Forwarding & QOS Concepts
Forwarding & QOS Concepts
Without QOS, Traffic flow over IPsec connection using default data packing forwarding method. Now if you want to modify this default data packet forwarding, you need to create and apply the centralized data policy or localized data policy.
With Centralized data policy any traffic can be permitted or blocked based on address, port, and DSCP fields in IP packets. And with Localized data policy flow of data traffic is controlled from vEdge router in and out interface by QOS and Mirroring etc.
Default Behavior without data policy:
Let’s understand the Data policy default Behavior by below dig, the below dig its self explains how packet header changes while using the default data policy behavior.
Behavior changes while using QOS Data Policy:
The below fig explains about QOS policy that can be applied to data policy when any data packet is transmitted from one vEdge router to another. When Policy is marked input are applied on inbound interface and when it is marked output are applied on outbound interface to vEdge Router before packets are transmitted out the IPSEC tunnel.
How QOS works:
Below are the steps which defines how QOS works when traffic is going outside or coming inside of vEdge Router.
Classify Data packets:
Any incoming packets can be classified by associating it with a forwarding class and this class groups data packets and based on this forwarding class, these packets can be assign to any desired output queue. The vEdge router service output queue according to the associated forwarding, scheduling, and policies configured.
Schedule Data packets:
Any QOS Map for each output queue to specify bandwidth, delay buffer size, packet loss priority can be configured. This QOS map is helpful in determine how to prioritize data packet for transmission to destination. Based on condition defined on QOS map, packet are forwarded to next HOP.
On Hardware Routers or vEdge Router, each interface has eight queues which are numbered from 0 to 7. Queue 0 is reserved for control traffic and low latency queuing (LLQ) traffic. Queue from 1 to 7 ae available for data traffic and default scheduling for these 7 queue are WRR (Weighted Round Robin Queue).
Rewrite Data Packets:
Any re-write rule can also be configured and applied on egress interface to overwrite DSCP value of any packet entering in network.
Police Data Packets:
Policers are also configured to control maximum rate of traffic sent or received on interface and also to partition a network in to multiple priority levels. When following match, action is taken based on below:
- When Policer rate Conforms: Traffic is allowed
- When Policer rate is Exceed: Traffic is send with decreased priority or is dropped.
This Policer can be applied to inbound or outbound interface traffic and when it is applied on inbound direction , it generally conserve resources by dropping traffic and when it is applied on outbound interface , traffic control the amount of BW used.
Forwarding & QOS Example:
To configure the QOS policy following methods are to be used.
- Map each forwarding class to an output Queue.
- Configure QOS scheduler for each forwarding class
- Group QOS scheduler to QOS map
- Define Access-list to match condition for packet transmission
- Apply access-list to specific interface
- Apply QOS MAP and re-write rule to egress interface.
Map each forwarding class to an output Queue.
Below example shows data policy that classify incoming traffic by mapping each forwarding class to an output Queue. Here Best Effort (Be) traffic is mapped to Queue 2, Af1 is mapped to Queue 3 etc.
Configure QOS scheduler for each forwarding class
Based on Forwarding class, QOS Scheduler is to be configured, as af3" traffic has higher priority over other traffic classes and so is configured to have 40% bandwidth and 40% buffer. Traffic in class "af2" has 30% bandwidth and 30% buffer; traffic in class "af1" class has 20% bandwidth and 20% buffer.
Group QOS Schedulers in to QOS Map
Here below example shows grouping of QOS scheduler in to QOS Maps called XYZ.
Classify Data Packets in to Appropriate Class:
Classify the data traffic to particular forwarding class based on match condition mentioned in Access-list. Below are some example given:
Apply Access List to Specific Interface
The above access-list is configured on input of service interface gi0/3 in VPN1
Configure Rewrite Rule
Here below example shows rewrite rule, to overwrite DSCP filed of the outer IP header, in which this rule overwrites DSCP value for forwarding classes based on drop profile (High Drop or Low Drop). The Re-write rule is applied to only egress interface so packer classified with af1 with PLP level of low are marked with DSCP value 3 and af1 packet with PLP high are marked with DSCP value 4 and so on.
Apply Queue Map and Rewrite Rule on an Interface:
Apply QOS Map XYZ and Rewrite rule XYZ1 to the egress interface Gi0/3 on VPN 0.
Example: Police Data Packets:
In this example, we will learn how to configure policer to rate limit traffic received on interface now once you configure Policer, it include an access-list to accept all TCP or UDP traffic originating from the host at source 10.10.0.0 and going to the destination host at 22.214.171.124 on port 20 or 126.96.36.199 on port 30and policer to have maximum traffic rate 1,000,000 bits per second and a maximum burst-size limit of 15000 bytes. Traffic exceeding these rate limits is dropped