Table of application metadata
IP Address PTR App-ID App-Class Business-

Relevance
172.16.0.7 mail.timco.com 378 Bulk Data YES
Campus Ingress QoS Models
No Trust (Untrusted)
Trust DSCP
Trust CoS
Trust Device / Conditional Trust
(if required and supported)

Ingress Queuing Policies
Marking Policies (Optional) Policing Policies
VVLAN Yes
VoIP Classifier Mark EF VoIP Policer (<128 kbps) No
Drop
Yes
Signaling Classifier Mark CS3 Signaling Policer (<32 kbps) No
Drop
Yes
Multimedia Conferencing Classifier
Mark AF41 MM-Conf Policer (<5 Mbps) No
Drop
DVLAN Yes
Signaling Classifier Mark CS3 Signaling Policer (<32 kbps) No
Drop
Yes
Transactional Data Classifier Mark AF21 Trans-Data Policer (<10 Mbps) No
Remark to CS1
Yes
Bulk Data Classifier Mark AF11 Bulk Data Policer (<10 Mbps) No
Remark to CS1
Yes
Scavenger Classifier Mark CS1 Scavenger Policer (<10 Mbps) No
Drop
Yes
Best Effort (Class-Default) Mark DF Best Effort Policer (<10 Mbps) No
Remark to CS1
Catalyst Hardware Queuing
1P3Q1T Example
1 Priority Queue
1P BRKCRS-2501 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 38
1P3Q1T Example
1 Priority Queue
3 Non-Priority
Queues
1P3Q BRKCRS-2501 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 39
1P3Q1T Example
Each queue has 1 Drop Threshold
1 Priority Queue
(the tail of the queue)
3 Non-Priority
Queues
1P3Q1T
1P3Q1T Example
Interrupt
Resume
Scheduling
Weighted Tail Drop (WTD) Operation
3T WTD Example
Tail Front
of of
Queue Queue
Direction
of
Packet
Flow
Red Minimum WTD Threshold 1:

Begin tail dropping red packets
Yellow Minimum WTD Threshold 2:

Begin tail dropping yellow packets
Tail of Queue is WTD Threshold 3

Weighted Random Early Detect (WRED) Operation
4T WTD Example
Tail Front
of of
Queue Queue
Direction
of
Packet
Flow
AF13 Minimum WRED Threshold:
Begin randomly dropping AF13 Packets


Maximum WRED Thresholds for AF11, AF12 and AF13 are set to the tail of the queue in this example
EtherChannel QoS
• EtherChannels are comprised of logical (Port-Channel) interfaces and physical
(port-member) interfaces
• Ingress QoS policies are usually applied to the logical interfaces (but not always)
• Egress QoS policies (such as queuing) are always applied to the physical port-
member interfaces
Platform QoS Policies Applied to the QoS Policies Applied to the
(Logical) Port-Channel (Physical) Port-Member
Interface Interfaces
Catalyst 2960-X  Ingress & Egress
Catalyst 3650/3850  Ingress & Egress
Catalyst 4500  Ingress  Egress
Catalyst 6500  Ingress  Egress
Cisco Nexus 7000/7700  Ingress & Egress
Campus QoS Design Best Practices
• Always perform QoS in hardware rather than software when a choice exists
• Classify and mark applications as close to their sources as technically and
administratively feasible
• Police unwanted traffic flows as close to their sources as possible
• Enable queuing policies at every node where the potential for congestion exists
Campus Port QoS Roles
Untrusted Endpoint:
• Port Set to Untrusted State
(or Explicit Policy to Mark to DSCP 0)
• [Optional Ingress Marking and/or Policing]
• [Ingress and] Egress Queuing
Trusted Port
• Trust DSCP
Conditionally-Trusted Endpoint
(Default on all non-MLS QoS platforms)
• Conditional-Trust with Trust-CoS or DSCP
• [Ingress and] Egress Queuing
• [Optional Ingress Marking and/or Policing]
• [Ingress and] Egress Queuing BRKCRS-2501 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 46
Campus QoS Design—At-A-Glance
https://cisco.box.com/s/55ckd6hbpjj8b1q2ok67mxyc73mldnwp
Agenda

Cisco Catalyst 2960-X
QoS Design
Catalyst 2960-X
QoS Roles in the Campus Access
No Trust +
Ingress Queuing +
Egress Queuing
Trust DSCP +
Ingress Queuing +
Egress Queuing
Conditional Trust +
Ingress Queuing +
C2960-X Egress Queuing
Access
Switch Classification/Marking +
[Optional Policing] +
Distribution Ingress Queuing +
Switches Egress Queuing
Catalyst 2960-X Note: Catalyst 2960-X is QoS compatible with
QoS Design Steps the Catalyst 3560 & 3750, with the following
exceptions:
1. Enable QoS • The Catalyst 3560 & 3750 support ingress
queuing policies, but the 2960-X does not.
2. Configure Ingress QoS Model(s): • Similarly, the Catalyst 3560 & 3750 support
 Trust Models VLAN-based QoS policies, but the 2960-X
 Conditional Trust Model does not.
 Service Policy Models
Note: Catalyst 2960-X must be running a LAN
3. Configure Egress Queuing Base image to support the following QoS
features
• Policy maps
• Policing & marking
• Mapping tables
• Weighted Tail Drop (WTD)
Catalyst 2960-X
Enabling QoS and Trust Models
Enabling QoS:
mls qos Shaded commands are global
Trust-CoS Model Example:

mls qos map cos-dscp 0 8 16 24 32 46 48 56 Key commands/parameters in RED
mls qos trust cos Highlighted commands are interface specific
Trust-DSCP Model Example:

mls qos trust dscp Note: CoS 5 which is explicitly mapped to DSCP 46
Conditional-Trust Model Example:

mls qos trust device cisco-phone [or]
mls qos trust device cts Note: Only one type of device may be configured at a time
[or]
mls qos trust device ip-camera [or]
mls qos trust device media-player
Catalyst 2960-X
Conditional Trust Model Example
Conditional Trust Policy to a Cisco IP Phone:

mls qos map cos-dscp 0 8 16 24 32 46 48 56
mls qos trust device cisco-phone
mls qos trust cos Note: All CoS-to-DSCP values are left at default
(DSCP = CoS * 8)
Except for CoS 5 which is explicitly mapped to DSCP 46

(Expedite Forwarding/EF, per RFC 3246 & 4594).
CoS must be
matched as Cisco IP
Phones only remark
at Layer 2
Catalyst 2960-X
Marking Policy Model Example
class-map match-all VOIP policy-map MARKING-POLICY
match access-group name VOIP class VOIP
class-map match-all MULTIMEDIA-CONFERENCING set dscp ef
match access-group name MULTIMEDIA-CONFERENCING class MULTIMEDIA-CONFERENCING
class-map match-all SIGNALING set dscp af41
match access-group name SIGNALING class SIGNALING
class-map match-all TRANSACTIONAL-DATA set dscp cs3
match access-group name TRANSACTIONAL-DATA class TRANSACTIONAL-DATA
class-map match-all BULK-DATA set dscp af21
match access-group name BULK-DATA class BULK-DATA
class-map match-all SCAVENGER set dscp af11
match access-group name SCAVENGER class SCAVENGER
set dscp cs1
class class-default
set dscp default
service-policy input MARKING-POLICY
Note: Remarking is performed by configuring a
policed-DSCP map with the global configuration
command mls qos map policed-dscp, which
Catalyst 2960-X specifies which DSCP values are subject to
remarking if out-of-profile and what value these
should be remarked as.
Marking & Policing Policy Example
In this example exceeding:
• Best Effort (DSCP 0)
mls qos map policed-dscp 0 10 18 to 8 • Bulk (AF11 / DSCP 10)
• Transactional Data (AF21 / DSCP 18)
[class-maps omitted for brevity] are remarked to Scavenger (CS1 / DSCP 8).
policy-map MARKING&POLICING
class VVLAN-VOIP [continued]
set dscp ef class BULK-DATA
police 128k 8000 exceed-action drop set dscp af11
class VVLAN-SIGNALING police 10m 8000 exceed-action policed-dscp-transmit
set dscp cs3 class SCAVENGER
police 32k 8000 exceed-action drop set dscp cs1
class MULTIMEDIA-CONFERENCING police 10m 8000 exceed-action drop
set dscp af41 class DEFAULT
police 5m 8000 exceed-action drop set dscp default
class SIGNALING police 10m 8000 exceed-action policed-dscp-transmit
set dscp cs3 service-policy input MARKING&POLICING
police 32k 8000 exceed-action drop
class TRANSACTIONAL-DATA
set dscp af21
police 10m 8000 exceed-action policed-dscp-transmit
…
Catalyst 2960-X
1P3Q3T Egress Queuing Model
Application DSCP 1P3Q3T
Network Control (CS7) AF1 Q4T2

Queue 4
CS1 (5%) Q4T1
Internetwork Control CS6
VoIP EF Default Queue

DF
Broadcast Video CS5 Queue 3 (35%)
Multimedia Conferencing AF4 CS7 Q2T3
Realtime Interactive CS4 CS6
Multimedia Streaming AF3 CS3 Q2T2

Queue 2
Signaling CS3 AF4 (30%) Q2T1
Transactional Data AF2 AF3
Network Management CS2 AF2

CS2
Bulk Data AF1
EF
Scavenger CS1 Q1
CS5
Best Effort DF Priority Queue
CS4
Catalyst 2960-X
Note: The Catalyst 2960-X can also be
1P3Q3T Egress Queuing Model Config—Part 1 of 2 configured to use an 8-queue model; however
this model is NOT supported in a stack, nor is
it supported if AutoQoS is enabled.
! This section configures egress buffers and thresholds

mls qos queue-set output 1 buffers 15 30 35 20 Allocates buffers to Q1, Q2, Q3 and Q4
(respectively)
mls qos queue-set output 1 threshold 1 100 100 100 100
mls qos queue-set output 1 threshold 4 60 100 100 400 Each queue has 4 thresholds:
• WTD Threshold 1
! This section configures egress CoS-to-Queue mappings • WTD Threshold 2
mls qos srr-queue output cos-map queue 1 threshold 3 4 5 • Reserved Threshold—buffers that may NOT
mls qos srr-queue output cos-map queue 2 threshold 1 2 be shared with adjacent port-queues
• Maximum Threshold—maximum amount of
mls qos srr-queue output cos-map queue 2 threshold 2 3 buffers may be borrowed from common buffer
mls qos srr-queue output cos-map queue 2 threshold 3 6 7 pools (if available)
mls qos srr-queue output cos-map queue 3 threshold 3 0
mls qos srr-queue output cos-map queue 4 threshold 3 1
If the packet enters the switch on a port that is set
to trust cos then these CoS-to-Queue mappings
will be used to determine how the packet is
queued on egress
Catalyst 2960-X
1P3Q3T Egress Queuing Model Config—Part 2 of 2 If the packet enters the switch on a port
that is set to trust dscp then these
! This section configures egress DSCP-to-Queue mappings DSCP-to-Queue mappings will be used to
determine how the packet is queued on
mls qos srr-queue output dscp-map queue 1 threshold 3 32 40 46 egress
mls qos srr-queue output dscp-map queue 2 threshold 1 16 18 20 22
mls qos srr-queue output dscp-map queue 2 threshold 1 26 28 30 34 36 38
mls qos srr-queue output dscp-map queue 2 threshold 2 24
mls qos srr-queue output dscp-map queue 2 threshold 3 48 56
mls qos srr-queue output dscp-map queue 4 threshold 2 10 12 14
! This section configures interface egress queuing parameters

queue-set 1
srr-queue bandwidth share 1 30 35 5
priority-queue out
Enables the PQ Allocates bandwidth to each queue by means of a WRR weight.

