Upload
trinhnhi
View
217
Download
0
Embed Size (px)
Citation preview
1761_End_To_End.book Page 712 Tuesday, October 12, 2004 2:53 PM
I N D E X
Numerics10-Class WAN Edge Model, 5151P2Q1T queuing and dropping, 401–4041P2Q2T queuing and dropping, 405–4081P3Q1T mode, 3221P3Q1T queuing and dropping, 408–4101P3Q8T queuing and dropping, 411–4141P7Q8T queuing and dropping, 415–4181PxQyT queuing, 362Q2T queuing and dropping, 396-398
show qos info config 2q2 tx verification command, 398
show qos info runtime verification command, 399–400
show queuing interface verification command, 400
33 percent limit (sum of LLQs), 4504Q1T mode, 322802.11e, 275–277802.1D, classes of service, 279802.1Q/p, translating to and from DSCP, 92–93
Aaccess control entries (ACEs), 225access layer
Catalyst 3550 QoS design, 325policers, 54
access point (AP), 271access switches
configuring to conditionally trust CoS, 319access switches (campus networks), 291access-edge QoS design, 290access-edge trust boundaries, 302
Conditionally Trusted Endpoint Models, 303, 307–312
Trusted Endpoint Models, 302–304Untrusted Endpoint Models, 304–307
access-edge utilization, 293ACEs (access control entries), 225ACLs, MQC-based class maps, 233adaptive jitter buffers, 36admission control, 197
admission criterion (Real-Time class), 563–565ADSL (Asynchronous Digital Subscriber Lines),
672aggregate policers (Catalyst 6500), 258aggregation routers, 505–507algorithms
MDRR, 585queuing, 133
CBWFQ, 140comparison, 138PQ-WFQ, 139priority queuing, 137WFQ, 137
shaping, 120token bucket algorithms, 105
analog gateways, 303Anti-Replay drops, 638, 656Anti-Replay functionality (IPSec QoS design),
654-656any-to-any videoconferencing, 548–549AP (access point), 271applications
data applications by class, 46–47Mission-Critical Data, 43Streaming-Video, 41unidirectional, 513
architectures (MPLS VPNs). See MPLS VPN-QoS design
Assured Forwarding, 16asymmetric links, 677Asynchronous Digital Subscriber Lines (ADSL),
672ATM, 176
PVC bundles, 147Tx-rings, 489WAN edge link-specific QoS design
ATM-FR SIW, 497–501high-speed links, 494–495medium-speed links, 493slow-speed links, 488–493very-high-speed links, 496–497
ATM CLP (ATM Cell-Loss Priority bit), 84ATM inverse multiplexing over ATM, 493ATM networks, 121–122ATM PVC bundles, slow-speed, 490–492
1761_End_To_End.book Page 713 Tuesday, October 12, 2004 2:53 PM
714
ATM-FR SIW (ATM-to-Frame Relay Service Interworking), 497–498
slow-speed links, 499–501attacks (worms), 50-54authentication
ESP, 654IPSec, 657
AutoQoS (Automatic QoS), 24–25Enterprise feature, 25–26evolution of, 28
Bbackbone, 583–587bandwidth
Catalyst 4500, 251Eight-Class Model, 461guarantees, 137, 565ISDN, 501provisioning, 143, 645
Best-Effort class, 449Real-Time class, 449teleworker V3PN QoS, 674–677WAN aggregators, 449VoIP, 646
reservations, 195RSVP, 196–197statements, on class default, 457VoIP streams, 36–38
Bc (committed burst), 105, 479Be (excess burst), 110, 480bearer traffic
jitter, 36–38latency, 34–35loss, 34
Best-Effort classbandwidth provisioning, 449enabling WRED, 457
Best-Effort data, 44best-effort networks, 11best-effort service, 15binary eponential backoff, 274branch router QoS design, 513
case study, 535–540LAN edge, 517
branch-to-campus classification and marking, 519–525
DSCP-to-CoS remapping, 518NBAR known worm classification and
policing, 526–535WAN edge, 514–515
branch-to-branch traffic, 548branch-to-campus classification and marking,
519–521NBAR application classification, 523–525source or destination IP address marking, 520TCP/UDP classification, 522
broadbandserialization mitigation through TCP maximum
segment size tuning, 678–679split tunneling, 679–681UDP-based video applications, 678
broadband-access technologies, 671cable, 673DSL, 672
buffer space, 135buffers, 36–38Bulk Data class, 44
Ccable, 671-673
DOCSIS 1.1 specification, 678Integrated Unit + Access Models, 684–685overhead, 676–677uplink connections, 677
CAC (call admision control), 205CallManager locations CAC, 209–211defined, 206GK CAC, 211local CAC tools, 208measurement-based CAC tools, 208prering CAC, 212resource-based CAC tools, 209RSVP, 212tool categories, 207VoIP CAC through RSVP, 215
Call-SignalingMPLS VPN CE QoS design considerations, 553campus QoS design, 295
Call-Signaling traffic, jitter, 38
ATM-FR SIW (ATM-to-Frame Relay Service Interworking)
1761_End_To_End.book Page 714 Tuesday, October 12, 2004 2:53 PM
715
CallManager environments, 296–301CallManager locations CAC, 209–211CallManager services, 295campus Catalyst switches, 24campus networks
oversubscription ratios, 291QoS design. See campus QoS designtraffic, 339underutilization, 290
campus QoS design, 289–290access switches, 291Call-Signaling, 295case study, 422–439Catalyst 2950
Conditionally Trusted IP Phone + PC Advanced Model, 322
Conditionally Trusted IP Phone + PC Basic Model, 319–320
queuing, 322–325Trusted Endpoint Model, 314–315Untrusted Multiapplication Server Model,
315–319Untrusted PC with SoftPhone Model, 315
Catalyst 2970/3750, 342–343Conditionally Trusted IP Phone + PC
Basic Model, 346–348enabling/disabling QoS, 343queuing/dropping, 351–356Trusted Endpoint Model, 343–346Unconditionally Trusted IP Phone + PC
Basic Model, 348–351Untrusted PC with SoftPhone Model, 344Untrusted Server Model, 345
Catalyst 3550, 325–327Conditionally Trusted IP Phone + PC
Advanced Model, 333–336Conditionally Trusted IP Phone + PC
Basic Model, 331–333queuing and dropping, 336–341Trusted Endpoint Model, 327Untrusted PC with SoftPhone Model,
327–329Untrusted Server Model, 330–331
Catalyst 4500, 357–358Conditionally Trusted IP Phone + PC
Advanced Model, 364–366
Conditionally Trusted IP Phone + PC Basic Model, 362–364
queuing, 366–370show qos dbl command, 370show qos interface command, 371–372show qos maps dscp tx-queue command,
370–371Trusted Endpoint Model, 359Untrusted PC with SoftPhone Model,
359–360Untrusted Server Model, 360–362
Catalyst 6500, 372, 3741P2Q1T queuing and dropping, 401–4041P2Q2T queuing and dropping, 405–4081P3Q1T queuing and dropping, 408–4101P3Q8T queuing and dropping, 411–4141P7Q8T queuing and dropping, 415–4182Q2T queuing and dropping, 396–400CatOS defaults/recommendations, 375Conditionally Trusted IP Phone + PC
Advanced Model, 387–391Conditionally Trusted IP Phone + PC
Basic Model, 386–387congestion avoidance, 384PFC3 distribution-layer Per-User
Microflow Policing, 419queuing/dropping, 391–396show port qos command, 376–377Trusted Endpoint Model, 375Untrusted PC with SoftPhone Model,
