9 Replies Latest reply: Nov 29, 2010 11:49 AM by Scott Morris - CCDE/4xCCIE/2xJNCIE RSS

    Cisco QOS - DSCP and IP Prec

    Chris

      Hi Guys,

       

      I have a question with regards to the implementation of QOS on my network and the priorisation of DSCP marked packets, against the prioritisation of packets at the service provider/WAN side of the network.

       

      My understanding, if you follow the DSCP/PHB standards, is that you should/can mark down any 'out of profile' traffic to a value of CS1 and when using WRED this 'scavenger' class of traffic will be dropped before your default marked packets, which are DF. You would also alocate CS1 marked packets a very low percentage of bandwidth, using CBWFQ.

       

      This sounds great, I'd love to implement this.

       

      Now here is my problem. My IPMAN provider prioritises traffic based on the IP Precedence (first three bits of TOS field).

       

      In this case we look at the following markings and priority levels.


                101 - CRITIC/ECP
                100 - Flash Override
                011 - Flash
                010 - Immediate
                001 - Priority
                000 - Routine


      According to this, if I mark any 'out of profile' traffic as CS1 (001 in binary) this means that this 'out of profile'/scavenger traffic will receive a higher priority than my default/best effort packets marked as DF (000 in binary)

      Anyone care to explain this? My head is confused.

      Cheers

      Chris



        • 1. Re: Cisco QOS - DSCP and IP Prec
          SonDo

          Hi Chris,

           

          I didn't completely understand your question. Anyway, about this case, i've some infomation for you:

           

          • The Service Provider (SP) can classify traffic based on layer 3 (DSCP) or layer 2 (CoS). So if they choose CoS and you are a VPN customer, you CoS between 2 site will be changed by the SP, only DSCP be the same.
          • SP doesn'nt trust your QoS, it means that they will overwrite your Classification. Ex: set to CS0 if you are internet customer, or CS0 in case it is a VPN customer.

           

          I hope this help !

          Son Do

          • 2. Re: Cisco QOS - DSCP and IP Prec
            Brian

            Aloha Chris,

             

            Yes, you are correct in that CS1 is higher than CS0 and would be prefered.  However, the way the scavenger class works is that first "abmormal" or "out-of-profile" traffic is remarked to CS1.  Then it is given very low percentage (say 1%) in CBWFQ.

             

            When the link is under congestion all traffic ques must be serviced before any one class gets more than its share.  This means that any VoIP, critical data and even Best-Effort applications will receive their perscribed bandwidth and any traffic in the Scavenger class above its 1% threshold is now dropped more aggresively.

             

            Check the Cisco Press book Quality of Service Design Overview, by Tim Szigeti and Christina Hattingh.

             

            HTH

             

            • 3. Re: Cisco QOS - DSCP and IP Prec
              Scott Morris - CCDE/4xCCIE/2xJNCIE

              In and of itself it's just a binary marking.  You can call it good, bad and ugly classes if you'd like to.  But it depends on how you configure your policy!

               

              There is no "official" scavenger class.  So high precedence/dcsp values in UNCHANGED behavior will get better treatment than best effort service.

               

              You're making a "marking".  And then your policy is making an action.  Consider it a color.  Perhaps red is bad traffic in your network.  but someone else likes red, so it's good in their network.  The marking does not automatically illicit any particular behavior until you create a policy with the details.

               

              HTH,

               

              Scott

              • 4. Re: Cisco QOS - DSCP and IP Prec
                tnewshott

                So if you are exceeding your queue depths and you need to shape some traffic, you're going to mark-down  some of the traffic in an attempt to alleviate some congestion.  This is traffic that was once a part of your upper queues and should still receive better treatment than best effort.  When a given class exceeds it's quota, you want to downgrade the classification to try and shape it, but you do not want to ignore it alltogether.

                 

                You still want this traffic to make it through before traffic you care nothing about, you just are shaping it to allow the queue structure to work more efficiently.

                • 5. Re: Cisco QOS - DSCP and IP Prec
                  Scott Morris - CCDE/4xCCIE/2xJNCIE

                  True, the shapers will occur before the queuing.  However, that's still all up to you making a policy! 

                  • 6. Re: Cisco QOS - DSCP and IP Prec
                    Chris

                    Scott,

                    I think I understand what you mean. I assumed Scavanger class was "Official/RFC" and this didn't fit in with my understanding that DSCP is backwards compatible with IP Prec.