Q1 weight is ignored, as it’s operating as a PQ
Catalyst 2960-X
EtherChannel QoS Design
All QoS policies are configured on the physical port-member interfaces only

(Logical) Port-Channel Interface (Physical) Port-Member Interfaces
Catalyst 2960/3560/3750  Classification & Marking (Ingress)
and Queuing (Egress)
Catalyst 2960-X QoS Design At-A-Glance
https://cisco.box.com/s/piu1vbsrg1vrnavemvqqlvwq9xqji64x
Catalyst 3650/3750 QoS Design At-A-Glance
https://cisco.box.com/s/zh9b5k1sqh91pp96rb27vwiotlu8ypdf
Agenda

Cisco Catalyst 3650/3850
QoS Design
Catalyst 3650/3850
QoS Roles in the Campus Access
No Trust +
Egress Queuing
Trust DSCP +
C3650/3850 Egress Queuing
Access
Switch Conditional Trust +
Egress Queuing
Classification/Marking +
[Optional Policing] +
Egress Queuing
Wireless Per-Port / Per-SSID / Per-Client Policies:

[Optional: Classification/ Marking]
[Optional: Policing]
Distribution 2P2Q+AFD Egress Queuing
Switches
Catalyst 3650/3850
QoS Design Steps
1. Configure Ingress QoS Model(s):
 Trust DSCP Model*
 Conditional Trust Models (wired ports only)
 Service Policy Models (wired or wireless ports)
2. Configure Egress Queuing
 Wired Queuing Models: 8Q3T or 1P7Q3T or 2P6Q3T
 Wireless Queuing Model: 2P2Q+AFD
*Note: Catalyst 3650/3850 IOS MQC trusts all wired ports by default
Prior to IOS XE 3.3, wireless ports were set to an untrusted state by default.
However, this default setting can be globally disabled with the following command:
no qos wireless-default-untrust
Beginning with IOS XE 3.3, wireless ports are also trusted by default
Catalyst 3650/3850
Conditional Trust Models
Cisco IP Phone Conditional Trust Example
Conditional-Trust Models:
interface GigabitEthernet 1/0/1
trust device cisco-phone [or]
trust device cts
[or]
trust device ip-camera
[or]
trust device media-player
Catalyst 3650/3850
Cisco IP Phone Conditional Trust Example
Conditional-Trust Models:
trust device cts
[or]
trust device ip-camera
[or]
trust device media-player
Only one type of device can be configured for
conditional trust on an interface at a given time
Catalyst 3650/3850
Conditional-Trust
Cisco IP Phone (Cisco IP Phone)
Conditional Example:
Trust Example
class-map match-any VOICE
match cos 5
Conditional-Trust Models: class-map match-any SIGNALING
interface GigabitEthernet 1/0/1 match cos 3
trust device cts policy-map CISCO-IPPHONE
[or] class VOICE
trust device ip-camera set dscp ef
[or] class SIGNALING
trust device media-player set dscp cs3
Only one type of device can be configured for class class-default
conditional trust on an interface at a given time set dscp default
trust device cisco-phone
service-policy input CISCO-IPPHONE
Catalyst 3650/3850 Only match-any is supported
(i.e. match-all is not supported)
Conditional-Trust
Cisco IP Phone (Cisco IP Phone)
Conditional Example:
Trust Example
class-map match-any VOICE CoS
CoSmust
must be
be
match cos 5 matched
matchedasasCisco
Conditional-Trust Models: class-map match-any SIGNALING
Cisco
IP
IPPhones
Phonesonly
only
interface GigabitEthernet 1/0/1 match cos 3 remark
remarkat
atLayer
Layer22
trust device cts policy-map CISCO-IPPHONE
[or] class VOICE
trust device ip-camera set dscp ef
[or] class SIGNALING
trust device media-player set dscp cs3
Only one type of device can be configured for class class-default
conditional trust on an interface at a given time set dscp default
trust device cisco-phone
Catalyst 3650/3850
Classification Options
• ACL-based classification: match access-group ACL_NAME

• Syntax is identical to Catalyst 2K ACL-based classification & marking examples
• NBAR2 classification (IOS XE 16.3+): match protocol APPLICATION
Catalyst 3650/3850 IOS XE 16.3
Configuring NBAR2 QoS Policies policy-map NBAR-MARKING
class-map match-any VOICE class VOICE
match protocol cisco-phone set dscp ef
match protocol cisco-jabber-audio class BROADCAST-VIDEO
match protocol ms-lync-audio set dscp cs5
match protocol citrix-audio class REAL-TIME-INTERACTIVE
class-map match-any BROADCAST-VIDEO set dscp cs4
match protocol cisco-ip-camera class CALL-SIGNALING
class-map match-any REAL-TIME-INTERACTIVE set dscp cs3
match protocol telepresence-media class TRANSACTIONAL-DATA
class-map match-any CALL-SIGNALING set dscp af21
match protocol skinny class BULK-DATA
match protocol telepresence-control set dscp af11
class-map match-any TRANSACTIONAL-DATA class SCAVENGER
match protocol citrix set dscp cs1
match protocol sap class class-default
class-map match-any BULK-DATA set dscp default
match protocol attribute category email
match protocol attribute category file-sharing
match protocol attribute sub-category backup-systems
class-map match-any SCAVENGER
match protocol attribute category gaming
match protocol attribute application-group skype-group
match protocol enables NBAR2 classification
Catalyst 3650/3850 IOS XE 16.3 Note: Up to 16 match protocol statements are
supported per class-map
Configuring NBAR2 QoS Policies policy-map NBAR-MARKING
class-map match-any VOICE class VOICE
match protocol cisco-phone set dscp ef
match protocol cisco-jabber-audio class BROADCAST-VIDEO
match protocol ms-lync-audio set dscp cs5
match protocol citrix-audio class REAL-TIME-INTERACTIVE
match protocol cisco-ip-camera class CALL-SIGNALING
match protocol telepresence-media class TRANSACTIONAL-DATA
class-map match-any CALL-SIGNALING set dscp af21
match protocol skinny class BULK-DATA
class-map match-any TRANSACTIONAL-DATA class SCAVENGER
match protocol citrix set dscp cs1
match protocol sap class class-default
class-map match-any BULK-DATA set dscp default
match protocol attribute category email
match protocol attribute category file-sharing Note:
Note: Multiple
Multiple application
application protocols protocols can can be
be
match protocol attribute sub-category backup-systems identified using attributes,
identified using attributes, including: including:
class-map match-any SCAVENGER •• category
category
match protocol attribute category gaming •• sub-category
sub-category
match protocol attribute application-group skype-group •• application-group
application-group More to come!
Holy Grail QoS Configuration: NBAR2 1400+ App / 12-Class Model
class-map match-all VOICE
match protocol attribute traffic-class voip-telephony policy-map MARKING
match protocol attribute business-relevance business-relevant class VOICE
class-map match-all BROADCAST-VIDEO set dscp ef
match protocol attribute traffic-class broadcast-video class BROADCAST-VIDEO
match protocol attribute business-relevance business-relevant set dscp cs5
class-map match-all REAL-TIME-INTERACTIVE class REAL-TIME-INTERACTIVE
match protocol attribute traffic-class real-time-interactive set dscp cs4
match protocol attribute business-relevance business-relevant class MULTIMEDIA-CONFERENCING
class-map match-all MULTIMEDIA-CONFERENCING set dscp af41
match protocol attribute traffic-class multimedia-conferencing class MULTIMEDIA-STREAMING
match protocol attribute business-relevance business-relevant set dscp af31
class-map match-all MULTIMEDIA-STREAMING
class SIGNALING
match protocol attribute traffic-class multimedia-streaming
set dscp cs3
match protocol attribute business-relevance business-relevant
class-map match-all SIGNALING
class NETWORK-CONTROL
match protocol attribute traffic-class signaling set dscp cs6
match protocol attribute business-relevance business-relevant class NETWORK-MANAGEMENT
class-map match-all NETWORK-CONTROL set dscp cs2
match protocol attribute traffic-class network-control class TRANSACTIONAL-DATA
match protocol attribute business-relevance business-relevant set dscp af21
class-map match-all NETWORK-MANAGEMENT class BULK-DATA
match protocol attribute traffic-class ops-admin-mgmt set dscp af11
match protocol attribute business-relevance business-relevant class SCAVENGER
class-map match-all TRANSACTIONAL-DATA set dscp cs1
match protocol attribute traffic-class transactional-data class class-default
match protocol attribute business-relevance business-relevant set dscp default
class-map match-all BULK-DATA
match protocol attribute traffic-class bulk-data
match protocol attribute business-relevance business-relevant Already supported on IOS/IOS XE Routers
class-map match-all SCAVENGER
match protocol attribute business-relevance business-irrelevant Coming soon for Catalyst 3650/3850
IOS XE 16.5 (Spring 2017)
Catalyst 3650/3850
Marking Policy Example
! This section attaches the service-policy
! to a wired interface(s)
interface range GigabitEthernet 1/0/1-48

! to a wireless interface(s) at the SSID level
wlan EMPLOYEE-WLAN

! to a wireless interface(s) at the client level
wlan EMPLOYEE-WLAN
service-policy client input MARKING
Inclusion of the client keyword applies

the service-policy at the client level
All markdown and/or
Catalyst 3650/3850 mapping operations
are configured
through table-maps
Marking & Policing Policy Example—Part 1 of 2
policy-map MARKING&POLICING …[continued]
class VVLAN-VOIP class TRANSACTIONAL-DATA
set dscp ef set dscp af21 table-map TABLE-MAP
police 128k police 10m map from 0 to 8
conform-action transmit conform-action transmit map from 10 to 8
exceed-action drop exceed-action TABLE-MAP map from 18 to 8
class VVLAN-SIGNALING class BULK-DATA
set dscp cs3 set dscp af11
police 32k police 10m
conform-action transmit conform-action transmit
exceed-action drop exceed-action TABLE-MAP
class MULTIMEDIA-CONFERENCING class SCAVENGER
set dscp af41 set dscp cs1 Policing to remark traffic
police 5m police 10m is done by referencing
conform-action transmit conform-action transmit the previously-configured
exceed-action drop exceed-action drop table-map
class SIGNALING class class-default
set dscp cs3 set dscp default
police 32k police 10m
conform-action transmit conform-action transmit
exceed-action drop exceed-action TABLE-MAP
… Policers can may be set to either remark or drop excess traffic
Catalyst 3650/3850
Per-Port/Per-VLAN Policy
class-map VVLAN
match vlan 110 Individual
Individual(trunked)
(trunked) VLANs
VLANs are
are
class-map DVLAN matched
matched byby the
the match
match vlan
vlan command
command
match vlan 10
policy-map VLAN-POLICERS
class VVLAN
police 192k
conform-action transmit exceed-action drop Policers are applied on a per-VLAN
Policers are applied on a Per-VLAN basis
class DVLAN basis
police 50m
conform-action transmit exceed-action drop

service-policy input VLAN-POLICERS Per-VLAN policers are then applied on a Per-Port basis
Catalyst Hardware Queuing PQ1
2P6Q3T Example PQ2
Interrupt
Scheduling
Interrupt
Scheduling
Catalyst 3650/3850
2P6Q3T with Weighted Tail Drop (WTD) Wired Port Egress Queuing Model
Application DSCP 2P6Q3T BWR =

Bandwidth
Network Control (CS7) EF PQ Level 1 (10%) Remaining
Internetwork Control CS6 CS5
PQ Level 2 (20%) WTD =
CS4
VoIP EF Weighted
CS7 & CS6 Tail
Broadcast Video CS5 Q6
Drop
CS3 & CS2 (BWR 10%)
Multimedia Conferencing AF4
Q5
AF4
Realtime Interactive CS4 (BWR 10% + WTD)
Multimedia Streaming AF3 AF3 Q4
(BWR 10% + DSCP-Based WTD)
Signaling CS3
Q3
(BWR 10% + DSCP-Based WTD)
Network Management CS2
AF1 Q2
Bulk Data AF1
CS1 (BWR 5% + DSCP-Based WTD)
Scavenger CS1
Best Effort DF DF Q1 (BWR 25%)
Catalyst 3650/3850
2P6Q3T+WTD Wired Port Egress Queuing Config – Part 1of 2
class-map match-any VOICE-PQ1 Note: On platforms with shared buffer and TCAM
match dscp ef architectures (2960/3560/3750/3650/3850/4500),
class-map match-any VIDEO-PQ2 show policy-map interface commands do not report
match dscp cs4 per-port packets or byte-counters.
match dscp cs5 This is a limitation of shared hardware architectures.
class-map match-any CONTROL-MGMT-QUEUE
match dscp cs7 cs6 cs3 cs2
class-map match-any MULTIMEDIA-CONFERENCING-QUEUE
match dscp af41 af42 af43
class-map match-any MULTIMEDIA-STREAMING-QUEUE
class-map match-any TRANSACTIONAL-DATA-QUEUE
class-map match-any SCAVENGER-BULK-DATA-QUEUE
match dscp cs1 af11 af12 af13
Catalyst 3650/3850
2P6Q3T+WTD Wired Port Egress Queuing Config – Part 2 of 2
policy-map 2P6Q3T [continued]
class VOICE-PQ1 class MULTIMEDIA-STREAMING-QUEUE
priority level 1 bandwidth remaining percent 10
police rate percent 10 queue-buffers ratio 10
class VIDEO-PQ2 queue-limit dscp af33 percent 80
priority level 2 queue-limit dscp af32 percent 90
police rate percent 20 queue-limit dscp af31 percent 100
class CONTROL-MGMT-QUEUE class TRANSACTIONAL-DATA-QUEUE
bandwidth remaining percent 10 bandwidth remaining percent 10
queue-buffers ratio 10 queue-buffers ratio 10
class MULTIMEDIA-CONFERENCING-QUEUE queue-limit dscp af23 percent 80
bandwidth remaining percent 10 queue-limit dscp af22 percent 90
queue-buffers ratio 10 queue-limit dscp af21 percent 100
queue-limit dscp af43 percent 80 class SCAVENGER-BULK-DATA-QUEUE
queue-limit dscp af42 percent 90 bandwidth remaining percent 5
queue-limit dscp af41 percent 100 queue-buffers ratio 10
… queue-limit dscp values af13 cs1 percent 80
queue-limit dscp values af12 percent 90
class class-default
bandwidth remaining percent 25
queue-buffers ratio 25
Catalyst 3650/3850 If a PQ is enabled then
2P6Q3T+WTD Wired Port Egress Queuing Config – Part 2 of 2 non-PQs must use
bandwidth remaining
policy-map 2P6Q3T [continued]
class VOICE-PQ1 class MULTIMEDIA-STREAMING-QUEUE
Two-levels of priority bandwidth remaining percent 10
priority level 1 Allocates
queuing are supported queue-buffers ratio 10
police rate percent 10 buffers to
class VIDEO-PQ2 queue-limit dscp af33 percent 80 non-PQs
priority level 2 queue-limit dscp af32 percent 90
police rate percent 20 queue-limit dscp af31 percent 100
class CONTROL-MGMT-QUEUE class TRANSACTIONAL-DATA-QUEUE
bandwidth remaining percent 10 bandwidth remaining percent 10
queue-buffers ratio 10 queue-buffers ratio 10
class MULTIMEDIA-CONFERENCING-QUEUE queue-limit dscp af23 percent 80 Tunes WTD
bandwidth remaining percent 10 queue-limit dscp af22 percent 90 WTD
to better
to
queue-buffers ratio 10 queue-limit dscp af21 percent 100 align to an
queue-limit dscp af43 percent 80 class SCAVENGER-BULK-DATA-QUEUE AF PHB
queue-limit dscp af42 percent 90 bandwidth remaining percent 5
queue-limit dscp af41 percent 100 queue-buffers ratio 10
… queue-limit dscp values af13 cs1 percent 80
interface range GigabitEthernet 1/0/1-48 class class-default Needed if >3
service-policy output 2P6Q3T bandwidth remaining percent 25 DSCPs are
queue-buffers ratio 25 mapped to WTD
thresholds
This feature is explained in detail in BRKRST-3057 “The Blood and Guts and Gore of QoS”
Queue-Soft-Multiplier Function
queue-softmax-multiplier 1200 IOS: 15.2(2)E3 / IOS XE: 3.6.3E
Key Takeaways: 1000% Increase in buffering capacity of Real-Time Queues

and 400+% increase in buffering capacity of non-real-time queues
Catalyst 3650/3850
Hierarchical QoS Policies—Queuing within Shaped Rate Example
policy-map 50MBPS-SHAPER
class class-default Defines the sub-line rate (CIR)
shape average 50000000
service-policy 2P6Q3T Provides back-pressure to the system to
interface GigabitEthernet 1/0/1 engage the (previously-defined) queuing
service-policy output 50MBPS-SHAPER policy, so that packets are properly
prioritized within the sub-line rate
Only the Hierarchical Shaping policy is

attached to the interface(s)
Catalyst 3650/3850
• All QoS policies are configured on the physical port-member interfaces only

