End-to-End QoS Network Design By Tim Szigeti - CCIE No. 9794, Christina Hattingh

  Publisher: Cisco Press Pub Date: November 09, 2004

  ISBN: 1-58705-176-1 Pages: 768

• Table of Contents
• Index
• Table of Contents
• Index

  Best - pract ice QoS designs for prot ect ing voice, video, and crit ical dat a while m it igat ing net work denial- of- service at t acks Underst and t he service- level requirem ent s of voice, video, and dat a applicat ions Exam ine st rat egic QoS best pract ices, including Scavenger- class QoS t act ics for DoS/ worm m it igat ion Learn about QoS t ools and t he various int erdependencies and caveat s of t hese t ools t hat can im pact design considerat ions Learn how t o prot ect voice, video, and dat a t raffic using various QoS m echanism s Evaluat e design recom m endat ions for prot ect ing voice, video, and m ult iple classes of dat a while m it igat ing DoS/ worm at t acks for t he following net work infrast ruct ure archit ect ures: cam pus LAN, privat e WAN, MPLS VPN, and I PSec VPN

  Qualit y of Service ( QoS) has already proven it self as t he enabling t echnology for t he convergence of voice, video, and dat a net works. As business needs evolve, so do t he dem ands for QoS. The need t o prot ect crit ical applicat ions via QoS m echanism s in business net works has escalat ed over t he past few years, prim arily due t o t he increased frequency and sophist icat ion of denial- of- service ( DoS) and worm at t acks.

  End- t o- End QoS Net work Design is a det ailed handbook for planning and deploying QoS solut ions t o address current business needs. This book goes beyond discussing available QoS t echnologies and considers det ailed design exam ples t hat illust rat e where, when, and how t o deploy various QoS feat ures t o provide validat ed and t est ed solut ions for voice, video, and crit ical dat a over t he LAN, WAN, and VPN.

  The book st art s wit h a brief background of net work infrast ruct ure evolut ion and t he subsequent need for QoS. I t t hen goes on t o cover t he

  End-to-End QoS Network Design By Tim Szigeti - CCIE No. 9794, Christina Hattingh

  Publisher: Cisco Press Pub Date: November 09, 2004

  ISBN: 1-58705-176-1 Pages: 768

  Best - pract ice QoS designs for prot ect ing voice, video, and crit ical dat a while m it igat ing net work denial- of- service at t acks Underst and t he service- level requirem ent s of voice, video, and dat a applicat ions Exam ine st rat egic QoS best pract ices, including Scavenger- class QoS t act ics for DoS/ worm m it igat ion Learn about QoS t ools and t he various int erdependencies and caveat s of t hese t ools t hat can im pact design considerat ions Learn how t o prot ect voice, video, and dat a t raffic using various QoS m echanism s Evaluat e design recom m endat ions for prot ect ing voice, video, and m ult iple classes of dat a while m it igat ing DoS/ worm at t acks for t he following net work infrast ruct ure archit ect ures: cam pus LAN, privat e WAN, MPLS VPN, and I PSec VPN

  Qualit y of Service ( QoS) has already proven it self as t he enabling t echnology for t he convergence of voice, video, and dat a net works. As business needs evolve, so do t he dem ands for QoS. The need t o prot ect crit ical applicat ions via QoS m echanism s in business net works has escalat ed over t he past few years, prim arily due t o t he increased frequency and sophist icat ion of denial- of- service ( DoS) and worm at t acks.

  End- t o- End QoS Net work Design is a det ailed handbook for planning and deploying QoS solut ions t o address current business needs. This book goes beyond discussing available QoS t echnologies and considers det ailed design exam ples t hat illust rat e where, when, and how t o deploy various QoS feat ures t o provide validat ed and t est ed solut ions for voice, video, and crit ical dat a over t he LAN, WAN, and VPN.

  The book st art s wit h a brief background of net work infrast ruct ure evolut ion and t he subsequent need for QoS. I t t hen goes on t o cover t he evolut ion and direct ion. The QoS requirem ent s of voice, int eract ive and st ream ing video, and m ult iple classes of dat a applicat ions are present ed, along wit h an overview of t he nat ure and effect s of various t ypes of DoS and worm at t acks. QoS best - pract ice design principles are int roduced t o show how QoS m echanism s can be st rat egically deployed end- t o- end t o address applicat ion requirem ent s while m it igat ing net work at t acks. The next sect ion focuses on how t hese st rat egic design principles are applied t o cam pus LAN QoS design. Considerat ions and det ailed design recom m endat ions specific t o t he access, dist ribut ion, and core layers of an ent erprise cam pus net work are present ed. Privat e WAN QoS design is discussed in t he following sect ion, where WAN- specific considerat ions and det ailed QoS designs are present ed for leased- lines, Fram e Relay, ATM, ATM- t o- FR Service I nt erworking, and I SDN net works. Branch- specific designs include Cisco( r) SAFE recom m endat ions for using Net work- Based Applicat ion Recognit ion ( NBAR) for known- worm ident ificat ion and policing. The final sect ion covers Layer 3 VPN QoS design- for bot h MPLS and I PSec

  VPNs. As businesses are m igrat ing t o VPNs t o m eet t heir wide- area net working needs at lower cost s, considerat ions specific t o t hese t opologies are required t o be reflect ed in t heir cust om er- edge QoS designs. MPLS VPN QoS design is exam ined from bot h t he ent erprise and service provider's perspect ives. Addit ionally, I PSec VPN QoS designs cover sit e- t o- sit e and t eleworker cont ext s.

  Whet her you are looking for an int roduct ion t o QoS principles and pract ices or a QoS planning and deploym ent guide, t his book provides you wit h t he expert advice you need t o design and im plem ent com prehensive QoS solut ions.

