QOS Lecture 6 Classification and Marking 2006 Cisco

QOS Lecture 6 - Classification and Marking © 2006 Cisco Systems, Inc. All rights reserved.

Classification § Classification is the process of identifying and categorizing traffic into classes, typically based upon: Incoming interface IP precedence DSCP Source or destination address Application § Without classification, all packets are treated the same. § Classification should take place as close to the source as possible. © 2006 Cisco Systems, Inc. All rights reserved.

Marking § Marking is the Qo. S feature component that “colors” a packet (frame) so it can be identified and distinguished from other packets (frames) in Qo. S treatment. § Commonly used markers: Link layer: Co. S (ISL, 802. 1 p) MPLS EXP bits Frame Relay Network layer: DSCP IP precedence © 2006 Cisco Systems, Inc. All rights reserved.

Classification and Marking in the LAN with IEEE 802. 1 Q § IEEE 802. 1 p user priority field is also called Co. S. § IEEE 802. 1 p supports up to eight Co. Ss. § IEEE 802. 1 p focuses on support for Qo. S over LANs and 802. 1 Q ports. § IEEE 802. 1 p is preserved through the LAN, not end to end. © 2006 Cisco Systems, Inc. All rights reserved.

Classification and Marking in the Enterprise © 2006 Cisco Systems, Inc. All rights reserved.

Diff. Serv Model § Describes services associated with traffic classes, rather than traffic flows. § Complex traffic classification and conditioning is performed at the network edge. § No per-flow state in the core. § The goal of the Diff. Serv model is scalability. § Interoperability with non-Diff. Serv-compliant nodes. § Incremental deployment. © 2006 Cisco Systems, Inc. All rights reserved.

Classification Tools IP Precedence and Diff. Serv Code Points To. S Byte Version Length Len ID Offset TTL Proto FCS IP SA IP DA Data IPv 4 Packet 7 6 5 4 IP Precedence 3 2 1 0 Unused Diff. Serv Code Point (DSCP) IP ECN Standard IPv 4 Diff. Serv Extensions § IPv 4: three most significant bits of To. S byte are called IP Precedence (IPP)—other bits unused § Diff. Serv: six most significant bits of To. S byte are called Diff. Serv Code Point (DSCP)—remaining two bits used for flow control § DSCP is backward-compatible with IP precedence © 2006 Cisco Systems, Inc. All rights reserved.

IP To. S Byte and DS Field Inside the IP Header © 2006 Cisco Systems, Inc. All rights reserved.

IP Precedence and DSCP Compatibility § Compatibility with current IP precedence usage (RFC 1812) § Differentiates probability of timely forwarding: (xyz 000) >= (abc 000) if xyz > abc § That is, if a packet has DSCP value of 011000, it has a greater probability of timely forwarding than a packet with DSCP value of 001000. © 2006 Cisco Systems, Inc. All rights reserved.

Per-Hop Behaviors § DSCP selects PHB throughout the network: Default PHB (FIFO, tail drop) Class-selector PHB (IP precedence) EF PHB AF PHB © 2006 Cisco Systems, Inc. All rights reserved.

Standard PHB Groups © 2006 Cisco Systems, Inc. All rights reserved.

Expedited Forwarding (EF) PHB § EF PHB: Ensures a minimum departure rate Guarantees bandwidth—class guaranteed an amount of bandwidth with prioritized forwarding Polices bandwidth—class not allowed to exceed the guaranteed amount (excess traffic is dropped) § DSCP value of 101110: Looks like IP precedence 5 to non-Diff. Servcompliant devices: Bits 5 to 7: 101 = 5 (same 3 bits are used for IP precedence) Bits 3 and 4: 11 = No drop probability Bit 2: Just 0 © 2006 Cisco Systems, Inc. All rights reserved.

Assured Forwarding (AF) PHB § AF PHB: Guarantees bandwidth Allows access to extra bandwidth, if available § Four standard classes: AF 1, AF 2, AF 3, and AF 4 § DSCP value range of aaadd 0: aaa is a binary value of the class dd is drop probability © 2006 Cisco Systems, Inc. All rights reserved.

AF PHB Values § Each AF class uses three DSCP values. § Each AF class is independently forwarded with its guaranteed bandwidth. § Congestion avoidance is used within each class to prevent congestion within the class. © 2006 Cisco Systems, Inc. All rights reserved.

Mapping Co. S to Network Layer Qo. S © 2006 Cisco Systems, Inc. All rights reserved.

Qo. S Service Class § A Qo. S service class is a logical grouping of packets that are to receive a similar level of applied quality. § A Qo. S service class can be: A single user (such as MAC address or IP address) A department, customer (such as subnet or interface) An application (such as port numbers or URL) A network destination (such as tunnel interface or VPN) © 2006 Cisco Systems, Inc. All rights reserved.