Catalyst 3850 / 3650  Classification & Marking (Ingress)
and Queuing (Egress)
Catalyst 3650/3850 QoS Design—At-A-Glance
https://cisco.box.com/s/59zvfbxza76iptay6u620bn1w9unm7ak
NBAR QoS Attributes AAG
https://cisco.box.com/s/3jxd2439e1rhu6zjh9q4d0uxcpf734n9
Agenda

Cisco Catalyst 4500
QoS Design
Catalyst 4500
QoS Roles in the Campus Distribution
Trust DSCP +
Egress Queuing
Core Switches
Access
Switches Catalyst 4500
Distribution
Switches
Catalyst 4500
QoS Design Steps
1. Configure Ingress QoS Model(s):
 DSCP-Trust Model*
 Conditional Trust Model
 Service Policy Models
*Note: Catalyst 4500 uses IOS MQC, which trusts by default;

therefore no explicit policy is required for DSCP trust
Catalyst 4500
Conditional Trust Example
class-map match-all VOICE
match cos 5 Catalyst 4500 supports both match-all (logical AND)
class-map match-all SIGNALING and match-any (logical OR) operators
match cos 3
policy-map CISCO-IPPHONE
class VOICE
set dscp ef
class SIGNALING
set dscp cs3
class class-default
set dscp default
interface GigabitEthernet 3/1

qos trust device cisco-phone
Conditional trust command (trust device) must be

prefaced by qos on the Catalyst 4500
Catalyst 4500
Classification Options
• ACL-based classification: match access-group ACL_NAME

• Syntax is identical to Catalyst 2K ACL-based classification & marking examples
• DNS-AS classification (IOS 15.2(5)E / IOS XE 3.9.0E) match protocol attribute
• Note: The Catalyst 4500 does NOT support NBAR2
IOS 15.2(5)E
Catalyst 4500 IOS XE 3.9.0E
DNS-AS Classification & Marking Policy Example (Part 1 of 2)
! Enables DNS-AS
avc dns-as client enable
!
avc dns-as client trusted-domains
domain ^.*f1.*$
Identifies domains from which metadata may be
domain ^.*cisco.*$ received and trusted for policy-purposes
domain *.toocoolforyou.net
domain *.sontowski.de
domain *.pension-solutions.de
domain *.bav-spezialist.de
domain *.sontowski-immobilien.de Configures basic DNS lookup-info
domain *.pegasus-cp.de
domain *.via-vorsorge.de
domain *.blackberry.net
domain *.eu.blackberry.net
domain *.evorsorge.de ip domain round-robin
domain *.dns-as.org ip domain-list toocoolforyou.net
domain *.nbar2web.org ip domain-lookup source-interface Loopback0
domain *.f1-consult.com ip domain-name toocoolforyou.net
domain *.f1-consult.de ip name-server 192.168.167.244
domain *.f1-online.net ip name-server 192.168.168.244
domain *.f1v4.net
domain *.f1v6.net
Catalyst 4500 DNS-AS Classification & Marking Example (Part 2 of 2) IOS 15.2(5)E
class-map match-all VOICE Same ‘Holy Grail’ classification policy as on
match protocol attribute traffic-class voip-telephony other router/switch platforms IOS XE 3.9.0E
class-map match-all BROADCAST-VIDEO
match protocol attribute traffic-class broadcast-video
policy-map MARKING
class VOICE
class-map match-all REAL-TIME-INTERACTIVE
set dscp ef
match protocol attribute traffic-class real-time-interactive
class BROADCAST-VIDEO
set dscp cs5
class-map match-all MULTIMEDIA-CONFERENCING
class REAL-TIME-INTERACTIVE
match protocol attribute traffic-class multimedia-conferencing
set dscp cs4
class MULTIMEDIA-CONFERENCING
class-map match-all MULTIMEDIA-STREAMING
set dscp af41
match protocol attribute traffic-class multimedia-streaming
class MULTIMEDIA-STREAMING
set dscp af31
class-map match-all SIGNALING
class SIGNALING
match protocol attribute traffic-class signaling
set dscp cs3
class NETWORK-CONTROL
class-map match-all NETWORK-CONTROL
set dscp cs6
match protocol attribute traffic-class network-control
class NETWORK-MANAGEMENT
set dscp cs2
class-map match-all NETWORK-MANAGEMENT
class TRANSACTIONAL-DATA
match protocol attribute traffic-class ops-admin-mgmt
set dscp af21
class BULK-DATA
class-map match-all TRANSACTIONAL-DATA
set dscp af11
match protocol attribute traffic-class transactional-data
class SCAVENGER
set dscp cs1
class-map match-all BULK-DATA
class class-default
match protocol attribute traffic-class bulk-data
set dscp default
class-map match-all SCAVENGER
match protocol attribute business-relevance business-irrelevant © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 94
Catalyst 4500
Marking & Policing Policy Example
policy-map MARKING&POLICING class BULK-DATA
class VOIP police 10m bc 8000
police 128k bc 8000 conform-action set-dscp-transmit af11
conform-action set-dscp-transmit ef exceed-action set-dscp-transmit af12
exceed-action drop class SCAVENGER
class SIGNALING police 10m bc 8000
police 32k bc 8000 conform-action set-dscp-transmit cs1
conform-action set-dscp-transmit cs3 exceed-action drop
exceed-action drop class class-default
class MULTIMEDIA-CONFERENCING police 10m bc 8000
police 5m bc 8000 conform-action set-dscp-transmit default
conform-action set-dscp-transmit af41 exceed-action set-dscp-transmit cs1
exceed-action set-dscp-transmit af42
class TRANSACTIONAL-DATA interface GigabitEthernet 3/1
police 10m bc 8000 service-policy input MARKING&POLICING
conform-action set-dscp-transmit af21
exceed-action set-dscp-transmit af22
Marking/remarking is configured as part of the policing action
(i.e. no table-map or markdown-map is referenced)
Catalyst 4500
Per-Port/Per-VLAN QoS Policy Example
interface range GigabitEthernet 2/1-48
qos trust device cisco-phone
vlan 10 Per-Port/Per-VLAN policies can be applied to
service-policy input DVLAN-POLICERS a specific VLAN on a trunked interface via an
vlan 110 interface-VLAN
via an interface-VLAN
configuration
configuration
mode mode
service-policy input VVLAN-POLICERS
Catalyst 4500
1P7Q1T+Dynamic Buffer Limiting (DBL) Egress Queuing Model
Application DSCP 1P7Q1T (+DBL)
Network Control (CS7) EF

Internetwork Control CS6 CS5 PQ
CS4
VoIP EF
CS7 & CS6 Q7
Broadcast Video CS5
CS3 & CS2 (BWR 10%)
Q6
AF4
Realtime Interactive CS4 (BWR 10%)
Multimedia Streaming AF3 AF3 Q5
(BWR 10%)
Signaling CS3
Q4
(BWR 10%)
Q3 BWR =
AF1
Bulk Data AF1 (BWR 4%) Bandwidth
Remaining
Scavenger CS1 CS1 Q2 (BWR 1%)
Best Effort DF DF Q1 (25%)

Catalyst 4500 If PQ is enabled then
bandwidth remaining
1P7Q1T+DBL Egress Queuing Config must be used
class-map match-all PRIORITY-QUEUE Enables the PQ policy-map 1P7Q1T

match dscp cs4 cs5 ef class PRIORITY-QUEUE
class-map match-all CONTROL-MGMT-QUEUE priority
match dscp cs7 cs6 cs3 cs2 class CONTROL-MGMT-QUEUE
class-map match-all MULTIMEDIA-CONFERENCING-QUEUE bandwidth remaining percent 10
match dscp af41 af42 af43 class MULTIMEDIA-CONFERENCING-QUEUE
class-map match-all MULTIMEDIA-STREAMING-QUEUE bandwidth remaining percent 10
match dscp af31 af32 af33 class MULTIMEDIA-STREAMING-QUEUE
class-map match-all TRANSACTIONAL-DATA-QUEUE bandwidth remaining percent 10
match dscp af21 af22 af23 class TRANSACTIONAL-DATA-QUEUE
class-map match-all BULK-DATA-QUEUE bandwidth remaining percent 10
match dscp af11 af12 af13 dbl
class-map match-all SCAVENGER-QUEUE class BULK-DATA-QUEUE
match dscp cs1 bandwidth remaining percent 4
dbl
class SCAVENGER-QUEUE
DBL can be enabled on a per-class basis, but
DBL can be enabled on a per-class basis, bandwidth remaining percent 1
should not be enabled on the PQ or Control
but should not be enabled on the PQ or Control traffic queues class class-default
traffic queues.
Enabling DBL on UDP-based queues and/or Scavenger queue dbl
Enabling DBL on UDP-based queues and/or
is optional
Scavenger queue is optional service-policy output 1P7Q1T
Catalyst 4500
• Classification & Marking (Ingress) QoS policies are configured on the logical Port-
Channel interface
• Typically these are simply to enable DSCP trust (which requires no explicit
configuration)
• Queuing (Egress) QoS policies are configured on the physical port-member
interfaces
Platform QoS Policies Applied to the QoS Policies Applied to the (Physical)
(Logical) Port-Channel Interface Port-Member Interfaces
Catalyst 4500  Classification & Marking  Queuing (Egress)
(Ingress)
Catalyst 4500 Campus QoS Design At-A-Glance
https://cisco.box.com/s/o59teb64t4zxwdrfadz1kngv4eorucwe
DNS-AS At-A-Glance
https://cisco.box.com/s/bhkegry3mwuugqxnktusq327daegvwpt
Agenda

Cisco Catalyst 6500 & 6800
QoS Design
QoS Roles in the Campus Core
Catalyst 6500/6800
Core Switches
Trust DSCP
+ Ingress Queuing
+ Egress Queuing
QoS Design Steps
1. Configure Ingress Queuing

Catalyst 6500 IOS C3PL trusts by default;

All Catalyst 6500-Sup2T
Cisco Catalyst 6500/6800 Queuing Models are detailed
in the Appendix
2P6Q4T (Ingress & Egress Queuing Models—DSCP-to-Queue
Application-Class DSCP 2P6Q4T
Ingress and Egress
queuing models
Network Control (CS7) Voice-PQ1 varies by line
EF (Priority Level 1) card/module.
VoIP EF CS5 Video-PQ2

CS4 (Priority Level 2) Refer to the
Broadcast Video CS5 6500/6800 QoS
CS6 & CS7 Control/Mgmt Queue
Configuration Guide
CS2 & CS3 (5% BWR)
or data sheets to
Realtime Interactive CS4 Multimedia-Conferencing Queue ensure that you use
AF4 (20% BWR + DSCP-WRED) the proper queuing
Multimedia Streaming AF3 AF4
module for a given
Signaling CS3 AF3 Multimedia-Streaming Queue line card.
(20% BWR + DSCP-WRED)
Transactional Data AF2
AF2 Transactional Data Queue
Network Management CS2 (10% BWR + DSCP-WRED)
Bulk Data AF1 AF1 Bulk Data Queue

Scavenger CS1 CS1 (5% BWR + DSCP-WRED)
Default Queue
Best Effort DF DF
(WRED)
http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/15-1SY/config_guide/sup2T/15_1_sy_swcg_2T/qos_policy_based_queueing.html
Unless specified otherwise, the
default C3PL class-map and
Cisco Catalyst 6500/6800—2P6Q4T Model policy-map type is qos
(classification, marking, policing)
Part 1 of 3—Common Ingress & Egress Queuing Class-Maps
class-map type lan-queuing match-all VOICE-PQ1 Class-maps and policy-maps
match dscp ef used for ingress and/or egress
class-map type lan-queuing match-all VIDEO-PQ2 queuing policies must be explicitly
match dscp cs4 cs5 configured as type lan-queuing
class-map type lan-queuing match-all CONTROL-MGMT-QUEUE
class-map type lan-queuing match-all MULTIMEDIA-CONFERENCING-QUEUE
class-map type lan-queuing match-all MULTIMEDIA-STREAMING-QUEUE
class-map type lan-queuing match-all TRANSACTIONAL-DATA-QUEUE
class-map type lan-queuing match-all SCAVENGER-BULK-DATA-QUEUE
match dscp cs1 af11 af12 af13
Note: A C3PL interface may support up to 4 QoS policies:

• service-policy type qos input
• service-policy type qos output
• service-policy type lan-queuing input
• service-policy type lan-queuing output
Cisco Catalyst 6500/6800—2P6Q4T Model
Part 2 of 3—2P6Q4T Queuing Policy-Map
Policy-map must be defined as type lan-queuing
policy-map type lan-queuing 2P6Q4T

class VOICE-PQ1
priority level 1 Enables egress Priority Queue 1 (highest level of service)
class VIDEO-PQ2
priority level 2 Enables egress Priority Queue 2 (can only be interrupted by PQ1)
class CONTROL-MGMT-QUEUE
bandwidth remaining percent 5 bandwidth remaining is required
class MULTIMEDIA-CONFERENCING-QUEUE (as PQ is enabled)
random-detect dscp af41 percent 80 100
random-detect dscp af43 percent 60 100 Tunes WRED to better align
class MULTIMEDIA-STREAMING-QUEUE to the AF PHB
…
Cisco Catalyst 6500/6800—2P6Q4T Model
Part 3 of 3—2P6Q4T Queuing Policy-Map (continued)
[continued]
class TRANSACTIONAL-DATA-QUEUE
random-detect dscp-based
class BULK-DATA-QUEUE
random-detect dscp cs1 percent 50 100
class class-default
random-detect dscp default percent 80 100
service-policy type lan-queuing input 2P6Q4T
service-policy type lan-queuing output 2P6Q4T
type lan-queuing must also be

specified in the service-policy statement
• Classification & Marking (Ingress) QoS policies are configured on the logical
Port-Channel interface
• No ingress policies typically needed for C6500/6800 EtherChannels
(as all ports trust DSCP & CoS by default)
• Queuing (Ingress & Egress) QoS policies are configured on the physical port-
member interfaces

Catalyst 6500/6800  Classification & Marking  Queuing (Ingress & Egress)
(Ingress)
Cisco Catalyst 6500-Sup2T QoS Design At-A-Glance
https://cisco.box.com/s/wg249lub38h7eemp8tj9d9s5srctuztw
Cisco Catalyst 6500-Sup720 QoS Design At-A-Glance
https://cisco.box.com/s/b0kb6w0rymxk3ylh9bemlwnf7awt0b0i
Agenda

Cisco Nexus 7000/7700
QoS Design
QoS Roles in the Campus Core

Campus Core Switches
Trust DSCP
+ Ingress Queuing
+ Egress Queuing
QoS Design Steps
1. Configure Ingress Queuing

NX-OS trusts by default;

Cisco Nexus 7700 (F-Series)
4Q1T Ingress Queuing (CoS-to-Queue) Model
Application DSCP CoS 4Q1T
Network Control (CS7) CoS 7
CoS 7 8e-4q4q-in-q1
Internetwork Control CS6 CoS 6 Bandwidth 30%
CoS 6
VoIP EF CoS 5 Queue-Limit 10%
CoS 5
Broadcast Video CS5
Multimedia Conferencing AF4 8e-4q4q-in-q-default
CoS 4 Bandwidth 25%
Realtime Interactive CS4 CoS 0
Queue-Limit 30%
Multimedia Streaming AF3
CoS 3
Signaling CS3
CoS 4 8e-4q4q-in-q3
CoS 2 CoS 3 Bandwidth 40%
Network Management CS2 Queue-Limit 30%
CoS 2
Bulk Data AF1
CoS 1
Scavenger CS1 8e-4q4q-in-q4
Best Effort DF DF CoS 1 Bandwidth 5%
Queue-Limit 30%
4Q1T Ingress Queuing (DSCP-to-Queue) Model
Application DSCP 4Q1T
Network Control (CS7) CS7
CS6 8e-4q4q-in-q1
Internetwork Control CS6 EF Bandwidth 30%
VoIP EF CS5 Queue-Limit 10%
CS4
Broadcast Video CS5
Multimedia Conferencing AF4 8e-4q4q-in-q-default
Realtime Interactive CS4 DF Bandwidth 25%
Queue-Limit 30%
Signaling CS3 AF4
AF3 8e-4q4q-in-q3
CS3 Bandwidth 40%
Network Management CS2 AF2 Queue-Limit 30%
Bulk Data AF1 CS2
Scavenger CS1 8e-4q4q-in-q4
AF1
Best Effort DF Bandwidth 5%
CS1
Queue-Limit 30%
Cisco Nexus 7700 (F-Series) Similar to C3PL, NX-OS allows for
multiple types of QoS policies:
Part 1 of 2: 4Q1T-Ingress Queuing Class-Maps • type qos for classification,
marking and policing
• type queuing for ingress and
egress queuing
class-map type queuing match-any 8e-4q4q-in-q1
match cos 5-7
no match dscp 40-63 Undesired default DSCP-to-
match dscp 32, 40, 46, 48, 56 Ingress Queue mappings
class-map type queuing match-any 8e-4q4q-in-q3 need to be explicitly removed
match cos 2-4
match dscp 16, 18, 20, 22
match dscp 24, 26, 28, 30
match dscp 34, 36, 38 NX-OS has (non-configurable)
class-map type queuing match-any 8e-4q4q-in-q4 system-defined names for
match cos 1 queuing class-maps
match dscp 8, 10, 12, 14
class-map type queuing match-any 8e-4q4q-in-q-default
match cos 0
Part 2 of 2: 4Q1T-Ingress Queuing Policy-Map
policy-map type queuing CAMPUS-F3-4Q1T-INGRESS Used for Data Center Bridging

class type queuing 8e-4q4q-in-q1 Exchange (DCBX) to advertise
bandwidth percent 30 QoS capabilities to any DCB-peers
queue-limit percent 10
class type queuing 8e-4q4q-in-q-default Q2 is the Default Queue
bandwidth percent 25
class type queuing 8e-4q4q-in-q3 Allocates buffers to queues
class type queuing 8e-4q4q-in-q4
bandwidth percent 5
interface Ethernet 1/1-24
service-policy type queuing input CAMPUS-F3-4Q1T-INGRESS
1P3Q1T Egress Queuing (CoS-to-Queue) Model
Application DSCP CoS
1P3Q1T
Internetwork Control CS6 CoS 6 CoS 7 8e-4q4q-out-pq1
VoIP CoS 6 Priority Level 1
EF
CoS 5 CoS 5 Shape Average 30%
Broadcast Video CS5
Multimedia Conferencing AF4 CoS 4
CoS 4
Realtime Interactive CS4 CoS 3 8e-4q4q-out-q2
Multimedia Streaming Bandwidth Remaining 55%
AF3
CoS 3 CoS 2
Signaling CS3
Transactional Data AF2 CoS 1 8e-4q4q-out-q3
CoS 2 Bandwidth Remaining 10%
Bulk Data AF1
CoS 1 CoS 0 4q4q-out-q-default
Scavenger CS1
Bandwidth Remaining 35%
Best Effort DF DF
Part 1 of 2: 1P3Q1T Egress Queuing Class-Maps Note: Indicates the
Priority Queue
class-map type queuing match-any 1p3q1t-8e-4q4q-out-pq1

match cos 5-7
class-map type queuing match-any 1p3q1t-8e-4q4q-out-q2
match cos 2-4
class-map type queuing match-any 1p3q1t-8e-4q4q-out-q3
match cos 1
class-map type queuing match-any 1p3q1t-8e-4q4q-out-q-default
match cos 0
Note: Modifies the default

CoS-to-Queue mappings
Part 2 of 2: 1P3Q1T Egress Queuing Policy-Map
policy-map type queuing APIC_EM-8e-4q4q-out

class type queuing 1p3q1t-8e-4q4q-out-pq1
priority level 1
shape average percent 30
class type queuing 1p3q1t-8e-4q4q-out-q3 Note: Queue-Limits
bandwidth remaining percent 10 are not supported in
class type queuing 1p3q1t-8e-4q4q-out-q2 egress direction
class type queuing 1p3q1t-8e-4q4q-out-q-default
interface Ethernet 1/1-24
service-policy type queuing output CAMPUS-F3-1P3Q1T-EGRESS
Cisco Nexus 7700 QoS Design At-A-Glance
https://cisco.box.com/s/16ub7n5o56q0cdvuku62lfrnufdpe04a
Agenda

Campus WLAN QoS Design
Considerations and Best Practices
The Case for Wireless QoS
• QoS is like a chain

• It’s only as strong as its weakest link
• the WLAN is one of the weakest links in
enterprise QoS designs for three primary reasons:
1) Typical downshift in speed (and throughput)
2) Shift from full-duplex to half-duplex media
3) Shift from a dedicated media to a shared media
• WLAN QoS policies control both jitter and packet loss






3) Shift from a dedicated media to a shared media
• WLAN QoS policies control both jitter and packet loss
Wireless QoS-Specific Limitations
• No priority servicing
• No bandwidth guarantees
• Non-deterministic media access
• No priority servicing LAN QoS WLAN QoS
• Non-deterministic media access
• Only 4 levels of service
WLAN QoS Improvements Quantified
Application Original Metric Improved Metric Percentage
Improvement
Voice 15 ms max jitter 5 ms max jitter 300%
3.92 MOS 4.2 MOS
(Cellular Quality) (Toll Quality)
Video 9 fps 14 fps 55%
Visual MOS: Visual MOS:
Good Excellent
Transactional Data 14 ms latency 2 ms latency 700%
http://www.cisco.com/en/US/prod/collateral/wireless/cisco_avc_application_improvement.pdf
Know Your Tools
• IEEE 802.11
• User Priorities (UP)
• Access Categories (AC)
• Arbitration Inter-frame Spacing (AIFS)
• Contention Windows (CW)
• Enhanced Distributed Coordination Function (EDCF)
• DSCPUP Mapping
• Trust Boundaries
• Policy-Enforcement Points
• Application Visibility and Control (AVC)
IEEE 802.11 User Priority (UP)
3 Bit Field allows for UP values 0-7
IEEE 802.11 UP Values and Access Categories
802.11e 802.11 WMM Cisco AireOS WLC
UP Value Access Category Designation Designation
7 AC_VO Voice Platinum
6
5 AC_VI Video Gold
4
3 AC_BE Best Effort Silver
0
2 AC_BK Background Bronze
1
IEEE 802.11 Arbitration Inter-Frame Spacing (AIFS)
and Contention Windows (CW)
• due to the nature of wireless as a shared media, a Congestion Avoidance algorithm (CSMA/CA) must be utilized
• wireless senders have to wait a fixed amount of time (the AIFS)
• wireless senders also have to wait a random amount of time (the Contention Window)
• AIFS and Contention Window timers vary by Access Category
Access AIFS CWmin CWmax

Category (Slot Times) Access Category (Slot Times) (Slot Times)
Voice 2 Voice 3 7
Video 2 Video 7 15
Best Effort 3 Best-Effort 15 1023

Background 7 Background 15 1023
EDCF Operation
Round 1
Voice 2+1=3
Video 2+1=3
Best Effort 3+1=4
Background 7+1=8
Collision
EDCF Operation
Round 1 Round 2
Voice 2+1=3 2+3=5
2+1=3 2+7=9
Video
Best Effort 3+1=4 3+15=18
Background 7+1=8 7+15=22
Collision Voice
EDCF Operation
Round 1 Round 2 Round 3
Voice 2+1=3 2+3=5 2+2=4
2+1=3 2+7=9 2+1=3

Video
Best Effort 3+1=4 3+15=18 3+15=18
7+1=8 7+15=22 7+15=22

Background
Collision Voice Video
Downstream DSCP-to-UP Default Mapping
3-Bit UP 6-Bit DSCP
802.11 Frame CAPWAP Packet IP Packet
UP DSCP DSCP DSCP DSCP
Default DSCP-to-UP Mapping Table
DSCP 802.11 UP WLC QoS Profile
56-63 7 Platinum
(Voice)
48-55 6
IETF PHB for VoIP: EF 40-47 46 5 Gold
(Video)
32-39 4
24-31 3 Silver
(Best Effort)
0-7 0
16-23 2 Bronze
(Background)
8-15 1
Per RFC 4594 & 3246
Default IETF DSCP to IEEE 802.11 UP Mapping
Sub-Optimal QoS Design Example
4-Class Enterprise Model Four-Class Wireless Model
Based on IETF 4594
DSCP Based on IEEE 802.11e
UP 7 Voice
Voice EF Access
UP 6 Category
UP 5 Video
Signaling CS3 Access
UP 4 Category
UP 3 Best Effort
Transactional Data AF2 Access
UP 0 Category
Background
UP 2
Best Effort DF Access
UP 1
Category
Downstream DSCP-to-UP Mapping Model
Ratified Cisco Consensus Model (June 2015)
RFC 4594-Based Model DSCP IEEE 802.11 Model

Remark /
• Network Control (CS7) Drop
Plugs potential security
if not in UP 7 Voice
vulnerabilities Internetwork Control CS6
use Access
• Provides distinction
Voice + DSCP-Admit EF + 44 UP 6 Category
between elastic and Broadcast Video CS5
inelastic video classes Multimedia Conferencing AF4 UP 5 Video
• Aligns RFC 4594 Realtime Interactive CS4 Access
recommendations into the
UP 4 Category
IEEE 802.11 model
Signaling CS3
UP 3 Best Effort
• Requires several custom Transactional Data AF2 Access
DSCP-to-UP mappings
OAM CS2 UP 0 Category
Bulk Data AF1
Scavenger CS1 UP 2 Background