  This book is part of t he Net working Technology Series from Cisco Press, which offers net working professionals valuable inform at ion for const ruct ing efficient net works, underst anding new t echnologies, and building successful careers.

  

End-to-End QoS Network Design

By Tim Szigeti - CCIE No. 9794, Christina Hattingh

  Publisher: Cisco Press

Pub Date: November 09, 2004

  

ISBN: 1-58705-176-1

Pages: 768 Table of

• Contents
• Index

  Copyright About the Authors About the Technical Editors Acknowledgments

  Icons Used in This Book Command Syntax Conventions Introduction Who Should Read This Book?

  Goals and Methods How This Book Is Organized

  Part I: Introduction to QoS Chapter 1. Introduction to QoS A Brief Historical Perspective QoS Evolution User Network Expectations Understanding QoS QoS Models Introduction to the QoS Toolset Simplifying QoS

If I Have AutoQoS, Why Should I Be Reading This Book?

The Continuing Evolution of QoS Summary Further Reading Chapter 2. QoS Design Overview QoS Requirements of VoIP QoS Requirements of Video QoS Requirements of Data QoS Requirements of the Control Plane Scavenger Class DoS and Worm Mitigation Strategy Through Scavenger Class QoS Principles of QoS Design

  Further Reading

  Part II: QoS Toolset Chapter 3. Classification and Marking Tools Classification Tools Marking Tools Summary Further Reading Chapter 4. Policing and Shaping Tools Token Bucket Algorithms Policers Shapers Further Reading Chapter 5. Congestion-Management Tools Understanding Scheduling and Queuing Legacy Layer 3 Queuing Mechanisms Currently Recommended Layer 3 Queuing Mechanisms Layer 2 Queuing Tools Tx-ring PAK_priority Summary Further Reading Chapter 6. Congestion-Avoidance Tools Random Early Detection Weighted Random Early Detection

DSCP-Based Weighted Random Early Detection

Explicit Congestion Notification Summary Further Reading Chapter 7. Link-Specific Tools Header-Compression Techniques Link Fragmentation and Interleaving Summary Further Reading Chapter 8. Bandwidth Reservation RSVP Overview MPLS Traffic Engineering Scalability RSVP-DiffServ Integration Endpoints and Proxies Summary Further Reading Chapter 9. Call Admission Control (CAC) CAC Overview CAC Defined CAC Tool Categories

  Gatekeeper CAC RSVP Summary Further Reading

  Chapter 10. Catalyst QoS Tools Generic Catalyst QoS Models Catalyst 2950 Catalyst 3550 Catalyst 2970, 3650, and 3750 Catalyst 4500 Catalyst 6500 Summary Further Reading Chapter 11. WLAN QoS Tools QoS for Wireless LANs Versus QoS on Wired LANs Upstream Versus Downstream QoS IEEE 802.11 DCF IEEE 802.11e EDCF IEEE 802.1D Classes of Service QoS Operation on Cisco APs Configuring QoS on Cisco APs Summary Further Reading Part III: LAN QoS Design Chapter 12. Campus QoS Design DoS/Worm-Mitigation Strategies Call-Signaling TCP/UDP Ports in Use Access-Edge Trust Models Catalyst 2950 QoS Considerations and Design Catalyst 3550 QoS Considerations and Design

Catalyst 2970/3560/3750 QoS Considerations and Design

Catalyst 4500-SupII+/III/IV/V QoS Considerations and Design Catalyst 6500 QoS Considerations and Design

WAN Aggregator/Branch Router Handoff Considerations

Case Study: Campus QoS Design Summary Further Reading Part IV: WAN QoS Design Chapter 13. WAN Aggregator QoS Design Where Is QoS Needed over the WAN? WAN Edge QoS Design Considerations WAN Edge Classification and Provisioning Models WAN Edge Link-Specific QoS Design Case Study: WAN Aggregation Router QoS Design Summary

  Chapter 14. Branch Router QoS Design Branch WAN Edge QoS Design Branch Router LAN Edge QoS Design Case Study: Branch Router QoS Design Summary Further Reading Part V: VPN QoS Design Chapter 15. MPLS VPN QoS Design Where Is QoS Needed over an MPLS VPN? Customer Edge QoS Design Considerations Provider-Edge QoS Considerations Core QoS Considerations Case Study: MPLS VPN QoS Design (CE/PE/P Routers) Summary Further Reading Chapter 16. IPSec VPN QoS Design Site-to-Site V3PN QoS Considerations Site-to-Site V3PN QoS Designs Headend VPN Edge QoS Options for Site-to-Site V3PNs Teleworker V3PN QoS Considerations Teleworker V3PN QoS Designs Case Study: IPSec VPN QoS Design Summary Further Reading QoS "At-A-Glance" Summaries Index

Copyright En d- t o- En d QoS N e t w or k D e sign

  Tim Sziget i, CCI E No. 9794, Christ ina Hat t ingh Copyright © 2005 Cisco Syst em s, I nc. Published by: Cisco Press 800 East 96t h St reet I ndianapolis, I N 46240 USA All right s reserved. No part of t his book m ay be reproduced or t ransm it t ed in any form or by any m eans, elect ronic or m echanical, including phot ocopying, recording, or by any inform at ion st orage and ret rieval syst em , wit hout writ t en perm ission from t he publisher, except for t he inclusion of brief quot at ions in a review.

  Print ed in t he Unit ed St at es of Am erica 1 2 3 4 5 6 7 8 9 0 First Print ing Oct ober 2004 Library of Congress Cat aloging- in- Publicat ion Num ber: 2003111984

  Tr a de m a r k Ack n ow le dgm e n t s

  All t erm s m ent ioned in t his book t hat are known t o be t radem arks or service m arks have been appropriat ely capit alized. Cisco Press or Cisco Syst em s, I nc., cannot at t est t o t he accuracy of t his inform at ion. Use of a t erm in t his book should not be regarded as affect ing t he validit y of any t radem ark or service m ark.

