QOS notes

The majority of these notes are taken from a class I took at Networld+Interop conference, September 14-16, 1999. Francois Fluckiger (from CERN) was the instructor. They are for my personal reference, nothing more. A lot of these notes are copied directly from his slides. Note that this class was in 1999; standards may have progressed since then. I have updated some things, but not everything...

Table of Contents

L2-802.1p(D)/Q

802.1Q is the standard for Virtual LANs (VLANs)
VLANs identified by tag field added to layer2 header
VLAN Tag field contains a 3 bit User-Priority (UP) field

Note: 802.1p priority field in 802.1Q Tag: 3 bits; VLAN ID: 12 bits

Every host in a VLAN may select one (out of 8) user priority
User Priority mapped to Traffic Class
Not one-to-one mapping: from 0 to 7 possible traffic classes. Defaults usually have 7 has highest and reserved for ntwrk ctrl traffic.
User priority handled within switches by

appropriate queueing
discard policy

Provides a simple label for classification (no complex parsing needed)

-	802.1p/Q
Priority	Priority Code Point (PCP)	Acronym	Traffic Type
Lowest	1	BK	Background
	0	BE	Best Effort
	2	EE	Excellent Effort
	3	CA	Critical Applications
	4	VI	Video
	5	VO	Voice
	6	IC	Internetwork Control
Highest	7	NC	Network Control

IEEE 802.1/D does not specify number of queues
Queues must be FIFO
If multiple queues, (by default) Simple Priority Queuing (PQ)

frame x forwarded only if all higher priority queues are empty
i.e. high-priority queues get absolute priority
see below for more

User Priority setting can come from directly attached hosts or routers

Host - QoS API mapping from e.g. RSVP param to traffic class
Routers - mapping from e.g. RSVP param to traffic class

Not addressed in 802.1p(D)/Q

No recommendation about how sender should select value for user priority value.
No assumption about the semantic of traffic classes "what does a class mean?"
Only simple priority queing algorithm defined, but more sophisticated queuing may be later defined (e.g. WFQ).
No resource reservation/admission control defined

L3-diffserv

Set DiffServ Code Point (DSCP) into Type of Service (TOS) byte in IPv4 or Traffic Class octet in IPv6.
DSCP could be set at node, but should be set at leaf router?
Originally, TOS byte made up of RFC791 Precedence field (3 bits), RFC1349 ToS field (4 bits), plus the bit immediately following.
Now, 6 bits go to DSCP, and 2 bits go to ECN (Explicit Congestion Notification).
For DSCP, 32 values are for public use (21 are standardized). 32 are experimental.

ECN

00	sending device not capable of reading and responding (to) ECN
01 or 10	sending device is ECN capable and not experiencing congestion
11	Sending device is ECN capable and experiencing congestion, please throttle back rate of packet transmission to avoid losing packets

IETF recommends following groups for per hop behaviours:

DE (Default)

Best effort forwarding. Recommended DSCP is 000000.

AF (Assured Forwarding) PHB

3 drop precedences (low, medium, high) each with 4 classes. In case of congestion, node will try to protect packets with higher drop-precedence values. (RFC2597)

	Class 1 (lowest)	Class 2	Class 3	Class 4 (highest)
Low Drop	AF11 (DSCP 10)	AF21 (DSCP 18)	AF31 (DSCP 26)	AF41 (DSCP 34)
Med Drop	AF12 (DSCP 12)	AF22 (DSCP 20)	AF32 (DSCP 28)	AF42 (DSCP 36)
High Drop	AF13 (DSCP 14)	AF23 (DSCP 22)	AF33 (DSCP 30)	AF43 (DSCP 38)

EF (Expedited Forwarding) PHB

Highest prio. Node must supply a low-loss, low-latency, and assured bandwidth, path/queue through the node.

Node is configured with a well-defined minimum departer rate.
Conditioning (e.g. policing and shaping) should be put in place to guarantee that the arrival rate at the node is always less than the node's configured minimum departure rate.

Recommended DSCP is 101110 (46 decimal, 2E hex).

VA (Voice Admit) PHB

rfc 5865. identical chars to EF PHB. also admitted by network using CAC (call admission control). Recommended DSCP is 101100 (44 dec or 2C Hex)

sample cisco router dscp qos cfg section

class-map match-any qos-gw-crit-traf
 match ip dscp cs6
class-map match-any media
 match ip dscp ef
class-map match-any control
 match ip dscp cs3
 match ip dscp af31
!
!
policy-map voip
 class media
  bandwidth percent 50
 class control
  bandwidth percent 5
 class qos-gw-crit-traf
  bandwidth percent 5
 class class-default
  fair-queue

IPv4 packet header (RFC791)

This section needs to be updated...