Access
Best Effort DF UP 1 Category
Upstream UP-to-DSCP Default Mapping
DSCP UP DSCP DSCP DSCP
Key Point:
Radio Upstream
QoS requires the
device to set UP
markings correctly 3-Bit UP 6-Bit DSCP
First 3 Bits are copied
Last 3 Bits are zeroed-out
Upstream DSCP Trust Model
DSCP UP DSCP DSCP DSCP
6-Bit DSCP 6-Bit DSCP

All 6 Bits are copied
IETF Draft on
DSCPUP Mapping
• Reconciles RFC 4594 with
IEEE 802.11
• Summarizes our internal
consensus on DSCP-to-UP
mapping
• Advocates DSCP-trust in the
upstream direction
(vs. UP-to-DSCP mapping)
https://tools.ietf.org/html/draft-szigeti-tsvwg-ieee-802-11-01
Cisco WLAN QoS Design At-A-Glance
https://cisco.box.com/s/63d6fnpb9da37ga6qast2uomxwhbeqla
Agenda

Cisco IOS XE WLC
AVC/QoS Design
Cisco IOS XE WLC
QoS Roles in the Wireless LAN Centralized Deployment Model
CAPWAP Tunnel
• IOS XE WLCs can be deployed
in either a Centralized or a
Converged Access Deployment CT5760 WLC
Model Trust Boundary

PEP
• In either model:
• Trust Boundary is at the AP Converged Access Deployment Model
• PEP is at the AP CAPWAP Tunnel
Catalyst
3650/3850
Or 4500-Sup8
Trust Boundary
PEP
Cisco IOS XE WLC
AVC/QoS Design Steps
1. Enable Application Visibility
a) Create a Flow Record
b) (Optional) Create a Flow Exporter
c) Create a Flow Monitor
d) Apply the Flow Monitor to the WLAN
2. Configure a AVC Policy
3. Configure a AFD Policy
4. Configure Custom DSCPUP Table Maps + Upstream DSCP-Trust
WHAT you want to MONITOR
Cisco IOS XE WLC

WHERE you want to SEND
Enabling Application Visibility
Step 1: Create a Flow Record Step 2: (Optional) Create a Flow Exporter
flow record AVC-FLOW-RECORD flow exporter AVC-FLOW-EXPORTER Note: Lancope collects
description BASIC-AVC-FLOW-RECORD destination 10.10.10.10 Netflow on port 2055
match ipv4 protocol transport udp 2055
match ipv4 source address Note: Cisco Prime
destination 10.20.20.20
match ipv4 destination address Infrastructure collects
transport udp 9991
match transport source-port Netflow on port 9991
match transport destination-port Step 3: Create a Flow Monitor
match flow direction COMBINE
flow monitor AVC-FLOW-MONITOR (WHAT with WHERE)
match application name record AVC-FLOW-RECORD
match wireless ssid exporter AVC-FLOW-EXPORTER
collect counter bytes long
collect counter packets long
Step 4: Apply the Flow Monitor to the WLAN
collect wireless ap mac address wlan EMPLOYEE-WLAN
collect wireless client mac address ip flow monitor AVC-FLOW-MONITOR input
ip flow monitor AVC-FLOW-MONITOR output
Specifies
WHICH interface and
WHAT you want to COLLECT
© 2017 Cisco and/orWHICH
its affiliates. All direction
rights reserved. Cisco Public 156
Cisco IOS XE WLC
Configuring AVC-Based QoS Policies policy-map AVC-MARKING
class VOICE
class-map match-any VOICE set dscp ef
match protocol cisco-phone class BROADCAST-VIDEO
match protocol cisco-ip-camera class REAL-TIME-INTERACTIVE
match protocol telepresence-media class CALL-SIGNALING
class-map match-any CALL-SIGNALING set dscp cs3
match protocol skinny class TRANSACTIONAL-DATA
class-map match-any TRANSACTIONAL-DATA class BULK-DATA
match protocol citrix set dscp af11
match protocol sap class SCAVENGER
class-map match-any BULK-DATA set dscp cs1
match protocol attribute category email class class-default
match protocol attribute category file-sharing set dscp default
class-map match-any SCAVENGER
match protocol attribute category gaming
match protocol attribute application-group skype-group
Cisco IOS XE WLC Match protocol enables NBAR2 classification
Configuring AVC-Based QoS Policies policy-map AVC-MARKING

class VOICE
class-map match-any VOICE set dscp ef
match protocol cisco-phone class BROADCAST-VIDEO
match protocol cisco-ip-camera class REAL-TIME-INTERACTIVE
match protocol telepresence-media class CALL-SIGNALING
class-map match-any CALL-SIGNALING set dscp cs3
match protocol skinny class TRANSACTIONAL-DATA
class-map match-any TRANSACTIONAL-DATA class BULK-DATA
match protocol citrix set dscp af11
match protocol sap class SCAVENGER
class-map match-any BULK-DATA set dscp cs1
match protocol attribute category email class class-default
match protocol attribute category file-sharing set dscp default
class-map match-any SCAVENGER Note:
Note: Multiple
Multiple application
application protocols protocols can can be
be
match protocol attribute category gaming identified using attributes,
identified using attributes, including: including:
match protocol attribute application-group skype-group •• category
category
•• sub-category
sub-category
•• application-group
application-group More to come!
IOS XE Approximate Fair Drop (AFD)
Strict
Voice Queue Priority
Video Queue
Client VQ SSID VQ Radio VQ Weighted

Scheduling
Min or Max BW
Allocation Data Queue
Default Shaper Radio Agg
Default Shaper
AFD BLOCK
Multicast Queue
Wireless Port Egress Queuing © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 159
Strict
Video Queue

Scheduling
Min or Max BW
Default Shaper
AFD BLOCK
Multicast Queue
Strict
Video Queue

Scheduling
Min or Max BW
Default Shaper
AFD BLOCK
Multicast Queue
Strict
Video Queue

Scheduling
Min or Max BW
Default Shaper
AFD BLOCK
Multicast Queue
IOS XE WLC AFD
2P2Q+Approximate Fair Drop (AFD) Wireless Port Egress Queuing Model
Application Classes DSCP 2P2Q with AFD
EF Q0
Voice EF CS6 Priority Level 1
CS3 (Limited to 10% of BW)
Q1
Interactive Video AF4 AF4 Priority Level 2
(Limited to 20% of BW)
Network Control CS6
Signaling CS3 AF1
AF2 Q2
Bulk Data AF1
Unicast-
Non-Realtime Queue
CS1
(63% BWR)
DF
Scavenger CS1
Q3
Multicast Non-Realtime Queue
Best Effort DF (7% BWR)
IOS XE WLC AFD
2P2Q+AFD Wireless Port Egress Queuing Config
class-map match-any REALTIME-1
match dscp ef
match dscp cs6
match dscp cs3
match dscp af41
match dscp af42
match dscp af43
policy-map port_child_policy
class non-client-nrt-class
bandwidth remaining ratio 7
class REALTIME-1
priority level 1
police rate percent 10 conform-action transmit exceed-action drop
class REALTIME-2
priority level 2
class class-default
IOS XE WLC AFD
2P2Q+AFD Wireless Port Egress Queuing Config
match dscp ef
match dscp cs6
Note: This policy is applied automatically to all wireless ports.
match dscp cs3
Therefore, no explicit service-policy command is required
to attach the policy to a wireless interface(s).
match dscp af41
match dscp af42
match dscp af43
policy-map port_child_policy
class non-client-nrt-class System-defined (but configurable) queuing policy
class REALTIME-1
priority level 1 System defined queue for multicast wireless traffic
class REALTIME-2
priority level 2 Two-levels
Two-levelsofof priority
priorityqueuing
queuingare
are supported
supported
class class-default
Default unicast queue (non-priority queue)
IOS-XE WLC QoS Design
Step 4) Configure Custom Table Maps – Part 1 of 2
Table Map DSCP_TO_DSCP DSCP-to-DSCP is used for upstream from wireless,
from 8 to 8 to verify that only standard DSCP values are forwarded to the LAN
from 10 to 10
from 12 to 12
from 14 to 14
from 16 to 16
from 18 to 18
from 20 to 20
from 22 to 22
from 24 to 24
from 26 to 26
from 28 to 28 policy-map TRUST-SSID-IN
from 30 to 30 class class-default
from 32 to 32 set dscp dscp table DSCP_TO_DSCP
from 34 to 34
from 36 to 36 This policy trusts RFC 4594 DSCPs received from the client
from 38 to 38 and bleaches (zeroes-out) all other non-standard DSCP values
from 40 to 40
from 44 to 44
from 46 to 46
default ignore
IOS-XE WLC QoS Design
Step 4) Configure Custom Table Maps – Part 2 of 2
Table Map DSCP_TO_UP policy-map QUEUING-SSID-CHILD DSCP_TO_UP Mapping
from 8 to 1 class VOICE-PQ1
aligns IETF (RFC 4594)
from 10 to 2 priority level 1
police cir 6000000 bc 187500
with IEEE (802.11) for
from 12 to 2
from 14 to 2 conform-action transmit downstream flows.
from 16 to 0 exceed-action drop
from 18 to 3 admit cac wmm-tspec
from 20 to 3 rate 1500 (kbps)
from 22 to 3 wlan-up 6
from 24 to 4 class VIDEO-PQ2
from 26 to 4 priority level 2
from 28 to 4 police cir 6000000 bc 187500
from 30 to 4 conform-action transmit
from 32 to 5 exceed-action drop
from 34 to 4
from 36 to 4 policy-map QUEUING-SSID Standard DSCPs are
from 38 to 4 class class-default preserved (via table-map
from 40 to 5 set dscp dscp table DSCP_TO_DSCP from previous slide)
from 44 to 6 set wlan user-priority dscp table DSCP_TO_UP
from 46 to 6 bandwidth remaining ratio 100 UP markings are derived
default 0 service-policy APIC_EM-QUEUING-SSID-CHILD from DSCP_TO_UP Map
Cisco IOS XE QoS Design At-A-Glance
https://cisco.box.com/s/t8ts51s0wqk2lyqtx0f3ans5dc3m4bai
Agenda

Cisco AireOS WLC
AVC/QoS Design
Cisco AireOS WLC
QoS Roles in the Wireless LAN
• Customizable DSCPUP Mappings (introduced in AireOS 8.1MR)

modify the QoS Roles of the AP and WLC:
• Trust Boundary moves to the AP
Centralized Deployment Model
CAPWAP Tunnel
AireOS WLC
Trust Boundary
PEP
Cisco AireOS WLC
QoS Roles in the Wireless LAN
• Customizable DSCPUP Mappings (introduced in AireOS 8.1MR)

modify the QoS Roles of the AP and WLC:
• Trust Boundary moves to the AP
• PEP remains at the WLC
Centralized Deployment Model
CAPWAP Tunnel
AireOS WLC
Trust Boundary
PEP
With AireOS 8.1MR+ the
trust-boundary can be
extended to the AP BRKCRS-2501 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 172
Cisco AireOS WLC
QoS Design Steps
1. Select and Tune the WLAN QoS Profile
2. Configure an AVC Profile
3. Apply the QoS and AVC Profile to the WLAN and Enable Application Visibility
4. Modify default DSCP-to-UP mappings and enable Upstream DSCP-Trust
AireOS WLC
Tuning QoS Profiles
• QoS Profiles are applied to both upstream
& downstream flows on egress
• The WLAN QoS Profile defines:
WLAN Maximum Priority
• It recommended to set the Maximum
Priority to voice on multiservice WLANs
Unicast and Multicast Default Priority
• Typically these values are
recommended to be set to best effort
• QoS Profiles override/control

AVC Profiles
The WLAN Maximum Priority is a DSCP and UP Marking Ceiling

If you want to preserve voice markings, then you *MUST* set
this to voice © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 174
AireOS WLC
Creating AVC Profiles
• AVC Profiles are applied to both
upstream and downstream flows
on WLC ingress
• an AVC Profile can contain a
maximum of 32 application rules
• AVC profiles can be overridden
by QoS Profiles
• So be sure to align these!
AireOS WLC
Attaching QoS and AVC Profiles and Enabling AVC
• Select the desired QoS and AVC Profiles to apply to the WLAN
• Check the box to enable Application Visibility
AireOS QoS Policy Deployment
Step 4) Configure Downstream DSCP-to-UP Mapping and
Enable Upstream DSCP-Trust—Configuration (Part 1 of 2)
Step 1: Disable the Current QoS Map
(Cisco WLC) > config qos qosmap disable
Step 2: Configure the UP-to-DSCP Maps

(Cisco WLC) > config qos qosmap up-to-dscp-map 0 0 0 7
Step 3: Configure DSCP-to-UP Mapping Exceptions
(Cisco Controller) > config qos qosmap dscp-to-up-exception 56 0
(Cisco Controller) > config qos qosmap dscp-to-up-exception 8 ©12017 Cisco and/or its affiliates. All rights reserved. Cisco Public 178
Step 4: Enable DSCP-Trust, the New Qos Maps and the 802.11 Networks
(Cisco Controller) > config qos qosmap trust-dscp-upstream enable
(Cisco Controller) > config qos qosmap enable
Enables Upstream DSCP-Trust
Cisco AirOS QoS Design At-A-Glance
https://cisco.box.com/s/ahkkshs67ogq446j9z1sail2n6e2gn3a
Cisco AirOS QoS Mapping At-A-Glance
https://cisco.box.com/s/x5kd241zxi71bx49x7pu5kwck598xsyx
Agenda

