Вы находитесь на странице: 1из 23

10/6/2017

Class Of Service | Darren's Blog

Google Engineer. Dual CCIE #38070. JNCIE-SP #2227

Tag: class of service

Brad Fleming from Kanren gave me remote access to a lab MX5 router in order

to do the Junos section of this port for when I am very grateful!

There are many di erent needs for H-QoS and may di erent ways to con gure it. I’m going to be going over one particular use case for H-QoS in which I use on a daily basis. More so than any other type of QoS, H-QoS is very hardware speci c. Even line-card speci c. In this post I’ll be using a Juniper MX5 and a Cisco ME3600X, both which allow me to do H-QoS on their gig ports.

My use case is as follows. Core gig ports are not cheap. ‘Revenue ports’ as ISPs like to call them. Most core kit has a load of gig ports, some 10Gb ports and maybe 40Gb/100Gb ports.

Not all customers want 1 gig link. Some want 10Mb, others 50Mb, some 300Mb. Heck some only want 4Mb. In order not to waste precious revenue ports, these circuits are aggregated into a single physical gig port. i.e. we can put 10 X 100Mb circuits onto a single gig link.

The bigggest problem with doing this is that it gets di cult to give QoS outbound back to the customer unless your hardware can do H-QoS. Let’s take the following port diagram as an example:

10/6/2017

Class Of Service | Darren's Blog

10/6/2017 Class Of Service | Darren's Blog The physical port is 1Gb. Here I have two

The physical port is 1Gb. Here I have two customer circuits attached. Customer

A is paying for 20Mb while Customer B is paying for 70Mb. Not only do I want

to shape their respective queues, I also want to give 30% priority bandwidth to

each customer, inside each queue. So I need to shape vlan 2000 to 20Mb, and

inside that 20Mb ensure 30% is given to EF packets.

IOS

In IOS I create the child and parent policies.

policy-map 30_70 class EF priority police cir percent 30 conform-action transmit exceed-action drop class class-default queue-limit percent 100

!

policy-map 20Mb class class-default shape average 20000000 service-policy 30_70

!

policy-map 70Mb class class-default shape average 70000000 service-policy 30_70

10/6/2017

Class Of Service | Darren's Blog

Each policy can then attach to an EVC outbound on a physical port:

ME3600X#sh run int gi0/1 Building configuration

Current configuration : 674 bytes

!

interface GigabitEthernet0/1 switchport trunk allowed vlan none switchport mode trunk mtu 9800 service instance 1 ethernet description CUSTOMER1 encapsulation dot1q 2000 rewrite ingress tag pop 1 symmetric service-policy output 20Mb bridge-domain 150

!

service instance 2 ethernet description CUSTOMER2 encapsulation dot1q 2001 rewrite ingress tag pop 1 symmetric service-policy output 70Mb bridge-domain 150

!

end

JUNOS

H-QoS on Junos is done using a tra c-control pro le. This allows you to shape

to a speci c rate, attach a scheduler inside that pro le, and attach that pro le

to an interface.

First let’s create our schedulers and scheduler-map:

darreno> show configuration class-of-service schedulers EF {

transmit-rate { percent 30; exact;

}

priority high;

10/6/2017

Class Of Service | Darren's Blog

}

BE {

 

transmit-rate { remainder;

}

}

darreno> show configuration class-of-service scheduler-maps OUTBOUND { forwarding-class expedited-forwarding scheduler EF; forwarding-class best-effort scheduler BE;

}

Now we create our tra c pro les and attach the above scheduler-map to it;

darreno> show configuration class-of-service traffic-control-profiles 20Mb { scheduler-map OUTBOUND; shaping-rate 20m; 70Mb { scheduler-map OUTBOUND; shaping-rate 70m;

}

Attach the pro le to the interface under class-of-service:

darreno> show configuration class-of-service interfaces ge-1/0/0 { unit 2000 { output-traffic-control-profile 20Mb;

}

unit 2001 { output-traffic-control-profile 70Mb;

}

}

Note that you need to con gure hierarchical-scheduler under the interface

itself:

10/6/2017

Class Of Service | Darren's Blog

darreno> show configuration interfaces ge-1/0/0 hierarchical-scheduler; vlan-tagging;

unit 2000 { description "Customer 1"; vlan-id 2000;

}

unit 2001 { description "Customer 2"; vlan-id 2001;

}

VERIFICATION

IOS still has much better veri cation than Junos. I don’t know why Junos makes

it so di cult to view this kind of information. When using service instances in

IOS as above, the veri cation command has changed a bit, somewhat

annoyingly.

