Cat3750 Qos

Quality of Service
Catalyst 3750
Enabling QoS
Trust States
Queues
Weighted Tail Drop
Shaped Round-Robin
Maps
Classification
Policing
AutoQos
Dipl.-Ing. Karsten Iwen, CCIE #14602 (Security) - http://Security-Planet.de 7 October, 2007
Quality of Service
Sw#sh ver
Cisco IOS Software, C3750 Software (C3750-IPSERVICESK9-M),
Version 12.2(25)SEB4, RELEASE SOFTWARE (fc1)
QoS is also in the IPBase-Image

Same functionality in the Catalyst 2960 and 3560
Dipl.-Ing. Karsten Iwen, CCIE #14602 (Security) - http://Security-Planet.de 7 October, 2007

QoS on Catalyst 3750
Enabling QoS globally
By default QoS is disabled
Sw(config)#do sh mls qos
QoS is disabled
QoS ip packet dscp rewrite is enabled
Also with „QoS ip packet dscp rewrite is enabled“

the switch does not alter any dscp-labels until QoS
is enabled globally
Sw(config)#mls qos
Sw(config)#do sh mls qos
QoS is enabled
QoS ip packet dscp rewrite is enabled
3
Configuring Trust-States (cisco-phone)
Sw(config)#interface fastEthernet 1/0/1
Sw(config-if)#mls qos trust ?
cos cos keyword
device trusted device class
dscp dscp keyword
ip-precedence ip-precedence keyword
<cr>
Sw(config-if)#mls qos trust cos

Sw(config-if)#mls qos trust device ?
cisco-phone Cisco IP Phone
Sw(config-if)#mls qos trust device cisco-phone

Sw(config-if)#exit
4
Configuring Trust-States (cisco-phone)
Sw(config)#do sh mls qos inter fast 1/0/1
FastEthernet1/0/1
trust state: not trusted
trust mode: trust cos
trust enabled flag: dis
COS override: dis
default COS: 0
DSCP Mutation Map: Default DSCP Mutation Map
Trust device: cisco-phone
qos mode: port-based
5
Configuring Trust-States (dscp)
Sw(config)#int gig 1/0/1
Sw(config-if)#mls qos trust dscp
Sw(config-if)#exit
Sw(config)#do sh mls qos inter gig 1/0/1
GigabitEthernet1/0/1
trust state: trust dscp
trust mode: trust dscp
trust enabled flag: ena
COS override: dis
default COS: 0
Trust device: none
6
Configuring DSCP-Transparency
Sw(config)#no mls qos rewrite ip dscp
7
Egress-Queues
4Q3T or 1P3Q3T
Queue 1 can be configured as Priority-Queue (not
Queue 4 as on 2950/3550)
Sw(config)#interface fastethernet1/0/1
Sw(config-if)#priority-queue out
8
Two globaly defined Queue-Sets to control
buffers and weighted tail drop (WTD)
Sw(config)#mls qos queue-set output 2 buffers 40 20 20 20

Sw(config-if)#queue-set 2
9
Weighted Tail Drop (WTD)
three drop thresholds per queue
Sw(config)#mls qos queue-set output 2 threshold 3 40 60
100 200
Sw(config-if)#queue-set 2
Queue 3 is configured with a first threshold of 40%, a

second threshold of 60%. 100% of the allocated
memory is guaranteed, the queue is allowed to have
200% of the memory before packets are dropped.
10
Weighted Tail Drop (WTD)
CoS or DSCP-values have to be matched to
thresholds:
Sw(config)#mls qos srr-queue output cos-map queue 3
threshold 1 0 1 2 3
Sw(config)#mls qos srr-queue output cos-map queue 3
threshold 2 4
for Queue 3, frames with a CoS of 0, 1, 2 or 3 are

mapped to threshold 1 (40%), CoS 4 is mapped to
threshold 2 (60%).
11
Ingress-Queues
two Ingress-queues, the second queue is the
priority-queue by default (can be configured)
Frames with a given CoS- or DSCP-value are
assigned to the input-queues
WTD is also supported
Sw(config)#mls qos srr-queue input threshold 1 50 70
Sw(config)#mls qos srr-queue input cos-map queue 1
threshold 1 0 1 2
Sw(config)#mls qos srr-queue input cos-map queue 1
threshold 2 3 4
Sw(config)#mls qos srr-queue input cos-map queue 2 5
12
Shaped Round-Robin (SRR)
SRR controlls at which rate packets are sent
supports two modes:
shaped mode
the egress queues are guaranteed a percentage of
bandwidth and are also shaped to this bandwidth.
This mode is only supported on egress
shared mode
the queues are guaranteed a bandwidth based on the
configured weight.
This mode is supported on ingress and egress
13
shaped mode
Sw(config)#interface gigabitethernet1/0/1
Sw(config-if)#srr-queue bandwidth shape 8 4 0 0
Queue 1 and 2 are operated in shaped mode (the

weight is > 0) with a bandwith shaped to 1/8 of the
interface-bandwidth (12,5%) for queue 1 and ¼ (25%)
for queue 2. These bandwidths are also guaranteed.
Queues 3-4 are operated in shared mode (the weight is
0)
14
shared mode
Sw(config-if)#srr-queue bandwidth share 1 2 3 4
all queue are operated in shared mode. Queue 1 gets