What are we doing to make this
simpler?
The Why / How / What of Enterprise Networking
Cisco
Enterprise
Vision
Why
Transform our customers’ businesses
through powerful yet simple networks.
How What
AutoQoS SRND4 At-A-Glance
https://cisco.box.com/s/2lhrs4u05vq665t113olfnyznomhgmhm
WebUI
WebUI
BRKCRS-2501 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Apple / Cisco Fastlane for iOS
EasyQoS Solution
Applications can interact with APIC-EM via Northbound
APIs, informing the network of application-specific and
dynamic QoS requirements
Network Operators express high-level

business-intent to APIC-EM EasyQoS
EM
Southbound APIs translate
business-intent to platform-
specific configurations
Wireless AP ASR/ISRs Wireless AP

Trust Boundary MQC Trust Boundary
PEP Catalyst 4500 Nexus 7700 PEP
4Q (WMM) 1P7Q1T F3: 1P7Q1T 4Q (WMM)
Catalyst 3650 Catalyst 6500 WLC Catalyst 2960-X

Trust Boundary 1P3Q4T PEP Trust Boundary
PEP 1P7Q4T PEP
2P6Q3T 2P6Q4T 1P3Q3T
… BRKCRS-2501 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 189
Deploy End-to-End DSCP-Based Queuing Policies
EasyQoS seamlessly interconnects all types of
hardware and software queuing models to achieve
consistent and compatible end-to-end treatments
aligned with the expressed business-intent
EM
ip access-list extended APIC_EM-MM_STREAM-ACL
remark citrix - Citrix
permit tcp any any eq 1494
permit udp any any eq 1494
remark citrix-static - Citrix-Static
Your Choice
permit tcp any any range 2512 2513
permit udp any any range 2512 2513
remark pcoip - PCoIP
remark timbuktu - Timbuktu
remark xwindows - XWindows
remark vnc - VNC
exit
ip access-list extended APIC_EM-SIGNALING-ACL
remark h323 - H.323
remark mgcp - Media Gateway Control Protocol
remark rtsp - Real Time Streaming Protocol
permit tcp any any eq 554 BRKCRS-2501 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 191
Agenda

Summary & References
Key Takeaways
• Start by defining your QoS Strategy
• Campus QoS is needed primarily to control packet drops
• WLAN QoS is needed to control both jitter and packet drops
• Know your QoS toolset, as this varies platform-to-platform
• Cisco provides many At-A-Glance guides to get you up and running quickly
• Cisco also provides Cisco Validated Design guides for more detail
• Cisco is continuing to focus on simplifying QoS solutions
Campus QoS Design 4.0—In-Depth
Comprehensive Design Chapters
• Enterprise Quality of Service Design 4.0
http://www.cisco.com/en/US/docs/solutions/Enterprise/WAN_and_MAN/QoS_S
RND_40/QoSIntro_40.html
• Campus QoS Design 4.0
http://www.cisco.com/en/US/docs/solutions/Enterprise/WAN_and_MAN/QoS_S
RND_40/QoSCampus_40.html
• WLAN QoS Design (BYOD CVD)
http://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Borderless_Networks/
Unified_Access/BYOD_Design_Guide/BYOD_AVC.html
Recommended Reading
End-to-End QoS (v2)
• Release Date: Jan 2014
• Page Count: 1040
• Comprehensive QoS design
guidance for PINs and platforms:
• Campus Catalyst 3750/4500/6500
• WLAN WLC 5508 / Catalyst 3850 NGWC
• Data Center Nexus 1000V/2000/5500/7000
• WAN & Branch Cisco ASR 1000 / ISR G2
• MPLS VPN Cisco ASR 9000 / CRS-3
• IPSec VPNs Cisco ISR G2
• ISBN: 1-58714-369-0
http://www.amazon.com/End---End-QoS-Network-Design/dp/1587143690/
Recommended Reading
End-to-End QoS (v2)
Amazon.com
• ReleaseOverall
Date:Rating:
Jan 2014
“The best ever book on QoS on the market. Bravo to the author.”
• Page Count: 1040
“AWESOME RESUME OF QoS TECHNOLOGIES”
• Comprehensive QoS design
“I strongly recommend this book to anyone working with Cisco infrastructure.”
guidance for PINs and platforms:
“This book
• is an all-encompassing
Campus Catalystpresentation
3750/4500/6500
and tutorial on Cisco Quality of
Service (QoS)”
• WLAN WLC 5508 / Catalyst 3850 NGWC
“QoS is •intimidating; however, this
Data Center Nexusbook 1000V/2000/5500/7000
is a tremendous resource that will ease
your anxiety.”
• WAN & Branch Cisco ASR 1000 / ISR G2
“This book is kept in my cubicle and is already filled with highlights, notes in the
margin, •andMPLS VPN Cisco
many dog-eared pages.” ASR 9000 / CRS-3
• IPSec VPNs Cisco ISR G2
“QOS is often misunderstood, and he explains it very well. The explanations are
thorough to help understand each case”
• ISBN: 1-58714-369-0
http://www.amazon.com/End---End-QoS-Network-Design/dp/1587143690/
Participate in the “My Favorite Speaker” Contest
Promote Your Favorite Speaker and You Could Be a Winner
• Promote your favorite speaker through Twitter and you could win $200 of Cisco
Press products (@CiscoPress)
• Send a tweet and include
• Your favorite speaker’s Twitter handle @tim_szigeti
• Two hashtags: #CLUS #MyFavoriteSpeaker
• You can submit an entry for more than one of your “favorite” speakers
• Don’t forget to follow @CiscoLive and @CiscoPress
• View the official rules at http://bit.ly/CLUSwin
Complete Your Online Session Evaluation
• Please complete your Online
Session Evaluations after each
session
• Complete 4 Session Evaluations &
the Overall Conference Evaluation
(available from Thursday) to receive
your Cisco Live T-shirt
• All surveys can be completed via
the Cisco Live Mobile App or the
Don’t forget: Cisco Live sessions will be available
Communication Stations for viewing on-demand after the event at
CiscoLive.com/Online
Continue Your Education
• Demos in the Cisco campus
• Walk-in Self-Paced Labs
• Table Topics
• Meet the Engineer 1:1 meetings
• Related sessions
Thank You
Appendix
Catalyst 6500 Queuing Models
Catalyst 65xx-E / 6807-XL with Sup2T
Ingress & Egress Queueing Models
• Ingress Queue Structures
• 1Q8T CoS to Queue Mapping CoS-based Tail-Drop
• 8Q4T DSCP to Queue Mapping DSCP-based WRED
• 8Q8T CoS to Queue Mapping CoS-based WRED
• 1P7Q2T DSCP to Queue Mapping DSCP-based WRED
• Ingress & Egress Queue Structures

• 2P6Q4T DSCP to Queue Mapping DSCP-based WRED
• Egress Queue Structures

• 1P3Q8T CoS to Queue Mapping Cos-based WRED
• 1P3Q4T CoS to Queue Mapping CoS-based WRED
• 1P7Q4T DSCP to Queue Mapping DSCP-based WRED*
• 1P7Q8T CoS to Queue Mapping CoS-based WRED
* 1P7Q4T can be implementing as an alternate ingress queueing structure to 2P6Q4T on some linecards, but we have chosen to
implement the 2P6Q4T instead with Easy-Qos, as it is a superior queueing structure and consistent with the Catalyst 3650/3850.
1Q8T – Ingress Queueing
CoS to Queue Mapping
CoS-based Tail-Drop
1Q8T Ingress Queueing Linecards
• WS-X6704-10GE with CFC

• WS-X6724-SFP with CFC
• WS-X6748-SFP and WS-X6748-GE-TX with CFC
Cisco Catalyst 65xx-E/6807-XL with Sup2T
1Q8T Ingress Queuing Models—CoS-to-Queue Mapping with COS-based Tail-Drop
Application-Class DSCP CoS 1Q8T
Q1T8—100%
CoS 7
Internetwork Control CS6 CoS 6
Q1T7—95%
VoIP EF CoS 6
CoS 5
Broadcast Video CS5
Q1T6—90%
CoS 5
CoS 4
Q1T5—85%
Realtime Interactive CS4
CoS 4
CoS 3 Q1T4—80%
Signaling CS3 CoS 3
CoS 2 Q1T3—75% All noted thresholds are
Network Management CS2 CoS 2 tail-drop thresholds
Bulk Data AF1 Q1T2—70%

CoS 1 CoS 0
Scavenger CS1
Q1T1—65%
Best Effort DF CoS 0 CoS 1
Cisco Catalyst 65xx-E/6807-XL—1Q8T Ingress Model
policy-map type lan-queuing APIC_EM-QUEUING-1Q8T-IN

class class-default Un-configured CoS values default to
queue-limit cos 7 percent 100 threshold 8 which is 100%. May not
queue-limit cos 6 percent 95
need to configure the CoS 7 value, as
this should default to 100%.
However, it is shown here for
queue-limit cos 2 percent 75 completeness.
queue-limit cos 0 percent 70 Recommend to explicitly configure it.
Interface GigabitEthernet1/1
service-policy type lan-queuing input APIC_EM-QUEUING-1Q8T-IN
CoS-based Tail-Drop
• VS-S2T-10G and VS-S2T-10G-XL with Gigabit Ethernet ports enabled

• Applies to all ports on the Supervisor 2T
2Q4T Ingress Queuing Models—CoS-to-Queue Mapping
Network Control (CS7) CoS 7 Q2 40% BW

CoS 7
VoIP EF CoS 6
CoS 5
Broadcast Video CS5
CoS 5
CoS 4
CoS 4
CoS 3
Signaling CS3 CoS 3 Q1 60% BW
CoS 2
Network Management CS2 CoS 2
Bulk Data AF1

CoS 1 CoS 0
Scavenger CS1
2Q4T Ingress Queuing Models—CoS-to-Queue Mapping with CoS-based Tail-Drop
Q2T4—100%
CoS 7
Q2T3—95%
VoIP EF CoS 6
CoS 5
Broadcast Video CS5 Q2T2—90%
CoS 5
CoS 4 Q2 40% BW
Q2T1—85%
CoS 4
CoS 3 Q1T4—100%
CoS 2 Q1T3—95%
Network Management CS2 CoS 2 All noted thresholds are
tail-drop thresholds
Q1T2—90%
Bulk Data AF1
CoS 1 Cos 0
Scavenger CS1
Q1T1—85%
Best Effort DF CoS 0 CoS1
class-map type lan-queuing match-all APIC_EM-Q2-2Q4T-QUEUE
match cos 7 6 5 4
policy-map type lan-queuing APIC_EM-QUEUING-2Q4T-IN Un-configured CoS values

class APIC_EM-Q2-2Q4T-QUEUE default to threshold 8 which is
100%. May not need to
bandwidth percent 40 configure the CoS 7 or CoS 3
queue-limit cos 7 percent 100 values, as this should default to
queue-limit cos 6 percent 95 100%, but is shown here for
queue-limit cos 5 percent 90 completeness.
queue-limit cos 4 percent 85 Recommend explicitly
class class-default configuring thresholds however.
interface GigabitEthernet1/3/1
interface TenGigabitEthernet1/3/4
CoS-based Tail-Drop
• WS-X6724-SFP with DFC4/DFC4XL upgrade (WS-F6k-DFC4-A, WS-F6k-DFC4-AXL)
• WS-X6748-SFP and WS-X6748-GE-TX with DFC4/DFC4XL upgrade (WS-F6k-DFC4-
A, WS-F6k-DFC4-AXL)
• WS-X6824-SFP-2T and WS-X6824-SFP-2TXL
• WS-X6848-SFP-2T, WS-X6848-SFP-2TXL, WS-X6848-TX-2T and WS-X6848-TX-
2TXL
2Q8T Ingress Queuing Models—CoS-to-Queue Mapping
Network Control (CS7) CoS 7 Q2 40% BW

CoS 7
VoIP EF CoS 6
CoS 5
Broadcast Video CS5
CoS 5
CoS 4
CoS 4
CoS 3
CoS 2
Bulk Data AF1

CoS 1 CoS 0
Scavenger CS1
2Q8T Ingress Queuing Models—CoS-to-Queue Mapping with CoS-based Tail-Drop
Q2T4—100%
CoS 7
Q2T3—95%
VoIP EF CoS 6
CoS 5
Broadcast Video CS5 Q2T2—90%
CoS 5
CoS 4 Q2 40% BW
Q2T1—85%
CoS 4
CoS 3 Q1T4—100%
CoS 2 Q1T3—95%
All noted thresholds are
Q1T2—90% tail-drop thresholds
Bulk Data AF1
CoS 1 Cos 0
Scavenger CS1
Q1T1—85%
Best Effort DF CoS 0 CoS1
match cos 7 6 5 4
policy-map type lan-queuing APIC_EM-QUEUING-2Q8T-IN

class APIC_EM-Q2-2Q8T-QUEUE
bandwidth percent 40 Un-configured CoS values
queue-limit cos 7 percent 100 default to threshold 8 which is
queue-limit cos 6 percent 95 100%. May not need to
queue-limit cos 5 percent 90 configure the CoS 7 or CoS 3
queue-limit cos 4 percent 85 values, as this should default to
class class-default 100%.
queue-limit cos 2 percent 95 Recommend explicitly configuring
queue-limit cos 0 percent 90 thresholds
DSCP to Queue Mapping
DSCP-based WRED
• VS-S2T-10G, VS-S2T-10G-XL with Gigabit Ethernet ports disabled*