Precedence and ToS: RFC791 and 1349

Precedence field (relative discard priority)
Value	RFC791 semantics
110	Internetwork Control
101	Critical
100	Flash Override
011	Flash
010	Immediate
001	Priority
000	Routine

ToS field (relative delay priority)
Value	RFC1349 semantics
1000	minimize delay
0100	maximize throughput
0010	maximize reliability
0001	minimize monetary cost
0000	normal service

IPv6 packet header

DS field (RFC2474) coded in

IPv4 ToS octet
IPv6 Traffic Class octet
6-bit field to code the DS code point (DSCP field)
Incompatable with existing definition of IPv4 ToS

**Preserving partial backward compatibility**
for experimental, local use	'xxxxx1'	(32 values)
for standardization	'xxxxx0'	(24 values)
reserved for IPv4 ToS compatibility	'xxx000'	(7 values)
best effort (default)	'000000'	(1 value)

Per Hop Behaviors (PHBs) are then set in each node (i.e. this TOS byte gets 20% of traffic, this TOS byte gets 30%, everything else gets rest). See Queuing behaviors below for more reference.

Standardized DHCP markings

Application/Network Service Classes

IETF RFC4594 defines 12 ASCs (Application Service Classes) via DSCPs.
These can be mapped to 8 NSCs (Network Service Classes) represented via 802.1q field

This table originally taken from Table 4-1 in Nortel VoIP Technologies book

Application Service Class	Elasticity	DSCP	DSCP mark	QoS mark	Loss	Delay
Network Control (net element msging such as routing)	Both	CS6	48 (dec)	6	Low	Low
Telephony (VoIP audio)	Inelastic	EF	46 (dec)	5	Very Low	Very Low
Real-time Interactive (video)	Inelastic	CS4	32 (dec)		Low	Very Low
Multimedia Conferencing (audio-video conferences with rate adaptive CODECs)	Rate adaptive	AF4x	AF41 - 34, AF42 - 36, AF43 - 38		Low/Med	Very Low
Signaling (app-signaling such as SIP)	Inelastic	was CS5, AF31 now CS3	was 40, 26 now 24 (dec)	3	Low	Low
Broadcast Video (broadcast-quality trans - IPTV, security video...)	Inelastic	was CS3 now AF41	was 24 now 34	4	Very Low	Med
Multimedia Streaming (audio-video transmissions - podcasts, streaming video...)	Elastic	AF3x	AF31 - 26, AF32 - 28, AF33 - 30		Low/Med	Med
Low Latency Data (delay-sensitive apps - client/server, transaction-based svcs	Elastic	AF2x	AF21 - 18, AF22 - 20, AF23 - 22		Low	Low/Med
High Throughput Data (file transfers - ftp, http...)	Elastic	AF1x	AF11 - 10, AF12 - 12, AF13 - 14		Low	Med/High
OAM (ops data)	Both	CS2	16		Low	Med
Standard (best effort traffic)	No spec	DF	0		Not specified
Low Priority Data (data that can be starved)	Elastic	AF1x			High	High

ASC to NSC mappings

Some switches will map DSCP (ASC) mappings to 802.1q (NSC) mappings and ignore what is in that field
Book says "If an IP packet arrives with a non-standard or experimental DSCP value that is not mapped to any svc class, then this packet must be treated as a DF-marked (default) packet."
RFC4594 defines scheduler/queue types as rate or priority

Priority Queuing looks at highest prio queue and sends packets if packets exist. Then goes to next, etc.
Rate-based queuing including things like WRR and WFQ (see QoS cheatsheet)

NSC Traffic Svc Classes

App traffic can be divided into 2 categories

Network Control - net traffic such as routing updates
User traffic

Interactive (human to human) - sensitive to delay, loss, jitter. Delay perf on order of 10s of ms
Responsive (human to server) - less affected by jitter. Can tolerate longer delays than interactive traffic. Delay perf on order of 100s of ms
Timely (between servers or server to human) - daly tolerance significantly longer than Responsive traffic. delay perf less than 1 sec.

NSCs are a superset of six QoS classes defined in ITU-T Y.1541.

taken from table 4-5 in Nortel VoIP Technologies

Network Control Traffic Category	Network Service Class	Target Applications	Loss Tolerance	Delay Tolerance	Jitter Tolerance	Trafic Profile
Network Control	Network	Network Control	Low to very low	Low	NA	Variable sized packets
Interactive	Premium	VoIP Telephony Interactive video (video conferencing)	Very low to low	Very low	Very low to low	Typically varaiable sized packets
Interactive	Platinum	Multimedia conferencing (rate adaptive) Application Signaling	Low to med	Very low to low	Low to med	Variable sized packets
Responsive	Gold	Broadcast TV Pay-per-view movies and events Video surveillance and security Web casts - multimedia streaming Interactive gaming	Very low to med	Med	Low to high	Variable sized packets
Responsive	Silver	Client/Server apps SNA term-to-host transactions (SNA over IP using DLSw) Web-based ordering Credit card transactions Financial wire transfers ERP apps	Low	Low to med	NA	Variable sized packets
Timely	Bronze	Store and forward apps Email Billing record transfer Non-critical OAM&P (SNMP, TFTP, ...)	Low	Med to high	NA	Variable-sized packets
Timely	Standard	All traf not in other classes Best Effort traffic Bulk data transfer	Typically not specified	Typically not specified	NA	Variable-sized packets
Timely	Custom	Customer defined	Custom Defined	Custom Defined	Custom Defined	Specified

