02-26-2024 08:48 AM
QoS: Quality of Service, as the name implies, stands to improve the service of traffic in the network.
More specifically: traffic that otherwise would be suppressed due to huge amounts of frames flowing through.
This would generally be seen for VoIP traffic, audio streams, video streams: etc.
Here, we'll look at 2 ways to deploy this solution.
1: The Application/Appliance based approach.
2: The Network-Based Approach
The Application/Appliance based approach is slightly less detail-oriented on the configuration for the network equipment, as the application or source that's generating the specific traffic that needs prioritization will also mark it with the necessary priority it needs [ this depends on the application settings]
And on the network, we would just have to honor the marking.
Whereas on the Network-Based Approach: the network would mark and honor both: hence, that's a bit detail-oriented.
Now what’s the marking?
The marking stands for the DSCP bits that are added to the frame/packet.
This DSCP, or differentiated services code point, is used by network switches and routers to have the frame/packet be parsed over a queue that’s mapped or aligned to the DSCP value.
On ICX switches, use “show qos-tos” to know the DSCP <> 802.1p priority mapping.
#sh qos-tos
DSCP-->Traffic-Class map: (DSCP = d1d2: 00, 01...63)
d2 | 0 1 2 3 4 5 6 7 8 9
d1 |
-----+----------------------------------------
0 | 0 0 0 0 0 0 0 0 1 1
1 | 1 1 1 1 1 1 2 2 2 2
2 | 2 2 2 2 3 3 3 3 3 3
3 | 3 3 4 4 4 4 4 4 4 4
4 | 5 5 5 5 5 5 5 5 6 6
5 | 6 6 6 6 6 6 7 7 7 7
6 | 7 7 7 7
Traffic-Class-->802.1p-Priority map (use to derive DSCP--802.1p-Priority):
Traffic | 802.1p
Class | Priority
--------+---------
0 | 0
1 | 1
2 | 2
3 | 3
4 | 4
5 | 5
6 | 6
7 | 7
--------+---------
That 802.1p priority is then in turn mapped to HW buffer-queues: this can be configured as well: however: this is an in-depth config/details: same is not needed in the overview of this discussion.
In case, for further reading on the same: refer: https://support.ruckuswireless.com/documents/4470-fastiron-10-0-10-ga-qos-and-traffic-management-con...
Quality of Service 10.0.10
This entails all details of how the bits and bytes work behind the scenes on the HW and how that can be configured to a specific preference.
Now back to the above 2 methods:
1 > the Application/Appliance based approach.
2 > the Network Based Approach
For the Application based approach:
Let’s consider the application Zoom: here the system admins have the option to have the Zoom clients installed on the PCs to have the traffic generated, and marked before it's sent out.
And this will mark only the traffic generated by the Zoom application.
Link:
https://support.zoom.us/hc/en-us/articles/207368756-Using-QoS-DSCP-Marking
As this is marked on the network: all that’s needed is on the interfaces to: trust the incoming DSCP marking.
Command to be used on ports:
Router#conf t
Router (config)#int eth 1/1/4
Router (config-if-e1000-1/1/4)#trust dscp
And that should help you achieve the task.
For the Network Based Approach :
Let’s consider the application MS Teams: here the application rules specify: that there are 3 specific traffic it generates: audio, video, and application/screen sharing
Link
https://learn.microsoft.com/en-us/microsoftteams/qos-in-teams
And this traffic flows over the below TCP/UDP ports :
Media traffic type | Client source port range | Protocol | DSCP value | DSCP class |
Audio | 50,000–50,019 | TCP/UDP | 46 | Expedited Forwarding (EF) |
Video | 50,020–50,039 | TCP/UDP | 34 | Assured Forwarding (AF41) |
Application/Screen Sharing | 50,040–50,059 | TCP/UDP | 18 | Assured Forwarding (AF21) |
From <https://learn.microsoft.com/en-us/microsoftteams/qos-in-teams>
Hence here comes the challenge: how do we mark it and honor it?
In remote settings, we cannot.
But in a setting of the organization: where all users use the common LAN: this can be done in the below manner.
Suppose the network layout is as below [it is usually more complicated than this ]: where we have the core layer or device where all traffic aggregates/converges be it going out to the internet or coming into the site from the internet.
Courtesy Google Images.
That’s usually the core router or the multilayered switch that’s designated as the core router.
Here, the implementation of a QoS policy for marking needs to be done for the above-mentioned range of TCP/UDP ports to those DSCPs.
Once this is done: on the subsequent downstream devices [ switches ]: the incoming traffic needs to be trusted for dscp for the markings to be honored.
Now what would a QOS policy look like: as we make use of ACL based marking system: we define it as below:
ip access-list extended qos
sequence 1 permit tcp any any eq 50000 dscp-marking 46
sequence 2 permit tcp any any eq 50001 dscp-marking 46
…………
sequence 151 permit udp any any eq 50058 dscp-marking 46
sequence 152 permit udp any any eq 50059 dscp-marking 46
Once the same is defined :
• under Layer 2 vlan that is defined for the users and its Virtual interface (ve) is defined with the IP address for the subnet
• Have the ACL called on the VLAN as an inbound ACL
As below :
Router(config)#vlan 2
Router(config-vlan-2)#ip access-group qos in
Warning: Binding of large ACL Operation may take few minutes
Once this is done: any traffic coming in on the Vlan 2 will have its frames marked.
Post this, with the trust dscp: on the downstream devices' interfaces, should ensure it getting honored as well.
Note :
In the above policy, the same is shortened for reading purposes,
When setting up the same: statements for both TCP and UDP need to be added, individually.