• WS-X6908-10G-2T, WS-X6908-10G-2TXL
• WS-X6816-10T-2T, WS-X6816-10T-2TXL, WS-X6816-10G-2T, WS-X6816-
10G-2TXL in performance mode
• WS-X6716-10G-3C, WS-X6716-10G-3CXL, WS-X6716-10T-3C, WS-X6716-
10T-3CXL with a DFC4 or DFC4XL upgrade (WS-F6k-DFC4-E, WS-F6k-
DFC4-EXL) in performance mode)
* Potentially similar behavior with the Sup2T ports as seen in slides #25 & #26
How to Disable or Display the State of GigabitEthernet
Interfaces on the Sup2T
o23-6500-1(config)#platform qos 10g-only Global command disables GigabitEthernet interfaces on the
Sup2T.
o23-6500-1#show platform qos module 3

QoS is enabled globally
Port QoS is enabled globally
QoS serial policing mode enabled globally
Global command to show whether the
Distributed Policing is Disabled GigabitEthernet interfaces on the Sup2T
Secondary PUPs are enabled are enabled or disabled
QoS Trust state is DSCP on the following interface:
EO0/2 Gi1/1 Gi1/2 Gi1/3 Gi1/4 Gi1/5 Gi1/6 Gi1/7 Gi1/8 Gi1/9
Gi1/10 Gi1/11 Gi1/12 Gi1/13 Gi1/14 Gi1/15 Gi1/16 Gi1/17 Gi1/18 Gi1/19
Gi1/40 Gi1/41 Gi1/42 Gi1/43 Gi1/44 Gi1/45 Gi1/46 Gi1/47 Gi1/48 Te2/1
Te2/2 Te2/3 Te2/4 Te2/5 Te2/6 Te2/7 Te2/8 Gi3/1 Gi3/2 Gi3/3
Te3/4 Te3/5 Te5/1 Te5/2 Te5/3 Te5/4 Te5/5 Te5/6 Te5/7 Te5/8
Te5/9 Te5/10 Te5/11 Te5/12 Te5/13 Te5/14 Te5/15 Te5/16 Te6/1 Te6/2
Te6/3 Te6/4 CPP CPP.1 Vl1 GigabitEthernet interfaces on the
QoS 10g-only mode supported: Yes [Current mode: Off] Sup2T are currently enabled
Global Policy-map: ingress[]
How to Enable or Display Performance Mode on Linecards
Global command enables
performance mode on a port
o23-6500-1(config)#no hw-module slot 5 oversubscription port-group 4 group of a linecard
o23-6500-1#show hw-module slot 5

oversubscription
port-group oversubscription-mode
1 enabled
2 enabled
3 enabled
4 disabled
Global command to show whether the
oversubscription is enabled or disabled
(performance mode) per port group of a
linecard
8Q4T Ingress Queuing Models—DSCP-to-Queue Mapping
8Q4T
Application-Class DSCP
EF Realtime Queue
Network Control (CS7) CS5 (10% BW)
CS4
CS7
VoIP EF
CS6 Control Queue
Broadcast Video CS5 CS3 (10% BW)
CS2
AF4
Realtime Interactive CS4 Multimedia-Conferencing Queue
(20% BW + DSCP-WRED)
AF3 Multimedia-Streaming Queue
Signaling CS3 (20% BW + DSCP-WRED)
Transactional Data AF2 AF2 Transactional Data Queue

AF1 Bulk Data Queue
Bulk Data AF1 (4% BW + DSCP-WRED)
Scavenger CS1 CS1 Scavenger Queue (1% BW)
Best Effort DF Default Queue

DF
8Q4T
8Q4T Ingress Queuing Models—
EF
DSCP-to-Queue with DSCP-WRED CS5
Realtime Queue All noted thresholds are
(10% BW) Min WRED thresholds
Application-Class DSCP CS4
Network Control (CS7) CS7 All max WRED thresholds

CS6 Control-Plane Queue Are set to 100%
Internetwork Control CS6 CS3 (10% BW)
CS2
VoIP EF
AF41 Q6T3—80%
Broadcast Video CS5 Multimedia-Conferencing Queue
AF42 Q6T2—70% (20% BW + DSCP-WRED)
Multimedia Conferencing AF4 AF43
Q6T1—60%
Q5T3—80% Multimedia-Streaming Queue
AF31
Multimedia Streaming AF3 AF32 (20% BW + DSCP-WRED)
Q5T2—70%
AF33
Signaling CS3 Q5T1—60%
Transactional Data AF2 AF21 Q4T3—80%

AF22 Q4T2—70% Transactional Data Queue
Network Management CS2 AF23 Q4T1—60%
Bulk Data AF1 AF11 Q3T3—80%

AF12 Q3T2—70% Bulk Data Queue
Scavenger CS1 (4% BW + DSCP-WRED)
AF13 Q3T1—60%
Best Effort DF
CS1 Scavenger Queue (1% BW)
DF Default Queue
(25% BW + ©DSCP-WRED)
2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 223
Cisco Catalyst 65xx-E/6807-XL —8Q4T Ingress Model
class-map type lan-queuing match-all APIC_EM-REALTIME-8Q4T-QUEUE
match dscp cs4 cs5 ef
class-map type lan-queuing match-all APIC_EM-CONTROL-8Q4T-QUEUE
class-map type lan-queuing match-all APIC_EM-MM_CONF-8Q4T-QUEUE
class-map type lan-queuing match-all APIC_EM-MM_STREAM-8Q4T-QUEUE
class-map type lan-queuing match-all APIC_EM-TRANS_DATA-8Q4T-QUEUE
class-map type lan-queuing match-all APIC_EM-BULK_DATA-8Q4T-QUEUE
class-map type lan-queuing match-all APIC_EM-SCAVENGER-8Q4T-QUEUE
match dscp cs1
policy-map type lan-queuing APIC_EM-QUEUEING-8Q4T-IN
class APIC_EM-REALTIME-8Q4T-QUEUE
class APIC_EM-CONTROL-8Q4T-QUEUE
class APIC_EM-MM_CONF-8Q4T-QUEUE
class APIC_EM-MM_STREAM-8Q4T-QUEUE
[continued]
class APIC_EM-TRANS_DATA-8Q4T-QUEUE
class APIC_EM-BULK_DATA-8Q4T-QUEUE
bandwidth percent 4
class APIC_EM-SCAVENGER-8Q4T-QUEUE
bandwidth percent 1
class class-default
service-policy type lan-queuing input APIC_EM-QUEUEING-8Q4T-IN
CoS-based Tail-Drop
• WS-X6704-10GE supported with a DFC4/DFC4XL upgrade
(WS-F6k-DFC4-A, WS-F6k-DFC4-AXL)
o23-6500-1#show module
Mod Ports Card Type Model Serial No.
--- ----- -------------------------------------- ------------------ -----------
1 48 CEF720 48 port 10/100/1000mb Ethernet WS-X6748-GE-TX SAL10478SWP
2 8 DCEF2T 8 port 10GE WS-X6908-10G SAL172682AK
3 5 Supervisor Engine 2T 10GE w/ CTS (Acti VS-SUP2T-10G SAL1702WNR0
5 16 CEF720 16 port 10GE WS-X6716-10GE SAL1228WYB7
6 4 CEF720 4 port 10-Gigabit Ethernet WS-X6704-10GE SAL15013XBH
Mod Sub-Module Model Serial Hw Status

---- --------------------------- ------------------ ----------- ------- -------
1 Centralized Forwarding Card WS-F6700-CFC SAD074308C9 1.1 Ok
2 Distributed Forwarding Card WS-F6K-DFC4-E SAL17152T2R 1.2 Ok
3 Policy Feature Card 4 VS-F6K-PFC4 SAL1638N3R3 1.2 Ok
3 CPU Daughterboard VS-F6K-MSFC5 SAL1702WNG1 1.5 Ok
5 Distributed Forwarding Card WS-F6K-DFC4-E SAL1541SQHX 1.1 Ok
6 Centralized Forwarding Card WS-F6700-CFC SAL1518CRZ3 4.1 PwrDown
8Q8T Ingress Queuing Models—CoS-to-Queue Mapping with COS-based WRED
8Q8T
Application-Class DSCP CoS
Network Control (CS7) CoS 7 Q8-VoIP-Broadcast Queue

CoS 5 (10% BW )
CoS 7 Q7-Network Control Queue
VoIP EF (5% BW)
CoS 5
Broadcast Video CS5
Q6-Internetwork Control Queue
Multimedia Conferencing AF4 CoS 6 (5% BW)
CoS 4
Realtime Interactive CS4 Q5-Multimedia-Realtime Queue
CoS 4 (20% BW)
CoS 3
Signaling CS3 Q4-Streaming-Signaling Queue
CoS 3 (20% BW)
CoS 2 Q3-Transactional-Management Queue
Network Management CS2 CoS 2 (10% BW)
Bulk Data AF1

CoS 1 Q2-Bulk-Scavenger Queue
Scavenger CS1 CoS 1 (5% BW)
Best Effort DF CoS 0 Q1-Default Queue

CoS 0 (25% BW)
match cos 7
Class-map type lan-queuing match-all APIC_EM-Q7-8Q8T-QUEUE
match cos 6
match cos 5
match cos 4
match cos 3
match cos 2
match cos 1
policy-map type lan-queuing APIC_EM-QUEUEING-8Q8T-IN
bandwidth percent 5
bandwidth percent 5
bandwidth percent 5
class class-default
service-policy type lan-queuing input APIC_EM-QUEUEING-8Q8T-IN
1P7Q2T – Ingress Queueing
DSCP-based WRED
1P7Q2T Ingress Queueing Linecards

DFC4-EXL) in oversubscription mode
10G-2TXL in oversubscription mode
1P7Q2T Ingress Queuing Models—DSCP-to-Queue
Mapping 1P7Q2T
Application-Class DSCP EF
Realtime Queue
CS5 (Priority)
Network Control (CS7)
CS4
CS7
VoIP EF CS6 Control Plane Queue
CS3 (10% BWR)
Broadcast Video CS5 CS2
AF4
Signaling CS3

AF1 Bulk Data Queue
Bulk Data AF1 (9% BWR + DSCP-WRED)
Scavenger CS1 Scavenger Queue (1% BW)

CS1
DF (30% BWR + DSCP-WRED)
Cisco Catalyst 65xx-E/6807-XL with Sup2T 1P7Q2T
1P7Q2T Ingress Queuing Models—DSCP-
EF
to-Queue Mapping (DSCP-WRED) CS5
Realtime Queue All noted thresholds are
(Priority) Min WRED thresholds
All max WRED thresholds
Network Control (CS7) CS7 Are set to 100%
CS6 Control Plane Queue
Internetwork Control CS6 CS3 (10% BWR)
CS2
VoIP EF
AF41 Q6T2—80%
Broadcast Video CS5 Multimedia-Conferencing Queue
AF42 (20% BWR + DSCP-WRED)
Multimedia Conferencing AF4 AF43 Q6T1—70%

Q5T2—80% Multimedia-Streaming Queue
AF31
Multimedia Streaming AF3 AF32 (15% BWR + DSCP-WRED)
AF33 Q5T1—70%
Signaling CS3

AF22 Transactional Data Queue
Q4T1—70% (15% BWR + DSCP-WRED)

AF12 Bulk Data Queue
Scavenger CS1 Q3T1—70% (9% BWR + DSCP-WRED)
AF13
Best Effort DF
CS1 Scavenger Queue (1% BW)
DF Default Queue
(30% BWR +© DSCP-WRED)
2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 235
Cisco Catalyst 65xx-E/6807-XL - 1P7Q2T Ingress Model
class-map type lan-queuing match-all APIC_EM-REALTIME-1P7Q2T-QUEUE
class-map type lan-queuing match-all APIC_EM-CONTROL-1P7Q2T-QUEUE
class-map type lan-queuing match-all APIC_EM-MM_CONF-1P7Q2T-QUEUE
class-map type lan-queuing match-all APIC_EM-MM_STREAM-1P7Q2T-QUEUE
class-map type lan-queuing match-all APIC_EM-TRANS_DATA-1P7Q2T-QUEU
class-map type lan-queuing match-all APIC_EM-BULK_DATA-1P7Q2T-QUEUE
class-map type lan-queuing match-all APIC_EM-SCAVENGER-1P7Q2T-QUEUE
match dscp cs1
Cisco Catalyst 65xx-E/6807-XL —1P7Q2T Ingress Model
policy-map type lan-queuing APIC_EM-QUEUEING-1P7Q2T-IN

class APIC_EM-REALTIME-1P7Q2T-QUEUE
priority
class APIC_EM-CONTROL-1P7Q2T-QUEUE
class APIC_EM-MM_CONF-1P7Q2T-QUEUE
class APIC_EM-MM_STREAM-1P7Q2T-QUEUE
Cisco Catalyst 65xx-E/6807-XL - 1P7Q2T Ingress Model
[continued]
class APIC_EM-TRANS_DATA-1P7Q2T-QUEU
class APIC_EM-BULK_DATA-1P7Q2T-QUEUE
class APIC_EM-SCAVENGER-1P7Q2T-QUEUE
class class-default
service-policy type lan-queuing input APIC_EM-QUEUEING-1P7Q2T-IN
2P6Q4T Ingress & Egress
Queueing
DSCP-based WRED
2P6Q4T Ingress Queueing Linecards
• WS-X6904-40G-2T and WS-X6904-40G-2TXL

• C6800-8P10G, C6800-8P10G-XL
• C6800-16P10G, C6800-16P10G-XL
• C6800-32P10G, C6800-32P10G-XL
2P6Q4T (Ingress & Egress Queuing Models—DSCP-to-Queue)
Application-Class DSCP 2P6Q4T
Network Control (CS7) Voice-PQ1
EF (Priority Level 1)
CS4
VoIP EF CS5 Video-PQ2
(Priority Level 2)
Broadcast Video CS5 AF4
Multimedia Conferencing AF4 CS7 & CS6 Control Plane Queue

CS3 & CS2 (10% BWR)
Multimedia Streaming AF3 Multimedia-Streaming Queue

Signaling CS3
Transactional Data Queue
Transactional Data AF2 AF2 (20% BWR + DSCP-WRED)
Network Management CS2 Bulk Data Queue

Bulk Data AF1
Scavenger Queue
CS1 (1% BWR + DSCP-WRED)
Scavenger CS1
DF Default Queue
Best Effort DF (35% BWR + WRED)
2P6Q4T (Ingress & Egress Queuing Models—
2P6Q4T
DSCP-to-Queue with DSCP WRED
Voice-PQ1
EF (Priority Level 1)
Application-Class DSCP
CS4
Network Control (CS7) Video-PQ2
CS5
(Priority Level 2)
Internetwork Control CS6 AF4
VoIP EF
CS7 & CS6 Control Plane Queue
Broadcast Video CS5 CS3 & CS2 (10% BWR)
Multimedia Conferencing AF4 Q4T3—80%

Realtime Interactive CS4 AF32 Q4T2—70% (20% BWR + DSCP-WRED)
AF33 Q4T1—60%
Signaling CS3 AF22 Q3T2—70% (20% BWR + DSCP-WRED)
Q2T3—80%
Bulk Data Queue
AF12 Q2T2—70%
Bulk Data AF1 AF13
CS1 Q2T1—60%
Scavenger CS1 Scavenger Queue

CS1 (1% BWR )
DF
(35% BWR + WRED)
Cisco Catalyst 65xx-E/6807-XL—2P6Q4T Model
Part 1 of 3—Common Ingress & Egress Queuing Class-Maps
class-map type lan-queuing match-all APIC_EM-VOICE-2P6Q4T-PQ1
match dscp ef
class-map type lan-queuing match-all APIC_EM-VIDEO-2P6Q4T-PQ2
match dscp cs4 cs5 af41 af42 af43
class-map type lan-queuing match-all APIC_EM-TRANS_DATA-2P6Q4T-QUEUE
class-map type lan-queuing match-all APIC_EM-BULK_DATA-2P6Q4T-QUEUE
class-map type lan-queuing match-all APIC_EM-SCAVENGER-2P6Q4T-QUEUE
match dscp cs1
Part 2 of 3—2P6Q4T Queuing Policy-Map
policy-map type lan-queuing APIC_EM-QUEUING-2P6Q4T
class APIC_EM-VOICE-2P6Q4T-PQ1
priority level 1
class APIC_EM-VIDEO-2P6Q4T-PQ2
priority level 2
class APIC_EM-TRANS_DATA-2P6Q4T-QUEUE
Part 3 of 3—2P6Q4T Queuing Policy-Map (continued)
[continued]
class APIC_EM-BULK_DATA-2P6Q4T-QUEUE
class APIC_EM-SCAVENGER-2P6Q4T-QUEUE
class class-default
service-policy type lan-queuing input APIC_EM-QUEUEING-2P6Q4T
service-policy type lan-queuing output APIC_EM-QUEUEING-2P6Q4T
1P3Q8T – Egress Queueing
CoS-based Tail-Drop
1P3Q8T Egress Queueing Linecards
• WS-X6724-SFP, WS-X6748-SFP and WS-X6748-GE-TX with CFC
• WS-X6724-SFP, WS-X6748-SFP, and WS-X6748-GE-TX with a DFC4 or
DFC4XL upgrade (WS-F6k-DFC4-A, WS-F6k-DFC4-AXL)
• WS-X6824-SFP-2T and WS-X6824-SFP-2TXL
• WS-X6848-SFP-2T, WS-X6848-SFP-2TXL, WS-X6848-TX-2T and WS-
X6848-TX-2TXL
1P3Q8T Egress Queuing Models—CoS-to-Queue Mapping
1P3Q8T
Network Control (CS7) CoS 7 CoS 5

Realtime Queue
Internetwork Control CS6 CoS 6 (Priority)
CoS 4
VoIP EF
CoS 5
Broadcast Video CS5 CoS 7 Control Plane Queue
CoS 6 (10% BWR)
CoS 4
CoS 3
CoS 3 Transactional Data Queue
Signaling CS3 CoS 2 (45% BWR + COS-WRED)
CoS 2
Bulk Data AF1 CoS 0

CoS 1
Scavenger CS1 Default Queue
(45% BWR + COS WRED)
1P3Q8T Egress Queuing Models—CoS-to-Queue Mapping with CoS-WRED
1P3Q8T

Realtime Queue
CoS 4
VoIP EF
CoS 5
CoS 6 (10% BWR)
CoS 4
CoS 3 Q2T2—80%
Transactional Data AF2 Q2T1—70%
CoS 2 All noted thresholds are
Network Management CS2 Min WRED thresholds
Q2T2—80%
Bulk Data AF1 CoS 0
CoS 1 All max WRED thresholds
Are set to 100%
Q2T1—70%
Cisco Catalyst 65xx-E/6807-XL—1P3Q8T Egress Model

match cos 4 5
match cos 6 7
match cos 2 3
Cisco Catalyst 65xx-E/6807-XL —1P3Q8T Egress Model
policy-map type lan-queuing APIC_EM-QUEUING-1P3Q8T-OUT

priority
random-detect cos-based
random-detect cos 3 percent 80 100
class class-default
service-policy type lan-queuing output APIC_EM-QUEUING-1P3Q8T-OUT
CoS-based Tail-Drop
• VS-S2T-10G and VS-S2T-10G-XL with Gigabit Ethernet ports enabled
1P3Q4T Egress Queuing Models—CoS-to-Queue Mapping
1P3Q4T

Realtime Queue
CoS 4
VoIP EF
CoS 5
CoS 6 (10% BWR)
CoS 4
CoS 3
CoS 2
Bulk Data AF1 CoS 0

CoS 1
1P3Q4T Egress Queuing Models—CoS-to-Queue Mapping with CoS WRED
1P3Q4T

Realtime Queue
CoS 4
VoIP EF
CoS 5
CoS 6 (10% BWR)
CoS 4
CoS 3 Q2T2—80%
Transactional Data AF2 Q2T1—70%
CoS 2 All noted thresholds are
Network Management CS2 Min WRED thresholds
Q2T2—80%
Bulk Data AF1 CoS 0
CoS 1 All max WRED thresholds
Are set to 100%
Q2T1—70%

match cos 4 5
match cos 6 7
match cos 2 3

priority
class class-default
1P7Q4T –Egress Queueing
DSCP-based WRED

DFC4-EXL) in performance or oversubscription mode
10G-2TXL in performance or oversubscription mode
• WS-X6908-10G-2T and WS-X6908-10G-2TXL
1P7Q4T Egress Queuing Models—DSCP-to-Queue Mapping
1P7Q4T
Application-Class DSCP EF
Realtime Queue
CS5 (Priority)
Network Control (CS7)
CS4
CS7
VoIP EF CS6 Control Plane Queue
CS3 (10% BWR)
Broadcast Video CS5 CS2
AF4
Signaling CS3

AF1 Bulk Data Queue
Bulk Data AF1 (9% BWR + DSCP-WRED)
Scavenger CS1 Scavenger Queue (1% BW)

CS1
DF (30% BWR + DSCP-WRED)
1P7Q4T
1P7Q4T Egress Queuing Models—
EF
DSCP-to-Queue with DSCP-WRED CS5 Realtime Queue
(Priority) All noted thresholds are
Min WRED thresholds
Network Control (CS7) CS7 All max WRED thresholds

CS6 Control Queue Are set to 100%
Internetwork Control CS6 CS3 (10% BWR)
CS2
VoIP EF
Broadcast Video CS5 AF41 Q6T3—80%

Multimedia-Conferencing Queue
AF42 Q6T2—70% (20% BWR + DSCP-WRED)
Multimedia Conferencing AF4 AF43 Q6T1—60%

AF31 Q5T3—80% Multimedia-Streaming Queue
Multimedia Streaming AF3 AF32 Q5T2—70% (15% BWR + DSCP-WRED)
AF33 Q5T1—60%
Signaling CS3

Network Management CS2 AF23 Q4T1—60%

AF12 Q3T2—70% Bulk Data Queue
Scavenger CS1 (9% BWR + DSCP-WRED)
AF13 Q3T1—60%
Best Effort DF
CS1 Scavenger Queue (1% BWR)
DF Default Queue

class-map type lan-queuing match-all APIC_EM-MM_CONF-1P7Q4T-QUEUE
class-map type lan-queuing match-all APIC_EM_TRANS_DATA-1P7Q4T-QUEUE
class-map type lan-queuing match-all APIC_EM_BULK_DATA-1P7Q4T-QUEUE
class-map type lan-queuing match-all APIC_EM_SCAVENGER-1P7Q4T-QUEUE
match dscp cs1
priority
class APIC_EM-MM_CONF-1P7Q4T-QUEUE
[continued]
class APIC_EM_TRANS_DATA-1P7Q4T-QUEUE
class APIC_EM_BULK_DATA-1P7Q4T-QUEUE
class APIC_EM_SCAVENGER-1P7Q4T-QUEUE
class class-default
CoS-based Tail-Drop
• WS-X6704-10GE with CFC

• WS-X6704-10GE with a DFC4 or DFC4XL upgrade (WS-F6k-DFC4-A, WS-
F6k-DFC4-AXL)
1P7Q8T Egress Queuing Models—CoS-to-Queue Mapping with COS-based WRED
1P7Q8T
Network Control (CS7) CoS 7 Q8-VoIP-Broadcast Queue

CoS 5 (Priority)
VoIP EF CoS 7 Q7 - Network Control Queue

(5% BWR)
CoS 5
Broadcast Video CS5
Q6 - Internetwork Control Queue
Multimedia Conferencing AF4 CoS 6 (5% BWR)
CoS 4
Realtime Interactive CS4 Q5 - Multimedia-Realtime Queue
(20% BWR)
Multimedia Streaming AF3 CoS 4
CoS 3
Signaling CS3 Q4 - Streaming-Signaling Queue
(20% BWR)
CoS 3
CoS 2 Q3-Transactional-Management Queue
Network Management CS2 CoS 2 (10% BWR)
Bulk Data AF1

CoS 1 Q2 - Bulk-Scavenger Queue
Scavenger CS1 CoS 1 (10% BWR)
Best Effort DF CoS 0 Default Queue

CoS 0 (30% BWR)
class-map type lan-queuing match-all APIC_EM-Q8-1P7Q8T-QUEUE

match cos 7
match cos 6
match cos 5
match cos 4
match cos 3
match cos 2
match cos 1

class APIC_EM-Q8-1P7Q8T-QUEUE
priority
class class-default
Q&A
Thank You

BRKCRS 2501 PDF

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

BRKCRS 2501 PDF

Uploaded by

Copyright:

Available Formats

Campus QoS Design-Simplified

Tim Szigeti, Principal Engineer - Technical Marketing

• What are we doing to make this simpler?

BRKRST-2056: The QoS Paradigm Shift

• The primary role of QoS in campus networks is to manage packet loss

2,073,600 pixels per frame

x 24 bits of color per pixel

x 60 frames per second

600 Audio 600

*Assuming (4) equal-sized queues

*Assuming (8) equal-sized queues

• Nexus 7000/7700 use NX-OS QoS

Trust Boundaries Untrusted / User-Administered Devices

The trust boundary is the edge where

Physical Ports Physical Ports

Policy map is applied to the interface gig 1/1-48

DVLAN policy map is applied Trunked Physical Ports

SMB Commercial Enterprise Service Provider

Measured on EMIX (SFR) benchmark NBAR2 Protocol-Discovery runs in Line Rate

• Application visibility end-to-end in the network

IP Address PTR App-ID App-Class Business-

1) Client requests a DNS Lookup

1) Client requests a DNS Lookup

1) Client requests a DNS Lookup

1) Client requests a DNS Lookup

IP Address PTR App-ID App-Class Business-

(if required and supported)

Red Minimum WTD Threshold 1:

Yellow Minimum WTD Threshold 2:

Tail of Queue is WTD Threshold 3

AF12 Minimum WRED Threshold:

AF11 Minimum WRED Threshold:

• What are we doing to make this simpler?

Trust-CoS Model Example:

Trust-DSCP Model Example:

Conditional-Trust Model Example:

Conditional Trust Policy to a Cisco IP Phone:

Except for CoS 5 which is explicitly mapped to DSCP 46

Network Control (CS7) AF1 Q4T2

VoIP EF Default Queue

Multimedia Conferencing AF4 CS7 Q2T3

Realtime Interactive CS4 CS6

Multimedia Streaming AF3 CS3 Q2T2

Network Management CS2 AF2

! This section configures egress buffers and thresholds

! This section configures interface egress queuing parameters

Enables the PQ Allocates bandwidth to each queue by means of a WRR weight.

Platform QoS Policies Applied to the QoS Policies Applied to the

• What are we doing to make this simpler?

Wireless Per-Port / Per-SSID / Per-Client Policies:

• ACL-based classification: match access-group ACL_NAME

• NBAR2 classification (IOS XE 16.3+): match protocol APPLICATION

! This section attaches the service-policy

! This section attaches the service-policy

Inclusion of the client keyword applies

interface GigabitEthernet 1/0/1

2P6Q3T Example PQ2

Application DSCP 2P6Q3T BWR =

Best Effort DF DF Q1 (BWR 25%)

queue-softmax-multiplier 1200 IOS: 15.2(2)E3 / IOS XE: 3.6.3E

Key Takeaways: 1000% Increase in buffering capacity of Real-Time Queues

Only the Hierarchical Shaping policy is

Platform QoS Policies Applied to the QoS Policies Applied to the