Catalyst 3550 Multilayer Switch Software Configuration Guide, Rel. 12.2(25)SEE
Configuring QoS
Download this chapter
Configuring QoSConfiguring QoS
Download the complete book
Catalyst 3550 Switch Software Configuration Guide (full book in PDF format) Catalyst 3550 Switch Software Configuration Guide (full book in PDF format) (PDF - 11 MB)
give_us_feedback

Table Of Contents

Configuring QoS

Understanding QoS

Basic QoS Model

Classification

Classification Based on QoS ACLs

Classification Based on Class Maps and Policy Maps

Policing and Marking

Mapping Tables

Queueing and Scheduling

Queueing and Scheduling on Gigabit-Capable Ports

Queueing and Scheduling on 10/100 Ethernet Ports

Packet Modification

Configuring Auto-QoS

Generated Auto-QoS Configuration

Effects of Auto-QoS on the Configuration

Configuration Guidelines

Upgrading from a Previous Software Release

Enabling Auto-QoS for VoIP

Displaying Auto-QoS Information

Auto-QoS Configuration Example

Configuring Standard QoS

Default Standard QoS Configuration

Standard QoS Configuration Guidelines

Enabling QoS Globally

Configuring Classification By Using Port Trust States

Configuring the Trust State on Ports within the QoS Domain

Configuring the CoS Value for an Interface

Configuring a Trusted Boundary to Ensure Port Security

Enabling Pass-Through Mode

Configuring the DSCP Trust State on a Port Bordering Another QoS Domain

Configuring a QoS Policy

Classifying Traffic by Using ACLs

Classifying Traffic on a Physical-Port Basis by Using Class Maps

Classifying Traffic on a Per-Port Per-VLAN Basis by Using Class Maps

Classifying, Policing, and Marking Traffic by Using Policy Maps

Classifying, Policing, and Marking Traffic by Using Aggregate Policers

Configuring DSCP Maps

Configuring the CoS-to-DSCP Map

Configuring the IP-Precedence-to-DSCP Map

Configuring the Policed-DSCP Map

Configuring the DSCP-to-CoS Map

Configuring the DSCP-to-DSCP-Mutation Map

Configuring Egress Queues on Gigabit-Capable Ethernet Ports

Mapping CoS Values to Select Egress Queues

Configuring the Egress Queue Size Ratios

Configuring Tail-Drop Threshold Percentages

Configuring WRED Drop Thresholds Percentages

Configuring the Egress Expedite Queue

Allocating Bandwidth among Egress Queues

Configuring Egress Queues on 10/100 Ethernet Ports

Mapping CoS Values to Select Egress Queues

Configuring the Minimum-Reserve Levels

Configuring the Egress Expedite Queue

Allocating Bandwidth among Egress Queues

Displaying Standard QoS Information

Standard QoS Configuration Examples

QoS Configuration for the Existing Wiring Closet

QoS Configuration for the Intelligent Wiring Closet

QoS Configuration for the Distribution Layer


Configuring QoS

This chapter describes how to configure quality of service (QoS) by using automatic QoS (auto-QoS) commands or by using standard QoS commands. With QoS, you can give preferential treatment to certain types of traffic at the expense of others. Without QoS, the Catalyst 3550 switch offers best-effort service to each packet, regardless of the packet contents or size. It sends the packets without any assurance of reliability, delay bounds, or throughput.

Note For complete syntax and usage information for the commands used in this chapter, see the command reference for this release.

This chapter consists of these sections:

Understanding QoS

Configuring Auto-QoS

Displaying Auto-QoS Information

Auto-QoS Configuration Example

Configuring Standard QoS

Displaying Standard QoS Information

Standard QoS Configuration Examples

Note When you are configuring QoS parameters for the switch, in order to allocate system resources to maximize the number of possible QoS access control entries (ACEs) allowed, you can use the sdm prefer access global configuration command to set the Switch Database Management feature to the access template. For more information on the SDM templates, see the "Optimizing System Resources for User-Selected Features" section on page 6-26.

The switch supports some of the modular QoS CLI (MQC) commands. For more information about the MQC commands, see the "Modular Quality of Service Command Line Interface Overview" at this URL:

/en/US/docs/ios/12_2/qos/configuration/guide/qcfmdcli.html#89799

Understanding QoS

Typically, networks operate on a best-effort delivery basis, which means that all traffic has equal priority and an equal chance of being delivered in a timely manner. When congestion occurs, all traffic has an equal chance of being dropped.

When you configure QoS, you can select specific network traffic, prioritize it according to its relative importance, and use congestion-management and congestion-avoidance techniques to give preferential treatment. Implementing QoS in your network makes network performance more predictable and bandwidth utilization more effective.

The QoS implementation is based on the DiffServ architecture, an emerging standard from the Internet Engineering Task Force (IETF). This architecture specifies that each packet is classified upon entry into the network. The classification is carried in the IP packet header, using 6 bits from the deprecated IP type of service (ToS) field to carry the classification (class) information. Classification can also be carried in the Layer 2 frame. These special bits in the Layer 2 frame or in the Layer 3 packet are described here and shown in Figure 30-1:

Prioritization bits in Layer 2 frames:

Layer 2 Inter-Switch Link (ISL) frame headers have a 1-byte User field that carries an IEEE 802.1p class of service (CoS) value in the three least-significant bits. On interfaces configured as Layer 2 ISL trunks, all traffic is in ISL frames.

Layer 2 IEEE 802.1Q frame headers have a 2-byte Tag Control Information field that carries the CoS value in the three most-significant bits, which are called the User Priority bits. On interfaces configured as Layer 2 IEEE 802.1Q trunks, all traffic is in IEEE 802.1Q frames except for traffic in the native VLAN.

Other frame types cannot carry Layer 2 CoS values.

Layer 2 CoS values range from 0 for low priority to 7 for high priority.

Prioritization bits in Layer 3 packets:

Layer 3 IP packets can carry either an IP precedence value or a Differentiated Services Code Point (DSCP) value. QoS supports the use of either value because DSCP values are backward-compatible with IP precedence values.