RSVP

Resource Reservation Protocol - packets sent to reserve (and tear down) priority path (L3)

"path" control message sent periodically by source to destination
"path" establishes an RSVP route in intermediary routers
sink/destination replies with a "resv" message, according to its capabilities
"resv" reserve resources in node on route back
if "path" not repeated after time-out, resources released
"path" and "resv" are carried by ordinary best-effort datagrams
if there's a problem during reservation, error msg sent to reciever is path fail. Teardown by either end to release reservations.
Note that "reservation" requests can be merged by nodes in a multicast situation

When NOT to use RSVP(?)
To prioritize traffic types, regardless of destination (use statically invoked class-based queuing)
To create limited number of host-to-host pipes with guaranteed badwidth (use statically invoked queuing)

When possibly to use RSVP(?)
To create dynamic pipes between hosts with service guarantees (use RSVP for host-to-host level flows)
To create dynamic pipes between applications with service guarantees (use RSVP for application level flows (e.g. for videoconferencing where device might be doing something else))
To create point-to-multipoint trees, with service guarantees
Note that core network scalability is a concern, as the central routers would be supporting numerous per-flow reservations in high speed backbone. Reservation processing and storage (states) overhead in router; classification and scheduling overhead.
consider edge-aggregation solutions to resolve scaling issues

Queue Types

FIFO

No data prioritizing - Fair

Simple Priority Queueing (PQ)

One queue per class
high-p queues get absolute priority
lower-p queues may overflow
no bandwidth guarantees
high-p traffic may use more than needed
low-p traffic may get no service at all

Fair Queuing

Round robin
each queue recieves the same amount of bandwidth

Weighted Round Robin

a technique for queue servicding
queues drained in weighted round-robin
no class gets more than a predetermined proportion of line capacity in times of congestion
within a class, FIFO respected
class-based queuing is an example of Weighted Round Robin (where Video get x%, voice, gets y%, mail get z%, etc....)
note: weighting dificult to implement when packet size varies significantly

Weighted Fair queuing (WFQ)

An improvement of Weighted round robin to take into account varying packet size
Algorithm
- Traffic classified in weighted round robin queues
- Then packet which is serviced is the one with "smallest finish time, had the weighted round robin algorithm been used"

Congestion Control (including RED and WRED)

Congestion control includes

congestion avoidance
congestion management (what to do when it occurs)

In Internet, enabling congestion control technique based on queue management
Queue management is

a recommended mechanism to improve regular best-effort
a mandatory mechanism to implement Diffserv AF

TCP will throttle back when congestion is observed
UDP will not.

A high number TCP flows simultaneously active can cause problems as they all ramp up and back off at the same time. This is referred to as Global Synchronization problem.

Goals

Reach a sustainable steady state where sender and receivers are synchronized
Be able to absorb bursts on top of steady traffic

Implies steady traffic does not consume all queue capacity

Passive techniques (dropping packets from various places in queues) not optimal

Back - Full queues, global synchronization problems (tcp noted above)
Middle - Full queues, expensive (have to calculate random place in middle)
Front - Full queues

Active dropping: RED

Drop arriving packets probabilistically before the queue is full
Probability of drop increases with queue size
Queue size = time - averaged length, not instantaneious length
Minimum threshold: av-size below which no packets are dropped
Maximum threshold: av-size above which all packets are dropped
if single queue, this is called "FIFO-RED".

Maintains FIFO principals
Drops pkts from each flow in proportion to ammount of bandwidth consumed
Punishes high rate flows
Not absolutely fair

Weighted RED (WRED)

RED with multiple pairs of thresholds on the same queue
One pair of thresholds per class of packet
Used to implement Diffserv Assured (3 Drop Pref)
When 2 classes only

often, classes are for "in profile" and "out of profile"
then this particular WRED called RIO (RED In:Out)

Cisco Switch Configure QoS - 2960

Taken from 'Catalyst 2960-X Switch QoS Configuration Guide, CIsco IOS Release 15.0(2) EX'

mls qos (turn on QoS globally)
no mls qos rewrite ip dscp (enable DSCP transparency - don't change dscp markings)
show mls qos
show mls qos interface
cdp enable (enable cdp globally)

