![[previous]](../../../graphics/l_arrow.gif){kind=icon}
![[next]](../../../graphics/r_arrow.gif){kind=icon}
This chapter provides guidelines and other key information about how to use Quality of Service (QoS) and the Resource Reservation Protocol (RSVP) on a Multilayer Switching Module. The chapter covers these topics:
You can manage QoS features from the qos menu of the Administration Console. (See the Switch 4007 Command Reference Guide.) You can use the Administration Console after you log in to the system and connect to a slot that houses a Multilayer Switching Module.
The management interfaces display "cb9000" and refer to the Management Module as the Enterprise Management Engine (EME) because the heritage of the Switch 4007 is the CoreBuilder® 9000 switch.
QoS Overview
Quality of Service (QoS) is a Layer 3 feature that allows you to establish control over network traffic. QoS provides policy-based services, which establish various grades of network service to accommodate different types of traffic, such as multimedia, video, protocol-specific, time-critical, and file-backup traffic. Although QoS and Class of Service (CoS) are closely related, QoS has more features and addresses bandwidth, delay, loss, and jitter control. (CoS tends to focus on differentiating traffic into classes and assigning prioritization to those classes.)
QoS is crucial in the wide area network (WAN) environment to guarantee quality of service without escalating WAN bandwidth costs. In the LAN environment, QoS implementations are growing.
Features
The Multilayer Switching Modules that are available on the Switch 4007 support the following QoS features:
You can use QoS on your Multilayer Switching Module to provide the following benefits:
Your Multilayer Switching Module's implementation of QoS focuses on traffic classification, policy-based management, and bandwidth. It provides multiple service levels (mapped to several transmit queues), classification of traffic types, and weighted fair queueing of priority-queued traffic.
If you use QoS and decide to classify traffic broadly, you are using a subset of QoS called network class of service. To simplify your classification of traffic, the Multilayer Switching Module provides a set of predefined traffic classes. You can also specify your own classes of traffic with applied controls to:
See "Examples of Classifiers and Controls" later in this chapter.
If you use QoS with RSVP, you are opting for a more complex type of end-to-end QoS that aims for a guaranteed quality of service. To use RSVP, you must be routing. In addition, RSVP is required at the desktop, which may present issues of desktop control and upgrade issues concerning the resident operating-system and applications.
Key Concepts
Before you configure QoS, review the following standards and terms.
Related Standards and Protocols
The Switch 4007 Multilayer Switching Modules support IEEE 802.1Q, IEEE 802.1p, and the RSVP protocol.
IEEE 802.1p
This finalized standard, part of IEEE 802.1D, covers traffic class and dynamic multicast filtering services in bridged LANs. It uses the same tag format as the proposed IEEE 802.1Q standard, but it uses three additional bits of the tag control information to set a user priority level (for policy-based services such as QoS). You can classify traffic using a specific IEEE 802.1p priority tag value (or several tag values). You can also define a control that inserts a priority tag value in forwarded frames.
The IEEE 802.1p priority tag values are 0 through 7. Table 92 shows the IEEE 802.1p (user-priority) values and the corresponding traffic types. The value 7 (Network Control) is the highest priority and 1 (Background Traffic) is the lowest priority. The value 0 (the default, Best Effort) has a higher priority than value 2 (Standard).
The IEEE 802.1p standard addresses separate queuing of time-critical frames to reduce the jitter that is caused by multicast flooding. This standard also defines the Generic Attribute Registration Protocol (GARP), a Layer 2 transport mechanism that allows switches and end systems to propagate information across the switching domain.
Resource Reservation Protocol (RSVP)
This connection-oriented IP protocol handles bandwidth reservation. The request for comments document, RFC 2205, describes the details of RSVP.
RSVP aims to meet the demands of real-time voice and video applications with its QoS flow specification, which mandates parameters such as the maximum frame transmission rate, long-term average frame transmission rate, maximum frame jitter, and maximum end-to-end delay. RSVP supports the QoS flow specifications by managing resource reservations across the network.
With RSVP, all devices in the path from the source to the destination must agree to observe the RSVP call request parameters before traffic can flow.