                     

                    From the Cisco Press book

                    "

                    The Scavenger class is intended to provide deferential services, or less-than best-effort services, to certain applications. Applications assigned to this class have little or no contribution to the organizational objectives of the enterprise and are typically entertainment oriented in nature. These include peer-to-peer media-sharing applications (KaZaa, Morpheus, Groekster, Napster, iMesh, and so on), gaming applications (Doom, Quake, Unreal Tournament, and so on), and any entertainment video applications.

                    Assigning Scavenger traffic to minimal bandwidth queue forces it to be squelched to virtually nothing during periods of congestion, but it allows it to be available if bandwidth is not being used for business purposes, such as might occur during off-peak hours.

                    The Scavenger class is a critical component to the DoS and worm mitigation strategy.

                    "


                    My Service provider sent me the following information about their QOS based on IP Prec.

                    From what I can gather, they do not re-mark any traffic, they honor my markings, but they are looking at first 3 bits (IP Prec) of TOS field instead of the 6 bits (DSCP)

                    Service Provider:

                    6CoS Class Name, Queue Priority & Weighting

                    Media 5            Strict‐high, 5%
                    Multimedia 4     Low, 35%
                    Interactive 3      Low, 30%
                    Interactive 2      Low, 15%
                    Data Transfer 1 Low, 10%
                    Data Transfer 0 Low, 5%

                    According to this, if I mark-down any of my traffic to a CS1 (001000), then my service provider will actually give these packets a higher weight (10%) than my unmarked traffic (5%), because CS1 equals 001 in IP Prec.

                    Guess i've have to make up a marking scheme more inline with the service provider.

                    Chris

                    • 7. Re: Cisco QOS - DSCP and IP Prec
                      Scott Morris - CCDE/4xCCIE/2xJNCIE

                      Correct.  They look at three bits because they most likely use MPLS.  MPLS EXP is only three bits for prioritization.

                       

                      If you use DSCP 1 that actually won't be picked up as anything different than BE when you only look at the first three bits. 

                       

                      IP Prec 1 = DSCP 8.

                       

                      Scott

                      • 8. Re: Cisco QOS - DSCP and IP Prec
                        Brian

                        While there is not an official RFC on this topic, Cisco does use the term and even goes into depth in describing and discussing the "scavenger" class in the Cisco press book, "End-to-End QoS Network Design", by: Tim Szigeti - CCIE No. 9794; Christina Hattingh.

                         

                        Scavenger Class

                        When addressing the QoS treatment of Scavenger traffic, the following guidelines are recommended:

                        • Scavenger traffic should be marked to DSCP CS1.

                        • Scavenger  traffic should be assigned the lowest configurable queuing service; for  instance, in Cisco IOS, this means assigning a CBWFQ of 1 percent to  Scavenger.

                        The Scavenger  class is intended to provide deferential services, or less-than  best-effort services, to certain applications. Applications assigned to  this class have little or no contribution to the organizational  objectives of the enterprise and are typically entertainment oriented in  nature. These include peer-to-peer media-sharing applications (KaZaa,  Morpheus, Groekster,  Napster, iMesh, and so on), gaming applications (Doom, Quake, Unreal  Tournament, and so on), and any entertainment video applications.

                         

                        Assigning  Scavenger traffic to minimal bandwidth queue forces it to be squelched  to virtually nothing during periods of congestion, but it allows it to  be available if bandwidth is not being used for business purposes, such  as might occur during off-peak hours.

                         

                        The Scavenger class is a critical component to the DoS and worm mitigation strategy, discussed next.

                         

                        The scavenger class can be any one of the classes in a CBWFQ scheme, and its basic idea is to profile your traffic so that you know what "normal" is, and then to mark traffic that exceeds normal so that you can drop it later in the event of network congestion.  This is primarily a defense against worms and other distributed denial-of-service (DDoS) attacks as described in detail in the above Cisco Press book.

                         

                        So, while not "official", it is a generally accepted term in the world of QoS.

                         

                        HTH

                         

                        • 9. Re: Cisco QOS - DSCP and IP Prec
                          Scott Morris - CCDE/4xCCIE/2xJNCIE
                          So, while not "official", it is a generally accepted term in the world of QoS.

                           

                          I'd be careful with that.  "generally accepted" perhaps in a limited world is different than something everyone should be used to!

                           

                          The term, yes, I'd agree.  The method of marking, I would not agree with primarily because of the difficulties above!  If you mark it CS1 and leave it alone, in a NON-fully-baked QoS network it will actually get BETTER treatment than your best effort service.

                           

                          Remember one REALLY important thing about qos.  While everyone talks about end-to-end, that's your design (and you have to incorporate EVERYONE like your ISPs)....  But the implementation and interpretation is done on individual hops along the way...

                           

                           

                           

                          Scott