IP precedence values range from 0 to 7.

DSCP values range from 0 to 63.

Figure 30-1 QoS Classification Bits in Frames and Packets

Note Layer 3 IPv6 packets are treated as non-IP packets and are bridged by the switch.

To give the same forwarding treatment to packets with the same class information and different treatment to packets with different class information, all switches and routers that access the Internet rely on class information. Class information in the packet can be assigned by end hosts or by switches or routers along the way, based on a configured policy, detailed examination of the packet, or both. Detailed examination of the packet is expected to happen closer to the network edge so that core switches and routers are not overloaded.

Switches and routers along the path can use class information to limit the amount of resources allocated per traffic class. The behavior of an individual device when handling traffic in the DiffServ architecture is called per-hop behavior. If all devices along a path have a consistent per-hop behavior, you can construct an end-to-end QoS solution.

Implementing QoS in your network can be a simple or complex task and depends on the QoS features offered by your internetworking devices, the traffic types and patterns in your network, and the granularity of control that you need over incoming and outgoing traffic.

These sections describe the QoS stages and how they work:

Basic QoS Model

Classification

Policing and Marking

Mapping Tables

Queueing and Scheduling

Packet Modification

Basic QoS Model

Figure 30-2 shows the basic QoS model. Actions at the ingress interface include classifying traffic, policing, and marking:

Classifying distinguishes one kind of traffic from another. The process generates an internal DSCP for a packet, which identifies all the future QoS actions to be performed on this packet. For more information, see the "Classification" section.

Policing determines whether a packet is in or out of profile by comparing the internal DSCP to the configured policer. The policer limits the bandwidth consumed by a flow of traffic. The result of this determination is passed to the marker. For more information, see the "Policing and Marking" section.

Marking evaluates the policer and the configuration information for the action to be taken when a packet is out of profile and decides what to do with the packet (pass through a packet without modification, mark down the DSCP value in the packet, or drop the packet). For more information, see the "Policing and Marking" section.

Actions at the egress interface include queueing and scheduling:

Queueing evaluates the internal DSCP and determines which of the four egress queues in which to place the packet. The DSCP value is mapped to a CoS value, which selects one of the queues. For more information, see the "Mapping Tables" section.

Scheduling services the four egress queues based on their configured weighted round robin (WRR) weights and thresholds. One of the queues can be the expedite queue, which is serviced until empty before the other queues are serviced. Congestion avoidance techniques include tail drop and Weighted Random Early Detection (WRED) on Gigabit-capable Ethernet ports and tail drop (with only one threshold) on 10/100 Ethernet ports. For more information, see the "Queueing and Scheduling" section.

Note Policing and marking also can occur on egress interfaces.

Figure 30-2 Basic QoS Model

Classification

Classification is the process of distinguishing one kind of traffic from another by examining the fields in the packet. Classification is enabled only if QoS is globally enabled on the switch. By default, QoS is globally disabled, so no classification occurs.

Note Classification occurs on a physical interface or on a per-port per-VLAN basis. No support exists for classifying packets at the switch virtual interface level.

You specify which fields in the frame or packet that you want to use to classify incoming traffic.

For non-IP traffic, these are the classification options as shown in Figure 30-3:

Use the port default. If the frame does not contain a CoS value, the switch assigns the default port CoS value to the incoming frame. Then, the switch uses the configurable CoS-to-DSCP map to generate the internal DSCP value. The switch uses the internal DSCP value to generate a CoS value representing the priority of the traffic.

Trust the CoS value in the incoming frame (configure the port to trust CoS). Then, the switch uses the configurable CoS-to-DSCP map to generate the internal DSCP value. Layer 2 ISL frame headers carry the CoS value in the three least-significant bits of the 1-byte User field. Layer 2 IEEE 802.1Q frame headers carry the CoS value in the three most-significant bits of the Tag Control Information field. CoS values range from 0 for low priority to 7 for high priority.

The trust DSCP and trust IP precedence configurations are meaningless for non-IP traffic. If you configure a port with either of these options and non-IP traffic is received, the switch assigns the default port CoS value and generates the internal DSCP from the CoS-to-DSCP map.

Perform the classification based on the configured Layer 2 MAC access control list (ACL), which can examine the MAC source address, the MAC destination address, and the Ethertype field. If no ACL is configured, the packet is assigned the default DSCP of 0, which means best-effort traffic; otherwise, the policy map specifies the DSCP to assign to the incoming frame.

For IP traffic, these are the classification options as shown in Figure 30-3:

Trust the IP DSCP in the incoming packet (configure the port to trust DSCP), and assign the same DSCP to the packet for internal use. The IETF defines the 6 most-significant bits of the 1-byte ToS field as the DSCP. The priority represented by a particular DSCP value is configurable. DSCP values range from 0 to 63.

For ports that are on the boundary between two QoS administrative domains, you can modify the DSCP to another value by using the configurable DSCP-to-DSCP-mutation map.

Trust the IP precedence in the incoming packet (configure the port to trust IP precedence), and generate a DSCP by using the configurable IP-precedence-to-DSCP map. The IP Version 4 specification defines the three most-significant bits of the 1-byte ToS field as the IP precedence. IP precedence values range from 0 for low priority to 7 for high priority.

Trust the CoS value (if present) in the incoming packet, and generate the DSCP by using the CoS-to-DSCP map.

Perform the classification based on a configured IP standard or an extended ACL, which examines various fields in the IP header. If no ACL is configured, the packet is assigned the default DSCP of 0, which means best-effort traffic; otherwise, the policy map specifies the DSCP to assign to the incoming frame.

For information on the maps described in this section, see the "Mapping Tables" section. For configuration information on port trust states, see the "Configuring Classification By Using Port Trust States" section.

Figure 30-3 Classification Flowchart

Classification Based on QoS ACLs

You can use IP standard, IP extended, and Layer 2 MAC ACLs to define a group of packets with the same characteristics (class). In the QoS context, the permit and deny actions in the access control entries (ACEs) have different meanings than with security ACLs:

If a match with a permit action is encountered (first-match principle), the specified QoS-related action is taken.