  W a r n in g a n d D iscla im e r

  This book is designed t o provide inform at ion about Qualit y- of- Service net work design best - pract ice recom m endat ions. Every effort has been m ade t o m ake t his book as com plet e and as accurat e as possible, but no warrant y or fit ness is im plied. The inform at ion is provided on an " as is" basis. The aut hors, Cisco Press, and Cisco Syst em s, I nc., shall have neit her liabilit y nor responsibilit y t o any person or ent it y wit h respect t o any loss or dam ages arising from t he inform at ion cont ained in t his book or from t he use of t he discs or program s t hat m ay accom pany it .

  The opinions expressed in t his book belong t o t he aut hor and are not necessarily t hose of Cisco Syst em s, I nc.

  Cor por a t e a n d Gove r n m e n t Sa le s

  Cisco Press offers excellent discount s on t his book when ordered in quant it y for bulk purchases or special sales. For m ore inform at ion please cont act : U.S. Cor por a t e a n d Gove r n m e n t Sa le s 1- 800- 382- 3419

  corpsales@pearsont echgroup.com

  For sales out side t he U.S. please cont act : I n t e r n a t ion a l Sa le s int ernat ional@pearsoned.com

  Fe e dba ck I n for m a t ion

  At Cisco Press, our goal is t o creat e in- dept h t echnical books of t he highest qualit y and value. Each book is craft ed wit h care and precision, undergoing rigorous developm ent t hat involves t he unique expert ise of m em bers from t he professional t echnical com m unit y. Readers' feedback is a nat ural cont inuat ion of t his process. I f you have any com m ent s regarding how we could im prove t he qualit y of t his book or ot herwise alt er it t o bet t er suit your needs, you can cont act us t hrough e- m ail at feedback@ciscopress.com . Please m ake sure t o include t he book t it le and I SBN in your m essage.

  We great ly appreciat e your assist ance.

  Publisher John Wait Edit or- in- Chief John Kane Cisco Represent at ive Ant hony Wolfenden Cisco Press Program Manager

  Nannet t e M. Noble Execut ive Edit or Christ opher Cleveland Acquisit ions Edit or Michelle Grandin Product ion Manager Pat rick Kanouse Developm ent Edit or Howard A. Jones Copy Edit or Krist a Hansing Technical Edit ors Frank Knox

  Anna To Connie Varner

  Team Coordinat or Tam m i Barnet t Cover Designer Louisa Adair Com posit ion Oct al Publishing, I nc.

  I ndexer Eric Schroeder Proofreader Tonya Cupp

  Cor por a t e H e a dqu a r t e r s Cisco Syst em s, I nc.

  170 West Tasm an Drive San Jose, CA 95134- 1706 USA

  www.cisco.com

  Tel: 408 526- 4000 800 553- NETS ( 6387) Fax: 408 526- 4100

  Eu r ope a n H e a dqu a r t e r s

  Cisco Syst em s I nt ernat ional BV Haarlerbergpark Haarlerbergweg 13- 19 1101 CH Am st erdam The Net herlands

  www- europe.cisco.com

  Tel: 31 0 20 357 1000 Fax: 31 0 20 357 1100

  Am e r ica s H e a dqu a r t e r s Cisco Syst em s, I nc.

  170 West Tasm an Drive San Jose, CA 95134- 1706 USA

  www.cisco.com

  Tel: 408 526- 7660 Fax: 408 527- 0883

  Asia Pa cific H e a dqu a r t e r s Cisco Syst em s, I nc.

  Capit al Tower 168 Robinson Road # 22- 01 t o # 29- 01 Singapore 068912

  www.cisco.com

  Tel: + 65 6317 7777 Fax: + 65 6317 7799 Cisco Syst em s has m ore t han 200 offices in t he following count ries and regions. Addresses, phone num bers, and fax num bers are list ed on t he Cisco.com W e b sit e a t w w w .cisco.com / go/ office s .

  Argent ina • Aust ralia • Aust ria • Belgium • Brazil • Bulgaria • Canada • Chile • China PRC • Colom bia • Cost a Rica • Croat ia • Czech

Republic • Denm ark • Dubai, UAE • Finland • France • Germ any • Greece • Hong Kong SAR • Hungary • I ndia • I ndonesia • I reland •

I srael • I t aly • Japan • Korea • Luxem bourg • Malaysia • Mexico • The Net herlands • New Zealand • Norway • Peru • Philippines •

  Sweden • Swit zerland • Taiwan • Thailand • Turkey • Ukraine • Unit ed Kingdom • Unit ed St at es • Venezuela • Viet nam • Zim babwe

  Copyright © 2003 Cisco Syst em s, I nc. All right s reserved. COP, CCSP, t he Cisco Arrow logo, t he Cisco

  

Powered Net w ork m ark, t he Cisco Syst em s Verified logo, Cisco Unit y, Follow Me Brow sing, Form Share, iQ

  Net Readiness Scorecard, Net working Academ y, and Script Share are t radem arks of Cisco Syst em s, I nc.; Changing t he Way We Work, Live, Play, and Learn, The Fast est Way t o I ncrease Your I nt ernet Quot ient , and iQuick St udy are service m arks of Cisco Syst em s, I nc.; and Aironet , ASI ST, BPX, Cat alyst , CCDA, CCDP, CCI E, CCNA, CCNP, Cisco, t he Cisco Cert ified I nt ernet work Expert logo, Cisco I OS, t he Cisco I OS logo, Cisco Press, Cisco Syst em s, Cisco Syst em s Capit al, t he Cisco Syst em s logo, Em powering t he I nt ernet Generat ion, Ent erprise/ Solver, Et herChannel, Et herSwit ch, Fast St ep, GigaSt ack, I nt ernet Quot ient , I OS, I P/ TV, iQ Expert ise, t he iQ logo, Light St ream , MGX, MI CA, t he Net workers logo, Net work Regist rar, Packet , PK, Post - Rout ing, Pre- Rout ing, Rat eMUX, Regist rar SlideCast , SMARTnet , St rat aView Plus, St rat m , Swit chProbe, TeleRout er, TransPat h, and VCO are regist ered t radem arks of Cisco Syst em s, I nc. and/ or it s affiliat es in t he U.S. and cert ain ot her count ries.

