Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
803
Views
0
Helpful
4
Replies

Campus QoS:does Qos configuration mandatory at Core Layer

kycheong
Level 1
Level 1

‎08-22-2005 08:18 AM - edited ‎03-02-2019 11:46 PM

Hi, I have a campus network with 3 -tiers, access, distribution and core layer, I have few questions as follows:

1) in order to preserve end-to-end QoS, do i need any QoS configuration at Core switch ? if i don't even enable "mls qos" or configure "trust" ? will the packet that classified and mark earlier from access to distribution still be preserved so that when this packet pass thru Core and get to the other end of the network, the core switch will still be able to pass this packet down to the next distribution, as I do not need my core switch to perform any queuing of this packet as core will have very fast switching speed.

2) at Distribution switch, typically we trust cos or dscp, however, if some hacker connect to the access ports and mark their packet to high priority cos value, at DS level, I would want to trust dscp or cos together with let's say from certain source IP subnet, is that possible ?

2)

Labels:
0 Helpful
4 Replies 4

cdusio
Level 4
Level 4

‎08-22-2005 11:02 AM

question 1. If you do not enable qos globally, then qos will not work. There are other things you would want to do in the core like trusting dscp etc. reason is this.

You need to be able to insure that the traffic I.E. voice goed into the priority queue. If the switch is unaware of QoS, it will simply not utilize the queuing structure it has available to it.

Once the traffic is marked somewhere, and it passses through the switch, it will retain it's qos mappings provided the switch/router doesn't muck with them

So on the edge, you tag a packet with CS=5. Goes to core switch, if QoS is enabled, the packet would go into priority queue and be transmitted accordingly. If QoS is not enabled, it will place it in default queue.

question 2

yes you can do that, couple of ways but simple explanation is this.

vlan 12 ip 192.168.12.0-255

vlan 30 ip 192.168.30.0-255

at distribution switch, create a class-map that matches ip address range 1 and then sets the CoS/DSCP field to 0. (assuming that's the open access vlan)

Then, send it on it's way as you have now forcibly cleared the cos setting.

now that's extremely simplified and this is really a much more complicated security question as you would have to have some methodology of controlling access to those ports physically as well. If someone plugs into the network and gets an ip on vlan 30 then you're in trouble right? So securing ports is another issue to contend with.

Consider port level security, IBNS, 802.1X authentication, shutting off unused ports etc to increase security.

hope that helps

Chris

0 Helpful

ybajpai
Level 1
Level 1
In response to cdusio

‎08-22-2005 02:27 PM

Just to add to what Chris mentioned:

In almost all instances, when we talk about configuring QOS, we are referring to the Diffserv or the *per hop* QOS configuration. So we need to configure QOS on 'every hop' if we truly need an end-to-end traffic priortization.

Having said that, please note that when you don't configure mls qos globally on the switch (default), all COS/DSCP values are preserved as the packet traverses the switch. Granted, that there is no 'preference' given to any packet and thus there is really no 'quality of service' offerred by the switch. but the individual cos/dscp are maintained. On the other hand when you just configure 'mls qos' globally on the switch and do now DO anything after that, you are, in effect, re-writing the cos/dscp to the default state of ZERO as the packet passes thru the switch.

This one point is often a cause of lot of confusion so i thought of mentioning it here. HTH!

0 Helpful

cdusio
Level 4
Level 4
In response to ybajpai

‎08-23-2005 05:54 AM

Very good point. I was trying to convey that the CoS and or DSCP values would be maintained however no preference would be given to those packets if QoS wasn't enabled globally. Glad you brought that out.

Chris

0 Helpful

kycheong
Level 1
Level 1
In response to ybajpai

‎08-23-2005 10:52 AM

Hi, Guys

Thanks for the information.

By the way, I have some more doubts to clear.

At the distribution switch, where I have a downlink connection to Cisco 3500XL switch, may I have some suggestion whether the QoS configuration at the DS, both global and interface command are appropriate:

1) Global

mls qos

mls qos map cos-dscp 0 8 16 26 34 46 48 56

2) Downlink interface to Cat3500XL switch with 1p2q2t queuing model

e.g interface gt0/1

mls qos vlan-based

mls qos trust cos

wrr-queue queue-limit 40 30

! Sets the buffer allocations to 40% for Q1 and 30% for Q2

! Indirectly sets PQ (Q3) size to equal Q2 (which is set to 30%)

wrr-queue bandwidth 30 70

! Sets the WRR weights for 30:70 (Q1:Q2) bandwidth servicing

wrr-queue random-detect min-threshold 1 40 80

! Sets Min WRED Thresholds for Q1T1 and Q1T2 to 40 and 80, respectively

wrr-queue random-detect max-threshold 1 80 100

! Sets Max WRED Thresholds for Q1T1 and Q1T2 to 80 and 100, respectively

wrr-queue random-detect min-threshold 2 70 80

! Sets Min WRED Thresholds for Q2T1 and Q2T2 to 70 and 80, respectively

wrr-queue random-detect max-threshold 2 80 100

! Sets Max WRED Thresholds for Q2T1 and Q2T2 to 80 and 100, respectively

wrr-queue cos-map 1 1 1

! Assigns Scavenger/Bulk to Q1 WRED Threshold 1

wrr-queue cos-map 1 2 0

! Assigns Best Effort to Q1 WRED Threshold 2

wrr-queue cos-map 2 1 2 3 4

! Assigns CoS 2,3,4 to Q2 WRED Threshold 1

wrr-queue cos-map 2 2 6 7

! Assigns Network/Internetwork Control to Q2 WRED Threshold 2

priority-queue cos-map 1 5

! Assigns VoIP to PQ

3) Link/Interface to Core

interface gt0/2

mls qos trust dscp

wrr-queue queue-limit 40 30

! Sets the buffer allocations to 40% for Q1 and 30% for Q2

! Indirectly sets PQ (Q3) size to equal Q2 (which is set to 30%)

wrr-queue bandwidth 30 70

! Sets the WRR weights for 30:70 (Q1:Q2) bandwidth servicing

wrr-queue random-detect min-threshold 1 40 80

! Sets Min WRED Thresholds for Q1T1 and Q1T2 to 40 and 80, respectively

wrr-queue random-detect max-threshold 1 80 100

! Sets Max WRED Thresholds for Q1T1 and Q1T2 to 80 and 100, respectively

wrr-queue random-detect min-threshold 2 70 80

! Sets Min WRED Thresholds for Q2T1 and Q2T2 to 70 and 80, respectively

wrr-queue random-detect max-threshold 2 80 100

! Sets Max WRED Thresholds for Q2T1 and Q2T2 to 80 and 100, respectively

wrr-queue cos-map 1 1 1

! Assigns Scavenger/Bulk to Q1 WRED Threshold 1

wrr-queue cos-map 1 2 0

! Assigns Best Effort to Q1 WRED Threshold 2

wrr-queue cos-map 2 1 2 3 4

! Assigns CoS 2,3,4 to Q2 WRED Threshold 1

wrr-queue cos-map 2 2 6 7

! Assigns Network/Internetwork Control to Q2 WRED Threshold 2

priority-queue cos-map 1 5

! Assigns VoIP to PQ

--------------------------------------------

Questions:

1) I still have doubts that maybe the configuration for those queuing parameter in interface (downlink ro acess or uplink to core)may not required to enter explicitly, because I believe once you enter mls qos, there will be default config for the supported/capable queue structure already, am i right ?

2) is the command "mls qos vlan-based" at interface level is required ?

3) if my downlink switch is cat3550 switch, can I configure the same configure as mentioned in the downlink ?

4) pertaining to the question that I've asked earlier, where I want to explicitly trust cos 5/dscp 46 from the known subnet, in this case, the voice subnet, e.g 172.20.0.0 /16, if i have cos 5/dscp 46 come from other IP range, they will not be trusted and the marking will not be maintained hence will not be put into priority queue, is that possible ? any idea how to achieve that ?

Thank you in advance

0 Helpful
Customers Also Viewed These Support Documents