If a match with a deny action is encountered, the ACL being processed is skipped, and the next ACL is processed.

If no match with a permit action is encountered and all the ACEs have been examined, no QoS processing occurs on the packet, and the switch offers best-effort service to the packet.

If multiple ACLs are configured on an interface, the lookup stops after the packet matches the first ACL with a permit action, and QoS processing begins.

Note When creating an access list, remember that, by default, the end of the access list contains an implicit deny statement for everything if it did not find a match before reaching the end.

After a traffic class has been defined with the ACL, you can attach a policy to it. A policy might contain multiple classes with actions specified for each one of them. A policy might include commands to classify the class as a particular aggregate (for example, assign a DSCP) or rate-limit the class. This policy is then attached to a particular port on which it becomes effective.

You implement IP ACLs to classify IP traffic by using the access-list global configuration command; you implement Layer 2 MAC ACLs to classify non-IP traffic by using the mac access-list extended global configuration command. For configuration information, see the "Configuring a QoS Policy" section.

Classification Based on Class Maps and Policy Maps

A class map is a mechanism that you use to name and to isolate a specific traffic flow (or class) from all other traffic. The class map defines the criteria used to match against a specific traffic flow to further classify it; the criteria can include matching the access group defined by the ACL, matching a specific list of DSCP or IP precedence values, or matching a specific list of VLAN IDs associated with another class map that defines the actual criteria (for example, to match a standard or extended ACL). If you have more than one type of traffic that you want to classify, you can create another class map and use a different name. After a packet is matched against the class-map criteria, you further classify it through the use of a policy map.

A policy map specifies which traffic class to act on. Actions can include trusting the CoS, DSCP, or IP precedence values in the traffic class; setting a specific DSCP or IP precedence value in the traffic class; or specifying the traffic bandwidth limitations and the action to take when the traffic is out of profile. Before a policy map can be effective, you must attach it to an interface.

You create a class map by using the class-map global configuration command or the class policy-map configuration command; you should use the class-map command when the map is shared among many ports. When you enter the class-map command, the switch enters the class-map configuration mode. In this mode, you define the match criterion for the traffic by using the match class-map configuration command.

You create and name a policy map by using the policy-map global configuration command. When you enter this command, the switch enters the policy-map configuration mode. In this mode, you specify the actions to take on a specific traffic class by using the class, trust, or set policy-map configuration and policy-map class configuration commands. To make the policy map effective, you attach it to an interface by using the service-policy interface configuration command.

The policy map also can contain commands that define the policer, the bandwidth limitations of the traffic, and the action to take if the limits are exceeded. For more information, see the "Policing and Marking" section.

A policy map has these characteristics:

A policy map can contain multiple class statements.

A separate policy-map class can exist for each type of traffic received through an interface.

The policy-map trust state and an interface trust state are mutually exclusive, and whichever is configured last takes affect.

For configuration information, see the "Configuring a QoS Policy" section.

Policing and Marking

After a packet is classified and has an internal DSCP value assigned to it, the policing and marking process can begin as shown in Figure 30-4.

Policing involves creating a policer that specifies the bandwidth limits for the traffic. Packets that exceed the limits are out of profile or nonconforming. Each policer specifies the action to take for packets that are in or out of profile. These actions, carried out by the marker, include passing through the packet without modification, dropping the packet, or marking down the packet with a new DSCP value that is obtained from the configurable policed-DSCP map. For information on the policed-DSCP map, see the "Mapping Tables" section.

You can create these types of policers:

Individual

QoS applies the bandwidth limits specified in the policer separately to each matched traffic class. You configure this type of policer within a policy map by using the police policy-map configuration command.

Aggregate

QoS applies the bandwidth limits specified in an aggregate policer cumulatively to all matched traffic flows. You configure this type of policer by specifying the aggregate policer name within a policy map by using the police aggregate policy-map configuration command. You specify the bandwidth limits of the policer by using the mls qos aggregate-policer global configuration command. In this way, the aggregate policer is shared by multiple classes of traffic within a policy map.

Policing uses a token bucket algorithm. As each frame is received by the switch, a token is added to the bucket. The bucket has a hole in it and leaks at a rate that you specify as the average traffic rate in bits per second. Each time a token is added to the bucket, the switch performs a check to determine if there is enough room in the bucket. If there is not enough room, the packet is marked as nonconforming, and the specified policer action is taken (dropped or marked down).

How quickly the bucket fills is a function of the bucket depth (burst-byte), the rate at which the tokens are removed (rate-bps), and the duration of the burst above the average rate. The size of the bucket imposes an upper limit on the burst length and determines the number of frames that can be sent back-to-back. If the burst is short, the bucket does not overflow, and no action is taken against the traffic flow. However, if a burst is long and at a higher rate, the bucket overflows, and the policing actions are taken against the frames in that burst.

You configure the bucket depth (the maximum burst that is tolerated before the bucket overflows) by using the burst-byte option of the police policy-map class configuration command or the mls qos aggregate-policer global configuration command. You configure how fast (the average rate) that the tokens are removed from the bucket by using the rate-bps option of the police policy-map class configuration command or the mls qos aggregate-policer global configuration command.

When configuring policing and policers, keep these items in mind:

By default, no policers are configured.

Policers can be configured only on a physical port or on a per-port per-VLAN basis (specifies the bandwidth limits for the traffic on a per-VLAN basis, for a given port). Per-port per-VLAN policing is not supported on routed ports or on virtual (logical) interfaces. It is supported only on an ingress port configured as a trunk or as a static-access port.

Only one policer can be applied to a packet per direction.

Only the average rate and committed burst parameters are configurable.

Policing can occur on ingress and egress interfaces:

Note Per-port per-VLAN policing is supported only on ingress interfaces.

128 policers are supported on ingress Gigabit-capable Ethernet ports.