  All ot her t radem arks m ent ioned in t his docum ent or Web sit e are t he propert y of t heir respect ive owners. The use of t he word part ner does not im ply a part nership relat ionship bet ween Cisco and any ot her com pany. ( 0303R) Print ed in t he USA

Dedications

  Tim : This book is obviously dedicat ed t o m y wife; ot herwise, of course, she'd kill m e. I t am uses m e t o

  t hink t hat if ot hers are act ually reading t his, t hey probably t hink I 'm only j okingbut , alas, t he Greek capacit y for vengeance is no laughing m at t er. I cancelled far t oo m any dat es, st ayed in m y office and labs far t oo m any weekends, and st ared blankly int o space ( t hinking about t hese designs) far t oo m any t im es ( while she was t alking t o m e) t o ever allow t he t hought of not dedicat ing t his work t o her t o even cross m y t iny xeno- brain.

  I know, I know, it 's not a work of lit erat ure or a collect ion of poet ry: I t 's j ust a t echnical bookboring t o t ears for any not int erest ed in t he subj ect ( and probably j ust boring t o yawns for t he rest ) . But , for what ever it 's wort h, I 'm dedicat ing it t o you, Lella. I love you wit h all m y heart .

  Ch r ist in a : To Robert Verkroost and Ria and Willie Hat t ingh, who unfailingly support m y various forays int o t he publishing world.

About the Authors

  Tim Sz ige t i, CCI E N o. 9 7 9 4 , at t ended t he Universit y of Brit ish Colum bia, where he m aj ored in

  m anagem ent inform at ion syst em s. Aft er graduat ing, Tim j oined Cisco Syst em s and soon aft er began t o specialize in Qualit y- of- Service t echnologies, support ing t echnical m arket ing init iat ives for t he Cisco Class Dat a acquisit ion, which led t o t he Cisco QoS Policy Manager ( QPM) product . Aft er support ing QPM t hrough several generat ions and serving as product m anager for t he Cisco Qualit y of Service Device Manager ( QDM) product , Tim j oined t he Ent erprise Solut ions Engineering t eam and led large- scale t est ing init iat ives of cam pus, WAN, and VPN QoS designs. Tim now belongs t o t he newly form ed Technology Solut ions Engineering t eam wit hin t he Cisco Cent ral Technical Market ing organizat ion. There, he cont inues t o define and drive st rat egic QoS solut ions across Cisco t echnology groups and business unit s while working wit h m any Fort une 500 com paniesbot h ent erprise and service providersproviding QoS design expert ise.

  

Ch r ist in a H a t t in gh is a m em ber of t he t echnical st aff in t he Mult iservice Cust om er Edge Business Unit of

  Cisco Syst em s. These product s, including t he Cisco 2600, 3600, and 3700 series access rout er plat form s, were som e of t he first Cisco plat form s t o converge voice and dat a t raffic ont o an I P net work by offering TDM voice int erfaces, WAN int erfaces, and crit ical QoS feat ures, while lat er int egrat ing call cont rol elem ent s int o t he rout er- based plat form it self. I n t his role, she t rains Cisco sales st aff and advises cust om ers on voice net work deploym ent and design.

About the Technical Editors

  

Fr a n k Kn ox has m ore t han 37 years of t elecom m unicat ions experience. During his career at I BM, Frank

  held posit ions in field service, field support , service planning, and educat ion; his final posit ion before ret irem ent was curriculum m anager for I BM's Net work Educat ion in Nort h Am erica. Aft er leaving I BM, Frank held t he posit ion of net work engineering m anager for GTE Direct ories, where he was responsible for t he com pany's voice and dat a net work design and support . Concurrent wit h his work at I BM and GTE, Frank t aught as an adj unct professor for t he Universit y of Dallas MBA program . For t he past six years, Frank has worked for Skyline Com put er as a senior inst ruct or and consult ant ; he is current ly Skyline's chief t echnical officer ( CTO) . Frank holds t wo CCI E cert ificat ions ( R&S and SNA/ I P) ; he also has a m ast er's degree in t elecom m unicat ions from Pace Universit y.

  

An n a To has worked wit h Cisco for m ore t han t hree years as a soft ware/ deploym ent engineer on t he I TD

  QoS t eam . One of Anna's key t asks is t o prom ot e QoS deploym ent and increase t he underst anding of QoS t echnology in t he field. Anna works on t he Modular QoS CLI ( MQC) solut ion t eam t o bring consist ency in QoS configurat ion across various Cisco plat form s. I n addit ion, Anna is involved wit h t he Aut oQoS proj ect t o sim plify QoS deploym ent .

  

Con n ie V a r n e r is a t echnical m arket ing engineer in t he Cisco Ent erprise Syst em s Engineering group. She

  has ext ensive experience designing and t est ing large- scale net works based on cust om er requirem ent s, in part based on four years of experience wit h t he Cisco Cust om er Proof of Concept Labs. Connie specializes in QoS designs t hat m eet t he needs of converged dat a, voice and video net works, and designs t hat involve I PSec VPNs.