Implementing Qo. S Policy Using a Qo. S Service Class © 2006 Cisco Systems, Inc. All rights reserved.

Qo. S Service Class Guidelines § Profile applications to their basic network requirements. § Do not over engineer provisioning; use no more than four to five traffic classes for data traffic: Voice applications: Vo. IP Mission-critical applications: Oracle, SAP, SNA Interactive applications: Telnet, TN 3270 Bulk applications: FTP, TFTP Best-effort applications: E-mail, web Scavenger applications: Nonorganizational streaming and video applications (Kazaa, Yahoo) § Do not assign more than three applications to mission-critical or transactional classes. § Use proactive policies before reactive (policing) policies. § Seek executive endorsement of relative ranking of application priority prior to rolling out Qo. S policies for data. © 2006 Cisco Systems, Inc. All rights reserved.

Classification and Marking Design Qo. S Baseline Marking Recommendations Application L 3 Classification L 2 IPP PHB DSCP Co. S Routing 6 CS 6 48 6 Voice 5 EF 46 5 Video Conferencing 4 AF 41 34 4 Streaming Video 4 CS 4 32 4 Mission-Critical Data 3 AF 31* 26 3 Call Signaling 3 CS 3* 24 3 Transactional Data 2 AF 21 18 2 Network Management 2 CS 2 16 2 Bulk Data 1 AF 11 10 1 Best Effort 0 0 Scavenger 1 CS 1 8 1 © 2006 Cisco Systems, Inc. All rights reserved.

How Many Classes of Service Do I Need? 4/5 Class Model Realtime Call Signaling 8 Class Model 11 Class Model Voice Interactive-Video Streaming Video Call Signaling IP Routing Network Control Critical Data Network Management Mission-Critical Data Transactional Data Bulk Data Best Effort Scavenger Time Scavenger © 2006 Cisco Systems, Inc. All rights reserved.

Trust Boundaries: Classify Where? § For scalability, classification should be enabled as close to the edge as possible, depending on the capabilities of the device at: Endpoint or end system Access layer Distribution layer © 2006 Cisco Systems, Inc. All rights reserved.

Trust Boundaries: Mark Where? § For scalability, marking should be done as close to the source as possible. © 2006 Cisco Systems, Inc. All rights reserved.

Network-Based Application Recognition My application is too slow! § Used in conjunction with Qo. S classbased features, NBAR is an intelligent classification engine that: Classifies modern client-server and web-based applications Discovers what traffic is running on the network Analyzes application traffic patterns in real time § NBAR functions: Citrix Netshow Fasttrack FTP HTTP 25% 10% 30% 20% Sample Link Utilization © 2006 Cisco Systems, Inc. All rights reserved. Performs identification of applications and protocols (Layer 4– 7) Performs protocol discovery Provides traffic statistics § New applications are easily supported by loading a PDLM.

NBAR Functions & Features § NBAR performs the following two functions: Identification of applications and protocols (Layer 4 to Layer 7) Protocol discovery § Some examples of class-based Qo. S features that can be used on traffic after the traffic is classified by NBAR include: Class-Based Marking (the set command) Class-Based Weighted Fair Queueing (the bandwidth and queue-limit commands) Low Latency Queueing (the priority command) Traffic Policing (the police command) Traffic Shaping (the shape command) © 2006 Cisco Systems, Inc. All rights reserved.

NBAR Application Support § NBAR can classify applications that use: Statically assigned TCP and UDP port numbers Non-UDP and non-TCP IP protocols Dynamically assigned TCP and UDP port numbers negotiated during connection establishment (requires stateful inspection) Subport and deep packet inspection classification © 2006 Cisco Systems, Inc. All rights reserved.

Packet Description Language Module § PDLMs allow NBAR to recognize new protocols matching text patterns in data packets without requiring a new Cisco IOS software image or a router reload. § An external PDLM can be loaded at run time to extend the NBAR list of recognized protocols. § PDLMs can also be used to enhance an existing protocol recognition capability. § PDLMs must be produced by Cisco engineers. © 2006 Cisco Systems, Inc. All rights reserved.

PDLM Command Syntax router(config)# ip nbar pdlm-name § Used to enhance the list of protocols recognized by NBAR through a PDLM. § The filename is in the URL format (for example, flash: //citrix. pdlm). router(config)# ip nbar port-map protocol-name [tcp | udp] port-number § Configures NBAR to search for a protocol or protocol name using a port number other than the well-known port. § Up to 16 additional port numbers can be specified. © 2006 Cisco Systems, Inc. All rights reserved.