8 policers are supported on ingress 10/100 Ethernet ports.

8 policers are supported on all egress ports.

Ingress policers can be individual or aggregate.

On an interface configured for QoS, all traffic received through the interface is classified, policed, and marked according to the policy map attached to the interface. On a trunk interface configured for QoS, traffic in all VLANs received through the interface is classified, policed, and marked according to the policy map attached to the interface.

After you configure the policy map and policing actions, attach the policy to an ingress or egress interface by using the service-policy interface configuration command. For configuration information, see the "Classifying, Policing, and Marking Traffic by Using Policy Maps" section and the "Classifying, Policing, and Marking Traffic by Using Aggregate Policers" section.

Figure 30-4 Policing and Marking Flowchart

Mapping Tables

During QoS processing, the switch represents the priority of all traffic (including non-IP traffic) with an internal DSCP value:

During classification, QoS uses configurable mapping tables to derive the internal DSCP (a 6-bit value) from received CoS or IP precedence (3-bit) values. These maps include the CoS-to-DSCP map and the IP-precedence-to-DSCP map.

On an ingress interface configured in the DSCP-trusted state, if the DSCP values are different between the QoS domains, you can apply the configurable DSCP-to-DSCP-mutation map to the interface that is on the boundary between the two QoS domains.

During policing, QoS can assign another DSCP value to an IP or non-IP packet (if the packet is out of profile and the policer specifies a marked down DSCP value). This configurable map is called the policed-DSCP map.

Before the traffic reaches the scheduling stage, QoS uses the configurable DSCP-to-CoS map to derive a CoS value from the internal DSCP value. Through the CoS-to-egress-queue map, the CoS values select one of the four egress queues for output processing.

The CoS-to-DSCP, DSCP-to-CoS, and the IP-precedence-to-DSCP map have default values that might or might not be appropriate for your network.

The default DSCP-to-DSCP-mutation map and the default policed-DSCP map are null maps; they map an incoming DSCP value to the same DSCP value. The DSCP-to-DSCP-mutation map is the only map you apply to a specific Gigabit-capable Ethernet port or to a group of 10/100 Ethernet ports. All other maps apply to the entire switch.

For configuration information, see the "Configuring DSCP Maps" section.

Queueing and Scheduling

After a packet is policed and marked, the queueing and scheduling process begins as described in these sections:

Queueing and Scheduling on Gigabit-Capable Ports

Queueing and Scheduling on 10/100 Ethernet Ports

Queueing and Scheduling on Gigabit-Capable Ports

Figure 30-5 shows the queueing and scheduling flowchart for Gigabit-capable Ethernet ports.

Figure 30-5 Queueing and Scheduling Flowchart for Gigabit-Capable Ethernet Ports

Note If the expedite queue is enabled, WRR services it until it is empty before servicing the other three queues.

During the queueing and scheduling process, the switch uses egress queues and WRR for congestion management, and tail drop or WRED algorithms for congestion avoidance on Gigabit-capable Ethernet ports.

Each Gigabit-capable Ethernet port has four egress queues, one of which can be the egress expedite queue. You can configure the buffer space allocated to each queue as a ratio of weights by using the wrr-queue queue-limit interface configuration command, where the relative size differences in the numbers show the relative differences in the queue sizes. To display the absolute value of the queue size, use the show mls qos interface interface-id statistics privileged EXEC command, and examine the FreeQ information.

You assign two drop thresholds to each queue, map DSCPs to the thresholds through the DSCP-to-threshold map, and enable either tail drop or WRED on the interface. The queue size, drop thresholds, tail-drop or WRED algorithm, and the DSCP-to-threshold map work together to determine when and which packets are dropped when the thresholds are exceeded. You configure the drop percentage thresholds by using either the wrr-queue threshold interface configuration command for tail drop or the wrr-queue random-detect max-threshold interface configuration command for WRED; in either case, you map DSCP values to the thresholds (DSCP-to-threshold map) by using the wrr-queue dscp-map interface configuration command. For more information, see the "Tail Drop" section and "WRED" section.

The available bandwidth of the egress link is divided among the queues. You configure the queues to be serviced according to the ratio of WRR weights by using the wrr-queue bandwidth interface configuration command. The ratio represents the importance (weight) of a queue relative to the other queues. WRR scheduling prevents low-priority queues from being completely neglected during periods of high-priority traffic by sending some packets from each queue in turn. The number of packets sent corresponds to the relative importance of the queue. For example, if one queue has a weight of 3 and another has a weight of 4, three packets are sent from the first queue for every four that are sent from the second queue. By using this scheduling, low-priority queues can send packets even though the high-priority queues are not empty. Queues are selected by the CoS value that is mapped to an egress queue (CoS-to-egress-queue map) through the wrr-queue cos-map interface configuration command.

All four queues participate in the WRR unless the expedite queue is enabled, in which case, the fourth bandwidth weight is ignored and not used in the ratio calculation. The expedite queue is a priority queue, and it is serviced until empty before the other queues are serviced. You enable the expedite queue by using the priority-queue out interface configuration command.

You can combine the commands described in this section to prioritize traffic by placing packets with particular DSCPs into certain queues, allocate a larger queue size or service the particular queue more frequently, and adjust queue thresholds so that packets with lower priorities are dropped. For configuration information, see the "Configuring Egress Queues on Gigabit-Capable Ethernet Ports" section.

Tail Drop

Tail drop is the default congestion-avoidance technique on Gigabit-capable Ethernet ports. With tail drop, packets are queued until the thresholds are exceeded. Specifically, all packets with DSCPs assigned to the first threshold are dropped until the threshold is no longer exceeded. However, packets assigned to the second threshold continue to be queued and sent as long as the second threshold is not exceeded.

You can modify the two tail-drop threshold percentages assigned to the four egress queues by using the wrr-queue threshold interface configuration command. Each threshold value is a percentage of the total number of allocated queue descriptors for the queue. The default threshold is 100 percent for thresholds 1 and 2.