Acknowledgments

  Off t he t op, I 'd like t o t hank m y friend and co- worker Dave Bart on, whoalt hough he was ext rem ely busy downing beers at Chicago's Navy Piergallant ly m anaged t o sic Bret t Bart ow ont o m e, which got t he ball rolling on t his whole proj ect . ( Dave, did you m ake it back okay t o t he hot el t hat night ?) Many t hanks t o Todd Truit t , one of t he t op t alent s at Cisco, for invit ing m y collaborat ion on t he original

  

AVVI D QoS Design Guide, hiring m e ont o his design t eam , and recom m ending Christ ina as a co- aut hor for

  t his proj ect . Do you ever get t ired of being right , Todd? Thanks also t o Neil Anderson, Joel King, Ted Hannock, and St eve Ochm anski for guidance and collaborat ion on I PSec V3PN designs. Thanks for let t ing m e leverage your excellent and t horough work so t hat I did not t o have t o reinvent t he wheel on t hese designs. Thank you, Mike Herbert , for your brilliant flash of using QoS for DoS/ worm m it igat ion via t he Scavenger class. Though you derailed and post poned m any whit epapers and publicat ions ( including t his one) , you opened up a whole new scope of applicat ion for QoS t echnologiesand we're all bet t er off for it . Thank you, t oo, Alex Dolan, for building out m ult iple large- scale MPLS VPN t est beds for m e and cont inually t weaking t hem t o suit m y m ood- of- t he- day. I don't know where your pat ience or your good nat ure com es from , but t hey're m ost appreciat ed. Thanks, t oo, for nudging m e back int o playing ice hockey. Next t im e I break a leg or chip a t oot h, I 'll t hink of you and grim ace.

  Muchos gracias, Arlindo Callej as, for being m uch m ore t han m y aw esom e lab adm inist rat or. You alw ays

  went out of your way for m e and got m e everyt hing I ever neededinst ant ly. Som et im es I 'm afraid t o ask where you sourced t he gear you did. ( I 'm not sure whet her t hose 10GE linecards " fell off t he back of a Cisco t ruck" or what , but t hey sure cam e in handy at j ust t he right t im e.) A round of applause is m erit ed by t he t echnical reviewers. Having done t his before m yself, I can genuinely appreciat e t he t im e, effort , and painst aking at t ent ion t o det ail t hat goes int o t his process. Frank, your com m ent s were right on and helped m ake t his a bet t er book. Anna, is t here anyt hing you don't know about Cisco QoS? I 'm very t hankful you t ook t im e out of your ext rem ely busy schedule, developing code while helping anyone and everyone on planet Eart h ( and som e nearby syst em s) t hat are having QoS problem s. And Connie, if you hadn't reviewed t his work, I would not have subm it t ed it for publicat ion. You're sim ply t he best t echnical reviewerand one of t he sharpest engineersI 've ever had t he pleasure of working wit h.

  Thank you Howard Jones for your excellent edit ing and coordinat ing t he com plex cont ent review and copy review processes. And t hank you, t oo, Pat rick Kanouse for m anaging t he product ion of t his publicat ion and allowing m e t o m ake hundreds of last - m inut e edit s in t he galley- review phase ( when edit s are t o be kept at a m inim um ) . How you put up wit h m e I 'll never know, but I t ruly appreciat e your pat ience and desire t o help m ake t his book as correct and as current as possible. Also t hank you Chris Cleveland for your fine recom m endat ions and guidance during t he course of product ion.

  I need t o ext end t hanks also t o Debbie Morrison, who is, in m y opinion, t he best t echnical writ erperiod. Debbie, as I 've said over and over again, you polish m y ugly lit t le chunks of coal int o beaut iful diam onds. you now t hat you've gone on t o bigger and bet t er t hings. ( I 'm so t errified of t he fut urewho's going t o m ake m e look good now?) Bret t Bart ow, what can I say? This would never have happened wit hout you. Tim e and t im e again, it seem ed t o fall by t he wayside, but your persist ence, perseverance, and pat ience kept it all going. Thank you. You didn't back off, and I 'm glad for it . Your guidance has been uncanny, and your vision has paid off. Thanks also t o your product ion t eam . And last ly, t hank you, Christ ina. You m ade it fun. Right when I read your first draft of your first chapt er, I knew you were t he best person t o em bark on t his proj ect wit h ( even t hough you writ e like an engineer! ) . Thank you for sacrificing so m any weekends on t his ( t hank Robert for m e t oo) . I know t his is only one of m any publishing proj ect s you're pursuing; all I ask is t hat you save m e an aut ograph before you m ove t o Hawaii and st art on your best - seller!

  Icons Used in This Book

Command Syntax Conventions

  The convent ions used t o present com m and synt ax in t his book are t he sam e convent ions used in t he Cisco I OS Com m and Reference. The Com m and Reference describes t hese convent ions as follows:

  

Boldfa ce indicat es com m ands and keywords t hat are ent ered lit erally as shown. I n act ual

  configurat ion exam ples and out put ( not general com m and synt ax) , boldface indicat es com m ands t hat are input m anually by t he user ( such as a sh ow com m and) .

  I t alics indicat es argum ent s for w hich you supply act ual values.

  Vert ical bars ( | ) separat e alt ernat ive, m ut ually exclusive elem ent s. Square bracket s [ ] indicat e opt ional elem ent s. Braces { } indicat e a required choice. Braces wit hin bracket s [ { } ] indicat e a required choice wit hin an opt ional elem ent .