Terminology
The following terms apply to QoS:
You can configure QoS nonflow classifiers to prioritize or filter based on IP, IPX, and AppleTalk protocols; Ethertype values; or DSAP/SSAP values.
You can also specify starting and ending ranges for source and destination ports when you define classifiers using TCP and UDP protocols. Specifying a small port range lets you limit the amount of classified traffic on the system. These port range choices are shown in the qos detail display.
Drop causes the Multilayer Switching Module to drop all packets on all ports that are associated with the control and its classifier. To drop conforming packets for only a subset of ports, specify the receivePort or aggregate rate limit, set the rate limit to 0, and specify the group of ports.
For nonflow classifiers only, IEEE 802.1P tag values range from 0 through 7. To allow low priority queues to get serviced and to prevent starvation of best effort traffic in the low priority queue, 3Com has implemented the following map:
These are the defaults which you can change through modifying the associated classifiers and controls. See classifiers 401 through 407 and 499 and associated controls 1 through 4, using the QoS CLASSIFIER SUMMARY and QoS CONTROL SUMMARY commands respectively.
Consider the following guidelines when you configure QoS on your Layer 3 switching module.
Procedural Guidelines
Configure classifiers and controls in the following order:
1 . Define a classifier, or choose a predefined classifier. Identify a particular type of traffic that you want to regulate and define a classifier for this traffic via the Administration Console. The rules for defining classifiers are different for flow versus nonflow classifiers.
2 . Create controls to apply to your classifiers. A control enables the Multilayer Switching Module to direct the traffic to one of the available transmit queues or drop the traffic. When you define a control, you can:
The following items describe how QoS control aggregate rate limit for flow classifiers works on ports that are in certain groups.
The following list describes Multilayer Switching Modules and what ports support QoS aggregate rate limit for flow classifiers:
You define classifiers to distinguish certain types of traffic from other types of traffic. A classifier directs the Multilayer Switching Module how to identify a certain type of traffic. After you define a classifier, you must apply a control to the classifier.
Important Considerations
Review the following considerations before you configure classifiers:
Figure 66 shows a QoS classifier summary from the Administration Console with the two predefined flow classifiers (FTP and Telnet) and
16 predefined nonflow classifiers, along with their associated controls. (You can use your configuration tool to display summary and detail information for your classifiers.)
The Multilayer Switching Module provides a default classifier (499), which you cannot remove or modify. To first modify one of the predefined nonflow classifiers with controls, you must remove the control.
In Figure 66, U means unicast, M means multicast, and B means broadcast. Also, the range 0 through 7 implies that a nonflow classifier recognizes all IEEE 802.1p priority tags. (See Table 92.)
Figure 66 Predefined Classifiers and Associated Controls
Assigning Flow and Nonflow Classifier Numbers
Each classifier requires a unique number in the range of from 1 through 498. When you define a classifier, the first information you supply is the classifier number. The number you specify dictates which type of classifier you are defining.
The default classifier number is 499, which you cannot remove or modify, because all traffic that passes through the QoS engine and the Multilayer Switching Module needs a default classifier to handle all packets.
The classifier number indicates precedence. The classifier with the lowest number takes precedence if a packet meets the criteria for more than one classifier.
For example, you can use two classifiers as follows:
With these classifiers in place, if 3.3.3.3 sends TCP traffic, this traffic receives low priority, because classifier number 6 is lower than classifier 420 and has a higher precedence. Table 93 shows the basic information for these classifiers.
You can define up to 100 flow classifiers per Multilayer Switching Module for routed IP traffic. When you define a flow classifier (using a unique classifier number), you can create one or more address/port patterns (filters) for that classifier.
Each address/port pattern counts toward the flow classifier limit. Therefore, if you define a flow classifier with 10 address/port patterns, you can have up to 90 additional flow classifiers.
Because a flow classifier handles IP routed traffic only, it is expected that you have an IP VLAN, an IP routing interface, and IP routing enabled. For information on VLANs, see Chapter 14.