10% of the bandwidth (1/(1+2+3+4)), queue 2 gets
20%, queue 3 gets 30% and queue 4 gets 40%.
15
QoS-Maps: cos to dscp
Sw#sh mls qos maps cos-dscp

Cos-dscp map:
cos: 0 1 2 3 4 5 6 7
--------------------------------
dscp: 0 8 16 24 32 40 48 56
16
QoS-Maps: dscp to cos
Sw#sh mls qos maps dscp-cos

Dscp-cos map:
d1 : d2 0 1 2 3 4 5 6 7 8 9
---------------------------------------
0 : 00 00 00 00 00 00 00 00 01 01
1 : 01 01 01 01 01 01 02 02 02 02
2 : 02 02 02 02 03 03 03 03 03 03
3 : 03 03 04 04 04 04 04 04 04 04
4 : 05 05 05 05 05 05 05 05 06 06
5 : 06 06 06 06 06 06 07 07 07 07
6 : 07 07 07 07
17
QoS-Maps: cos to queue
Sw#sh mls qos maps cos-input-q

Cos-inputq-threshold map:
cos: 0 1 2 3 4 5 6 7
------------------------------------
queue-threshold: 1-1 1-1 1-1 1-1 1-1 2-1 1-1 1-1
Sw#sh mls qos maps cos-output-q

Cos-outputq-threshold map:
cos: 0 1 2 3 4 5 6 7
------------------------------------
queue-threshold: 2-1 2-1 3-1 3-1 4-1 1-1 4-1 4-1
18
QoS-Maps: dscp to queue
Sw#sh mls qos maps dscp-input-q
Dscp-inputq-threshold map:
d1 :d2 0 1 2 3 4 5 6 7 8 9
------------------------------------------------------------
0 : 01-01 01-01 01-01 01-01 01-01 01-01 01-01 01-01 01-01 01-01
1 : 01-01 01-01 01-01 01-01 01-01 01-01 01-01 01-01 01-01 01-01
2 : 01-01 01-01 01-01 01-01 01-01 01-01 01-01 01-01 01-01 01-01
3 : 01-01 01-01 01-01 01-01 01-01 01-01 01-01 01-01 01-01 01-01
4 : 02-01 02-01 02-01 02-01 02-01 02-01 02-01 02-01 01-01 01-01
5 : 01-01 01-01 01-01 01-01 01-01 01-01 01-01 01-01 01-01 01-01
6 : 01-01 01-01 01-01 01-01
19
QoS-Maps: dscp to queue
Sw#sh mls qos maps dscp-output-q
Dscp-outputq-threshold map:
d1 :d2 0 1 2 3 4 5 6 7 8 9
------------------------------------------------------------
0 : 02-01 02-01 02-01 02-01 02-01 02-01 02-01 02-01 02-01 02-01
1 : 02-01 02-01 02-01 02-01 02-01 02-01 03-01 03-01 03-01 03-01
2 : 03-01 03-01 03-01 03-01 03-01 03-01 03-01 03-01 03-01 03-01
3 : 03-01 03-01 04-01 04-01 04-01 04-01 04-01 04-01 04-01 04-01
4 : 01-01 01-01 01-01 01-01 01-01 01-01 01-01 01-01 04-01 04-01
5 : 04-01 04-01 04-01 04-01 04-01 04-01 04-01 04-01 04-01 04-01
6 : 04-01 04-01 04-01 04-01
20
Classification
only one “match” command per “class-map”
the keywords “match-any” and “match-all” are
available but function the same
MAC-ACLs support a wildcard-mask (in contrast to
the 2950 which does not)
21
Policing
up to 63 user-configured policers per port
up to 255 user-configured policers per Port-ASIC
Policing is supported in an ingress policy-map
No policing on 10-Gigabit Ethernet
The minimum policing-rate is 8000 bps (the 2950
has a minimum of 1 Mbps)
two policing-modes:
per class policing
aggregate policing (for multiple classes)
Not supported on SVIs
22
Policing
per class policing
Sw(config)#ip access-list extended Webserver1
Sw(config-ext-nacl)#permit tcp host 10.10.10.1 eq 80 any
Sw(config)#class-map Web1
Sw(config-cmap)#match access-group name Webserver1
Sw(config)#policy-map ServerPolicy
Sw(config-pmap)#class Web1
Sw(config-pmap-c)#police 1000000 20000 exceed-action drop
Sw(config-if)#service-policy input ServerPolicy
23
Policing
per class policing with remarking
Sw(config)#class-map Bulk
Sw(config-cmap)#match ip dscp af11 af12 af13
Sw(config)#mls qos map policed-dscp 10 12 to 14
Sw(config)#policy-map MarkDown
Sw(config-pmap)#class Bulk
Sw(config-pmap-c)#police 1000000 20000 exceed-action
policed-dscp-transmit
Sw(config-if)#service-policy input MarkDown
24
Policing
aggregate policing
Sw(config)#mls qos aggregate-policer agp1 1000000 20000
exceed-action drop
Sw(config)#policy-map AggPolicy
Sw(config-pmap)#class Server1
Sw(config-pmap-c)#police aggregate agp1
Sw(config-pmap-c)#class Server2
Sw(config-pmap-c)#police aggregate agp1
Sw(config-if)#service-policy input AggPolicy
25
AutoQoS
enables QoS
can trust the cisco-phone, cisco-softphone and cos
corrects the cos to dscp-map
configures the input- and output-queue-settings
configures a policer on the voice-traffic when
trusting a phone or softphone
26
AutoQoS
With „voip trust“
Sw(config-if)#auto qos voip trust
Sw#show run interface FastEthernet1/0/1