Introduction

  QoS is a m at uring t echnology, one t hat m any net working professionals, t o a great er or lesser ext ent , are already fam iliar wit h. This is bot h a blessing and a curse. I t is a blessing because m ore adm inist rat ors are enabling QoS on t heir net works, which allows for t he convergence of voice, video, and dat a ont o a single

  I P net work, am ong ot her business advant ages. I t is a curse because alm ost every individual wit h whom I 've ever discussed QoS designs has a slight ly different opinion on how QoS should be enabled. The result oft en has led t o confusing babble from t he cust om er's perspect ive, especially for cust om ers seeking QoS design guidance for non- VoI P applicat ions. For exam ple, a cust om er m ight ask t he local Cisco Syst em s engineer how best t o enable QoS for net works and receive one answer. Lat er, t he cust om er m ight at t end an Execut ive Briefing session in San Jose and receive a different answer ( even receiving m ult iple different answers wit hin t he sam e day from different present ers) . Lat er, while at t ending a Net workers conference, t he cust om er m ight be t old som et hing else ent irely. Finally, when t he cust om er get s hom e and picks up a Cisco Press book, he or she m ight get st ill anot her st ory. Confused and frust rat ed, m any cust om ers decide t o enable m inim al QoS, if any, despit e t he t out ed benefit s t hat t hey were sold on. Therefore, in m y opinion, present ing such inconsist ent recom m endat ions is a m aj or disservice t o our cust om ers and a considerable barrier t o t he widespread deploym ent of QoS. The Cisco Technology Baseline com m it t ees were creat ed t o rem edy t he sit uat ion and help unify various t echnologies across Cisco product s and plat form s. To t his end, a series of Technology Baselines were developed int ernally by our leading expert s ( m any of whom likewise developed t he relat ed I ETF RFCs and ot her st andards) t o which all Cisco product s and feat ures m ust conform . Addit ionally, t hese docum ent s provide uniform , st rat egic recom m endat ions ( t hat can be shared wit h cust om ers) t o help ensure t hat QoS recom m endat ions are unified and consist ent , for bot h ent erprises and service providers. Specific t o QoS, t he QoS Baseline st rict ly defines t he Cisco st rat egic direct ion in QoS t echnologies from now int o t he foreseeable fut ure. Thus, a unique feat ure of t his book is t hat it is t he first Cisco Press publicat ion t o present design recom m endat ions t hat are com pliant wit h t he QoS Baseline. Anot her huge advant age of t his publicat ion is t hat it is one of t he first docum ent s t o present a det ailed, cohesive st rat egy t hat shows how QoS can ext end beyond it s t radit ional role ( of priorit izing im port ant applicat ions) and be used t o provide deferent ial services t o DoS/ worm - generat ed t raffic, t hus m it igat ing and cont aining t he collat eral dam age caused by such at t acks. This is a fresh perspect ive and cont ext for a t echnology t hat m any considered baked and done. Yet in such a role, t he crit ical int erdependency of Qualit y of Service, High- Availabilit y, and Securit y t echnologies becom es m anifest and holist ically prom ot es t he " Self- Defending Net works" business obj ect ive. However, having a st rat egic direct ion and t act ical approaches for QoS designs is only half t he solut ion. An im port ant m ot t o t hat I like t o em phasize is: " I n t heory, t heory and pract ice are t he sam e." I t 's one t hing t o m ake a design recom m endat ion based on an assum pt ion t hat som et hing " should work." I t 's som et hing com plet ely different t o m ake a design recom m endat ion t hat has been verified in large- scale, com plex lab scenarios, such as provided by one of t he largest Cisco labs: t he Ent erprise Solut ions Engineering t est beds in Research Triangle Park, Nort h Carolina. diligence has been done t o present working, t est ed configurat ionsincluding a rigorous t echnical reviewing process by som e of t he sharpest Cisco QoS engineershardware/ soft ware/ plat form - specific issues t hat didn't surface during our t est s m ay nonet heless exist , as m ay issues int roduced in newer releases of hardware/ soft ware dat ing from our t im e of t est ing.

  Furt herm ore, t he recom m endat ions present ed in t his book are not t o be t aken as com m andm ent s or dict at es ( " Thou shalt configure t his or t hat " ) , but are sim ply best - pract ice design recom m endat ions t hat are t he result of ext ensive lab t est ing and cust om er deploym ent s. They should be viewed as t em plat es t hat can be m odified and t weaked t o cust om er- specific requirem ent s. Following t he 80/ 20 Paret o Rule, t hese design recom m endat ions should be viewed as 80 percent of t he solut ion, t o which t he rem aining 20 percent is up t o each cust om er t o com plet e and t ailor t o t heir individual needs and const raint s.

  Here's an analogy of how t o view t hese design recom m endat ions: Given a business obj ect ive ( for exam ple, t o ham m er a nail int o a wall) , you will have cert ain t ools at your disposalt ools t hat m ay or m ay not be opt im ally suit ed t o t he t ask ( let 's say, a ham m er and a banana) . Our lab t est ing present s t he opt im al t ool t o use for t he given obj ect ive ( norm ally, a ham m er t est s bet t er t han a banana, but you never knowI 've seen som e pret t y funky frozen bananas t hat m ight do t he t rick) . I t 's st ill up t o t he cust om er t o pick t he t ool t hat best suit s t heir obj ect ives, sit uat ions, and com fort levels. These recom m endat ions are not m andat es; t hey are sim ply suggest ions based on ext ensive lab t est ing and cust om er deploym ent s.

Who Should Read This Book?

  Som e m ight ask, " Why should I read t his book? Especially when I have Aut oQoS?" Cert ainly, Aut oQoS- VoI P is an excellent t ool for cust om ers whose obj ect ive is enabling QoS for VoI P ( only) on t heir cam pus and WAN infrast ruct ures, and Aut oQoS- Ent erprise is a fine t ool for enabling basic WAN- edge QoS for voice, video, and m ult iple classes of dat a. For cust om ers who have basic QoS needs and don't have t he t im e or desire t o learn or do m ore wit h QoS, Aut oQoS is definit ely t he way t o go.