You modify the DSCP-to-threshold map to determine which DSCPs are mapped to which threshold ID by using the wrr-queue dscp-map interface configuration command. By default, all DSCPs are mapped to threshold 1, and when this threshold is exceeded, all the packets are dropped.

If you use tail-drop thresholds, you cannot use WRED, and vice versa. If tail drop is disabled, WRED is automatically enabled with the previous configuration (or the default if it was not previously configured).

WRED

Cisco's implementation of Random Early Detection (RED), called Weighted Random Early Detection (WRED), differs from other congestion-avoidance techniques because it attempts to anticipate and avoid congestion, rather than controlling congestion when it occurs.

WRED takes advantage of the Transmission Control Protocol (TCP) congestion control to try to control the average queue size by indicating to end hosts when they should temporarily stop sending packets. By randomly dropping packets before periods of high congestion, it tells the packet source to decrease its transmission rate. Assuming the packet source is using TCP, WRED tells it to decrease its transmission rate until all the packets reach their destination, meaning that the congestion is cleared.

WRED reduces the chances of tail drop by selectively dropping packets when the output interface begins to show signs of congestion. By dropping some packets early rather than waiting until the queue is full, WRED avoids dropping large numbers of packets at once. Thus, WRED allows the transmission line to be fully used at all times. WRED also drops more packets from large users than small. Therefore, sources that generate the most traffic are more likely to be slowed down versus sources that generate little traffic.

You can enable WRED and configure the two threshold percentages assigned to the four egress queues on a Gigabit-capable Ethernet port by using the wrr-queue random-detect max-threshold interface configuration command. Each threshold percentage represents where WRED starts to randomly drop packets. After a threshold is exceeded, WRED randomly begins to drop packets assigned to this threshold. As the queue limit is approached, WRED continues to drop more and more packets. When the queue limit is reached, WRED drops all packets assigned to the threshold. By default, WRED is disabled.

You modify the DSCP-to-threshold map to determine which DSCPs are mapped to which threshold ID by using the wrr-queue dscp-map interface configuration command. By default, all DSCPs are mapped to threshold 1, and when this threshold is exceeded, all the packets are randomly dropped.

If you use WRED thresholds, you cannot use tail drop, and vice versa. If WRED is disabled, tail drop is automatically enabled with the previous configuration (or the default if it was not previously configured).

Queueing and Scheduling on 10/100 Ethernet Ports

Figure 30-6 shows the queueing and scheduling flowchart for 10/100 Ethernet ports.

Figure 30-6 Queueing and Scheduling Flowchart for 10/100 Ethernet Ports

Note If the expedite queue is enabled, WRR services it until it is empty before servicing the other three queues.

During the queueing and scheduling process, the switch uses egress queues (to select the minimum-reserve level and buffer size) and WRR for congestion management.

Each 10/100 Ethernet port has four egress queues, one of which can be the egress expedite queue. Each queue can access one of eight minimum-reserve levels; each level has 100 packets of buffer space by default for queueing packets. When the buffer specified for the minimum-reserve level is full, packets are dropped until space is available.

Figure 30-7 is an example of the 10/100 Ethernet port queue assignments, minimum-reserve levels, and buffer sizes. The figure shows four egress queues per port, with each queue assigned to a minimum-reserve level. For example, for Fast Ethernet port 0/1, queue 1 is assigned to minimum-reserve level 1, queue 2 is assigned to minimum-reserve level 3, queue 3 is assigned to minimum-reserve level 5, and queue 4 is assigned to minimum-reserve level 7. You assign the minimum-reserve level to a queue by using the wrr-queue min-reserve interface configuration command.

Each minimum-reserve level is configured with a buffer size. As shown in the figure, queue 4 of Fast Ethernet port 1 has a buffer size of 70 packets, queue 4 of Fast Ethernet port 2 has a buffer size of 80 packets, queue 4 of Fast Ethernet port 3 has a buffer size of 40 packets, and Fast Ethernet port 4 has a buffer size of 80 packets. You configure the buffer size by using the mls qos min-reserve global configuration command.

Figure 30-7 10/100 Ethernet Port Queue Assignment, Minimum-Reserve Levels, and Buffer Size

The available bandwidth of the egress link is divided among the queues. You configure the queues to be serviced according to the ratio of WRR weights by using the wrr-queue bandwidth interface configuration command. The ratio represents the importance (weight) of a queue relative to the other queues. WRR scheduling prevents low-priority queues from being completely neglected during periods of high-priority traffic by sending some packets from each queue in turn. The number of packets sent corresponds to the relative importance of the queue. For example, if one queue has a weight of 3 and another has a weight of 4, three packets are sent from the first queue for every four that are sent from the second queue. By using this scheduling, low-priority queues can send packets even though the high-priority queues are not empty. Queues are selected by the CoS value that is mapped to an egress queue (CoS-to-egress-queue map) through the wrr-queue cos-map interface configuration command.

All four queues participate in the WRR unless the egress expedite queue is enabled, in which case, the fourth bandwidth weight is ignored and not used in the ratio calculation. The expedite queue is a priority queue, and it is serviced until empty before the other queues are serviced. You enable the expedite queue by using the priority-queue out interface configuration command.

You can combine the commands described in this section to prioritize traffic by placing packets with particular DSCPs into certain queues, allocate a larger minimum-reserve buffer size, and service a particular queue more frequently. For configuration information, see the "Configuring Egress Queues on 10/100 Ethernet Ports" section.

Packet Modification

A packet is classified, policed, and queued for QoS. Packet modifications can occur during this process:

For IP packets, classification involves assigning a DSCP to the packet. However, the packet is not modified at this stage; only an indication of the assigned DSCP is carried along. The reason for this is that QoS classification and ACL lookup occur in parallel, and it is possible that the ACL specifies that the packet should be denied and logged. In this situation, the packet is forwarded with its original DSCP to the CPU, where it is again processed through ACL software. However, route lookup is performed based on classified DSCPs.