NBAR Protocol-to-Port Maps router# show ip nbar port-map [protocol-name] § Displays the current NBAR protocol-to-port mappings router#show ip nbar port-map port-map port-map bgp udp 179 bgp tcp 179 cuseeme udp cuseeme tcp dhcp udp 67 dhcp tcp 67 dns udp 53 dns tcp 53 © 2006 Cisco Systems, Inc. All rights reserved. 7648 7649 68 68

NBAR Protocol Discovery § Analyzes application traffic patterns in real time and discovers which traffic is running on the network § Provides bidirectional, per-interface, and per-protocol statistics § Important monitoring tool supported by Cisco Qo. S management tools: Generates real-time application statistics Provides traffic distribution information at key network locations © 2006 Cisco Systems, Inc. All rights reserved.

Configuring and Monitoring NBAR Protocol Discovery router(config-if)# ip nbar protocol-discovery § Configures NBAR to discover traffic for all protocols known to NBAR on a particular interface § Requires that CEF be enabled before protocol discovery § Can be applied with or without a service policy enabled router# show ip nbar protocol-discovery § Displays the statistics for all interfaces on which protocol discovery is enabled © 2006 Cisco Systems, Inc. All rights reserved.

Configuring and Monitoring Protocol Discovery Output router#show ip nbar protocol-discovery Ethernet 0/0 Input Protocol Packet Count Byte Count 5 minute bit rate (bps) -----------------realaudio 2911 1678304 19000 http 19624 14050949 0 <output omitted> © 2006 Cisco Systems, Inc. All rights reserved. Output Packet Count Byte Count 5 minute bit rate (bps) ------------3040 198406 1000 13506 2017293 0

Steps for Configuring NBAR for Static Protocols § Required steps: Enable NBAR Protocol Discovery. Configure a traffic class. Configure a traffic policy. Attach the traffic policy to an interface. Enable PDLM if needed. © 2006 Cisco Systems, Inc. All rights reserved.

Configuring NBAR for Static Protocols Commands router(config-cmap)# match protocol § Configures the match criteria for a class map on the basis of the specified protocol using the MQC configuration mode. § Static protocols are recognized based on the well-known destination port number. § A match not command can be used to specify a Qo. S policy value that is not used as a match criterion; in this case, all other values of that Qo. S policy become successful match criteria. © 2006 Cisco Systems, Inc. All rights reserved.

Configuring NBAR Example § HTTP is a static protocol using a well-known port number 80. However, other port numbers may also be in use. § The ip nbar port-map command will inform the router that other ports are also used for HTTP. © 2006 Cisco Systems, Inc. All rights reserved.

Steps for Configuring Stateful NBAR for Dynamic Protocols § Required steps: Configure a traffic class. Configure a traffic policy. Attach the traffic policy to an interface. © 2006 Cisco Systems, Inc. All rights reserved.

Enhanced NBAR Classification for HTTP router(config-cmap)# match protocol http url-string § Recognizes the HTTP GET packets containing the URL, and then matches all packets that are part of the HTTP GET request § Include only the portion of the URL following the address or host name in the match statement router(config-cmap)# match protocol http hostname-string § Performs a regular expression match on the host field content inside an HTTP GET packet and classifies all packets from that host © 2006 Cisco Systems, Inc. All rights reserved.

Special NBAR Configuration for HTTP and Fast. Track router(config-cmap)# match protocol http mime MIME-type § Matches a packet containing the MIME type and all subsequent packets until the next HTTP transaction for stateful protocol. router(config-cmap)# match protocol fasttrack file-transfer regular-expression § Stateful mechanism to identify a group of peer-to-peer file-sharing applications. § Applications that use Fast. Track peer-to-peer protocol include Kazaa, Grokster, Gnutella, and Morpheus. § A Cisco IOS regular expression is used to identify specific Fast. Track traffic. § To specify that all Fast. Track traffic will be identified by the traffic class, use asterisk (*) as the regular expression. © 2006 Cisco Systems, Inc. All rights reserved.

URL or HOST Specification String Options Description * Match any zero or more characters in this position. ? Match any one character in this position. | Match one of a choice of characters. (|) Match one of a choice of characters in a range. For example, xyz. (gif | jpg) matches either xyz. gif or xyz. jpg. [ ] Match any character in the range specified, or one of the special characters. For example, [0 -9] is all of the digits; [*] is the "*" character, and [[] is the "[" character. © 2006 Cisco Systems, Inc. All rights reserved.

Configuring Stateful NBAR for RTP router(config-cmap)# match protocol rtp [audio | video | payload-type payload -string] § Identifies real-time audio and video traffic in the class-map mode of MQC § Differentiates on the basis of audio and video codecs § The match protocol rtp command has these options: audio: Match by payload type values 0 to 23, reserved for audio traffic video: Match by payload type values 24 to 33, reserved for video traffic payload-type: Match by a specific payload type value; provides more granularity than the audio or video options © 2006 Cisco Systems, Inc. All rights reserved.

Classification of RTP Session © 2006 Cisco Systems, Inc. All rights reserved.