  However, it 's im port ant t o rem em ber where Aut oQoS cam e from . Aut oQoS t ools are t he result of QoS design guides t hat Cisco Technical Market ing Engineers ( including m yself) put t oget her based on large- scale lab t est ing. Aut oQoS- VoI P is t he product of our first " AVVI D QoS Design Guide," one of t he m ost popular and m ost downloaded t echnical whit epapers ever produced wit hin Cisco. Aut oQoS- Ent erprise is t he result of t he QoS Baseline coupled wit h our second- generat ion QoS Design Guide. This book represent s our t hird- generat ion QoS Design Guide. And it is t he goal of t he aut hors t o drive t hese designs ( including DoS/ worm - m it igat ion st rat egies) int o fut ure releases of Aut oQoS. So, basically, what you are reading is t he proposed blueprint for t he next version of Aut oQoS.

  When it com es t o any given t echnology, t here are really only t wo t ypes of people: t hose who are int erest ed in t he t echnology and seek a t horough underst anding of t he relat ion of t he part s t o t he whole, and t hose who j ust want t o " t urn it on" and walk away. The form er are t he ones who will confident ly unleash t he t rue power of t he t echnology and push it t o it s lim it s; t he lat t er are t he ones who are usually hesit ant , t im id, and conservat ive in t heir use of t he t echnology, t ypically accom panied wit h m ediocre result s.

  For exam ple, t here are t hose who enj oy looking under t he hood of a Ferrari and want t o know all t he det ails about how t he engine generat es it s beaut iful purring and power, and t here are ot hers who want only t o t urn it on, drive away, and look sexy. The form er group will drive m ore confident ly, boldly unleashing t he engine's t rem endous power and, t hus, pushing t he car t o it s lim it s.

  This book is int ended for t he form er t ype of QoS net working professionalt hose looking for a t horough underst anding of what m akes t hem m ove so fast , sound so good, and look so sexy as t hey confident ly harness t heir t echnology.

Goals and Methods

  The m ain goal of t his book is t o present t em plat es t hat address 80 percent or m ore of a cust om er's requirem ent of QoS in a part icular cont ext and archit ect ure ( LAN, WAN, VPN) . Addit ionally, t he rat ionales and considerat ions behind t he recom m endat ions are explained in det ail so t hat as t weaking is required, net work adm inist rat ors are well inform ed of t he t rade- offs involved.

  A key approach t hat we've used t hroughout t his configurat ion- rich book is t o incorporat e inline explanat ions of configurat ions. I n t his way, t he QoS- relevant com m ands are highlight ed and det ailed line- by- line t o illust rat e t he funct ion of each elem ent and how t hese part s m ake up t he whole solut ion. To com plem ent t hese line- by- line design recom m endat ions, relat ed verificat ion com m ands are det ailed. These verificat ion com m ands are present ed in cont ext wit h t he design exam ples, and specific det ails of what t o look for in t he result ing out put are highlight ed. These verificat ion exam ples are, t herefore, significant ly richer in relevance t han m ost such exam ples present ed in Cisco docum ent at ion, and t hey allow net work adm inist rat ors t o confirm quickly whet her t he recom m ended designs have been deployed correct ly. Finally, each design chapt er has a case- st udy exam ple at t he end t hat t ies t oget her m any of t he design elem ent s present ed in t he chapt er and present s a bigger- pict ure det ailed exam ple for t he infrast ruct ure archit ect ure being discussed ( LAN/ WAN/ VPN) . These exam ples are indicat ive of what can be expect ed in product ion environm ent s. Oft en t hese case- st udy exam ples span several devices and, t hus, highlight crit ical int errelat ionships.

How This Book Is Organized

  This book is divided int o t hree m ain part s: an int roduct ion and overview sect ion, a QoS t oolset review sect ion, and ( t he heart of t he book) a QoS design sect ion.

  Ch a pt e r 1 , " I n t r odu ct ion t o QoS," is an int roduct ion and brief hist ory of t he developm ent of QoS t echnologies, showing where t hese cam e from and t he direct ion t hey're headed in.

Ch a pt e r 2 , " QoS D e sign Ove r vie w ," is an overview of QoS design. I t begins by det ailing t he

  service- level requirem ent s of voice, video, and dat a applicat ions, and it present s t he Scavenger- class DoS/ worm - m it igat ion st rat egy and high- level QoS best pract ices t hat will be det ailed in t he design chapt ers t o follow. To set proper cont ext for t he design chapt ers, various QoS t ools are reviewed. This review is not indent ed t o serve as feat ure docum ent at ion, but it supplem ent s Cisco docum ent at ion t o highlight various int erdependancies or caveat s for t hese t ools t hat at t im es im pact t he recom m ended QoS designs t hat follow. The QoS t oolset review sect ion, Chapt ers 3 t hrough

  11 , covers t he following t opics: Ch a pt e r 3 , " Cla ssifica t ion a n d M a r k in g Tools" This chapt er reviews Layer 2 m arking

  m echanism s ( such as 802.1Q/ p, Fram e Relay Discard Eligibilit y, ATM Cell Loss Priorit y, and MPLS Experim ent al Values) and Layer 3 m arking m echanism s ( such as I P Precedence and Different iat ed Services Code Point s) .

  Ch a pt e r 4 , " Policin g a n d Sh a pin g Tools"This chapt er reviews t he t oken bucket algorit hm , which

  is t he basis for m ost policers and shapers. Bot h t wo- rat e and t hree- rat e policers are covered as are ATM and Fram e Relay t raffic shaping.

  

Ch a pt e r 5 , " Con ge st ion - M a n a ge m e n t Tools" This chapt er reviews t he evolut ion of queuing

  m echanism s and focuses on Low- Lat ency Queuing and Class- Based Weight ed Fair Queuing. This chapt er highlight s t he int eroperat ion and int erdependencies of t hese m echanism s wit h ot her QoS m echanism s, such as link- fragm ent at ion and shaping t ools.

  

Ch a pt e r 6 , " Con ge st ion - Avoida n ce Tools" This chapt er reviews t he Weight ed Random Early

  Det ect ion m echanism and shows how t his can be used t o provide Different iat ed Services wit hin an ( RFC 2597) Assured Forwarding t raffic class. This chapt er also shows how t his m echanism can be used t o set ( RFC 3168) I P Explicit Congest ion Not ificat ion bit s.