ME3600X#sh ethernet service instance policy-map GigabitEthernet0/1: EFP 1

Service-policy output: 20Mb

Class-map: class-default (match-any) 578 packets, 45186 bytes 5 minute offered rate 1000 bps, drop rate 0000 bps Match: any Traffic Shaping Average Rate Traffic Shaping Shape 20000 (kbps) Output Queue:

Default Queue-limit 49152 bytes Tail Packets Drop: 0 Tail Bytes Drop: 0

Service-policy : 30_70

Class-map: EF (match-all)

0

packets, 0 bytes

5

minute offered rate 0000 bps, drop rate 0000 bps

10/6/2017

Class Of Service | Darren's Blog

Match:

Strict Priority police:

cir percent 30 % bc 250 ms cir 6000000 bps, bc 187500 bytes conform-action transmit exceed-action drop conform: 0 (packets) 0 (bytes) exceed: 0 (packets) 0 (bytes) conform: 0 bps, exceed: 0 bps Queue-limit current-queue-depth 0 bytes Output Queue:

dscp ef (46)

Default Queue-limit 49152 bytes Tail Packets Drop: 0 Tail Bytes Drop: 0

Class-map: class-default (match-any) 578 packets, 45186 bytes

5 minute offered rate 1000 bps, drop rate 0000 bps Match: any Queue-limit 100 percent Queue-limit current-queue-depth 0 bytes Output Queue:

Default Queue-limit 49152 bytes Tail Packets Drop: 0 Tail Bytes Drop: 0 GigabitEthernet0/1: EFP 2

Service-policy output: 70Mb

Class-map: class-default (match-any) 501 packets, 39092 bytes 5 minute offered rate 2000 bps, drop rate 0000 bps Match: any Traffic Shaping Average Rate Traffic Shaping Shape 70000 (kbps) Output Queue:

Default Queue-limit 49152 bytes Tail Packets Drop: 0 Tail Bytes Drop: 0

Service-policy : 30_70

Class-map: EF (match-all)

0

packets, 0 bytes

5

minute offered rate 0000 bps, drop rate 0000 bps

Match:

Strict Priority

dscp ef (46)

10/6/2017

Class Of Service | Darren's Blog

police:

cir percent 30 % bc 250 ms cir 21000000 bps, bc 656250 bytes conform-action transmit exceed-action drop conform: 0 (packets) 0 (bytes) exceed: 0 (packets) 0 (bytes) conform: 0 bps, exceed: 0 bps Queue-limit current-queue-depth 0 bytes Output Queue:

Default Queue-limit 49152 bytes Tail Packets Drop: 0 Tail Bytes Drop: 0

Class-map: class-default (match-any) 501 packets, 39092 bytes 5 minute offered rate 2000 bps, drop rate 0000 bps Match: any Queue-limit 100 percent Queue-limit current-queue-depth 0 bytes Output Queue:

Default Queue-limit 49152 bytes Tail Packets Drop: 0 Tail Bytes Drop: 0

/

/

An ethernet physical port can only run at certain speeds. i.e. 10/100/1Gb/etc –

Often customer will purchase a sublevel of bandwidth on that bearer speed. For

example Customer A wants to buy 30Mb of bandwidth. You can’t run the

physicla ports at 30Mb, so the ISP will have the interface run at 100Mb and

police inbound at 30Mb.