378–382Untrusted Server Model, 383–386
defining designs, 292DoS/worm mitigation, 292–294WAN aggregator/branch router handoff,
420–422campus-to-branch traffic, 548CAR (committed access rate), 79, 107–108case studies
branch router QoS design, 535–540campus QoS design, 422–439IPSec VPN QoS design, 686
telecommuter router, 694–695V3PN branch router design, 691–693VPN headend design, 687–689WAN aggregator QoS design, 689–690
case studies
1761_End_To_End.book Page 715 Tuesday, October 12, 2004 2:53 PM
716
MPLS VPN QoS design, 616CE routers, 617-619PE routers, 620–630P routers, 630–631
WAN aggregation router QoS design, 505–507Catalyst 2950, 314–315
classification, marking, and mapping, 233Conditionally Trusted IP Phone + PC Advanced
Model, 322Conditionally Trusted IP Phone + PC Basic
Model, 319CoS-to-DSCP map, 233DSCP-to-CoS map, 234policing and markdown, 234queuing, 235, 322–323
show wrr-queue bandwidth command, 324show wrr-queue cos-map command, 325
range keyword, 315Trusted Endpoint Model, 314–315Untrusted Multiapplication Server Model,
315–318show class-map and show policy-map
verification commands, 318show mls masks qos verification
command, 319show mls qos interface policers
verification command, 318Untrusted PC with SoftPhone Model, 315vs. Catalyst 3550, 231
Catalyst 2970, 242, 342–343classification, marking, and mapping, 243Conditionally Trusted IP Phone + PC Basic
Model, 346–348enabling/disabling QoS, 343policing and markdown, 244queuing/dropping, 244–246, 351–356Trusted Endpoint Model, 343–346Unconditionally Trusted IP Phone + PC Basic
Model, 348–351Untrusted PC with SoftPhone Model, 344Untrusted Server Model, 345
Catalyst 3550, 235, 325–327classification, marking, and mapping, 237Conditionally Trusted IP Phone + PC Advanced
Model, 333–336Conditionally Trusted IP Phone + PC Basic
Model, 331–333
DSCP mutation maps, 237policing and markdown, 238–239queuing and dropping, 240–241, 336–339
show mls qos interface buffers verification command, 340
show mls qos interface queuing verification command, 341
Trusted Endpoint Model, 327Untrusted PC with SoftPhone Model, 327–329Untrusted Server Model, 330–331
Catalyst 3750, 242, 342–343classification, marking, and mapping, 243Conditionally Trusted IP Phone + PC Advanced
Model, 348–351Conditionally Trusted IP Phone + PC Basic
Model, 347–348enabling/disabling QoS, 343policing and markdown, 244queuing/dropping, 244–246, 351–356Trusted Endpoint Model, 343–346Untrusted PC with SoftPhone Model, 344Untrusted Server Model, 345
Catalyst 4500, 247, 357–358classification, marking, and mapping, 248–249Conditionally Trusted IP Phone + PC Advanced
Model, 364–366Conditionally Trusted IP Phone + PC Basic
Model, 362–364DSCP-to-queue maps, 251enabling QoS, 248policing and markdown, 249–250queuing, 366–370queuing and dropping, 250–252show qos dbl command, 370show qos interface command, 371–372show qos maps dscp tx-queue command,
370–371Trusted Endpoint Model, 359Untrusted PC with SoftPhone Model, 359–360Untrusted Server Model, 360–362
Catalyst 6500, 252, 372, 374CatOS
1P2Q1T queuing and dropping, 401–4041P2Q2T queuing and dropping, 405–4081P3Q1T queuing and dropping, 408–4101P3Q8T queuing and dropping, 411–4141P7Q8T queuing and dropping, 415–418
case studies
1761_End_To_End.book Page 716 Tuesday, October 12, 2004 2:53 PM
717
2Q2T queuing and dropping, 396–400Conditionally Trusted IP Phone + PC
Advanced Model, 387–391Conditionally Trusted IP Phone + PC
Basic Model, 386–387congestion avoidance, 384defaults/recommendations, 375queuing/dropping, 391–396Trusted Endpoint Model, 375Untrusted PC with SoftPhone Model,
378–379, 381–382Untrusted PC with SoftPhone Model
Model, 379–382Untrusted Server Model, 383–386
classification, marking and mapping, 254–256enabling QoS, 254PFC QoS, 261PFC3 distribution-layer Per-User Microflow
Policing, 419policing and markdown, 257–259queuing and dropping, 259–263Supervisor 720, 253Trusted Endpoint Model
show port qos command, 376–377VLAN-based QoS, 254WRED-drop thresholds, 262
Catalyst 6500 configuring microflow policers, 257Catalyst QoS Models, 224
classification, 225policing, 227queuing, 228-230
CatOS defaults/recommendations, 375CBR (constraint-based routing), 603CBWFQ (Class-Based Weighted Fair Queuing),
133, 139–140CDP (Cisco Discover Protocol), 307CE bit, 163CE design, 556–563CE routers, MPLS VPN QoS design case study,
617-619CEF (Cisco Express Forwarding), 74Channel Utilization field, 278CIR (committed information rate), 105
Frame Relay networks, 479policing behavior based on percentages, 118
Cisco 12000 routerspriority command, 587queuing, 585
Cisco Discover Protocol (CDP), 307Cisco Express Forwarding (CEF), 74class default policing, 112class selectors, 16class-based Frame Relay traffic shaping, 123–124class-based marking, 77class-based policing, 79, 109
benefits, 109single-rate three-color marker/policer, 110–112two-rate three-color marker/policer, 112–113
class-based shaping, 126-127Class-Based Weighted Fair Queuing (CBWFQ), 133classes of service (802.1D), 279classification, 57, 68–69
branch-to-campus, 519Catalyst 2950, 233Catalyst 2970, 243Catalyst 3550, 237Catalyst 3750, 243Catalyst 4500, 248–249Catalyst 6500, 254–256Catalyst QoS models, 225NBAR application, 523–524source or destination IP addresses, 520TCP/UDP, 522tools, 70
MQC-based class maps, 71–72NBAR, 73–77
Code Red, 527codecs (frame-based), 34CodeRedv2, 528color-aware policing, 116–117color-blind policing, 117commands, 47–48
commit all command, 377dbl policy command, 367frame-relay fragment command, 481match protocol dlsw command, 48max-reserved-bandwidth, 559–563mls qos cos override interface command, 316ping vrf command, 601–602ppp multilink links minimum command, 504priority-queue out command, 240qos dbl command, 367qos map dscp to tx-queue command, 367show atm bundle command, 493show atm pvc command, 489show atm vc command, 492
commands
1761_End_To_End.book Page 717 Tuesday, October 12, 2004 2:53 PM
718
show class-map verification command, 318show controllers command, 451show frame-relay fragment command, 482show ima interface atm command, 495show ip access-list command, 521show ip bgp vpnv4 all command, 615show ip nbar map command, 525show ip rsvp interface command, 599show ip rsvp neighbor command, 599show mls masks qos verification command, 319show mls qos command, 358show mls qos interface buffers verification
command, 340show mls qos interface policers verification