For non-IP packets, classification involves assigning an internal DSCP to the packet, but because there is no DSCP in the non-IP packet, no overwrite occurs. Instead, the internal DSCP is translated to the CoS and is used both for queueing and scheduling decisions and for writing the CoS priority value in the tag if the packet is being sent on either an ISL or IEEE 802.1Q trunk port. Because the CoS priority is written in the tag, Catalyst 3500 series XL switches that use the IEEE 802.1p priority can interoperate with the QoS implementation on the Catalyst 3550 switches.

During policing, IP and non-IP packets can have another DSCP assigned to them (if they are out of profile and the policer specifies a markdown DSCP). For IP packets, the packet modification occurs at a later stage; for non-IP packets the DSCP is converted to CoS and used for queueing and scheduling decisions.

Configuring Auto-QoS

You can use the auto-QoS feature to simplify the deployment of existing QoS features. Auto-QoS makes assumptions about the network design, and as a result, the switch can prioritize different traffic flows and appropriately use the egress queues instead of using the default QoS behavior. (The default is that QoS is disabled. The switch then offers best-effort service to each packet, regardless of the packet contents or size, and sends it from a single queue.)

When you enable auto-QoS, it automatically classifies traffic based on the traffic type and ingress packet label. The switch uses the resulting classification to choose the appropriate egress queue.

You use auto-QoS commands to identify ports connected to Cisco IP Phones and to devices running the Cisco SoftPhone application. You also use the commands to identify ports that receive trusted traffic through an uplink. Auto-QoS then performs these functions:

Detects the presence or absence of Cisco IP Phones

Configures QoS classification

Configures egress queues

These sections describe how to configure auto-QoS on your switch:

Generated Auto-QoS Configuration

Effects of Auto-QoS on the Configuration

Configuration Guidelines

Upgrading from a Previous Software Release

Enabling Auto-QoS for VoIP

Generated Auto-QoS Configuration

By default, auto-QoS is disabled on all interfaces.

When auto-QoS is enabled, it uses the ingress packet label to categorize traffic and to configure the egress queues as shown in Table 30-1.

Table 30-1 Traffic Types, Packet Labels, and Egress Queues 

 
VoIP1 Data Traffic
VoIP Control Traffic
Routing Protocol Traffic
STP BPDU2 Traffic
Real-Time Video Traffic
All Other Traffic

DSCP

46

24, 26

48

56

34

-

CoS

5

3

6

7

4

CoS-to-Queue Map

5

3, 6, 7

4

2

0, 1

Egress Queue

Expedite (queue 4)

70% WRR (queue 3)

20% WRR (queue 2)

20% WRR (queue 2)

10% WRR (queue 1)

1 VoIP = voice over IP

2 BPDU = bridge protocol data unit


Table 30-2 shows the generated auto-QoS configuration for the egress queues.

Table 30-2 Auto-QoS Configuration for the Egress Queues

Egress Queue
Queue Number
CoS-to-Queue Map
Queue Weight
Queue Size for Gigabit-Capable Ports
Queue Size (in packets) for 10/100 Ethernet Ports

Expedite

4

5

-

10 percent

34 (10 percent)

70% WRR

3

3, 6, 7

70 percent

15 percent

51 (15 percent)

20% WRR

2

2, 4

20 percent

25 percent

82 (25 percent)

10% WRR

1

0, 1

10 percent

50 percent

170 (50 percent)


When you enable the auto-QoS feature on the first interface, these automatic actions occur:

QoS is globally enabled (mls qos global configuration command).

When you enter the auto qos voip cisco-phone interface configuration command on a port at the edge of the network that is connected to a Cisco IP Phone, the switch enables the trusted boundary feature. The switch uses the Cisco Discovery Protocol (CDP) to detect the presence or absence of a Cisco IP Phone. When a Cisco IP Phone is detected, the ingress classification on the interface is set to trust the QoS label received in the packet. When a Cisco IP Phone is absent, the ingress classification is set to not trust the QoS label in the packet. The switch configures egress queues on the port according to the settings in Table 30-2.

When you enter the auto qos voip cisco-softphone interface configuration command on a port at the edge of the network that is connected to a device running the Cisco SoftPhone, the switch uses policing to determine whether a packet is in or out of profile and to specify the action on the packet. If the packet does not have a DSCP value of 24, 26, or 46 or is out of profile, the switch changes the DSCP value to 0. The switch configures egress queues on the port according to the settings in Table 30-2.

When you enter the auto qos voip trust interface configuration command on a port connected to the interior of the network, the switch trusts the CoS value for nonrouted ports or the DSCP value for routed ports in ingress packets (the assumption is that traffic has already been classified by other edge devices). The switch configures egress queues on the port according to the settings in Table 30-2.

For information about the trusted boundary feature, see the "Configuring a Trusted Boundary to Ensure Port Security" section.

When you enable auto-QoS by using the auto qos voip cisco-phone, the auto qos voip cisco-softphone, or the auto qos voip trust interface configuration command, the switch automatically generates a QoS configuration based on the traffic type and ingress packet label and applies the commands listed in Table 30-3 to the interface.

Table 30-3 Generated Auto-QoS Configuration 

Description
Automatically Generated Command

The switch automatically enables standard QoS and configures the CoS-to-DSCP map (maps CoS values in incoming packets to a DSCP value) as shown in Table 30-1. 

Switch(config)# mls qos

Switch(config)# mls qos map cos-dscp 0 8 16 26 32 46 
48 56

If 10/100 Ethernet ports are present, the switch automatically configures the buffer size of the minimum-reserve levels 5, 6, 7, and 8:

Level 5 can hold 170 packets.

Level 6 can hold 85 packets.

Level 7 can hold 51 packets.

Level 8 can hold 34 packets. 

Switch(config)# mls qos min-reserve 5 170

Switch(config)# mls qos min-reserve 6 85

Switch(config)# mls qos min-reserve 7 51

Switch(config)# mls qos min-reserve 8 34

If you entered the auto qos voip trust command, the switch automatically sets the ingress classification to trust the CoS value received in the packet on a nonrouted port or to trust the DSCP value received in the packet on a routed port. 

Switch(config-if)# mls qos trust cos

Switch(config-if)# mls qos trust dscp

If you entered the auto qos voip cisco-phone command, the switch automatically enables the trusted boundary feature, which uses the CDP to detect the presence or absence of a Cisco IP Phone. 

Switch(config-if)# mls qos trust device cisco-phone

If you entered the auto qos voip cisco-softphone command, the switch automatically creates class maps and policy maps. 

Switch(config)# mls qos map policed-dscp 24 26 46 to 
0

Switch(config)# class-map match-all 
AutoQoS-VoIP-RTP-Trust

Switch(config-cmap)# match ip dscp 46

Switch(config)# class-map match-all 
AutoQoS-VoIP-Control-Trust

Switch(config-cmap)# match ip dscp 24 26

Switch(config)# policy-map AutoQoS-Police-SoftPhone

Switch(config-pmap)# class AutoQoS-VoIP-RTP-Trust

Switch(config-pmap-c)# set dscp 46

Switch(config-pmap-c)# police 320000 8000 
exceed-action policed-dscp-transmit

Switch(config-pmap)# class 
AutoQoS-VoIP-Control-Trust

Switch(config-pmap-c)# set dscp 24

Switch(config-pmap-c)# police 32000 8000 
exceed-action policed-dscp-transmit

After creating the class maps and policy maps, the switch automatically applies the policy map called AutoQoS-Police-SoftPhone to an ingress interface on which auto-QoS with the Cisco SoftPhone feature is enabled. 

Switch(config-if)# service-policy input 
AutoQoS-Police-SoftPhone

The switch automatically assigns egress queue usage (as shown in Table 30-2) on this interface.

The switch enables the egress expedite queue and assigns WRR weights to queues 1, 2, and 3. (The lowest value for a WRR queue is 1. When the WRR weight of a queue is set to 0, this queue becomes an expedite queue.)

The switch configures the CoS-to-egress-queue map:

CoS values 0 and 1 select queue 1.

CoS values 2 and 4 select queue 2.

CoS values 3, 6, and 7 select queue 3.

CoS value 5 selects queue 4 (expedite queue).

Because the expedite queue (queue 4) contains the VoIP data traffic, the queue is serviced until empty. 

Switch(config-if)# wrr-queue bandwidth 10 20 70 1

Switch(config-if)# no wrr-queue cos-map

Switch(config-if)# wrr-queue cos-map 1 0 1

Switch(config-if)# wrr-queue cos-map 2 2 4

Switch(config-if)# wrr-queue cos-map 3 3 6 7

Switch(config-if)# wrr-queue cos-map 4 5

Switch(config-if)# priority-queue out

On Gigabit-capable Ethernet ports only, the switch automatically configures the ratio of the sizes of the WRR egress queues:

Queue 1 is 50 percent.

Queue 2 is 25 percent.

Queue 3 is 15 percent.

Queue 4 is 10 percent. 

Switch(config-if)# wrr-queue queue-limit 50 25 15 10

On 10/100 Ethernet ports only, the switch automatically configures minimum-reserve levels for the egress queues:

Queue 1 selects the minimum-reserve level 5.

Queue 2 selects the minimum-reserve level 6.

Queue 3 selects the minimum-reserve level 7.

Queue 4 selects the minimum-reserve level 8. 

Switch(config-if)# wrr-queue min-reserve 1 5

Switch(config-if)# wrr-queue min-reserve 2 6

Switch(config-if)# wrr-queue min-reserve 3 7

Switch(config-if)# wrr-queue min-reserve 4 8

Effects of Auto-QoS on the Configuration

When auto-QoS is enabled, the auto qos voip interface configuration command and the generated configuration are added to the running configuration.

The switch applies the auto-QoS-generated commands as if the commands were entered from the CLI. An existing user configuration can cause the application of the generated commands to fail or to be overridden by the generated commands. These actions occur without warning. If all the generated commands are successfully applied, any user-entered configuration that was not overridden remains in the running configuration. Any user-entered configuration that was overridden can be retrieved by reloading the switch without saving the current configuration to memory. If the generated commands fail to be applied, the previous running configuration is restored.

Configuration Guidelines

Before configuring auto-QoS, you should be aware of this information:

In releases earlier than Cisco IOS Release 12.1(20)EA2, auto-QoS configures the switch for VoIP only with Cisco IP Phones on nonrouted ports.

In Cisco IOS Release 12.1(20)EA2 or later, auto-QoS configures the switch for VoIP with Cisco IP Phones on nonrouted and routed ports. Auto-QoS also configures the switch for VoIP with devices running the Cisco SoftPhone application.

Note When a device running Cisco SoftPhone is connected to a nonrouted or routed port, the switch supports only one Cisco SoftPhone application per port.

To take advantage of the auto-QoS defaults, you should enable auto-QoS before you configure other QoS commands. If necessary, you can fine-tune the QoS configuration, but we recommend that you do so only after the auto-QoS configuration is completed. For more information, see the "Effects of Auto-QoS on the Configuration" section.

After auto-QoS is enabled, do not modify a policy map or aggregate policer that includes AutoQoS in its name. If you need to modify the policy map or aggregate policer, make a copy of it, and change the copied policy map or policer. To use this new policy map instead of the generated one, remove the generated policy map from the interface, and apply the new policy map to the interface.

You can enable auto-QoS on static, dynamic-access, voice VLAN access, and trunk ports.

By default, the CDP is enabled on all interfaces. For auto-QoS to function properly, do not disable the CDP.

When enabling auto-QoS with a Cisco IP Phone on a routed port, you must assign a static IP address to the IP phone.

This release supports only Cisco IP SoftPhone Version 1.3(3) or later.

Connected devices must use Cisco Call Manager Version 4 or later.

Upgrading from a Previous Software Release

In Cisco IOS Release 12.2(20)EA2, the implementation for auto-QoS changed from the previous release. The generated auto-QoS configuration was changed, support for the Cisco SoftPhone feature was added, and support for Cisco IP Phones on routed ports was added.

