EMAIL SUPPORT

dclessons@dclessons.com

LOCATION

NZ

Forwarding & QOS Concepts

Forwarding & QOS Concepts

Posted on Jan 27, 2020 (0)

Forwarding & QOS Concepts

Without QOS, Traffic flow over IPsec connection using default data packing forwarding method. Now if you want to modify this default data packet forwarding, you need to create and apply the centralized data policy or localized data policy.

With Centralized data policy any traffic can be permitted or blocked based on address, port, and DSCP fields in IP packets. And with Localized data policy flow of data traffic is controlled from vEdge router in and out interface by QOS and Mirroring etc.

Default Behavior without data policy:

Let’s understand the Data policy default Behavior by below dig, the below dig its self explains how packet header changes while using the default data policy behavior.

Behavior changes while using QOS Data Policy:

The below fig explains about QOS policy that can be applied to data policy when any data packet is transmitted from one vEdge router to another. When Policy is marked input are applied on inbound interface and when it is marked output are applied on outbound interface to vEdge Router before packets are transmitted out the IPSEC tunnel.

How QOS works:

Below are the steps which defines how QOS works when traffic is going outside or coming inside of vEdge Router.

Classify Data packets:

Any incoming packets can be classified by associating it with a forwarding class and this class groups data packets and based on this forwarding class, these packets can be assign to any desired output queue. The vEdge router service output queue according to the associated forwarding, scheduling, and policies configured.

Schedule Data packets:

Any QOS Map for each output queue to specify bandwidth, delay buffer size, packet loss priority can be configured. This QOS map is helpful in determine how to prioritize data packet for transmission to destination. Based on condition defined on QOS map, packet are forwarded to next HOP.

On Hardware Routers or vEdge Router, each interface has eight queues which are numbered from 0 to 7. Queue 0 is reserved for control traffic and low latency queuing (LLQ) traffic. Queue from 1 to 7 ae available for data traffic and default scheduling for these 7 queue are WRR (Weighted Round Robin Queue).

Rewrite Data Packets:

Any re-write rule can also be configured and applied on egress interface to overwrite DSCP value of any packet entering in network.

Police Data Packets:

Policers are also configured to control maximum rate of traffic sent or received on interface and also to partition a network in to multiple priority levels. When following match, action is taken based on below:

  • When Policer rate Conforms: Traffic is allowed
  • When Policer rate is Exceed: Traffic is send with decreased priority or is dropped.

This Policer can be applied to inbound or outbound interface traffic and when it is applied on inbound direction , it generally conserve resources by dropping traffic and when it is applied on outbound interface , traffic control the amount of BW used.

Forwarding & QOS Example:

To configure the QOS policy following methods are to be used.

  1. Map each forwarding class to an output Queue.
  2. Configure QOS scheduler for each forwarding class
  3. Group QOS scheduler to QOS map
  4. Define Access-list to match condition for packet transmission
  5. Apply access-list to specific interface
  6. Apply QOS MAP and re-write rule to egress interface.

Map each forwarding class to an output Queue.

Below example shows data policy that classify incoming traffic by mapping each forwarding class to an output Queue. Here Best Effort (Be) traffic is mapped to Queue 2, Af1 is mapped to Queue 3 etc.

policy
class-map
class be queue 2
class af1 queue 3
class af2 queue 4
class af3 queue 5
!
!

Configure QOS scheduler for each forwarding class

Based on Forwarding class, QOS Scheduler is to be configured, as af3" traffic has higher priority over other traffic classes and so is configured to have 40% bandwidth and 40% buffer. Traffic in class "af2" has 30% bandwidth and 30% buffer; traffic in class "af1" class has 20% bandwidth and 20% buffer.

policy
qos-scheduler af1
class af1
bandwidth-percent 20
buffer-percent 20
drops red-drop
!
qos-scheduler af2
class af2
bandwidth-percent 30
buffer-percent 30
drops red-drop
!
qos-scheduler af3
class af3
bandwidth-percent 40
buffer-percent 40
drops red-drop
!
qos-scheduler be
class be
bandwidth-percent 10
buffer-percent 10
drops red-drop
!

Group QOS Schedulers in to QOS Map

Here below example shows grouping of QOS scheduler in to QOS Maps called XYZ.

qos-map XYZ
qos-scheduler af1
qos-scheduler af2
qos-scheduler be
!
!

Classify Data Packets in to Appropriate Class:

Classify the data traffic to particular forwarding class based on match condition mentioned in Access-list. Below are some example given:

policy
access-list acl1
sequence 1
match
source-ip 10.10.10.1/32
destination-ip 10.10.20.1/32
!
action accept
class be
!
!
sequence 2
match
dscp 10
!
action accept
class af1
!
!
sequence 3
match
protocol 6
!
action accept
class af3
!
!
sequence 4
match
destination-port 23
!
action accept
class af2
!
!
default-action drop
!
!

Apply Access List to Specific Interface

The above access-list is configured on input of service interface gi0/3 in VPN1

vpn 1
interface ge0/3
ip address 10.20.25.25/24
no shutdown
access-list acl1 in
!
!

Configure Rewrite Rule

Here below example shows rewrite rule, to overwrite DSCP filed of the outer IP header, in which this rule overwrites DSCP value for forwarding classes based on drop profile (High Drop or Low Drop). The Re-write rule is applied to only egress interface so packer classified with af1 with PLP level of low are marked with DSCP value 3 and af1 packet with PLP high are marked with DSCP value 4 and so on.

policy
rewrite-rule XYZ1
class af1 low dscp 3
class af1 high dscp 4
class af2 low dscp 5
class af2 high dscp 6
class af3 low dscp 7
class af3 high dscp 8
class be low dscp 1
class be high dscp 2
!
!

Apply Queue Map and Rewrite Rule on an Interface:

Apply QOS Map XYZ and Rewrite rule XYZ1 to the egress interface Gi0/3 on VPN 0.

vpn 0
interface ge0/0
ip address 10.1.15.15/24
tunnel-interface
preference 10
weight 10
color lte
allow-service dhcp
allow-service dns
allow-service icmp
no allow-service sshd
no allow-service ntp
no allow-service stun
!
no shutdown
qos-map XYZ
rewrite-rule XYZ1
!
!

Example: Police Data Packets:

In this example, we will learn how to configure policer to rate limit traffic received on interface now once you configure Policer, it include an access-list to accept all TCP or UDP traffic originating from the host at source 10.10.0.0 and going to the destination host at 20.2.2.0 on port 20 or 200.1.1.0 on port 30and policer to have maximum traffic rate 1,000,000 bits per second and a maximum burst-size limit of 15000 bytes. Traffic exceeding these rate limits is dropped

policy
policer p1
rate 1000000
burst 15000
exceed drop
!
access-list acl1
sequence 1
match
source-ip 10.10.0.0/16
destination-ip 20.2.2.0/24 200.1.1.0/24
destination-port 20 30
protocol 6 17 23
!
action accept
policer p1
!
!
default-action drop
!
!
vpn 1
interface ge0/4
ip address 10.20.20.20/24
no shutdown
access-list acl1 in
!
!


Comment

    You are will be the first.

LEAVE A COMMENT

Please login here to comment.