Flow Classifier Information
You supply the following information when you define a flow classifier:
You can classify traffic using source and destination IP addresses and their associated source and destination IP address masks. For a classifier aimed at filtering traffic to a specific destination from a particular source, for instance, you may define a single address/port pattern that specifies the source address and the destination address. Or, if classified traffic to and from certain locations is going to be controlled at the same service level, you may decide to use two address/port patterns: one pattern that covers IP address A as the source and IP address B as the destination, and a second pattern that covers IP address B as the source and IP address A as the destination.
You specify a source or destination IP address in standard dot notation, such as 192.101.10.0. An address of all zeroes is a wildcard match for any source or destination address. Use 0 as a wildcard in any portion of the address.
For the source or destination IP address mask, you specify how many parts of the IP address you want to match. Place a 255 in each portion of the mask that you want the software to recognize; place a 0 in any portion of the mask that you want the software to ignore.
The following examples show several ways to specify IP addresses and IP address masks:
Many common applications are associated with well-known port numbers. For example, FTP (which uses TCP) uses port 20 for the data-transfer connection and port 21 for the control connection; TELNET (which also uses TCP) uses port 23; SNMP (which uses UDP) uses port 161; SMTP (the mail protocol) uses port 25; and the World Wide Web service uses port 80. You can consult the services database file (/etc/services on a UNIX server) that is typically associated with TCP/IP hosts for a list of the well-known applications (services) and port numbers. For other applications, you may have to determine the appropriate port number. See RFC 1700 for a list of port assignments for known services.
When you specify the start and end range of a TCP or UDP port, specify as small as range as possible, such as 1 port (for example, port 2049 as both the start and the end of the range). If the classifier applies to a wide range of TCP or UDP ports, you increase the amount of classified traffic on the Multilayer Switching Module and consume valuable QoS resources.
To define flow classifiers and their associated controls for specific scenarios, see "Examples of Classifiers and Controls" later in this chapter.
Defining NonFlow Classifiers
Nonflow classifiers enable you to classify bridged or routed frames according to protocol, cast type, and IEEE 802.1p priority tag values. You can define up to 16 nonflow classifiers per Multilayer Switching Module. The module predefines 16 nonflow classifiers for you. Therefore, to define your own nonflow classifier, you must first delete one of the predefined nonflow classifiers.
NonFlow Classifier Information
You supply the following information when you define a nonflow classifier:
If you choose custom, select the protocol type (ethernet or DSAP/SSAP)
For example, you may create a nonflow classifier for your bridged AppleTalk traffic, assign it a cast type of broadcast, a protocol type of AppleTalk, and an IEEE 802.1p tag value of all. You can then apply a control to this classifier to assign a rate limit, service level, and
IEEE 802.1p tag to apply to forwarded frames.
For examples of how to define nonflow classifiers and their associated controls for specific scenarios, see "Examples of Classifiers and Controls" later in this chapter.
QoS Controls
After you define a classifier, you assign it a control to apply any of the following values:
If you select yes, you set the following:
Review the following considerations before you configure controls:
For examples of how controls can be applied to classifiers, see "Examples of Classifiers and Controls" later in this chapter. For information about modifying or removing controls, see "Modifying and Removing Classifiers and Controls" later in this chapter.
Assigning Control Numbers
Each control must have a unique control number. When you define a control, the Multilayer Switching Module provides the next-available control number, but you can specify any unreserved control number.
The Multilayer Switching Module supports control numbers in the range of from 0 through 50 and predefines controls 1 through 4 for some of the predefined nonflow classifiers. Control 1 is associated with the default classifier and can be modified but not removed. You can modify the other predefined controls as well (2 through 4). For example, to redefine the way Business Critical traffic is handled, you may want to modify predefined control 3.
Table 94 lists the predefined controls.
Use your configuration tool (such as the Administration Console) to display summary and detail information for your controls.
When you define a control, you supply the following information:
If you select yes, you set the following:
A rate limit restricts the amount of input bandwidth that is used by incoming classified traffic (optionally, on a per-port basis). When you define a control, you can specify one of three rate limits:
Your choice of rate limit determines how much additional information you need to supply. The default rate limit is none, which means that there is no rate limit applied to the classifier. If you specify a rate limit of none, you have a small subset of options to specify. You select a service level and loss-eligibility status for conforming packets (packets that are below the rate limit), decide if you want to apply an IEEE 802.1p priority tag value to forwarded frames (for service levels other than drop), and specify the classifiers with which you want to associate the control.
If you specify a rate limit of receivePort or aggregate, you have many additional options. After you specify a service level and loss-eligibility status for conforming packets, you can also specify a service level for nonconforming excess packets (packets that exceed the specified rate limit), whether the nonconforming excess are loss eligible, how the rate limit for receive ports should be expressed, the rate-limit value, a burst size, and the receive ports for which you want to enable the rate limit. (The rate limit sets a bandwidth limit for a specific set of ports. You can specify multiple rate-limit values for different subsets of ports. As with any rate limit type, you can additionally specify an IEEE 802.1p priority tag value on forwarded frames.)
When you specify how a receivePort or aggregate rate limit is expressed, you can select a percentage of port bandwidth or KBps:
After you specify how the rate limit is expressed, you can specify a burst size. The burst size is the maximum amount of data that you can transmit at the line rate before the transmission is policed. This value accommodates variations in speeds and allows you to occasionally exceed the configured rate.
Specifying Service Levels
When you define a control, you specify a service level (a transmit priority). Most of the service levels that you can specify represent a specific transmit queue. You can assign service levels to conforming packets (packets that are within the rate limit) and to nonconforming excess packets (packets that exceed the rate limit).
For information on assigning an IEEE 802.1p priority to nonconforming excess packets, see "QoS Excess Tagging" later in this chapter. For information on the transmit queues and QoS bandwidth, see "Transmit Queues and QoS Bandwidth" later in this chapter.
Service levels also define the loss-eligibility status for conforming and nonconforming excess. By default, conforming packets are not loss-eligible; nonconforming excess are loss-eligible.
The Multilayer Switching Module supports these service levels:
If you want to drop conforming packets for only a subset of ports, use the receivePort or aggregate rate limit, set the rate limit to 0, and specify the group of ports.
If you specify drop for the service level for conforming packets (that is, you are using a rate limit of none), the Multilayer Switching Module does not give you the option of specifying an IEEE 802.1p tag.
The TCP drop control option lets you create a control for packets used to establish TCP connections. This control affects QoS Flow Classifiers that have TCP traffic going from source IP addresses to destination IP addresses.
TCP drop control does not function with nonflow classifiers or UDP. It is only available for flow classifiers that include TCP.
Figure 67 illustrates how TCP handshaking works between the source and destination to establish a connection. By dropping only the initial TCP packet used to establish TCP connections (those packets containing a signature of SYN=1, ACK=0), you can establish one-way TCP flow filtering.
Figure 68 shows an example with TCP drop control disabled.
Figure 68 QoS Control Action (Drop Control Disabled)
With the QoS Classifier and QoS Control definition shown in Figure 68 (TCP control is not enabled), any attempt by a client on the End-user network to establish a TCP connection to a server on the Admin network fails.
This next example illustrates how TCP one-way-filtering can be effective. Figure 69 shows the same situation, but with TCP drop control enabled to filter only those packets with the SYN=1 and ACK=0 signature.
Figure 69 QoS Control Action (Drop Control Enabled)
In this example, any attempt by a client on an End User network to establish a TCP connection to a server on the Admin network still fails, but it is now possible for clients on the Admin network to establish TCP connections to servers on any network without restriction.
Setting the QoS Timer Control
The QoS Timer option allows you to configure a QoS session to take effect during a predefined time period by setting the start and end times for the specific control. Setting the start and end times is similar to using a VCR to record programs.
The default setting for the timer control is no (no timer control). QoS controlled classifiers are in effect all the time when timer control is not enabled.
The time is verified every minute.
The following options are available for the timer control:
The following examples show ways to implement flow and nonflow classifiers and their associated controls.
In all examples, a Multilayer Switching Module on the Switch 4007 provides the illustrated connections.
Example 1: Traffic To/From a Specific Server
In the first example, a flow classifier is defined with two address and port patterns (filters) to classify traffic from subnetworks of the 168.101.0.0 network to the database server 168.101.162.151, and traffic from the server to the subnetworks. This kind of configuration can be called a to/from classifier. The control applied to this classifier gives high priority to the traffic to and from the server.
