End-to-End QoS Network Design By Tim Szigeti - CCIE No 9794, Christina Hattingh Publisher : Cisco Press Pub Date : November 09, 2004 ISBN : 1-58705-176-1 Pages : 768 Best-practice QoS designs for protecting voice, video, and critical data while mitigating network denial-of-service attacks Understand the service-level requirements of voice, video, and data applications Examine strategic QoS best practices, including Scavengerclass QoS tactics for DoS/worm mitigation Learn about QoS tools and the various interdependencies and caveats of these tools that can impact design considerations Learn how to protect voice, video, and data traffic using various QoS mechanisms Evaluate design recommendations for protecting voice, video, and multiple classes of data while mitigating DoS/worm attacks for the following network infrastructure architectures: campus LAN, private WAN, MPLS VPN, and IPSec VPN Quality of Service (QoS) has already proven itself as the enabling technology for the convergence of voice, video, and data networks As business needs evolve, so do the demands for QoS The need to protect critical applications via QoS mechanisms in business networks has escalated over the past few years, primarily due to the increased frequency and sophistication of denial-of-service (DoS) and worm attacks Table of • Contents • Index End-to-End QoS Network Design is a detailed handbook for planning and deploying QoS solutions to address current business needs This book goes beyond discussing available QoS technologies and considers detailed design examples that illustrate where, when, and how to deploy various QoS features to provide validated and tested solutions for voice, video, and critical data over the LAN, WAN, and VPN The book starts with a brief background of network infrastructure evolution and the subsequent need for QoS It then goes on to cover the various QoS features and tools currently available and comments on their evolution and direction The QoS requirements of voice, interactive and streaming video, and multiple classes of data applications are presented, along with an overview of the nature and effects of various types of DoS and worm attacks QoS best-practice design principles are introduced to show how QoS mechanisms can be strategically deployed end-to-end to address application requirements while mitigating network attacks The next section focuses on how these strategic design principles are applied to campus LAN QoS design Considerations and detailed design recommendations specific to the access, distribution, and core layers of an enterprise campus network are presented Private WAN QoS design is discussed in the following section, where WAN-specific considerations and detailed QoS designs are presented for leased-lines, Frame Relay, ATM, ATM-to-FR Service Interworking, and ISDN networks Branch-specific designs include Cisco(r) SAFE recommendations for using Network-Based Application Recognition (NBAR) for known-worm identification and policing The final section covers Layer 3 VPN QoS design-for both MPLS and IPSec VPNs As businesses are migrating to VPNs to meet their wide-area networking needs at lower costs, considerations specific to these topologies are required to be reflected in their customer-edge QoS designs MPLS VPN QoS design is examined from both the enterprise and service provider's perspectives Additionally, IPSec VPN QoS designs cover site-to-site and teleworker contexts Whether you are looking for an introduction to QoS principles and practices or a QoS planning and deployment guide, this book provides you with the expert advice you need to design and implement comprehensive QoS solutions This book is part of the Networking Technology Series from Cisco Press, which offers networking professionals valuable information for constructing efficient networks, understanding new technologies, and building successful careers End-to-End QoS Network Design By Tim Szigeti - CCIE No 9794, Christina Hattingh Publisher : Cisco Press Pub Date : November 09, 2004 Table of ISBN : 1-58705-176-1 • Contents Pages : 768 • Index Copyright About the Authors About the Technical Editors Acknowledgments Icons Used in This Book Command Syntax Conventions Introduction Who Should Read This Book? Goals and Methods How This Book Is Organized Part I: Introduction to QoS Chapter 1 Introduction to QoS A Brief Historical Perspective QoS Evolution User Network Expectations Understanding QoS QoS Models Introduction to the QoS Toolset Simplifying QoS If I Have AutoQoS, Why Should I Be Reading This Book? The Continuing Evolution of QoS Summary Further Reading Chapter 2 QoS Design Overview QoS Requirements of VoIP QoS Requirements of Video QoS Requirements of Data QoS Requirements of the Control Plane Scavenger Class DoS and Worm Mitigation Strategy Through Scavenger Class QoS Principles of QoS Design Summary Further Reading Part II: QoS Toolset Chapter 3 Classification and Marking Tools Classification Tools Marking Tools Summary Further Reading Chapter 4 Policing and Shaping Tools Token Bucket Algorithms Policers Shapers Further Reading Chapter 5 Congestion-Management Tools Understanding Scheduling and Queuing Legacy Layer 3 Queuing Mechanisms Currently Recommended Layer 3 Queuing Mechanisms Layer 2 Queuing Tools Tx-ring PAK_priority Summary Further Reading Chapter 6 Congestion-Avoidance Tools Random Early Detection Weighted Random Early Detection DSCP-Based Weighted Random Early Detection Explicit Congestion Notification Summary Further Reading Chapter 7 Link-Specific Tools Header-Compression Techniques Link Fragmentation and Interleaving Summary Further Reading Chapter 8 Bandwidth Reservation RSVP Overview MPLS Traffic Engineering Scalability RSVP-DiffServ Integration Endpoints and Proxies Summary Further Reading Chapter 9 Call Admission Control (CAC) CAC Overview CAC Defined CAC Tool Categories CallManager Locations CAC Gatekeeper CAC RSVP Summary Further Reading Chapter 10 Catalyst QoS Tools Generic Catalyst QoS Models Catalyst 2950 Catalyst 3550 Catalyst 2970, 3650, and 3750 Catalyst 4500 Catalyst 6500 Summary Further Reading Chapter 11 WLAN QoS Tools QoS for Wireless LANs Versus QoS on Wired LANs Upstream Versus Downstream QoS IEEE 802.11 DCF IEEE 802.11e EDCF IEEE 802.1D Classes of Service QoS Operation on Cisco APs Configuring QoS on Cisco APs Summary Further Reading Part III: LAN QoS Design Chapter 12 Campus QoS Design DoS/Worm-Mitigation Strategies Call-Signaling TCP/UDP Ports in Use Access-Edge Trust Models Catalyst 2950 QoS Considerations and Design Catalyst 3550 QoS Considerations and Design Catalyst 2970/3560/3750 QoS Considerations and Design Catalyst 4500-SupII+/III/IV/V QoS Considerations and Design Catalyst 6500 QoS Considerations and Design WAN Aggregator/Branch Router Handoff Considerations Case Study: Campus QoS Design Summary Further Reading Part IV: WAN QoS Design Chapter 13 WAN Aggregator QoS Design Where Is QoS Needed over the WAN? WAN Edge QoS Design Considerations WAN Edge Classification and Provisioning Models WAN Edge Link-Specific QoS Design Case Study: WAN Aggregation Router QoS Design Summary Further Reading Chapter 14 Branch Router QoS Design Branch WAN Edge QoS Design Branch Router LAN Edge QoS Design Case Study: Branch Router QoS Design Summary Further Reading Part V: VPN QoS Design Chapter 15 MPLS VPN QoS Design Where Is QoS Needed over an MPLS VPN? Customer Edge QoS Design Considerations Provider-Edge QoS Considerations Core QoS Considerations Case Study: MPLS VPN QoS Design (CE/PE/P Routers) Summary Further Reading Chapter 16 IPSec VPN QoS Design Site-to-Site V3PN QoS Considerations Site-to-Site V3PN QoS Designs Headend VPN Edge QoS Options for Site-to-Site V3PNs Teleworker V3PN QoS Considerations Teleworker V3PN QoS Designs Case Study: IPSec VPN QoS Design Summary Further Reading QoS "At-A-Glance" Summaries Index Copyright End-to-End QoS Network Design Tim Szigeti, CCIE No 9794, Christina Hattingh Copyright © 2005 Cisco Systems, Inc Published by: Cisco Press 800 East 96th Street Indianapolis, IN 46240 USA All rights reserved No part of this book may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or by any information storage and retrieval system, without written permission from the publisher, except for the inclusion of brief quotations in a review Printed in the United States of America 1 2 3 4 5 6 7 8 9 0 First Printing October 2004 Library of Congress Cataloging-inPublication Number: 2003111984 Trademark Acknowledgments All terms mentioned in this book that are known to be trademarks or service marks have been appropriately capitalized Cisco Press or Cisco Systems, Inc., cannot attest to the accuracy of this information Use of a term in this book should not be regarded as affecting the validity of any trademark or service mark Warning and Disclaimer This book is designed to provide information about Quality-ofService network design best-practice recommendations Every effort has been made to make this book as complete and as accurate as possible, but no warranty or fitness is implied The information is provided on an "as is" basis The authors, Cisco Press, and Cisco Systems, Inc., shall have neither liability nor responsibility to any person or entity with respect to any loss or damages arising from the information contained in this book or from the use of the discs or programs that may accompany it The opinions expressed in this book belong to the author and are not necessarily those of Cisco Systems, Inc Corporate and Government Sales Cisco Press offers excellent discounts on this book when ordered in quantity for bulk purchases or special sales For more information please contact: U.S Corporate and Government Sales 1-800-382-3419 corpsales@pearsontechgroup.com For sales outside the U.S please contact: International Sales international@pearsoned.com Feedback Information At Cisco Press, our goal is to create in-depth technical books of the highest quality and value Each book is crafted with care and precision, undergoing rigorous development that involves the unique expertise of members from the professional technical community Readers' feedback is a natural continuation of this process If you have any comments regarding how we could improve the quality of this book or otherwise alter it to better suit your needs, you can contact us through e-mail at feedback@ciscopress.com Please make sure to include the book title and ISBN in your message We greatly appreciate your assistance Publisher John Wait Editor-in-Chief John Kane Cisco Representative Anthony Wolfenden Cisco Press Program Manager Nannette M Noble Executive Editor Christopher Cleveland Acquisitions Editor Michelle Grandin Production Manager Patrick Kanouse Development Editor Howard A Jones Copy Editor Krista Hansing Technical Editors Frank Knox Anna To Connie Varner Team Coordinator Tammi Barnett Cover Designer Louisa Adair Composition Octal Publishing, Inc show wrr-queue bandwidth command show wrr-queue cos-map command SI (Standard Image) SIFS site-to-site V3PN headend VPN edge QoS options IPSec transport mode (encrypting an IP GRE tunnel) IPSec tunnel mode (encrypting an IP GRE tunnel) IPSec tunnel mode (No IP GRE tunnel) QoS models Eight-Class Site-to-Site V3PN Model Six-Class Site-to-Site V3PN Model Six-Class Site-to-Site V3PN Model Skinny Call Control Protocol (SCCP) SLIP (Serial Line IP) protocol Slow Link-Speed QoS Class Models slow-speed ATM links ATM PVC bundles show atm bundle command show atm vc command show atm pvc command Tx-rings slow-speed Frame Relay links slow-speed leased lines show interface command show policy interface command slow-speed links (ATM-FR SIW) SMI (Standard Multilayer Software Image) SoftPhone software queuing (WAN aggregators) source IP address classification speed (links) split tunneling SQL Slammer Standard Image (SI) Standard Multilayer Software Image (SMI) state-machine synchronization streaming video 2nd strict-priority queuing rule sum of LLQs Supervisor 720 Index [SYMBOL] [A] [B] [C] [D] [E] [F] [G] [H] [I] [J] [K] [L] [M] [N] [O] [P] [Q] [R] [S] [T] [U] [V] [W] table map feature tail drops TAM (time-division multiplexing) TCP and UDP global synchronization behavior packet loss TCP/UDP classification teleworker V3PN QoS asymmetric links and unidirectional QoS bandwidth provisioning cable overhead DSL (AAL5 + PPPoE) overhead NAT transparency feature overhead broadband serialization mitigation through TCP maximum segment size tuning broadband-access technologies cable DSL business-ready teleworker design Deployment Models 2nd Dual-Unit Model Integrated Unit + Access Model 2nd Integrated Unit Model Integrated Unit/Dual Unit Models split tunneling Three-Class (Voice and Data) Model Three-Class Provider-Core Model Three-Class Provider-Edge Model 2nd time-division multiplexing (TDM) token bucker algorithms topologies IPSec QoS design split tunnel ToS (type of service) byte preservation reflection total drops statistics traffic branch-to-branch campus networks campus-to-branch classification conforming data defined by QoS Baseline DLSw+, marking exceeding handoffs horizontal separation of IP LLQ marking/remarking 2nd out-of-profile PAK_priority prioritization Scavenger Scavenger-class QoS strategy unpoliced classes vertical separation of violating worm mitigation in Scavenger class Transactional Data translating Layer 2 and Layer 3 packet markings 802.1Q/p to and from DSCP DHCP to Frame Relay DE bit IP precedence to ATM/Frame Relay PVCs table map feature transmit queuing (Catalyst 6500) transmit ring (Tx-ring) troubleshooting class naming DoS attacks (campus networks) worms (campus networks) trust boundaries access-edge Conditionally Trusted Endpoint Models 2nd Trusted Endpoint Models 2nd Untrusted Endpoint Models defined trust states configuring trust on Catalyst 6500 trust-device command trusted endpoint models 2nd Catalyst 2970/3750 Catalyst 3550 Catalyst 4500 Catalyst 6500 show port qos command trusted endpoints, connecting tunnel DiffServ tunneling cRTP modes (MPLS DiffServ) Pipe Mode Short Pipe Mode Uniform Mode split tunneling tx-queue command tx-ring-limit command Tx-rings (transmit rings) 2nd ATM tuning type of service (ToS) Index [SYMBOL] [A] [B] [C] [D] [E] [F] [G] [H] [I] [J] [K] [L] [M] [N] [O] [P] [Q] [R] [S] [T] [U] [V] [W] UBR (unspecified bit rate) UDP and TCP underruns (jitter buffers) unidirectional applications unidirectional QoS Uniform Mode unspecified bit rate (UBR) Untrusted Endpoint Models (trust boundaries) Untrusted Multiapplication Server Model show class-map and show policy-map verification commands show mls masks qos verification command show mls qos interface policers verification command Untrusted PC with SoftPhone Model Catalyst 2950 Catalyst 2970/3750 Catalyst 3550 Catalyst 4500 Catalyst 6500 show qos acl verification command show qos maps verification command show qos policer verification command show qos statistics verification command Untrusted Server Model Catalyst 2970/3750 Catalyst 3550 Catalyst 4500 Catalyst 6500 uplink connections (DSL and cable) upstream QoS Index [SYMBOL] [A] [B] [C] [D] [E] [F] [G] [H] [I] [J] [K] [L] [M] [N] [O] [P] [Q] [R] [S] [T] [U] [V] [W] variable network delay [See jitter] VBR (variable bit-rate) verification command verifying ATM IMA group tag-switching configuration (MPLS per-VPN TE) vertical separation of traffic very-high-speed ATM links video MPLS VPN CE QoS design considerations QoS Interactive-Video Streaming-Video Streaming-Video, protecting surveillance systems videoconferencing any-to-any gateways and systems videoconferencing rate violating traffic viruses VoFR (Voice over Frame Relay) voice gateway packet marking MPLS VPN CE QoS design considerations VVLANs Voice and Data WAN Edge Model Voice over Frame Relay (VoFR) voice VLANs (VVLANs) VoIP (Voice over IP) bandwidth bandwidth provisioning Call-Signaling traffic campus networks header-compression techniques class-based header compression formats Layer 2 encapsulation protocol support RTP header compression (cRTP) standards TCP header compression (cTCP) LLQ over ATM over Ethernet to VoIP over a WAN over MPLS QoS bearer traffic Call-Signaling traffic traffic, dominating links VPNs (virtual private networks) IPSec QoS design MPLS VPN QoS design 2nd [See also MPLS VPN QoS design] VVLANs (voice VLANs) Index [SYMBOL] [A] [B] [C] [D] [E] [F] [G] [H] [I] [J] [K] [L] [M] [N] [O] [P] [Q] [R] [S] [T] [U] [V] [W] WAN aggregation router QoS design case study WAN aggregator/branch router handoff WAN aggregators 2nd bandwidth provisioning distributed platform QoS IP RTP header compression link speeds PAK_priority required QoS policies serialization software queuing Tx-ring tuning WAN Edge Classification and Provisioning Models High Link-Speed QoS Class Models Distributed-Platform/Consistent QoS Behavior QoS Baseline Model Eight-Class Model QoS Baseline Model Slow/Medium Link-Speed QoS Class Models Five-Class Model Three-Class (Voice and Data) Model WAN edge link-specific QoS design ATM high-speed links medium-speed links slow-speed links very-high-speed links ATM-FR SIW Frame Relay Bc Be CIR distributed platform links high-speed links medium-speed links slow-speed links ISDN CallManager CAC limitations MLP packet reordering variable bandwidth voice and data on multiple ISDN B channels leased lines high-speed medium-speed slow-speed WAN edge QoS design WANs 2nd link fragmentation and interleaving fragment sizes Frame Relay fragmentation 2nd IPSec prefragmentation Multilink PPP Link Fragmentation and Interleaving (MLP LFI) low link speeds routers roles in Weighted Random Early Detection [See WRED] WFQ wireless access points wireless IP phones WLANs (wireless LANs) basic service set information element QoS worms campus network mitigation strategies CodeRedv2 compared to viruses mitigation in Scavenger class mitigation principles NIMDA policing preparing for future worms RPC DCOM/W32/MS Blaster Sasser SQL Slammer WRED (Weighted Random Early Detection) Catalyst 3550 DSCP-based WRED ECN enabling on the Best-Effort class thresholds WRED-drop thresholds (Catalyst 6500) wrr-queue bandwidth command wrr-queue cos map command wrr-queue dscp-map interface configuration command wrr-queue queue-limit command wrr-queue queue-limit interface command ... QoS Models Introduction to the QoS Toolset Simplifying QoS If I Have AutoQoS, Why Should I Be Reading This Book? The Continuing Evolution of QoS Summary Further Reading Chapter 2 QoS Design Overview QoS Requirements of VoIP... This book is part of the Networking Technology Series from Cisco Press, which offers networking professionals valuable information for constructing efficient networks, understanding new technologies, and building successful careers... DoS and Worm Mitigation Strategy Through Scavenger Class QoS Principles of QoS Design Summary Further Reading Part II: QoS Toolset Chapter 3 Classification and Marking Tools Classification Tools Marking Tools Summary Further Reading Chapter 4