10/6/2017

Class Of Service | Darren's Blog

This makes QoS jus a little more complicated. All the ratios we’ve used in the

past will ratio themselves at the WAN port’s physical speed. Also the router will

not know that if 40Mb of burst comes from the LAN, that the actual bandwidth

is only 30Mb.

comes from the LAN, that the actual bandwidth is only 30Mb. In this case, you need

In this case, you need to rst shape all tra c to 30Mb, and then inside that

shaped queue give priory bandwidth to voice etc

IOS

IOS uses the concept of parent/child policy maps. The parent will shape the

queue, while the child policy attached will give each queue their respective

bandwidths and priority.

policy-map PARENT class class-default shape average 30000000 service-policy CHILD

!

policy-map CHILD class EF priority percent 10 police cir percent 10 conform-action transmit exceed-action drop class class-default bandwidth remaining percent 100

!

interface FastEthernet0/0 ip address 10.0.0.1 255.255.255.0 service-policy output PARENT

10/6/2017

Class Of Service | Darren's Blog

In this policy the parent policy creates a queue with a bandwidth limit of 30Mb.

Inside that policy rests another that gives EF packets 10 percent of priority

bandwidth of that initial 30Mb queue. I’m also policing that queue as I don’t

want the priority queue to starve other tra c. All other tra c gets 90-100% of

the bandwidth, depending on how much priority tra c is in the queue at any

one time.

JUNOS

As with most QoS topics, the following con guration is quite hardware speci c.

I’ve done the following on an SRX210H. Your con guration might change when

doing the same sort of thing on a M/MX/DC SRX/etc so YMMV.

Create the schedulers:

darreno@JR2> show configuration class-of-service schedulers EF10 { transmit-rate { percent 10; exact;

}

}

BE_REST { transmit-rate { remainder {

}

}

}

100;

Put the above schedulers into a schedule-map:

darreno@JR2> show configuration class-of-service scheduler-maps SCHEDULE { forwarding-class expedited-forwarding scheduler EF10; forwarding-class best-effort scheduler BE_REST;

}

10/6/2017

Class Of Service | Darren's Blog

Finally apply that map to the interface under class-of-service and con gure the

interface shape rate:

darreno@JR2> show configuration class-of-service interfaces ge-0/0/1 unit 2001 { scheduler-map SCHEDULE; shaping-rate 30m;

}

In order for the above to work I need to con gure per-unit-scheduler on the

physical interface:

darreno@JR2> show configuration interfaces ge-0/0/1 per-unit-scheduler;

VERIFICATION

Simple again in IOS:

R1#sh policy-map int fa0/0

FastEthernet0/0

Service-policy output: PARENT

Class-map: class-default (match-any) 106 packets, 6360 bytes 5 minute offered rate 0000 bps, drop rate 0000 bps Match: any Queueing queue limit 64 packets (queue depth/total drops/no-buffer drops) 0/0/0 (pkts output/bytes output) 106/6360 shape (average) cir 30000000, bc 120000, be 120000 target shape rate 30000000

Service-policy : CHILD

10/6/2017

Class Of Service | Darren's Blog

queue stats for all priority classes:

Queueing queue limit 64 packets (queue depth/total drops/no-buffer drops) 0/0/0 (pkts output/bytes output) 0/0

Class-map: EF (match-all)

0

packets, 0 bytes

5

minute offered rate 0000 bps, drop rate 0000 bps

0

Match:

Priority: 10% (3000 kbps), burst bytes 75000, b/w exceed drops:

dscp ef (46)

police:

cir 10 % cir 3000000 bps, bc 93750 bytes conformed 0 packets, 0 bytes; actions:

transmit exceeded 0 packets, 0 bytes; actions:

drop conformed 0000 bps, exceeded 0000 bps

Class-map: class-default (match-any) 106 packets, 6360 bytes

5 minute offered rate 0000 bps, drop rate 0000 bps Match: any Queueing queue limit 64 packets (queue depth/total drops/no-buffer drops) 0/0/0 (pkts output/bytes output) 106/6360 bandwidth remaining 100%

We can see the entire queue is 30Mb. Inside that queue EF tra c has priority

bandwidth of 3000kbps (10% of 30Mb) – All other tra c has anything left up to

30Mb

On Junos its a bit cryptic again:

darreno@JR2> show class-of-service interface ge-0/0/1 Physical interface: ge-0/0/1, Index: 135 Queues supported: 8, Queues in use: 4 Scheduler map: , Index: 2 Congestion-notification: Disabled

10/6/2017

Class Of Service | Darren's Blog

Logical interface: ge-0/0/1.2001, Index: 71 Shaping rate: 30000000

Object

Index

Scheduler-map

2878

Name

SCHEDULE

Type

Output

I wanted to do a more in-depth post on H-QoS but this SRX doesn’t support it. I

don’t currently have an MX in the lab (only in the eld) so hopefully soon…

/

/

Going back to the diagram we used in part 1. Let’s say that we want to shape

certain tra c to certain bandwidths under congestion. I want EF packets to get

20Mb priority, AF31 packets to get 50Mb and whatever is left to get 30Mb. I

want to enable WRED in the BE queue, and also modify the default WRED

pro le.

in the BE queue, and also modify the default WRED pro le. I’m going to take

I’m going to take the assumption that packets have already been marked

10/6/2017

Class Of Service | Darren's Blog

IOS

IOS is very simple in it’s con guration:

policy-map OUTBOUND_QOS class EF priority 20000 class AF31 bandwidth 50000 class class-default random-detect dscp-based random-detect dscp 0 20 40 5

!

interface FastEthernet0/0 ip address 10.0.0.1 255.255.255.252 service-policy output OUTBOUND_QOS

There are three classes in the service policy. Class EF has priority 20Mb, class

AF31 has bandwidth 50Mb, and class-default has all that’s left. I’ve also set up

WRED and it will start to drop packets when the queue level hits 20. One it hits

40 it’ll be dropping 20% of all packets (1/5) and any more packets will cause

tail-drop.

Junos

In Junos, we rst create our RED pro le:

darreno@JR2> show configuration class-of-service drop-profiles relaxed { fill-level 50 drop-probability 10; fill-level 75 drop-probability 15; fill-level 95 drop-probability 20;

}

We then create our schedulers, which tells Junos how to treat each queue:

10/6/2017

Class Of Service | Darren's Blog

darreno@JR2> show configuration class-of-service schedulers EF {

transmit-rate 20m; priority strict-high;

}

AF31 { transmit-rate 50m;

}

BE {

transmit-rate 30m; drop-profile-map loss-priority any protocol any drop-profile relaxed;

}

We then create a scheduler-map, which tells Junos what tra c belongs in each

queue:

darreno@JR2> show configuration class-of-service scheduler-maps OUTBOUND-QOS { forwarding-class expedited-forwarding scheduler EF; forwarding-class assured-forwarding scheduler AF31; forwarding-class best-effort scheduler BE;

}

Finally this is applied to the interface. Note that this happens under the class-

of-service stanza and NOT the actual interface stanza:

darreno@JR2> show configuration class-of-service interfaces fe-0/0/7 { scheduler-map OUTBOUND-QOS;

}

Veri cation

The best command for checking a service policy applied to an interface is show

policy-map interface interface-name:

10/6/2017

Class Of Service | Darren's Blog

R1#sh policy-map interface fa0/0

FastEthernet0/0

Service-policy output: OUTBOUND_QOS

queue stats for all priority classes:

Queueing queue limit 64 packets (queue depth/total drops/no-buffer drops) 0/0/0 (pkts output/bytes output) 0/0

Class-map: EF (match-all)

0

packets, 0 bytes

5

minute offered rate 0000 bps, drop rate 0000 bps

Match:

Priority: 20000 kbps, burst bytes 500000, b/w exceed drops: 0

dscp ef (46)

Class-map: AF31 (match-all)

0 packets, 0 bytes

5 minute offered rate 0000 bps, drop rate 0000 bps Match: dscp af31 (26) Queueing queue limit 64 packets (queue depth/total drops/no-buffer drops) 0/0/0 (pkts output/bytes output) 0/0 bandwidth 50000 kbps

Class-map: class-default (match-any) 800 packets, 48000 bytes

5 minute offered rate 0000 bps, drop rate 0000 bps Match: any

queue limit 64 packets

(queue depth/total drops/no-buffer drops) 0/0/0 (pkts output/bytes output) 800/48000 Exp-weight-constant: 9 (1/512) Mean queue depth: 0 packets

 

dscp

Transmitted

Random drop

Tail drop

Minimum

Maximum

Mark

 

pkts/bytes

pkts/bytes

pkts/bytes

thresh

thresh

prob

default

554/33240

0/0

0/0

20

40

1/5

10/6/2017

Class Of Service | Darren's Blog

This shows each of the queues as well as our RED pro le attached to the class-

default queue.

On Junos its a bit more cryptic. To see the bandwidth attached to each queue:

darreno@JR2> show interfaces fe-0/0/7 extensive | find "CoS information" CoS information:

Direction : Output

CoS transmit queue Priority Limit

 

Bandwidth

Buffer

%

bps

%

usec

0 best-effort

30

30000000

r

0

low

none 1 expedited-forwarding

20

20000000

r

0

strict-high

none

2 assured-forwarding

50

50000000

r

0

low Interface transmit statistics: Disabled

none

Logical interface fe-0/0/7.0 (Index 75) (SNMP ifIndex 520) (Generation

140)

Flags: Device-Down SNMP-Traps 0x0 Encapsulation: ENET2 Traffic statistics:

Input

bytes

:

2426330700

Output bytes

:

90196588

Input packets:

1770438

Output packets:

872568

etc etc etc

To see the bits in each queue:

darreno@JR2> show interfaces queue fe-0/0/7 Physical interface: fe-0/0/7, Enabled, Physical link is Down Interface index: 141, SNMP ifIndex: 519 Forwarding classes: 8 supported, 4 in use Egress queues: 8 supported, 4 in use Queue: 0, Forwarding classes: best-effort Queued:

 

Packets

:

863884

0

pps

 

Bytes

:

106578924

0

bps

10/6/2017

Class Of Service | Darren's Blog

Transmitted:

Packets

:

863884

0

pps

Bytes

:

106578924

0

bps

Tail-dropped packets :

0

0

pps

RED-dropped packets :

0

0

pps

Low

:

0

0

pps

Medium-low

:

0

0

pps

Medium-high

:

0

0

pps

High

:

0

0

pps

RED-dropped bytes

:

0

0

bps

Low

:

0

0

bps

Medium-low

:

0

0

bps

Medium-high

:

0

0

bps

High

:

0

0

bps Queue: 1, Forwarding classes: expedited-forwarding Queued:

Packets

:

0

0

pps

Bytes

:

0

0

bps

Transmitted:

Packets

:

0

0

pps

Bytes

:

0

0

bps

Tail-dropped packets :

0

0

pps

RED-dropped packets :

0

0

pps

Low

:

0

0

pps

Medium-low

:

0

0

pps

Medium-high

:

0

0

pps

High

:

0

0

10/6/2017

Class Of Service | Darren's Blog

pps

RED-dropped bytes

:

0

0

bps

Low

:

0

0

bps

Medium-low

:

0

0

bps

Medium-high

:

0

0

bps

High

:

0

0

bps Queue: 2, Forwarding classes: assured-forwarding Queued:

Packets

:

0

0

pps

Bytes

:

0

0

bps

Transmitted:

Packets

:

0

0

pps

Bytes

:

0

0

bps

Tail-dropped packets :

0

0

pps

RED-dropped packets :

0

0

pps

Low

:

0

0

pps

Medium-low

:

0

0

pps

Medium-high

:

0

0

pps

High

:

0

0

pps

RED-dropped bytes

:

0

0

bps

Low

:

0

0

bps

Medium-low

:

0

0

bps

Medium-high

:

0

0

bps

High

:

0

0

bps Queue: 3, Forwarding classes: network-control Queued:

Packets

:

8684

0

pps

Bytes

:

451568

0

10/6/2017

Class Of Service | Darren's Blog

bps

Transmitted:

 

Packets

:

8684

0

pps

 

Bytes

:

451568

0

bps

 

Tail-dropped packets :

0

0

pps

 

RED-dropped packets :

0

0

pps

 

Low

:

0

0

pps

 

Medium-low

:

0

0

pps

 

Medium-high

:

0

0

pps

 

High

:

0

0

pps

 

RED-dropped bytes

:

0

0

bps

 

Low

:

0

0

bps

 

Medium-low

:

0

0

bps

 

Medium-high

:

0

0

bps

 

High

:

0

0

bps

I must admit, I much prefer the Cisco implementation of show policy-map

interfaces

/

/

10/6/2017

Class Of Service | Darren's Blog

While the concepts of QoS on vendor platforms are similar, the actual

con guration is very di erent. I wanted to do a few posts on the di erences

between Junos and IOS on the normal QoS things that I do on a day to day basis.

For this rst post I’m going to use a very simple diagram:

this rst post I’m going to use a very simple diagram: On the LAN are hosts

On the LAN are hosts with soft-phones. These phones use speci c ports but do

not mark packets sent with DSCP EF. Our goal here is to ensure voice packets

are marked. Any UDP packet with a port number of 5060 I will mark with DSCP

EF.

IOS

IOS is very simple indeed. You match the kind of tra c you want in an ACL,

create a service-policy using that ACL, mark the packets in that policy:

access-list 100 permit udp any eq 5060 any eq 5060

!

class-map match-all VOICE

match access-group 100

!

policy-map MARK-TRAFFIC class VOICE set dscp ef

!

interface FastEthernet0/0 ip address 10.0.0.1 255.255.255.0 service-policy input MARK-TRAFFIC

10/6/2017

Class Of Service | Darren's Blog

Junos

Junos is more complicated. Juniper call marking via matching on parts of a

packet a multi eld classi cation. Multi eld classi cation works by matching

terms in a rewall lter. The DSCP value is not directly set in the rewall lter.

Rather the lter places a packet in a speci c queue. It’s the queue outbound that

sets the actual dscp value in the packet.

First let’s create the classi cation I need:

darreno@JR2> show configuration class-of-service classifiers { dscp MARK-TRAFFIC { forwarding-class expedited-forwarding { loss-priority low code-points ef;

}

}

}

There is a built-in queue called expedited-forwarding. You cna rename these if

you wish and add more queues. In the con guration above it states that any

packet in this queue will be marked with DSCP EF.

darreno@JR2> show configuration firewall family inet { filter VOICE { term VOICE { from { protocol udp; source-port 5060; destination-port 5060;

}

then { forwarding-class expedited-forwarding; accept;

}

}

term CATCH-ALL { then accept;

}

10/6/2017

Class Of Service | Darren's Blog

}

}

In the rewall statement, any packet that matches UDP with source and

destination port equal to 5060 will be placed in the expedited-forwarding

queue. As this is a rewall lter, I need to still allow the packets through. I also

need a catch-all at the end otherwise any packet not matching the rst

statement is dropped.

Finally the lter will be applied inbound on the LAN interface:

darreno@JR2> show configuration interfaces fe-0/0/7.0 family inet { filter { input VOICE;

}

address 10.2.2.1/24;

}

Both terms above will mark the needed packets as DSCP EF. All others will not

be changed.

Certain Juniper platforms do support the setting of the DSCP value inbound, but

it seems to be very hardware speci c

UPDATE (03/09/2013)

As a few have pointed out, I’m not actually marking anything here, I’m only

classifying. My bad. In order to actually mark a packet you need to use rewrite

rules. Junos has a few built-in, but you can make your own as well:

darreno@JR1> show class-of-service rewrite-rule

Rewrite rule: dscp-default, Code point type: dscp, Index: 31

Forwarding class

Loss priority

Code point

best-effort

low

000000

best-effort

high

000000

expedited-forwarding

low

101110

expedited-forwarding

high

101110

10/6/2017

Class Of Service | Darren's Blog

assured-forwarding

low

001010

assured-forwarding

high

001100

network-control

low

110000

network-control etc etc etc

high

111000

The default will ensure that EF tra c is marked 101110 which is DSCP value 46.

We apply this rewrite to an interface like so:

darreno@JR1> show configuration class-of-service interfaces { ge-0/0/0 { unit 50 { rewrite-rules { dscp default;

}

}

}

}

Of course you can create your own rewrite rules, but I’m just going for the easy

way out above.

/

/

© 2009-2017 Darren O'Connor All Rights Reserved -- Copyright notice by Blog Copyright