interface FastEthernet1/0/1
switchport trunk native vlan 255
switchport mode access
srr-queue bandwidth share 10 10 60 20
priority-queue out
mls qos trust cos
auto qos voip trust
27
AutoQoS
With „voip trust“
Sw#sh mls qos interface fastEthernet 1/0/1
FastEthernet1/0/1
trust state: trust cos
COS override: dis
default COS: 0
Trust device: none
28
AutoQoS
With „voip cisco-softphone “
Sw(config-if)#auto qos voip cisco-softphone

FastEthernet1/0/1
Attached policy-map for Ingress: AutoQoS-Police-SoftPhone
trust mode: not trusted
COS override: dis
default COS: 0
Trust device: none
29
AutoQoS
Sw(config-if)#show run
!
mls qos map policed-dscp 24 26 46 to 0
!
class-map match-all AutoQoS-VoIP-RTP-Trust
match ip dscp ef
class-map match-all AutoQoS-VoIP-Control-Trust
match ip dscp cs3 af31
!
30
AutoQoS
!
policy-map AutoQoS-Police-SoftPhone
class AutoQoS-VoIP-RTP-Trust
set dscp ef
police 320000 8000 exceed-action policed-dscp-transmit
class AutoQoS-VoIP-Control-Trust
set dscp cs3
police 32000 8000 exceed-action policed-dscp-transmit
!
31
AutoQoS
!
interface FastEthernet1/0/1
srr-queue bandwidth share 10 10 60 20
priority-queue out
auto qos voip cisco-softphone
service-policy input AutoQoS-Police-SoftPhone
32
AutoQoS
With „voip cisco-phone “
Sw(config-if)#auto qos voip cisco-phone

FastEthernet1/0/1
Attached policy-map for Ingress: AutoQoS-Police-SoftPhone
trust enabled flag: dis
COS override: dis
default COS: 0
Trust device: cisco-phone
33
More Information:
QoS Configuration-Guide
http://www.cisco.com/univercd/cc/td/doc/product/lan/cat3750/122
40se/scg1/swqos.htm
Cisco Press: End-to-End Qos Network Design:
http://security-planet.de/2005/11/25/end-to-end-qos-network-
design/
Additional Notes for the Cisco QoS-Training
(in german):
http://security-planet.de/2005/12/09/cisco-qos/
34

Cat3750 Qos

Hochgeladen von

Dokumentinformationen

Originaltitel

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

Cat3750 Qos

Hochgeladen von

Copyright:

Verfügbare Formate

Quality of Service

QoS is also in the IPBase-Image

Dipl.-Ing. Karsten Iwen, CCIE #14602 (Security) - http://Security-Planet.de 7 October, 2007

Also with „QoS ip packet dscp rewrite is enabled“

Sw(config-if)#mls qos trust cos

Sw(config-if)#mls qos trust device cisco-phone

Sw(config)#mls qos queue-set output 2 buffers 40 20 20 20

Queue 3 is configured with a first threshold of 40%, a

for Queue 3, frames with a CoS of 0, 1, 2 or 3 are

Queue 1 and 2 are operated in shaped mode (the

all queue are operated in shared mode. Queue 1 gets

Sw#sh mls qos maps cos-dscp

Sw#sh mls qos maps dscp-cos

Sw#sh mls qos maps cos-input-q

Sw#sh mls qos maps cos-output-q

Sw(config)#mls qos map policed-dscp 10 12 to 14

Sw#show run interface FastEthernet1/0/1

Sw#sh mls qos interface fastEthernet 1/0/1

Sw#sh mls qos interface fastEthernet 1/0/1

Das könnte Ihnen auch gefallen