If auto-QoS is configured on the switch, if your switch is running a release earlier than Cisco IOS Release 12.2(20)EA2, and if you upgrade to Cisco IOS Release 12.2(20)EA2 or later, the configuration file will not contain the new configuration, and auto-QoS will not operate. Follow these steps to update the auto-QoS settings in your configuration file:

1. Upgrade your switch to Cisco IOS Release 12.2(20)EA2 or later.

2. Disable auto-QoS on all ports on which auto-QoS was enabled.

3. Return all the global auto-QoS settings to their default values by using the no commands.

4. Re-enable auto-QoS on the ports on which auto-QoS was disabled in Step 2. Configure the ports with the same auto-QoS settings as the previous ones.

Enabling Auto-QoS for VoIP

Beginning in privileged EXEC mode, follow these steps to enable auto-QoS for VoIP within a QoS domain:

 
Command
Purpose

Step 1 

configure terminal

Enter global configuration mode.

Step 2 

interface interface-id

Specify the interface that is connected to a Cisco IP Phone or the uplink interface that is connected to another trusted switch or router in the interior of the network, and enter interface configuration mode.

Step 3 

auto qos voip {cisco-phone | cisco-softphone | trust}

Enable auto-QoS.

The keywords have these meanings:

cisco-phoneIf the interface is connected to a Cisco IP Phone, the QoS labels of incoming packets are trusted only when the telephone is detected.

cisco-softphoneThe port is connected to device running the Cisco SoftPhone feature.

Note The cisco-softphone keyword is supported only in Cisco IOS Release 12.2(20)EA2 or later.

trustThe uplink interface is connected to a trusted switch or router, and the VoIP traffic classification in the ingress packet is trusted.

Step 4 

end

Return to privileged EXEC mode.

Step 5 

show auto qos interface interface-id

Verify your entries.

This command displays the QoS commands on the interface on which auto-QoS was enabled. You can use the show running-config privileged EXEC command to display the auto-QoS configuration and the user modifications.

To display the QoS commands that are automatically generated when auto-QoS is enabled or disabled, enter the debug auto qos privileged EXEC command before enabling auto-QoS. For more information, see the "Using the debug auto qos Command" section on page 38-18.

To disable auto-QoS on an interface, use the no auto qos voip interface configuration command. When you enter this command, the switch changes the auto-QoS settings to the standard-QoS default settings for that interface.

To disable auto-QoS on the switch, use the no mls qos global configuration command. When you enter this command, the switch disables QoS on all interfaces and enables pass-through mode.

This example shows how to enable auto-QoS and to trust the QoS labels in incoming packets when the device connected to the interface is detected as a Cisco IP Phone: 

Switch(config)# interface fastethernet0/1

Switch(config-if)# auto qos voip cisco-phone

This example shows how to enable auto-QoS and to trust the QoS labels in incoming packets when the switch or router connected to the interface is a trusted device: 

Switch(config)# interface gigabitethernet0/1

Switch(config-if)# auto qos voip trust

Displaying Auto-QoS Information

To display the initial auto-QoS configuration, use the show auto qos [interface [interface-id]] privileged EXEC command. To display any user changes to that configuration, use the show running-config privileged EXEC command. You can compare the show auto qos and the show running-config command output to identify the user-defined QoS settings.

To display information about the QoS configuration that might be affected by auto-QoS, use one of these commands:

show mls qos

show mls qos map cos-dscp

show mls qos interface [interface-id] [buffers | queueing]

For more information about these commands, see the command reference for this release.

Auto-QoS Configuration Example

This section describes how you could implement auto-QoS in a network, as shown in Figure 30-8. For optimum QoS performance, auto-QoS should be enabled on all the devices in the network.

Figure 30-8 Auto-QoS Configuration Example Network

The intelligent wiring closets in Figure 30-8 are composed of Catalyst 2950 switches running the EI and Catalyst 3550 switches. The object of this example is to prioritize the VoIP traffic over all other traffic. To do so, enable auto-QoS on the switches at the edge of the QoS domains in the wiring closets.

Note You should not configure any standard QoS commands before entering the auto-QoS commands. You can fine-tune the QoS configuration, but we recommend that you do so only after the auto-QoS configuration is completed.

Beginning in privileged EXEC mode, follow these steps to configure the switch at the edge of the QoS domain to prioritize the VoIP traffic over all other traffic:

 
Command
Purpose

Step 1 

debug auto qos

Enable debugging for auto-QoS. When debugging is enabled, the switch displays the QoS configuration that is automatically generated when auto-QoS is enabled.

Step 2 

configure terminal

Enter global configuration mode.

Step 3 

cdp enable

Enable CDP globally. By default, it is enabled.

Step 4 

interface interface-id

Specify the switch port connected to the Cisco IP Phone, and enter interface configuration mode.

Step 5 

auto qos voip cisco-phone

Enable auto-QoS on the interface, and specify that the interface is connected to a Cisco IP Phone.

The QoS labels of incoming packets are trusted only when the IP phone is detected.

Step 6 

exit

Return to global configuration mode.

Step 7 

 

Repeat Steps 4 to 6 for as many ports as are connected to the Cisco IP Phone.

Step 8 

interface interface-id

Specify the switch port identified as connected to a trusted switch or router, and enter interface configuration mode. See Figure 30-8.

Step 9 

auto qos voip trust

Enable auto-QoS on the interface, and specify that the interface is connected to a trusted router or switch.

Step 10 

end

Return to privileged EXEC mode.

Step 11 

show auto qos

Verify your entries.

This command displays the auto-QoS command on the interface on which auto-QoS was enabled. You can use the show running-config privileged EXEC command to display the auto-QoS configuration and the user modifications.

For information about the QoS configuration that might be affected by auto-QoS, see the "Displaying Auto-QoS Information" section on page 26-12.

Step 12 

copy running-config startup-config

Save the auto qos voip interface config