command, 318show mls qos interface queuing verification
command, 341show mls qos interface statistics verification
command, 329show mls qos maps command, 356show mls qos maps dscp-output-q command,
356show mpls interface command, 600show mpls traffic-eng topology command,
614–615show mpls traffic-eng tunnels command, 601show mpls traffic-eng tunnels summary
command, 600show policy command, 456show policy interface command, 469show policy interface verification command,
329show policy-map verification command, 318show port qos commands, 376–377show ppp multilink command, 478show qos acl verification command, 380show qos command, 358show qos dbl command, 370show qos info config 2q2 tx verification
command, 398show qos info runtime verification command,
399–400show qos interface command, 371–372show qos maps dscp tx-queue command,
370–371show qos maps verification command, 379show qos policer verification command, 381
show qos statistics verification command, 382show queuing interface verification command,
400show wrr-queue bandwidth command, 324show wrr-queue cos-map command, 325trust-device command, 386tx-queue command, 367tx-ring-limit command, 490wrr-queue bandwidth command, 322wrr-queue cos-map command, 240wrr-queue dscp-map interface configuration
command, 339wrr-queue queue-limit command, 240wrr-queue queue-limit interface command, 338
show mls qos map, 320commit all command, 377committed access rate (CAR), 79, 107–108committed burst rate (Bc, 105, 479committed information rate. See CIRcompatibility (802.1D classes of service), 279compression
G.729 voice compression, 170hardware compression, 181
Conditionally Trusted Endpoint Models (Trust Boundaries), 303, 307–312
Conditionally Trusted IP Phone + PC Advanced Model, 322
Catalyst 2970/3750, 348–351Catalyst 3550, 333–336Catalyst 4500, 364–366Catalyst 6500, 387–391
Conditionally Trusted IP Phone + PC Basic Model, 319, 346–347
Catalyst 2970/3750, 346–348Catalyst 3550, 331–333Catalyst 4500, 362–364Catalyst 6500, 386–387
configuring1P2Q2T queuing, 4071P3Q1T queuing, 4101P3Q1T queuing model, 3371P3Q8T queuing, 4121P7Q8T queuing, 416–417Catalyst 2950 switches
Conditionally Trusted IP Phone + PC Advanced Model, 322
commands
1761_End_To_End.book Page 718 Tuesday, October 12, 2004 2:53 PM
719
Conditionally Trusted IP Phone + PC Basic Model, 319–320
queuing, 322–323Trusted Endpoint Model, 314–315Untrusted Multiapplication Server Model,
315–316, 318–319Untrusted PC with SoftPhone Model, 315
CoS-to-queue mapping (Catalyst 3550), 240cRTP for ATM links, 176DSCP mutation, 238FR-VATS, 125individual policer on Catalyst 4500, 250IPSec authentication, 657MCMP for an ISDN interface, 185microflow policing on Catalyst 6500, 257MLP LFI, 184MPLS DS-TE, 606–613MPLS per-VPN TE, 592–598PFC, 255policing, 234QoS on Cisco APs, 281queuing (Catalyst 2950), 235RSVP, 196SRR shaping and sharing weights on Catalyst
2970/3750, 246trust on Catalyst 6500, 255VLAN-based QoS on Catalyst 6500, 254WRED, 162
configuring WRED-drop thresholds, 262confirming traffic, 107congestion avoidance
Catalyst 6500, 384tools, 159
DSCP-based WRED, 162–163explicit congestion notification, 163RED, 160WRED, 161–162
congestion-management tools, 133converged networks, 135–136
connecting trusted endpoints, 304consistent QoS behavior, 453constraint-based routing (CBR), 603constricted channels, 159control plane QoS
IP routing, 48–49network management, 49
controlled load, 15, 197controlling traffic
branch-to-branch, 548campus-to-branch, 548
converged networkscongestion-management tools, 135–136QoS, 12–14
convergence, 449Core Best-Effort class, 584Core Critical Data class, 584core QoS considerations, 582
aggregate bandwidth overprovisioning, 583DiffServ in the backbone
platform specific considerations, 585–587Three-Class Provider-Core Model,
583–585MPLS traffic engineering, 587
basic, 588–590MPLS DS-TE, 603–615MPLS per-VPN TE, 591–602
Core Real-Time class, 584CoS values, assigning queues, 240CoS-to-DSCP maps
Catalyst 2950, 233Catalyst 6500, 256
control plane provisioning, 657CQ (custom queuing), 137cRTP (RTP header compression), 172
class-based header compression, 178–179configuring for ATM links, 176formats, 173
Cisco propriety format, 173IETF format, 174IPHC, 173
formats and encapsulation summary, 177–178incompatibility with IPSec, 643–644Layer 2 encapsulation protocol support, 175
ATM, 176Frame Relay, 176HDLC, 175PPP, 175
LLQ, 145policing and shaping, 180tunnels, 180
crypto engine, 651–652cTCP (TCP header compression), 171custom queuing (CQ), 137
custom queuing (CQ)
1761_End_To_End.book Page 719 Tuesday, October 12, 2004 2:53 PM
720
CWmax, 278, 282CWmin, 274, 278, 282
Ddata
applications by class, 46–47QoS, 42–43
Best-Effort data, 44DLSw+, 47–48locally defined Mission-Critical Data, 45Transactional Data/Interactive Data, 45
data frames (802.11), 272data VLANs (DVLANs), 314datagrams, 153data-link connection identifiers (DLCIs), 123data-link switching plus (DLSw+), 47–48DBL (dynamic buffer limiting), 366-367DCF (Distributed Coordination Function), 272
Interframe Spaces, 272random backoffs, 273
DDR (dial-on-demand routing), 503DDT (delay to dial tone), 38delay budgets (IPSec VPNs), 647delay to dial tone (DDT), 38delay variation, 13–14. See also jitterdeploying
IPSec VPNs via DMVPN, 646LFI tools, 450policers, 106QoS designs, 62Untrusted Server Model on Catalyst 2950, 315
designing QoSclassification and marking principles, 57deployment, 62DoS and worm mitigation principles, 61–62policing and markdown principles, 57–58queuing and dropping principles, 58–60
destination IP address classification, 520DHCP, translating to Frame Relay DE bit, 94dial-on-demand routing (DDR), 503Differentiated Services code points (DSCPs), 87DiffServ, 16
advantages of DiffServ model, 16deploying in backbone
platform specific considerations, 585–587
Three-Class Provider-Core Model, 583–585
DIFS, 272Digital Subscriber Line. See DSLdisabling
flow control, 327native DLSw+ ToS markings, 48QoS on Catalyst 2970/3750, 343
Discard class placeholder, 568Distributed Coordination Function (DCF), 272distributed platform frame relay links, 486-487distributed platform QoS, 453distributed traffic shaping (DTS), 128, 486Distributed-Platform/Consistent QoS Behavior QoS
Baseline Model, 465–466distribution layer, Catalyst 3550 QoS design, 325DLCIs (data-link connection identifiers), 123dlsw tos disable command, 48dlsw tos map command, 47DLSw+ (data-link switching plus), 47–48DMVPNS (Dynamic Multipoint Virtual Private
Networks), 646DOCSIS 1.1 specification, 674, 678dominating links (VoIP), 449DoS attacks
campus network mitigation strategies, 292–294mitigation principles, 61–62
downstream QoS, 271drop thresholds (Catalyst 2970 and 3750), 245dropping, 58–60
Anti-Replay, 656Catalyst 2970, 244–246Catalyst 3550, 240–241, 336–339Catalyst 3750, 244–246Catalyst 4500, 250–252Catalyst 6500, 259–263, 391–394
1P2Q1T queuing and dropping, 401–4041P2Q2T queuing and dropping, 405–4081P3Q1T queuing and dropping, 408–4101P3Q8T queuing and dropping, 411–4141P7Q8T queuing and dropping, 415–4182Q2T queuing and dropping, 396–400
DSCPs (Differentiated Services code points), 87DSCP-based WRED, 162–164mutation maps (Catalyst 3550), 237
DSCP-to-CoS mapsCatalyst 2950, 234Catalyst 3550, 237
CWmax
1761_End_To_End.book Page 720 Tuesday, October 12, 2004 2:53 PM
721
DSCP-to-CoS remapping, 518DSCP-to-queue maps
Catalyst 4500, 251DSL (Digital Subscriber Line), 671-672
Integrated Unit + Access Models, 684–685Integrated Unit/Dual-Unit models, 682uplink connections, 677
DSL (AAL5 + PPPoE) overhead, 675–676DSLAM (DSL Access Multiplexer), 671DTS (distributed traffic shaping), 128, 486Dual-Unit Model, 669, 682DVLANs (data VLANs), 314dynamic buffer limiting (DBL), 366Dynamic Multipoint Virtual Private Networks
(DMVPNs), 646
EEAP (Extensible Authentication Protocols), 308ECN bit, 164–165ecn keyword, 165ECT bit, 163EDCF (Enhanced Distributed Coordination
Function), 275–277EI (Enhanced Image), 232Eight-Class Model, 460-462Eight-Class Site-to-Site V3PN Model, 660–664EMI (Enhanced Multilayer Software Image), 243enabling
MLPoATM, 499QoS
Catalyst 4500, 248Catalyst 6500, 254Catalyst 2970/3750, 343
encryption, delay budgets, 648end users’ network expectations, 9endpoints, 201, 304end-to-end QoS, 10Enhanced Distributed Coordination Function
(EDCF), 275, 277Enhanced Image (EI), 232Enhanced Multilayer Software Image (EMI), 243enterprise resource planning (ERP), 42ERP (enterprise resource planning), 42errors (Anti-Replay), 655ESP authentication, 654
Ethernet 802.1Q tunnels, 82Ethernet 802.1Q/p, 81–82Ethernet downstream, 271evolution of QoS, 29exceeding traffic, 107excess burst rate (Be), 110, 480expedited forwarding, 16explicit congestion notification, 163Extensible Authentication Protocols (EAP), 308
FFIFO Tx-ring, 152Five-Class Model, 456–459Five-Class Provider-Edge Model, 565–566
MPLS VPN CE QoS design considerations, 561–563
Fixed Slot Time Default values, 278flow control, disabling, 327Four-Class Provider-Edge Model, 565
MPLS VPN CE QoS design considerations, 559–561
fragment sizesdistributed platform Frame Relay links, 486WAN link fragmentation, 183–184
frame-based codecs, 34Frame Relay
cRTP, 176Frame-Relay fragmentation, 185
FRF.11.1 and FRF.12.1, 187–188LFI for Frame Relay/ATM service
interworking, 188–189PVCs, 186–187
PIPQ, 150WAN edge link-specific QoS design, 478
Bc, 479Be, 480CIR, 479distributed platform links, 486–487high-speed links, 484–485medium-speed links, 482–484slow-speed links, 480–482
Frame Relay bundles, 148Frame Relay DE bit, translating to from DSCHP, 94Frame Relay Dual-FIFO, 150Frame Relay traffic shaping (FRTS), 122–123
Frame Relay traffic shaping (FRTS)
1761_End_To_End.book Page 721 Tuesday, October 12, 2004 2:53 PM
722
Frame Relay voice-adaptive traffic shaping (FR-VATS), 124–125
Frame-Relay DE bit, 83frame-relay fragment command, 481FRF.11.1 and FRF.12.1
fragmenting, 187–188FRF.8, 189FRTS (Frame Relay traffic shaping), 122–123FR-VATS (Frame Relay voice-adaptive traffic
shaping), 124–125
G - HG.729 voice compression, 170G.SHDSL, 673gatekeepers (GK), 211generic traffic shaping, 126GK (gatekeepers), 211GK CAC, 211global synchronization, 159goals of convergence, 449guaranteed load service, 197guaranteed services, 15guarantees (bandwidth), 137, 195, 565
handoffs (WAN aggregator/branch router), 420–422hardware compression, 181hardware crypto engines, 652HDLC (High-Level Data Link Control), 135, 175header-compression techniques, 170
class-based header compression, 178–179formats,
Cisco propriety format, 173IETF format, 174IPHC, 173
Layer 2 encapsulation protocol support, 175ATM, 176Frame Relay, 176HDLC, 175PPP, 175
RTP header compression (cRTP), 172standards, 171TCP header compression (cTCP), 171
hierarchical class-based shaping, 127hierarchical policing, 114
High Link-Speed QoS Class Models, 459Distributed-Platform/Consistent QoS Behavior
QoS Baseline Model, 465–466Eight-Class model, 460-462QoS Baseline Model, 463–465
High-Level Data Link Control (HDLC), 135high-speed ATM links, 494–495high-speed frame relay links, 484–485high-speed leased lines, 472–476
pkts matched statistics, 477show policy interface command, 473show ppp multilink command, 478
horizontal separation of traffic, 107how qos dbl command, 370hub routers
WAN aggregators, 548hub-and-spoke topology, 548, 646
IIANA (Internet Assigned Numbers Authority), 522IETF (Internet Engineering Task Force), 7IETF format, 174IMA (ATM inverse multiplexing over ATM), 493Integrated Services, 6Integrated Unit + Access Model, 669–670, 684–685Integrated Unit Model, 668, 682Interactive Data, 45Interactive-Video, 39Interframe Spaces, 272Internal DSCP value, 225Internet Assigned Numbers Authority (IANA), 522interoperability (RSVP), 213IntServ, 7, 15IP configuring stations, 303IP header compression format (IPHC), 171–173IP Precedence, 567IP routing, 48–49ip rsvp bandwidth command, 215IP RTP header compression, 451IP RTP priority, 139IP telephony, 307IP ToS (IP type of service), 86–87IP VPN Multiservice, 551IPHC (IP header compression format), 171–173
Frame Relay voice-adaptive traffic shaping (FR-VATS)
1761_End_To_End.book Page 722 Tuesday, October 12, 2004 2:53 PM
723
IPSecauthentication, 657incompatibility with cRTP, 643–644LLQ, 145prefragmentation, 190
IPSec-encrypted G.729 packets, 642IPSec Encryption Engines, 652IPSec QoS design, 635
Anti-Replay functionality, 655anti-replay functionality, 654–656bandwidth provisioning, 645–646control plane provisioning, 657cRTP and IPSec incompatibility, 643–644delay budget increases, 647headend VPN edge QoS options for site-to-site
V3PNs, 665–666packet overhead increases, 640–642pre-encryption queuing, 651–653prefragmentation, 645QoS Pre-Classify, 649site-to-site V3PN, 637
IPSec transport mode (encrypting an IP GRE tunnel), 638
IPSec tunnel mode (encrypting an IP GRE tunnel), 639–640
IPSec tunnel mode (No IP GRE tunnel), 638
site-to-site V3PN QoS modelsEight-Class Site-to-Site V3PN Model,
660-664Six-Class Site-to-Site V3PN Model,
658–659teleworker V3PN QoS, 666–667
asymmetric links and unidirectional QoS, 677
bandwidth provisioning, 674–677broadband-access technologies, 671–673deployment models, 667–670
topologies, 646ToS byte preservation, 649VPNs, 635
IPSec transport mode (encrypting an IP GRE tunnel), 638
IPSec tunnel mode (encrypting an IP GRE tunnel), 639–640
IPSec tunnel mode (No IP GRE tunnel), 638
IPSec VPN QoS design (case study), 686telecommuter router, 694–695V3PN branch router design, 691–693VPN headend design, 687–689WAN aggregator QoS design, 689–690
ISDN, 671WAN edge link-specific QoS design
CallManager CAC limitations, 503MLP packet reordering, 502variable bandwidth, 501voice and data on multiple ISDN B
channels, 503–504ITDP/UDP ports (CallManager environments),
296–301
J - Kjitter, 13, 35, 450jitter buffers, 37–38
adaptive, 36underruns, 14
keywords, 358
LLAN edge QoS design, 517
branch-to-campus classification and marking, 519–525
DSCP-to-CoS remapping, 518NBAR known worm classification and
policing, 526–535LANs
switching environments, 223QoS for wired vs. wireless, 270
latencyconverged networks, 13VoIP, 34–35
Layer 2access (MPLS VPN CE QoS design), 550–551marking fields, 81–82
ATM CLP, 84Frame-Relay DE bit, 83MPLS EXP bits, 84
queuing mechanisms, 150queuing subsystems, 136
Layer 2
1761_End_To_End.book Page 723 Tuesday, October 12, 2004 2:53 PM
724
Layer 3 marking fields, 88-90Layer 3 queuing mechanisms
CBWFQ, 139–140legacy, 136–137LLQ, 133, 140, 199, 450, 652- 653
ATM PVC bundles, 147bandwidth provisioning, 143–144cRTP, 145IPSec, 145LFI, 147MLP and Frame Relay bundles, 148operation, 141policing, 142VoFR, 149
Layer 3 queuing subsystems, 135leased lines, 467
high-speed, 472–478medium-speed, 471slow-speed, 467–470
legacy Layer 3 queuing mechanisms, 136–137LFI (Link Fragmentation and Interleaving)
for Frame Relay/ATM service interworking, 188–189
LLQ, 147tools, 182, 450
line card queuing structures (catalyst 6500), 393–396
linksasymmetric, 677ATM
high-speed, 494–495medium-speed, 493slow-speed, 488–493very-high-speed, 496–497
capacity, 293Eight-Class Site-to-Site V3PN Model, 662Frame Relay networks
distributed platform, 486–487high-speed, 484–485medium-speed, 482-484slow-speed, 480–482
speed, 452VoIP, dominating, 449
link-specific tools, 19, 169LLQ (low-latency queuing), 133, 140, 199, 450,
652-653ATM PVC bundles
LLQ, 147
bandwidth provisioning, 143–144cRTP, 145IPSec, 145LFI, 147MLP and Frame Relay bundles, 148operation, 141policing, 142VoFR, 149VoIP and multiple levels of data, 141
local CAC tools, 208locally defined Mission-Critical Data, 45loss (voice), 34low link speeds (WANs), 450low-latency queuing. See LLQLS VPN QoS design, 613–615
Mmapping
Catalyst 2950, 233Catalyst 2970, 243Catalyst 3550, 237Catalyst 3750, 243Catalyst 4500, 248–249Catalyst 6500, 254–256IP Precedence, 567Mapping Models (enterprise-to-service
provider)Five-Class Provider-Edge Model,
565–566Four-Class Provider-Edge Model, 565Three-Class Provider-Edge Model,
563–564markdown, 57–58
Catalyst 2950, 234Catalyst 2970, 244Catalyst 3550, 238–239Catalyst 3750, 244Catalyst 4500, 249–250Catalyst 6500, 257–259Catalyst QoS Models, 227
markers (policers as), 107marking, 57, 68–69
branch-to-campus, 519Catalyst 2970, 243Catalyst 3550, 237
Layer 3 marking fields
1761_End_To_End.book Page 724 Tuesday, October 12, 2004 2:53 PM
725
Catalyst 3750, 243Catalyst 4500, 248–249Catalyst 6500, 254–256DLSw+ traffic, 48MPLS VPN CE QoS design considerations,
554–556tools
class-based marking, 77class-based policing, 79Layer 2 marking fields, 81–84Layer 3 marking fields, 86–87Layer 3 tunnel marking tools, 88–90translating Layer 2 and Layer 3 packet
markings, 90–98voice gateway packet marking, 79–81
traffic, 304match protocol commands, 75match protocol dlsw command, 48max-reserved-bandwidth command, 559–563max-reserved-bandwidth interface command, 143MCMP (Multiclass Multilink PPP), 185MDRR (modified-deficit round-robin) algorithm,
585mean opinion scores (MOS), 35measurement-based CAC tools, 208Media Gateway Control Protocol (MGCP), 79Medium Link-Speed QoS Class Models, 454medium-speed ATM links, 493medium-speed frame relay links, 482–484medium-speed leased lines, 471MGCP (Media Gateway Control Protocol), 79Microflow policers, 257Mission-Critical Data applications, 43-45mitigating serialization delay, 678MLP (Multi Point-to-Point Protocol), 136MLP bundles, 148MLP LFI (Multilink PPP Link Fragmentation and
Interleaving), 183–185MLP packets, reordering, 502MLPoATM, 488–489, 499MLPoFR (MLP over Frame Relay), 177mls prefix keyword, 358mls qos cos override command, 316modified-deficit round-robin (MDRR) algorithm,
585modular QoS CLI based class maps, 71–72, 233
Modular QoS Command-Line Interface (MQC), 19–20
MOS (mean opinion scores), 35MPLS DiffServ Tunneling modes, 566
Pipe Mode, 573–582Short Pipe Mode, 569–573Uniform Mode, 567–569
MPLS EXP bits, 84MPLS Traffic Engineering, 199, 587
basic, 588–590MPLS DS-TE, 603–605
configuring, 606–612P-router configuration, 612–613show ip bgp vpnv4 all command, 615show mpls traffic-eng topology command,
614MPLS per-VPN TE, 591–598
ping vrf tunnels command, 601–602show ip rsvp interface command, 599show ip rsvp neighbor command, 599show mpls interface command, 600show mpls traffic-eng tunnels command,
601show mpls traffic-eng tunnels summary
command, 600MPLS VPN CE QoS design
special considerations, 550-552Five-Class Provider-Edge Model,
561–563Four-Class Provider-Edge Model,
559–561Layer 2 access, 550–551marking/re-marking, 554–556service-provider service-level agreements,
551TCP and UDP, 553–554Three-Class Provider-Edge Model,
556–559voice and call signaling, 553voice and video, 553
MPLS VPN QoS design, 547case studies, 616
CE routers, 617–619PE routers, 620–630P routers, 630–631
MPLS VPN QoS design
1761_End_To_End.book Page 725 Tuesday, October 12, 2004 2:53 PM
726
core considerations, 582aggregate bandwidth overprovisioning,
583DiffServ in the backbone, 583–587MPLS traffic engineering, 587–612
need for QoS, 548–550MQC (Modular QoS Command-Line Interface),
19-20MQC/ACL classification, 233MQC-based class maps, 71–72
ACLs, 233multiaction policing, 115Multi Point-to-Point Protocol (MLP), 136Multiclass Multilink PPP (MCMP), 185multilink fragment-delay 10 command, 185Multilink PPP Link Fragmentation and Interleaving
(MLP LFI), 183–185multiple priority classes, 72
NNAT transparency feature overhead, 675NBAR (Network-Based Application Recognition),
25, 72application classification, 523–524known-worm classification and policing, 526
Code Red, 527CodeRedv2, 528future worms, 533–534NIMDA, 529policing worms, 534–535RPC DCOM/W32MS Blaster, 531–532Sasser worm, 532–533SQL Slammer, 530
Packet Description Language Modules (PDLMs), 520
protocol classification, 74–76RTP payload classification, 77
NBAR exchange PDLM, 532NBAR netbios PDLM, 532NBMA (nonbroadcast multiaccess), 119nested hierarchical policing, 115Network-Based Application Recognition. See
NBAR
networksBest-Effort, 11end user expectations, 9management (QoS), 49VoIP design considerations, 34
NIMDA, 529nonbroadcast multiaccess (NBMA), 119
O - Pout-of-profile traffic, 227overprovisioning LLQ traffic, 450
P routers, 549packets, 18
MLP, reordering, 502overhead increases (IPSec QoS design),
640–642packetization delay, 13prefragmentation, 644
PAK_priority, 153, 452, 657PAK_priority flag, 49PBR (policy-based routing), 79PBS (peak burst size), 112PDLMs (NBAR Packet Description Language
Modules), 74, 520PE QoS considerations, 563
Enterprise-to-Service Provider Mapping Models
Five-Class Provider-Edge Model, 565–566
Four-Class Provider-Edge Model, 565Mapping Models, 563Three-Class Provider-Edge Model,
563–564MPLS DiffServ Tunneling modes, 566
Pipe Mode, 573–582Short Pipe Mode, 569–573Uniform Mode, 567–569
PE routers, 620–630peak burst size (PBS), 112peak information rate (PIR), 112, 118peak rate, 121peak-rate shaping, 121percent keyword, 140percentage-based policing, 116
MPLS VPN QoS design
1761_End_To_End.book Page 726 Tuesday, October 12, 2004 2:53 PM
727
percentage-based shaping, 127performance (cRTP), 181per-Port/per-VLAN policing, 239PE-to-P design, 583PFC, configuring, 255PFC3, 253PFC3 distribution-layer Per-User Microflow
Policing (Catalyst 6500), 419PIFS, 272ping vrf command, 601–602Pipe Mode, 573-582PIPQ (PVC Interface Priority queuing), 150PIR (peak information rate), 112, 118pkts matched statistics, 477placeholders. 568PoC (proof-of-concept) tests, 62police statements, 72policers, 103, 107
CAR, 107–108class-based, 109
benefits, 109single-rate three-color marker/policer,
110–112two-rate three-color marker/policer,
112–113color-aware policing, 116–117color-blind policing, 117compared to shapers, 104default, 117deploying, 106DoS/worm mitigation (campus networks), 293hierarchical policing, 114as markers, 107microflow, 257multiaction policing, 115percentage-based policing, 116
policiesaccess switches, 291LAN switching environments, 223on P routers, 549on routers, 549
policing, 57–58Catalyst 2950, 234Catalyst 2970, 244Catalyst 3550, 238–239Catalyst 3750, 244Catalyst 4500, 249–250Catalyst 6500, 257–259
Catalyst QoS Models, 227class-based, 79cRTP, 180LLQ, 142worms, 534–535
policy-based routing (PBR), 79policy-map, 20porting software QoS to hardware, 223ports
presetting those used by SoftPhone, 315trust states, 225
PPP, 175ppp multilink links minimum command, 504PPPoFR (PPP over Frame Relay), 177PQ (priority queuing), 137PQ-WFQ, 137-139pre-encryption queuing, 651–653prefragmentation, 645
IPSec transport mode, 639IPSec tunnel mode, 638
prering CAC, 212prioritization, 679priority classes, police statements, 72priority queuing, 137priority-queue out command, 240propagation delay, 13protecting video, 557Protocol Description Language Module (PDLM),
74, 520P routers, 630–631provisioning (bandwidth), 645-646proxies, 201P-to-P design, 583PVC Interface Priority queuing (PIPQ), 150PVCs
bundling, 492fragmenting, 186–187VoFR, 188
QQBSS IE (QoS basic service set information
element), 278QoS
access-edge design, 290branch routers, 513–514
QoS
1761_End_To_End.book Page 727 Tuesday, October 12, 2004 2:53 PM
728
campus networks. See campus QoS designCatalyst Models. See Catalyst QoS modelsCisco APs, 280–281classification and marking principles, 57control plane
IP routing, 48–49network-management, 49
converged networks, 12–14data, 42–43
Best-Effort data, 44DLSw+, 47–48locally defined Mission-Critical Data, 45Transactional Data/Interactive Data, 45
deploying, 62design principles, 55DiffServ, 16disabling on Catalyst 2970/3750, 343DoS and worm mitigation principles, 61–62enabling on Catalyst 2970/3750, 343end-to-end, 10evolution of, 7–8, 26, 29guidance, 27historical perspective, 5–6IntServ, 15link-specific tools, 19, 169models, 14need for on MPLS VPNs, 548–550network expectations of end users, 9policies required on WAN aggregators, 448policing and markdown principles, 57–58porting software QoS to hardware, 223queuing and dropping principles, 58–60Scavenger class, 49-54simplifying, 19
AutoQoS, 24–26cross-platform feature consistency, 24default behavior, 21MQC, 20QoS Baseline, 20–22
tool set, 17–18, 223upstream vs. downstream, 271video, 39
interactive, 39streaming, 41
VoIP, 33bearer traffic, 34–38Call-Signaling traffic, 38
WAN edge link-specificATM, 488–497ATM-FR SIW, 497–501Frame Relay, 478–487ISDN, 501–504leased lines, 467–478
wireless LANs vs. wired LANs, 270QoS Baseline Model, 20-21, 463–465
class deployment, 55QoS design principles, 55recommendations, 22
QoS basic service set (QBSS), 278qos dbl command, 367QoS Design Guide, 27QoS group placeholder, 568qos map dscp to tx-queue command, 367QoS Pre-Classify, 649QoS preclassify feature, 89queuing, 58–60, 133–134
algorithmsCBWFQ, 140comparison, 138PQ-WFQ, 139priority queuing, 137WFQ, 137
buffer space, 135Catalyst 2950, 235Catalyst 2950 switches, 322–323
show wrr-queue bandwidth command, 324show wrr-queue cos-map command, 325
Catalyst 2970, 244–246, 351–356Catalyst 3550, 240–241, 336–339
show mls qos interface buffers verification command, 340
show mls qos interface queuing verification command, 341
Catalyst 3750, 244–246Catalyst 4500, 250–252, 366-370
show qos dbl command, 370show qos interface command, 371–372show qos maps dscp tx-queue command,
370–371Catalyst 6500, 259–263, 391–394
1P2Q1T queuing and dropping, 401–4041P2Q2T queuing and dropping, 405–4081P3Q1T queuing and dropping, 408–4101P3Q8T queuing and dropping, 411–414
QoS
1761_End_To_End.book Page 728 Tuesday, October 12, 2004 2:53 PM
729
1P7Q8T queuing and dropping, 415–418l2Q2T queuing and dropping, 396–400line card queuing structures, 393–396
Catalyst QoS models, 228, 230Cisco 12000 routers, 585default queue limits, 338Layer 2 queuing mechanisms, 150Layer 3 queuing mechanisms
CBWFQ, 139–140legacy, 136–137LLQ, 140–149
LLQ, 652policies on routers, 549reducing queue limits, 657software (WAN aggregators), 448–449transmit ring (Tx-ring), 136Tx-ring, 152
queuing tools, 133
Rradio downstream QoS, 271radio upstream QoS, 271RAI (resource activity indicator), 209random backoffs, 273random-detect command
ecn keyword, 165Real-Time class
admission criterion, 563–565bandwidth provisioning, 449
RED (Random Early Detection), 160re-marking
MPLS VPN CE QoS design considerations, 554–556
traffic, 304reservations, 196–197resource activity indicator (RAI), 209resource-based CAC tools, 209RFC 2205, 195RFC 2597, 58RFC 3168, 163RFC 3246, 36ROHC (robust header compression), 171routers
branch routers, 447hub routers, 548
P routers, 549policies, 549roles in WANs, 447WAN aggregators, 447
bandwidth provisioning, 449distributed platform QoS, 453IP RTP header compression, 451link speeds, 452PAK_priority, 452required QoS policies, 448serialization, 450software queuing, 448–449Tx-ring tuning, 451
routingDDR, 503packets-per-second capability, 651
RPC DCOM/W32/MS Blaster, 531–532RSVP, 195
admission control, 197CAC, 212configuring, 196cRTP, 180interoperability, 213LLQ, 199overview, 196scalability, 199security, 213service types, 197VoIP CAC through RSVP, 215
RSVP-DiffServ integration, 200RSVP PATH message, 196RSVP RESV message, 196RTP header compression (cRTP)
class-based header compression, 178–179formats, 173
Cisco propriety format, 173IETF format, 174IPHC, 173
formats and encapsulation summary, 177–178Layer 2 encapsulation protocol support, 175
Frame Relay, 176HDLC, 175PPP, 175
policing and shaping, 180tunnels, 180
RTP payload classification, 77
RTP payload classification
1761_End_To_End.book Page 729 Tuesday, October 12, 2004 2:53 PM
730
SSAR (Segmentation and Reassembly) engine, 675SAs (security associations), 638Sasser worm, 532–533scalability
IPSec VPN QoS design case study, 686RSVP, 199
Scavenger classDoS and worm mitigation, 50–54QoS, 49
Scavenger-class QoS strategy, 294SCCP (Skinny Call Control Protocol), 295scheduling tools, 133-134SCSP mutation maps (Catalyst 6500), 257security
RSVP, 213worms, 50
security associations (SAs), 638Serial Line IP (SLIP) protocol, 173serialization, 678
delay, 13WAN aggregators, 450
servers, 303service provider service-level agreements, 551service types (RSVP), 197service-policy, 20services for CallManagers, 295shapers, 103, 118
ATM networks, 121–122class-based Frame Relay traffic shaping,
123–124class-based shaping, 126–127compared to policers, 104cRTP, 180distributed traffic shaping (DTS), 128Frame Relay traffic shaping (FRTS), 122–123Frame Relay voice-adaptive traffic shaping,
124generic traffic shaping, 126peak-rate shaping, 121shaping algorithms, 120
Short Pipe Mode, 569–573show atm bundle command, 493show atm pvc command, 489show atm vc command, 492show class-map verification command, 318
show controllers command, 451show frame-relay fragment command, 482show ima interface atm command, 495show ip access-list command, 521show ip bgp vpnv4 all command, 615show ip nbar port-map command, 525show ip rsvp interface command, 599show ip rsvp neighbor command, 599show mls masks qos verification command, 319show mls qos command, 358show mls qos interface buffers verification
command, 340show mls qos interface policers verification
command, 318show mls qos interface queuing verification
command, 341show mls qos interface statistics verification
command, 329show mls qos interface verification command, 314show mls qos maps command, 356show mls qos maps dscp-output-q command, 356show mpls interface command, 600show mpls traffic-eng topology command, 614show mpls traffic-eng tunnels command, 601show mpls traffic-eng tunnels summary command,
600show policy command, 456show policy interface command
high-speed leased lines, 473slow-speed leased lines, 469
show policy interface verification command, 329show policy-map interface command, 178show policy-map verification command, 318show port qos commands, 376–377show ppp multilink command, 478show qos acl verification command (Catalyst 6500),
380show qos command, 358show qos info config 2q2 tx verification command,
398show qos info runtime verification command,
399–400show qos interface command, 371–372show qos maps dscp tx-queue command, 370–371show qos maps verification command (Catalyst
6500), 379
SAR (Segmentation and Reassembly) engine
1761_End_To_End.book Page 730 Tuesday, October 12, 2004 2:53 PM
731
show qos policer verification command (Catalyst 6500), 381
show qos statistics verification command (Catalyst 6500), 382
show queuing interface verification command, 400show wrr-queue bandwidth command, 324show wrr-queue cos-map command, 325SI (Standard Image), 232SIFS, 272site-to-site V3PN, 637
headend VPN edge QoS options, 665–666IPSec transport mode (encrypting an IP GRE
tunnel), 638IPSec tunnel mode (encrypting an IP GRE
tunnel), 639–640IPSec tunnel mode (No IP GRE tunnel), 638QoS models
Eight-Class Site-to-Site V3PN Model, 660-664
Six-Class Site-to-Site V3PN Model, 658–659
Six-Class Site-to-Site V3PN Model, 658–659Skinny Call Control Protocol (SCCP), 295SLIP (Serial Line IP) protocol, 173Slow Link-Speed QoS Class Models, 454slow-speed ATM links, 488–489
ATM PVC bundles, 490–492show atm bundle command, 493show atm vc command, 492
show atm pvc command, 489Tx-rings, 490
slow-speed Frame Relay links, 480–481slow-speed leased lines, 467–469
show interface command, 469show policy interface command, 470
slow-speed links (ATM-FR SIW), 499–501SMI (Standard Multilayer Software Image), 243SoftPhone, 315software queuing (WAN aggregators), 448–449source IP address classification, 520speed (links), 452split tunneling, 679–681SQL Slammer, 530Standard Image (SI), 232Standard Multilayer Software Image (SMI), 243state-machine synchronization, 212streaming video, 41, 557
strict-priority queuing rule, 59sum of LLQs, 450Supervisor 720, 253
Ttable map feature, 98tail drops, 241TCP
global synchronization behavior, 159packet loss, 656and UDP, 553–554
TCP/UDP classification, 522TAM (time-division multiplexing), 105teleworker V3PN QoS, 666–667
asymmetric links and unidirectional QoS, 677bandwidth provisioning, 674
cable overhead, 676–677DSL (AAL5 + PPPoE) overhead, 675–676NAT transparency feature overhead, 675
broadband serialization mitigation through TCP maximum segment size tuning, 678–679
broadband-access technologies, 671cable, 673DSL, 672
business-ready teleworker design, 666Deployment Models, 667, 682
Dual-Unit Model, 669Integrated Unit + Access Model, 669–670.