Figure 70 To/From Flow Classifier and Control for Server Traffic
To/from classifier definition with two address and port patterns:
The control definition for the to/from classifier:
|
Control Field |
Definition |
|---|---|
|
Control number |
5 |
|
Control name |
DBServer1 |
|
Rate limit type |
none |
|
Service level |
high |
|
Loss eligible status |
no |
|
802.1p tag for forwarded frames |
none |
|
Classifiers controlled |
15 |
In the following example, a flow classifier is defined to block access to the Accounting network 192.1.0.0 (which includes subnetworks 192.1.1.0 and 192.1.2.0) from the Research and Development 168.20.30.0 subnetwork. The associated control for this classifier sets a service level of drop to drop all traffic that is sent by the 168.20.30.0 subnet to the Accounting network.
Figure 71 Flow Classifier for Traffic to/from a Subnetwork
Classifier definition for filtering traffic to a specific destination:
The control definition for this filtering classifier:
|
Control Field |
Definition |
|---|---|
|
Control number |
6 |
|
Control name |
IPFilter1 |
|
Rate limit type |
none |
|
Service Level |
drop |
|
Classifiers controlled |
26 |
In the following example, two flow classifiers (1 and 3) are defined with controls to filter IP traffic. Classifier 1 permits IP traffic between two hosts (192.20.3.3. and 193.20.3.3), while classifier 3 drops IP traffic TCP and UDP, not ICMP) to and from one of the hosts (192.20.3.3). This example shows how the classifier number can be used to dictate precedence.
Figure 72 Flow Classifier for Traffic to/from a Subnetwork
First classifier definition for filtering traffic to/from a specific destination:
The control definition for the first filtering classifier:
|
Control Field |
Definition |
|---|---|
|
Control number |
5 |
|
Control name |
192.20.3.3_to_193.20.3.3 |
|
Rate limit type |
none |
|
Service level |
best |
|
802.1p tag for forwarded frames |
none |
|
Classifiers controlled |
1 |
Second classifier definition for filtering traffic to/from a specific destination:
The control definition for the second filtering classifier:
|
Control Field |
Definition |
|---|---|
|
Control number |
7 |
|
Control name |
192_20.3.3_to_all |
|
Rate limit type |
none |
|
Service level |
drop |
|
Classifiers controlled |
3 |
In the following example, a classifier is defined to give high priority to Web server (http) traffic. In this configuration, all Web servers have addresses that end in .222. This example can apply to any type of traffic that needs high priority (for example, mail server traffic).
Figure 73 Flow Classifier for Assigning High Priority to Web Traffic
Classifier definition for high-priority Web traffic:
The control definition for this classifier is as follows:
|
Control Field |
Definition |
|---|---|
|
Control number |
7 |
|
Control name |
httpServer1 |
|
Rate limit type |
none |
|
Service level |
high |
|
802.1p tag for forwarded frames |
none |
|
Classifiers controlled |
17 |
In this example, a nonflow classifier is defined to classify bridged multimedia traffic with an IEEE 802.1p priority tag of 5 and control this traffic with a high priority transmit service level and a rate limit of 2048 Kbps.
Figure 74 Nonflow Classifier/Control for Bridged Multimedia Traffic
Nonflow classifier definition for Multimedia Traffic with priority tagging:
|
Classifier Field |
Classifier Definition |
|---|---|
|
Classifier number |
405 |
|
Classifier name |
Interactive Multimedia |
|
Cast type |
all (unicast, multicast broadcast, UMB) |
|
Protocol type |
any |
|
IEEE 802.1Q tag(s) |
5 |
The control definition for this classifier is as follows:
In this example, a nonflow classifier is defined to classify IP unicast traffic between clients and the server on the 168.101.0.0 network.
The applied control handles this bridged traffic with a high-priority transmit service level and a rate limit of 75 percent of the link bandwidth.
Figure 75 Nonflow Classifier/Control for Bridged IP Unicast Traffic
Nonflow classifier definition for bridged IP unicast traffic:
|
Classifier Field |
Classifier Definition |
|---|---|
|
Classifier number |
430 |
|
Classifier name |
IP_Unicast |
|
Cast type |
unicast (U) |
|
Protocol type |
IP |
|
IEEE 802.1Q tag(s) |
0 through 7 |
The control definition for this classifier is as follows:
You can modify or remove a previously defined classifier or control. When you modify or remove a classifier, you specify the classifier number; when you modify or remove a control, you specify the control number.
You may want to modify a classifier to alter source/destination information (flow classifier) or change IEEE 802.1p values (nonflow classifier). You may want to modify a control to specify a different service level (queue) or rate limit.
Important Considerations
Before you modify or remove classifiers or controls, review these guidelines:
Your Multilayer Switching Module enables you to tag nonconforming excess packets (that is, packets that exceed the rate-limit criteria) with a special IEEE 802.1p tag value. This tag refers to any packets marked as excess that you want to tag. By default, excess tagging is disabled.
You can use your configuration tool (for instance, the Administration Console) to enable or disable excess tagging and display your excess tagging information.
If you enable excess tagging, you can specify an IEEE 802.1p tag value for nonconforming excess packets in the range of from 0 through 7, with 0 as the default. (See "IEEE 802.1p" earlier in this chapter for a list of the tags and their associated priority levels). Specifying 1 means that nonconforming excess packets become background traffic.
Example: QoS Excess Tagging
The following example shows how to use a classifier, control, and QoS excess tagging to tag conforming QoS multicast video traffic from a server as Streaming Multimedia 802.1p service and to tag any excess traffic as Standard 802.1p service.
In this sample configuration:
For this configuration, you must enable QoS excess tagging with a tag value of 2 as well as define the classifier and control.
Classifier definition for QoS Excess Tagging:
The accompanying control definition:
QoS uses four transmit queues:
You can configure the weighting of the high-priority and best-effort transmit queues by using the option to modify QoS bandwidth. By default, the weighting of the queues is 75 percent high-priority traffic and 25 percent best-effort traffic. Keep in mind that the weighting does not represent guaranteed output bandwidth for these queues, because they are served in relative percentages after the control queue is serviced.
When you modify the QoS bandwidth, you specify the percentage of bandwidth to be used for the high-priority transmit queue on the output link. You can specify a value in the range from 0 through 100. The value that you specify determines the ratio of high-priority to best-effort traffic, as follows:
No bandwidth is ever lost. Because QoS uses ratios, any unused bandwidth can be used by a lower-priority queue.
The Resource Reservation Protocol (RSVP) is an IP service that prevents real-time traffic such as voice or video from overwhelming bandwidth resources. In general, RSVP supports QoS IP flow specifications by placing and managing resource reservations across the network (setting admission control, policing, and restricting the creation of RSVP reservations). Your Multilayer Switching Module can reserve and police the bandwidth requested for each RSVP session.
RSVP is receiver-oriented, that is, an end system can send an RSVP request on behalf of an application to request a specific QoS from the network. At each hop along the path back to the source, routers such as your Layer 3 switching module register the reservation and try to provide the required QoS. If a router cannot provide the required QoS, its RSVP process sends an error to the end system that initiated the request.
RSVP is designed for multicast applications, but it also supports resource reservations for unicast applications as well as point-to-point transmissions. RSVP does not implement a routing algorithm.
To use RSVP, you must be routing. (RSVP operates at Layer 3 for IP-based data flows.) End stations in the configuration must support RSVP in order to request the reservation of bandwidth through the network.
By default, RSVP is disabled on the Multilayer Switching Module. If you decide to use RSVP, 3Com recommends that you use the default RSVP settings.
RSVP Terminology
Familiarize yourself with the following RSVP terms:
Figure 77 shows an RSVP configuration in which an RSVP reservation request (dotted lines) flows upstream along a multicast delivery tree (with routing-capable devices such as Switch 4007 Multilayer Switching Modules until it merges with another reservation request for the same source.
Figure 77 Sample RSVP Configuration
If you enable RSVP, you specify the following information:
After you enable RSVP, you can use your configuration tool (for example, the Administration Console) to display summary or detail information about RSVP. Figure 78 shows a sample RSVP detail display.
Figure 78 identifies the RSVP data flow as it passes through the Layer 3 module and provides the following information:
Figure 78 RSVP Information with Installed Flows 