  Ch a pt e r 7 , " Lin k - Spe cific Tools"This chapt er reviews header- com pression t echniques ( such as

  TCP and RTP header com pression) and link- fragm ent at ion and int erleaving t echniques ( such as Mult ilink PPP Link Fragm ent at ion and I nt erleaving [ MLP LFI ] and Fram e Relay fragm ent at ion [ FRF.12] ) .

  

Ch a pt e r 8 , " Ba n dw idt h Re se r va t ion " This chapt er reviews t he Resource Reservat ion Prot ocol ( RSVP) and shows how it can be applied t o adm ission cont rol and MPLS Traffic Engineering. m easurem ent - based call adm ission cont rol ( CAC) m echanism s, including t he use of RSVP for CAC. The t ools reviewed in previous chapt ers can prot ect voice from dat a, but only CAC t ools can prot ect voice from voice.

  Ch a pt e r 1 0 , " Ca t a lyst QoS Tools" This chapt er reviews t he m ain classificat ion, m arking, m apping,

  policing, and queuing t ools available on t he current Cisco Cat alyst plat form s ( including t he Cat alyst 2950, 2970, 3550, 3560, 3570, 4500- Supervisors I I + t o V, and Cat alyst 6500 Supervisor 2 and Supervisor 720) .

  

Ch a pt e r 1 1 , " W LAN QoS Tools"This chapt er reviews QoS m echanism s available for wireless

  access point s, including t he 802.11e Enhanced Dist ribut ed Coordinat ion Funct ion ( EDCF) and t he QoS Basic Service Set ( QBSS) . When t he QoS t oolset is reviewed, t he cont ext is set for t he det ailed design recom m endat ions t hat follow. The next chapt erswhich com prise t he heart of t his bookcover t he QoS design recom m endat ions for prot ect ing voice, video, and m ult iple classes of dat a while m it igat ing DoS/ worm at t acks for t he following net work infrast ruct ure archit ect ures:

  Ch a pt e r 1 2 , " Ca m pu s QoS D e sign "This design chapt er det ails access, dist ribut ion, and core layer

  considerat ions and designs for Cisco Cat alyst 2950, 2970, 3550, 3560, 3570, 4500- Supervisors I I I - V, and Cat alyst 6500 Supervisor 2 and Supervisor 720 series swit ches. Five separat e access- edge m odels are present ed, along wit h det ailed queuing/ dropping recom m endat ions on a per- plat form basis. Plat form - unique feat ures, such as t he Cat alyst 3550 per- Port / per- VLAN policing feat ure, t he Cat alyst 6500 PFC2 Dual- Rat e Policing feat ure, and t he PFC3 Per- User Microflow Policing feat ure, are highlight ed in cont ext .

  

Ch a pt e r 1 3 , " W AN Aggr e ga t or QoS D e sign " This design chapt er det ails considerat ions and

  designs for low- speed ( 768 kbps) , m edium - speed ( > 768 kbps and T1/ E1) , and high- speed ( > T1/ E1) privat e WAN t opologies, such as leased lines, Fram e Relay, ATM, ATM- t o- Fram e Relay service int erworking, and I SDN.

  Ch a pt e r 1 4 , " Br a n ch Rou t e r QoS D e sign "This design chapt er det ails branch- specific

  considerat ions and designs, such as unidirect ional applicat ions, and branch- t o- cam pus t raffic classificat ion t hrough access list s and Net work- Based Applicat ion Recognit ion ( NBAR) . Branch- specific designs include Cisco SAFE recom m endat ions for using NBAR for known worm ident ificat ion and policing.

  Ch a pt e r 1 5 , " M PLS V PN QoS D e sign " This design chapt er det ails considerat ions and designs for

  bot h ent erprises ( t hat are m apping int o MPLS VPN service- provider [ edge] classes of service) and service providers ( t hat are provisioning edge and core classes of service) . Service provider designs also include det ails on how t o provision MPLS DiffServ Tunneling Modes ( Uniform , Short - Pipe, and Pipe) and an int roduct ion t o MPLS Traffic Engineering ( dem onst rat ing per- cust om er t raffic engineering and per- cust om er/ per- applicat ion t raffic engineering t hrough MPLS DiffServ Traffic Engineering) .

  Ch a pt e r 1 6 , " I PSe c V PN QoS D e sign "This design chapt er det ails t he considerat ions and designs

  for deploying sit e- t o- sit e I PSec VPNs and for t eleworker I PSec VPNs ( which t raverse broadband m edia, such as cable and DSL) .

  Appe n dix , " At - a - Gla n ce " QoS Su m m a r ie sSingle- page sum m aries of key QoS concept s present ed

  t hroughout t his t he book for ready- reference, including

• QoS Tools - The Cisco QoS Baseline - QoS Best Pract ices
• Scavenger- Class QoS Design - Cam pus QoS Design - WAN QoS Design - Branch QoS Design - MPLS VPN QoS Design ( for Ent erprise Subscribers)
• MPLS VPN QoS Design ( for Service- Providers)
• I PSec VPN QoS Design

  Part I: Introduction to QoS Part I of t his book provides a brief background of t he evolut ion of QoS t echnologies and overviews

  various current ly available QoS feat ures and t ools. The QoS requirem ent s of voice, video, and m ult iple classes of dat a applicat ions are present ed, along wit h an overview of t he nat ure and effect s of various t ypes of DoS and worm at t acks. QoS design principles are int roduced t o show how QoS m echanism s can be st rat egically deployed t o address applicat ion requirem ent s while m it igat ing such at t acks. The chapt ers in t his part of t he book are as follows:

  Chapt er 1 I nt roduct ion t o QoS Chapt er 2 QoS Design Overview