684-685Integrated Unit Model, 668Integrated Unit/Dual Unit Models,
682-684split tunneling, 679–681
Three-Class (Voice and Data) Model, 454-456Three-Class Provider-Core Model, 583Three-Class Provider-Edge Model, 556–559,
563–564time-division multiplexing (TDM), 105token bucker algorithms, 105topologies
IPSec QoS design, 646split tunnel, 680
ToS (type of service), 47byte preservation, 649reflection, 90
ToS (type of service)
1761_End_To_End.book Page 731 Tuesday, October 12, 2004 2:53 PM
732
total drops statistics, 477traffic
branch-to-branch, 548campus networks, 339campus-to-branch, 548classification, 68–77conforming, 107data, 42defined by QoS Baseline, 21DLSw+, marking, 48exceeding, 107handoffs, 421horizontal separation of, 107IP, 48LLQ, 450marking/remarking, 68–69, 302–304out-of-profile, 227PAK_priority, 153prioritization, 679Scavenger, 49Scavenger-class QoS strategy, 294unpoliced classes, 109vertical separation of, 107violating, 107worm mitigation in Scavenger class, 51–53
Transactional Data, 45translating Layer 2 and Layer 3 packet markings, 90
802.1Q/p to and from DSCP, 92–93DHCP to Frame Relay DE bit, 94IP precedence to ATM/Frame Relay PVCs,
95–96table map feature, 98
transmit queuing (Catalyst 6500), 392transmit ring (Tx-ring), 136troubleshooting
class naming, 520DoS attacks (campus networks), 292–294worms (campus networks), 292–294
trust boundariesaccess-edge, 302
Conditionally Trusted Endpoint Models, 303, 307–312
Trusted Endpoint Models, 302–304, 314–315
Untrusted Endpoint Models, 304–307defined, 302
trust states, 225configuring trust on Catalyst 6500, 255
trust-device command, 386trusted endpoint models, 302–304, 314–315
Catalyst 2970/3750, 343–346Catalyst 3550, 327Catalyst 4500, 359Catalyst 6500, 375
show port qos command, 376–377trusted endpoints, connecting, 304tunnel DiffServ, 566tunneling
cRTP, 180modes (MPLS DiffServ), 566
Pipe Mode, 573-582Short Pipe Mode, 569–573Uniform Mode, 567–569
split tunneling, 679–681tx-queue command, 367tx-ring-limit command, 490Tx-rings (transmit rings), 136, 152
ATM, 489tuning, 451
type of service (ToS), 47
UUBR (unspecified bit rate), 491UDP and TCP, 553–554underruns (jitter buffers), 14unidirectional applications, 513–515unidirectional QoS, 677Uniform Mode, 567–569unspecified bit rate (UBR), 491Untrusted Endpoint Models (trust boundaries),
304–307Untrusted Multiapplication Server Model, 315–318
show class-map and show policy-map verification commands, 318
show mls masks qos verification command, 319show mls qos interface policers verification
command, 318Untrusted PC with SoftPhone Model
Catalyst 2950, 315Catalyst 2970/3750, 344Catalyst 3550, 327–329Catalyst 4500, 359–360
total drops statistics
1761_End_To_End.book Page 732 Tuesday, October 12, 2004 2:53 PM
733
Catalyst 6500, 378–379show qos acl verification command,
380–381show qos maps verification command,
379–380show qos policer verification command,
381–382show qos statistics verification command,
382Untrusted Server Model
Catalyst 2970/3750, 345Catalyst 3550, 330–331Catalyst 4500, 360–362Catalyst 6500, 383–386
uplink connections (DSL and cable), 677upstream QoS, 271
Vvariable network delay. See jitterVBR (variable bit-rate), 673verification command, 320verifying
ATM IMA group, 496tag-switching configuration (MPLS per-VPN
TE), 600vertical separation of traffic, 107very-high-speed ATM links, 496–497video
MPLS VPN CE QoS design considerations, 553QoS, 39
Interactive-Video, 39Streaming-Video, 41
Streaming-Video, protecting, 557surveillance systems, 303
videoconferencingany-to-any, 548–549gateways and systems, 303videoconferencing rate, 40
violating traffic, 107viruses, 526VoFR (Voice over Frame Relay), 149voice
gateway packet marking, 79–81MPLS VPN CE QoS design considerations, 553VVLANs, 314
Voice and Data WAN Edge Model, 454Voice over Frame Relay (VoFR), 149voice VLANs (VVLANs), 314VoIP (Voice over IP), 33
bandwidth, 36–38bandwidth provisioning, 646Call-Signaling traffic, 38campus networks, 291header-compression techniques, 170
class-based header compression, 178–179formats, 173–174Layer 2 encapsulation protocol support,
175–176RTP header compression (cRTP), 172standards, 171TCP header compression (cTCP), 171
LLQ, 141over ATM, 91over Ethernet to VoIP over a WAN, 91over MPLS, 91QoS
bearer traffic, 34–38Call-Signaling traffic, 38
traffic, dominating links, 449VPNs (virtual private networks)
IPSec QoS design, 635MPLS VPN QoS design, 547. See also MPLS
VPN QoS designVVLANs (voice VLANs), 314
WWAN aggregation router QoS design
case study, 505–507WAN aggregator/branch router handoff, 420–422WAN aggregators, 447, 548
bandwidth provisioning, 449distributed platform QoS, 453IP RTP header compression, 451link speeds, 452PAK_priority, 452required QoS policies, 448serialization, 450software queuing, 448–449Tx-ring tuning, 451
WAN aggregators
1761_End_To_End.book Page 733 Tuesday, October 12, 2004 2:53 PM
734
WAN Edge Classification and Provisioning ModelsHigh Link-Speed QoS Class Models, 459
Distributed-Platform/Consistent QoS Behavior QoS Baseline Model, 465–466
Eight-Class Model, 460-462QoS Baseline Model, 463–465
Slow/Medium Link-Speed QoS Class Models, 454
Five-Class Model, 456–459Three-Class (Voice and Data) Model,
454-456WAN edge link-specific QoS design
ATMhigh-speed links, 494–495medium-speed links, 493slow-speed links, 488–493very-high-speed links, 496–497
ATM-FR SIW, 497–501Frame Relay, 478
Bc, 479Be, 480CIR, 479distributed platform links, 486–487high-speed links, 484–485medium-speed links, 482–484slow-speed links, 480–482
ISDNCallManager CAC limitations, 503MLP packet reordering, 502variable bandwidth, 501voice and data on multiple ISDN B
channels, 503–504leased lines, 467
high-speed, 472–478medium-speed, 471slow-speed, 467–470
WAN edge QoS design, 514–515WANs, 269, 548
link fragmentation and interleaving, 181–183fragment sizes, 183–184
Frame Relay fragmentation, 185, 188–189IPSec prefragmentation, 190Multilink PPP Link Fragmentation and
Interleaving (MLP LFI), 183–185low link speeds, 450routers roles in, 447
Weighted Random Early Detection. See WREDWFQ, 137wireless access points, 304wireless IP phones, 304WLANs (wireless LANs)
basic service set information element, 278QoS, 270
worms, 50campus network mitigation strategies, 292–294CodeRedv2, 527–528compared to viruses, 526mitigation in Scavenger class, 51–54mitigation principles, 61–62NIMDA, 529policing, 534–535preparing for future worms, 533–534RPC DCOM/W32/MS Blaster, 531–532Sasser, 532–533SQL Slammer, 530
WRED (Weighted Random Early Detection), 159–164
Catalyst 3550, 340DSCP-based WRED, 162–163ECN, 165enabling on the Best-Effort class, 457thresholds, 241WRED-drop thresholds (Catalyst 6500), 262
wrr-queue bandwidth command, 322wrr-queue cos map command, 240wrr-queue dscp-map interface configuration
command, 339wrr-queue queue-limit command, 240wrr-queue queue-limit interface command, 338
WAN edge classification and provisioning models
1761_End_To_End.book Page 734 Tuesday, October 12, 2004 2:53 PM