Trusting port including VoIP phones

interface interface-id
   mls qos trust [cos | dscp | ip-precedence] (trust qos markings coming from this port)
   mls qos cos {default-cos| override} (modify ports cos settings)
   mls qos trust cos (trust cos markings coming from this port - if a phone?)
   mls qos trust dscp (trust dscp markings coming from this port - if a phone?)
   mls qos trust device cisco-phone (trust port markings if device cdp identifies as a cisco phone - switch sets voice packets to COS 5 and data packets to COS 0)

Trust next domain over

mls qos map dscp-mutation dscp-mutation-name in-dscp to out-dscp
interface interface-id
	mls qos trust dscpmls qos dscp-mutation dscp-mutation-name
show mls qos maps dscp-mutation

Configure a QOS Policy

Classify Traffic

access-list access-list-number {deny | permit} source [source-wildcard]
  OR
access-list access-list-number {deny | permit} protocol source source-wildcard destination destination-wildcard

show access-lists
layer 2 MAC ACL
mac access-list extended name
  {permit | deny} {host srsc-MAC-addr mask | any | hosT dst-MAC-addr mask [type mask]

class-map {match-all | match-any} class-map-name
  match {access-group acl-index-or-name | ip dscp dscp-list | ip precedence ip-precedence-list

Policy Maps

can contain multiple class statements, each with diff match crit and policers
can contained predefined def traff class explicitly placed at end of map
separate policy-map class can exist for each type of traffic received through a port
1 policy map per ingress port
ip-precedence-to-DSCP map only affect packets on ingress interfaces configured to trust IP precedence value

class-map [match-all | match-any] class-map-name

policy-map policy-map-name
  class [class-map-name | class-default]
  trust [cos | dscp | ip-precedence]
  set {dscp new-dscp | ip precedence new-precedence}
  police rate-bps burst-byte [exceed-action {drop | policed-dscp-transmit}]

interface (interface-id]
  service-policy input policy-map-name
  
show policy-map [policy-map-name [class class-map-name]]

Aggregate Policer

Aggregate policer is shared by multiple traffic classes eithin same policy map.

mls qos aggregate-policer aggregate-policer-name rate-bps burst-byte exceed-action {drop | policed-dscp-transmit}
(burst-byte is the amount of bytes allowed to burst)

class-map [match-all | match-any] class-map-name

policy-map policy-map-name
  class [class-map-name | class-default]
  police aggregate aggregate-policer-name
interface interface-id
  service-policy input policy-map-name

show mls qos aggregate-policer [aggregate-policer-name]

CoS-to-DSCP Map

mls qos map cos-dscp dscp1...dscp8
(matches 8 COS values (0-7) to DSCP values listed)

show mls qos maps cos-dscp

IP-Precedence-to-DSCP Map

mls qos map ip-prec-dscp dscp1...dscp8
(matches 8 ip precedence values (0-7) to DSCP values listed)

show mls qos maps ip-prec-dscp

policed-dscp map

mls qos map policed-dscp dscp-list to mark-down-dscp

e.g.  policed-dscp 50 51 52 53 54 55 56 57 to 0

show mls maps policed-dscp

DSCP-to-CoS Map

Up to 8 DSCP values

mls qos map dscp-cos dscp-list to cos

e.g. mls qos map dscp-cos 0 8 16 24 32 40 48 50 to 0

show mls qos maps dscp-to_cos

DSCP-to-DSCP Mutation Map

mls qos map dscp-mutation dscp-mutation-name in-dscp to out-dscp
in-dscp can be up to 8 dscp markings
e.g. mls qos map dscp-mutation mutation1 1 2 3 4 5 6 7 to 0

interface interface-id
  mls qos trust dscp
  mls qos dscp-mutation dscp-mutation-name

show mls qos maps dscp-mutation

Cfging Egress Queue Characteristics

mls qos queue-set output qset-id buffers allocation1 ... allocation4
mls qos queue-set output qset-id threshold queue-id drop-threshold1 drop-threshold2 reserved-threshold maximum-threshold
- allocations are percentage applied to each queue
- qset-id is 1 or 2
- drop-thresholds are WTD thresholds as a percentage of queue's allocated memory
- reserved threshold is percentage guaranteed for the queue
- maximum threshold is max percentage memory that queue can have before packets are dropped if  common pool is not empty

interface interface-id
  queue-set qset-id

show mls qos interface [interface-id] buffers

Mapping DSCP or CoS Vals to Egress Queue and Threshold ID

mls qos srr-queue output dscp-map queue queue-id threshold threshold-id dscp1...dscp8
mls qos srr-queue output cos-map queue queue-id threshold threshold-id cos1...cos8

show mls qos maps

By default, DSCP values 0–15 are mapped to queue 2 and threshold 1. DSCP values 16–31 are mapped to queue 3 and threshold 1. DSCP values 32–39 and 48–63 are mapped to queue 4 and threshold 1. DSCP values 40–47 are mapped to queue 1 and threshold 1.

By default, CoS values 0 and 1 are mapped to queue 2 and threshold 1. CoS values 2 and 3 are mapped to queue 3 and threshold 1. CoS values 4, 6, and 7 are mapped to queue 4 and threshold 1. CoS value 5 is mapped to queue 1 and threshold 1.

Cfg SRR Shaped Weights on Egress Queues

Ratio of frequencies that scheduler sends packets from each queue.

interface interface-id
  srr-queue bandwidth shape weight1 weight2 weight3 weight4
   
show mls qos interface interface-id queueing

Weight range is 0 to 65535. 0 means shared mode and srr-queue bandwidth share on interface comes into play. shaped mode overrides shared mode. weight1 default is 25. all others are 0.

Cfg SRR shared Weights on Egress Queues

Shared bandwidth guaranteed but not limited (excess can be used by other queues).

interface interface-id
  srr-queue bandwidth share weight1 weight2 weight3 weight4
 
(weight range is 1 to 255)
show mls qos interface interface-id queueing

Cfg Egress Expedite Queue

This queue gets serviced until empty.

mls qos
interface interface-id
  priority-queue out

NOTE: with expedite queue - weight1 is ignored

Limiting bw on egress intrfce

interface interface-id
  srr-queue bandwidth limit weight1

weight1 is 10 to 90 (default 100)

Cisco Switch Configure QoS - 3850

From QoS Configuration Guide, Cisco IOS XE Release 3SE (Catalyst 3850 Switches)

Overview

Classification - by ACL, DSCP, CoS, IP precedence, QoS-group
Marking and mutation
Shaping and policing - imposing max rate of traffic
Queuing
Bandwidth - avail capacity for traffic subject to QoS policies
Trust
Upstream - towards switch. sames as ingress. wireless to wired.
Downstream - from switch. sames as egress. wired to wireless.
NRT - non real time

Modular QoS Command Line Interface (MQC) - platform-independent CLI to creat traffic policies and attach policies to interfaces

traffic policy contains traffic class and one or more QoS features

traffic class used to classify traffic
QoS features determine how to treat classified traffic

wired

Gig, 10Gig, VLAN settable
installed using service-policy command
up to 8 queues per port

port policies

include port shaper and child policy
child policy only apply to wireless ports. port shaper limited to 1G

Port Policy Format

AP connected to switch port is detectd, and default hierarchical policy is applied

Default class map

class-map match-any non-client-nrt-class

(puts traffic in Q3 queue)

show class-map

Default policy map

policy-map port_child_policy
	class non-client-nrt-class
		bandwidth remaining ratio 10

System-defined policy map for wireless devices

port-child-policy can be customized

Policy-map policy_map_name
	class class-default
		shape average average_rate
		service-policy port_child_policy

example port child policy
Policy-map port_child_policy
	Class voice-policy-name (match dscp ef)
		Priority level 1
		Police (multicast-policer-name-voice) Multicast Policer
	Class video-policy-name (match dscp af41)
		Priority level 2
		Police (multicast-policer-name-video) Multicast Policer
Class non-client-nrt-class traffic(match non-client-nrt)
		Bandwidth remaining ratio (brr-value-nrt-q2)
	Class class-default (NRT Data)
		Bandwidth remaining ratio (brr-value-q3)

(puts voice and video to Q0 and Q1 queues - strict priority)
(brr-value-nrt-q2 and brr-value-q3 are directed to the Q2 and Q3 specified by class maps class-default and non-client-nrt - round robin)

Hierarchical Wireless QoS

policy enforcement happens on switch port

per radio constraint

per wlan SSID

per client

Configuring QoS

Traffic Class

class-map {class-map name | match-any}
	match access-group {index-number | name}
	match class-map class-map-name
	match cos cos-values
	match dscp dscp-values (can be dscp names e.g. af11 af12)
	match ip {dscp dscp-value | precedence precedence-value}
	match non-client-nrt (wireless only - multicast and ap non-client bound traffic)
	match qos-group qos-group-value (0-31)
	match vlan vlan-value
	match wlan user-priority wlan-value (802.11e values 0-7)
		match wlan user-priority 7

Traffic Policy

policy-map policy-map-name
	class {class-name | class-default}
	admit
	bandwidth {kbs-value | percent percentage | remaining {ratio ratio}}
	police {target_bit_rate | cir | rate}
	priority {kbs | level level-value | percent percentage-value}
	queue-buffers ratio ratio-limit
	queue-limit {packets | cos | dscp | percent}
	service-policy policy-map-name
	set {cos | dscp | ip | precedence | qos-group | wlan}
	shape average {target_bit_rate | percent value}

Class-Based Packet Marking

policy-map policy-name
	class class-name
	set cos {cos-value | cos table table-map-name | dscp table table-map-name | 
		 precedence table table-map-name | qos-group table
		 table-map-name | wlan user-priority table table-map-name}
	set dscp {dscp-value | default | dscp table table-map-name | ef | precedence table table-map-name |
		  qos-group table table-map-name | wlan user-priority table table-map-name}
	set ip {dscp | precedence} value
	set precedence {precedence-value | cos table table-map-name | dscp table table-map-name | 
			precedence table table-map-name | qos-group table table-map-name}
	set qos-group {qos-group-value | dscp table table-map-name | precedence table table-map-name}
	set wlan user-priority {wlan-user-priority-value | cos table table-map-name | 
				dscp table table-map-name | qos-group table table-map-name | 
				wlan table table-map-name}

show policy-map

Attaching a traffic policy to an interface

interface type
	service-policy {input policy-map | output policy-map }

show policy map [policy-map-name [class class-map-name]]

Class Maps for Voice/Video

class-map class-map-name
	match dscp dscp-value-for-voice
class-map class-map-name
	match dscp dscp-value-for-video

Configuring Table Maps

enable the mapping and conversion of one field to another using a table (e.g. cos to dscp)

table-map name {default {default-value | copy | ignore} | exit | map {from from-value to to-value } | no}
	map from value to value

show table-map

policy-map
	class class-default
	set cos dscp table table-map-name

Disabling Wireless Traffic Trust

qos wireless-default-untrust

Call Admission Control

class-map class-name
	match dscp dscp-value

table-map name
	default copy

policy-map policy-name
	class class-map-name
	priority level level_value
	police [target_bit_rate | cir | rate ]
	admit cac wmm-tspec
	rate value
	wlan-up value

policy-map policy-name
	class class-map-name
	set dscp dscp table table_map_name
	set wlan user-priority dscp table table_map_name
	shape average {target-bit-rate | percent percentage}
	queue-buffers {ratio ratio-value}
	service-policy policy_map_name

show policy-map

Configuring Bandwidth

policy-map policy-name
	class class-name
	bandwidth {Kb/s | percent percentage | remaining { ratio ratio }}

Configuring Police

policy-map policy-name
	class class-name
	police {target_bit_rate [burst-bytes | bc | confirm-action | pir] | 
		cir {target_bit_rate | percent percentage} | rate {target_bit_rate | 
		percent percentage} conform-action transmit exceed-action {drop [violate action] | 
		set-cos-transmit | set-dscp-transmit | set-prec-transmit | transmit [violate action] }}

Configuring Priority

policy-map policy-name
	class class-name
	priority {kbs [burst_in_bytes] | level level-value [burst_in_bytes] | 
	percent percentage-value [burst_in_bytes]}

Priority level 1 is more important than priority level 2. Priority level 1 reserves bandwidth that is processed first for QoS, so its latency is very low. Both priority level 1 and 2 reserve bandwidth.

Configuring Queue Buffers

policy-map policy-name
	class class-name
	bandwidth {kbs-value | percent percentage | remaining {ratio ratio-value}}
	queue-buffers {ratio ratio-value}

Configuring Queue Limits

Weighted Tail Drop. 3 threshold classes. Up to 400% of resrved buffer fr common pool.

policy-map policy-name
	class class-name
	bandwidth {kbs-value | percent percentage | remaining {ratio ratio-value}}
	queue-limit {	packets packets 
			| cos {cos-value { maximum-threshold-value | percent percentage } 
				| values {cos-value | percent percentage } } 
			| dscp {dscp-value {maximum-threshold-value | percent percentage} 
				| match packet {maximum threshold value | percent percentage} 
				| default {maximum-threshold-value | percent percentage} 
				| ef {maximum-threshold-value | percent percentage} 
				| dscp values dscp-value} 
			| percent percentage }}
			
example
-------
queue-limit dscp 3 percent 20
queue-limit dscp 4 percent 30
queue-limit dscp 5 percent 40

Configuring Shaping

policy-map policy-name
	class class-name
	shape average {target-bit-rate | percent percentage}

Monitoring

show class-map [class_map_name]
show policy-map [policy_map_name]
show policy-map interface { Auto-template | Capwap |
	GigabitEthernet | GroupVI | InternalInterface | Loopback | Null |
	Port-channel | TenGigabitEthernet | Tunnel | Vlan | Brief | class |
	input | output | wireless }
show policy-map interface wireless ap [access point]
show policy-map interface wireless ssid [ssid]
show policy-map interface wireless client [client]
show policy-map session [ input | output | uid UUID ]
show table-map
show policy-map interface wireless ssid name ssid-name radio type {24ghz | 5ghz} ap name ap-name

Auto-QoS

Configuring & monitoring

interface interface-id
	auto qos voip {cisco-phone | cisco-softphone | trust}
	auto qos video {cts | ip-camera | media-player}
	auto qos classify [police]
	auto qos trust {cos | dscp}

show autoqos
show running-config | i autoQos
show running-config | i AutoQos	
show auto qos interface interface-id
show policy-map interface interface

Auto-QoS Cos or DSCP generates

auto qos trust cos
	OR
auto qos trust dscp

The following policy maps are created and applied when running this command:
	AutoQos-4.0-Trust-Cos-Input-Policy
		OR
	AutoQos-4.0-Trust-Dscp-Input-Policy
	
	AutoQos-4.0-Output-Policy

The following class maps are created and applied when running this command:
	class-default (match-any)
	AutoQos-4.0-Output-Priority-Queue (match-any)
	AutoQos-4.0-Output-Control-Mgmt-Queue (match-any)
	AutoQos-4.0-Output-Multimedia-Conf-Queue (match-any)
	AutoQos-4.0-Output-Trans-Data-Queue (match-any)
	AutoQos-4.0-Output-Bulk-Data-Queue (match-any)
	AutoQos-4.0-Output-Scavenger-Queue (match-any)
	AutoQos-4.0-Output-Multimedia-Strm-Queue (match-any)

Auto-QoS cisco-phone

auto qos voip cisco-phone
The following policy maps are created and applied when running this command:
	AutoQos-4.0-CiscoPhone-Input-Policy
	AutoQos-4.0-Output-Policy

The following class maps are created and applied when running this command:
	AutoQos-4.0-Voip-Data-CiscoPhone-Class (match-any)
	AutoQos-4.0-Voip-Signal-CiscoPhone-Class (match-any)
	AutoQos-4.0-Default-Class (match-any)
	class-default (match-any)
	AutoQos-4.0-Output-Priority-Queue (match-any)
	AutoQos-4.0-Output-Control-Mgmt-Queue (match-any)
	AutoQos-4.0-Output-Multimedia-Conf-Queue (match-any)
	AutoQos-4.0-Output-Trans-Data-Queue (match-any)
	AutoQos-4.0-Output-Bulk-Data-Queue (match-any)
	AutoQos-4.0-Output-Scavenger-Queue (match-any)
	AutoQos-4.0-Output-Multimedia-Strm-Queue (match-any)

Auto-QoS cisco-softphone

auto qos voip cisco-softphone

The following policy maps are created and applied when running this command:
	AutoQos-4.0-CiscoSoftPhone-Input-Policy
	AutoQos-4.0-Output-Policy
	
The following class maps are created and applied when running this command:
	AutoQos-4.0-Voip-Data-Class (match-any)
	AutoQos-4.0-Voip-Signal-Class (match-any)
	AutoQos-4.0-Multimedia-Conf-Class (match-any)
	AutoQos-4.0-Bulk-Data-Class (match-any)
	AutoQos-4.0-Transaction-Class (match-any)
	AutoQos-4.0-Scavanger-Class (match-any)
	AutoQos-4.0-Signaling-Class (match-any)
	AutoQos-4.0-Default-Class (match-any)
	class-default (match-any)
	AutoQos-4.0-Output-Priority-Queue (match-any)
	AutoQos-4.0-Output-Control-Mgmt-Queue (match-any)
	AutoQos-4.0-Output-Multimedia-Conf-Queue (match-any)
	AutoQos-4.0-Output-Trans-Data-Queue (match-any)
	AutoQos-4.0-Output-Bulk-Data-Queue (match-any)
	AutoQos-4.0-Output-Scavenger-Queue (match-any)
	AutoQos-4.0-Output-Multimedia-Strm-Queue (match-any)

3850 QoS Examples

Endpoint hardphone

interface GigabitEthernet1/0/24
 ...
 trust device cisco-phone
 auto qos voip cisco-phone (configures things below)
 ...
 service-policy input AutoQos-4.0-CiscoPhone-Input-Policy
 service-policy output AutoQos-4.0-Output-Policy

policy-map AutoQos-4.0-CiscoPhone-Input-Policy
 class AutoQos-4.0-Voip-Data-CiscoPhone-Class
   set dscp ef
    police cir 128000 bc 8000
      conform-action transmit
      exceed-action set-dscp-transmit dscp table policed-dscp (cs1 set)
 class AutoQos-4.0-Voip-Signal-CiscoPhone-Class
   set dscp cs3
    police cir 32000 bc 8000
      conform-action transmit
      exceed-action set-dscp-transmit dscp table policed-dscp (cs1 set)

class-map match-any AutoQos-4.0-Voip-Data-CiscoPhone-Class
  match cos  5
class-map match-any AutoQos-4.0-Voip-Signal-CiscoPhone-Class
  match cos  3

policy-map AutoQos-4.0-Output-Policy
 class AutoQos-4.0-Output-Priority-Queue
    priority level 1 percent 30
 class AutoQos-4.0-Output-Control-Mgmt-Queue
    bandwidth remaining percent 10
    queue-limit dscp  cs2 percent 80
    queue-limit dscp  cs3 percent 90
    queue-limit dscp  cs6 percent 100
    queue-limit dscp  cs7 percent 100
    queue-buffers ratio 10
 class AutoQos-4.0-Output-Multimedia-Conf-Queue
    bandwidth remaining percent 10
    queue-buffers ratio 10
 class AutoQos-4.0-Output-Trans-Data-Queue
    bandwidth remaining percent 10
    queue-buffers ratio 10
 class AutoQos-4.0-Output-Bulk-Data-Queue
    bandwidth remaining percent 4
    queue-buffers ratio 10
 class AutoQos-4.0-Output-Scavenger-Queue
    bandwidth remaining percent 1
    queue-buffers ratio 10
 class AutoQos-4.0-Output-Multimedia-Strm-Queue
    bandwidth remaining percent 10
    queue-buffers ratio 10
 class class-default
    bandwidth remaining percent 25
    queue-buffers ratio 25

class-map match-any AutoQos-4.0-Output-Priority-Queue
  match  dscp cs4  cs5  ef
  match cos  5
class-map match-any AutoQos-4.0-Output-Control-Mgmt-Queue
  match  dscp cs2  cs3  cs6  cs7
  match cos  3
class-map match-any AutoQos-4.0-Output-Multimedia-Conf-Queue
  match  dscp af41  af42  af43
  match cos  4
class-map match-any AutoQos-4.0-Output-Trans-Data-Queue
  match  dscp af21  af22  af23
  match cos  2
class-map match-any AutoQos-4.0-Output-Bulk-Data-Queue
  match  dscp af11  af12  af13
  match cos  1
class-map match-any AutoQos-4.0-Output-Scavenger-Queue
  match  dscp cs1
class-map match-any AutoQos-4.0-Output-Multimedia-Strm-Queue
  match  dscp af31  af32  af33

Endpoint untrusted

interface GigabitEthernet2/0/28
 ---
 ---
 service-policy input Qos-CompanyUntrusted-Input-Policy
 service-policy output AutoQos-4.0-Output-Policy

table-map dscp-to-default-000000
 default 0

class-map match-any Qos-CompanyRTP-Conf-Class
  match access-group name Qos-CompanyRTP-Conf
ip access-list extended Qos-CompanyRTP-Conf
 permit udp any any range 16384 32767
 permit tcp any any range 16384 32767
class-map match-any Qos-Company-Signaling-Class
  match access-group name Qos-Company-Acl-Signaling
ip access-list extended Qos-Company-Acl-Signaling
 permit tcp any any range 2000 2002
 permit tcp any any range 5060 5061
 permit udp any any range 5060 5061
 permit tcp any any range 1718 1720
 permit udp any any range 1718 1720
class-map match-any Qos-Company-gateway-critical-traffic
 match access-group name Qos-Company-gateway-critical-Conf
ip access-list extended Qos-Company-gateway-critical-Conf
 permit tcp any any eq 22

policy-map Qos-CompanyUntrusted-Input-Policy
class Qos-CompanyRTP-Conf-Class !typical cisco rtp range
   set dscp ef
    police cir 30000000
      conform-action transmit
      exceed-action set-dscp-transmit dscp table dscp-to-default-000000
class Qos-Company-Signaling-Class !sccp sip h323
   set dscp cs3
    police cir 5000000
      conform-action transmit
      exceed-action set-dscp-transmit dscp table dscp-to-default-000000
class Qos-Company-gateway-critical-traffic
   set dscp cs6
    police cir 5000000
      conform-action transmit
      exceed-action set-dscp-transmit dscp table dscp-to-default-000000
class class-default
   set dscp default

Endpoint trusted

class-map match-any Qos-CompanyTrusted-RTPOut-Class
   match dscp ef
class-map match-any Qos-CompanyTrusted-SignalingOut-Class
   match dscp cs3
class-map match-any Qos-CompanyTrusted-gw-crit-traffic
   match dscp cs6

!policy-map Qos-CompanyTrusted-Input-Policy
   !copy dscp and cos is one for one by default

policy-map Qos-CompanyTrusted-Output-Policy
 class Qos-CompanyTrusted-RTPOut-Class !marked media/rtp
   !dscp ef
   !priority level 1
   bandwidth percent 30
   !police cir 30000000
   !   conform-action transmit
   !  exceed-action drop
 class Qos-CompanyTrusted-SignalingOut-Class !marked signalling
   !dscp cs3
   bandwidth percent 5
   ! police cir 5000000
   !   conform-action transmit
   !   exceed-action drop
 class Qos-CompanyTrusted-gw-crit-traffic
   !dscp cs6
   bandwidth percent 5
   ! police cir 5000000
   !   conform-action transmit
   !   exceed-action drop
 class class-default
   !dscp default (0)
   bandwidth percent 60

int TenGigabitEthernet1/1/3
  service-policy output Qos-CompanyTrusted-Output-Policy
int TenGigabitEthernet2/1/3
  service-policy output Qos-CompanyTrusted-Output-Policy