cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
8991
Views
5
Helpful
6
Replies

Any examples of Scavenger Class for QOS?

jkeeffe
Level 2
Level 2

Other than what is in the QOS SRND, does anyone have any working Scavenger Class examples?

The SRND states to include in this class peer-to-peer media sharing apps like KaZaa, Morpheaus, etc, gaming apps, and entertainment video, but it gives no working examples.

The SRND chapter "How can I use QoS tools to mitigate DoS/Worm attacks" again explains the theory of marking out-of-profile apps to CS1, which would put them into the scavanger class, but gives no examples of how to do this.

Any examples would be appreciated - thanks.

6 Replies 6

irisrios
Level 6
Level 6

Hi irisrios -

I checked these links out the other day and they are quite interesting. However the QBSS treats the scavenger class a little bit differently then my idea of scavenger. They refer to being able to grab bandwidth out of the 'best effort' class when available, but I want to strictly limit what is in scavenger - to never go over that limit.

Somewhere I read the if you don't put a bandwidth limitation in the best effort class, then scavenger will consume bandwidth from that class, but if you DO put a bandwidth command in the best effort class, that will keep scavenger from ever using that bandwidth.

Does that sound right to you? Do you know where

Unfortunately, I was unable to open either of Irisrios's link's, but in general, one class doesn't grab bandwidth from another. When dealing with bandwidth management, you set class bandwidth guarantees.

What might be confusing you, generally by default, one class can use more than its guaranteed bandwidth if another class isn't using all what it's guaranteed. This can be controlled by also (if platform allows) setting a bandwidth cap on a class, but generally it's often beneficial to use all your available bandwidth.

For example, given the policy:

policy-map Sample
class real-time
priority percent 33
class scavenger
bandwidth remaining percent 1
class class-default
bandwidth remaining percent 99

The scavenger class might be seen using all 100% of the bandwidth, but only if the other classes aren't using their allocations. If real-time wanted 10%, and BE and scavenger wanted 100%, real-time should obtain its 10%, BE should obtain 99% of 90% and scavenger should obtain 1% of 90%.

andrew.burns
Level 7
Level 7

Hi,

It's impossible to give a generic answer to this question because so much of QoS is dependent on hardware capabilities of different switches and routers and also on your exact network topology and traffic distribution.

However, there are two parts to the question, one is identifying P2P traffic and the second is dealing with it.

Identifying P2P on a Cisco is usually done using NBAR, something like "match protocol kazaa" in a class-map. One advantage of NBAR is that you can also write your own modules but one disadvantage is that it's all done in software (unless you're an early adopter of PISA..) so performance can be an issue.

Once identified you have two main options to deal with it depending on your topology, etc. The first is simply to police it directly under the same input service policy, the second is to mark it with a particular dscp value (e.g. CS1) and deal with it as it passes through the network. It's this second option that is usually referred to as putting it into the scavenger class.

Now the tricky bit - if you have, for example, a 4Q1T queuing structure on the uplink ports (e.g. on a 2950) then you need to configure the lowest queue to catch the scavenger traffic (something like wrr-queue cos-map 1 1) and then assign a low percentage of traffic to it (using wrr-queue bandwidth 1 33 33 33). The problem here is that there are a lot of different queuing structures (some with priority queues, some without) and also different drop methods (the above is for tail-drop but you can also have wred). You also need to partition the transmit buffers correctly and assign bandwidth to each queue correctly as the defaults are unlikely to match your own traffic distribution.

There are a lot of caveats and gotchas that hamper understanding, such as the default dscp-to-cos mappings are never how you want them, you never seem to have enough queues (let alone a common queuing structure), should you police or not, should you mark down or drop, how much bandwidth to assign to queues, what ratio to split the buffers, and on and on. It seems to be more art than science.

The reason why there are no good examples is simply because there are too many variables - the best place to look is in the "Configuring QoS" section of the particular piece of hardware you have. If you have a lot of 6500's for example then your bible should be (assuming IOS):

http://www.cisco.com/en/US/products/hw/switches/ps708/products_configuration_guide_chapter09186a00801679f8.html

HTH

Andrew.

tachavez
Cisco Employee
Cisco Employee

Definition:

 

The Scavenger class is intended to provide deferential services, or less-than best-effort services, to certain applications. Applications assigned to this class have little or no contribution to the organizational objectives of the enterprise and are typically entertainment oriented in nature. These include peer-to-peer media-sharing applications (KaZaa, Morpheus, Groekster, Napster, iMesh, and so on), gaming applications (Doom, Quake, Unreal Tournament, and so on), and any entertainment video applications.

 

# show policy-map interface xx

  Service-policy input: AutoQos-4.0-Trust-Dscp-Input-Policy

    Class-map: class-default (match-any)
      Match: any
      QoS Set
        dscp dscp table AutoQos-4.0-Trust-Dscp-Table

  Service-policy output: AutoQos-4.0-Output-Policy

    queue stats for all priority classes:
      Queueing
      priority level 1

      (total drops) 0
      (bytes output) 0

    Class-map: AutoQos-4.0-Output-Priority-Queue (match-any)
      Match:  dscp cs4 (32) cs5 (40) ef (46)
      Match: cos  5
      Priority: 30% (300000 kbps), burst bytes 7500000,

      Priority Level: 1

    Class-map: AutoQos-4.0-Output-Control-Mgmt-Queue (match-any)
      Match:  dscp cs3 (24) cs6 (48) cs7 (56)
      Match: cos  3
      Queueing
      queue-limit dscp 16 percent 80
      queue-limit dscp 24 percent 90
      queue-limit dscp 48 percent 100

      (total drops) 0
      (bytes output) 0
      bandwidth remaining 10%

      queue-buffers ratio 10

    Class-map: AutoQos-4.0-Output-Multimedia-Conf-Queue (match-any)
      Match:  dscp af41 (34) af42 (36) af43 (38)
      Match: cos  4
      Queueing

      (total drops) 0
      (bytes output) 0
      bandwidth remaining 10%
      queue-buffers ratio 10

    Class-map: AutoQos-4.0-Output-Trans-Data-Queue (match-any)
      Match:  dscp af21 (18) af22 (20) af23 (22)
      Match: cos  2
      Queueing

      (total drops) 0
      (bytes output) 0
      bandwidth remaining 10%
      queue-buffers ratio 10

    Class-map: AutoQos-4.0-Output-Bulk-Data-Queue (match-any)
      Match:  dscp af11 (10) af12 (12) af13 (14)
      Match: cos  1
      Queueing

      (total drops) 0
      (bytes output) 0
      bandwidth remaining 4%
      queue-buffers ratio 10

    Class-map: AutoQos-4.0-Output-Scavenger-Queue (match-any)
      Match:  dscp cs1 (8)
      Queueing

      (total drops) 0
      (bytes output) 0
      bandwidth remaining 1%
      queue-buffers ratio 10

    Class-map: AutoQos-4.0-Output-Multimedia-Strm-Queue (match-any)
      Match:  dscp af31 (26) af32 (28) af33 (30)
      Queueing

      (total drops) 0
      (bytes output) 0
      bandwidth remaining 10%
      queue-buffers ratio 10

    Class-map: class-default (match-any)
      Match: any
      Queueing

      (total drops) 0
      (bytes output) 0
      bandwidth remaining 25%
      queue-buffers ratio 25

 

 

Joseph W. Doherty
Hall of Fame
Hall of Fame
"The SRND chapter "How can I use QoS tools to mitigate DoS/Worm attacks" again explains the theory of marking out-of-profile apps to CS1, which would put them into the scavanger class, but gives no examples of how to do this."

BTW, marking traffic CS1 is a RFC recommendation for marking scavenger traffic, but understand like any other DSCP marking, how DSCP marked traffic is QoS treated, is up to actual device configurations. (BTW, if using a router with original interface (or pre-HQF CBWFQ class-default) fair-queue, CS1, as IPPrec 1, will get better treatment than BE.)

Also, many out-of-profile apps might be better served by increasing that traffic's drop probability, or immediately dropping, than remarking as scavenger traffic. Such remarking only some traffic's packets likely will get packets out-of-order, which often creates its own issues.

Lastly, if you knew for certain you're dealing with a DoS/worm attack, why would you want to forward the traffic at all?

"The SRND states to include in this class peer-to-peer media sharing apps like KaZaa, Morpheaus, etc, gaming apps, and entertainment video, but it gives no working examples."

As Andrew mentioned, generally you need something like NBAR to identify p2p apps. Once identified, you can treat that traffic as desired, which may include marking with a specific DSCP marking. If have a scavenger class, you can treat such traffic as that, which would likely also include marking this traffic with a DSCP marking used to identify scavenger traffic. (Remember, the whole point of the ToS tag is to avoid the need to deeply analyze a packet at every hop.)

As an example of how this is done, much depends on the platform, but if NBAR capable, you might have something similar to:

class-map match-any ScavengerClassify
match protocol ftp
match protocol ...

policy-map ExampleIngress
class ScavengerClassify
set IP DSCP CS1

interface ge0
service policy input ExampleIngress

Once traffic is marked, you can later treat it as desired, again how varies per platform, but on a router, perhaps something like:

class-map match-all ScavengerTreatment
match IP DSCP CS1

policy-map ExampleEgress
class ScavengerTreatement
bandwidth remaining 1 percent

interface ge0
service-policy output ExampleEgress
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: