Enterprise QoS Solution Reference Network Design Guide
Enterprise QoS Solution Reference Network Design Guide
Enterprise QoS Solution Reference Network Design Guide
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
WAN Aggregator/Branch Router Handoff Considerations<br />
2-122<br />
conform-action transmit exceed-action policed-dscp-transmit<br />
! Excess call signaling traffic from any source is marked down to CS1<br />
CAT6500-PFC3-I(config-pmap-c)# class BEST-EFFORT<br />
CAT6500-PFC3-I(config-pmap-c)# police flow mask src-only 5000000 8000<br />
conform-action transmit exceed-action policed-dscp-transmit<br />
! Excess PC Data traffic from any source is marked down to CS1<br />
CAT6500-PFC3-I(config-pmap-c)# exit<br />
CAT6500-PFC3-IOS(config-pmap)#exit<br />
CAT6500-PFC3-IOS(config)#<br />
CAT6500-PFC3-IOS(config)#interface range GigabitEthernet4/1 - 4<br />
CAT6500-PFC3(config-if-range)# mls qos trust dscp<br />
CAT6500-PFC3(config-if-range)# service-policy input PER-USER-POLICING<br />
! Attaches Per-User Microflow policing policy to Uplinks from Access<br />
CAT6500-PFC3(config-if-range)#end<br />
CAT6500-PFC3-IOS#<br />
Catalyst 6500 MLS <strong>QoS</strong> Verification Commands:<br />
show mls qos<br />
show class-map<br />
show policy-map<br />
show policy interface<br />
<strong>Enterprise</strong> <strong>QoS</strong> <strong>Solution</strong> <strong>Reference</strong> <strong>Network</strong> <strong>Design</strong> <strong>Guide</strong><br />
Chapter 2 Campus <strong>QoS</strong> <strong>Design</strong><br />
WAN Aggregator/Branch Router Handoff Considerations<br />
A final consideration in campus <strong>QoS</strong> design is the Campus-to-WAN (or VPN) handoff; in the case of a<br />
branch, this equates to the Branch Switch to Branch router handoff.<br />
In either case, a major speed mismatch is impending, as GigabitEthernet/FastEthernet campus networks<br />
are connecting to WAN links that may only be a few Megabits (if that).<br />
Granted, the WAN Aggregation Routers and the Remote-Branch Routers have advanced <strong>QoS</strong><br />
mechanisms to prioritize traffic on their links, but it is critical to keep in mind that Cisco router <strong>QoS</strong> is<br />
performed in IOS software, while Catalyst switch <strong>QoS</strong> is performed in ASIC hardware.<br />
Therefore, the optimal distribution of <strong>QoS</strong> operations would be to have as much <strong>QoS</strong> actions performed<br />
on the Catalyst switches as possible, saving the WAN/Branch router valuable CPU cycles. This is an<br />
especially critical consideration when deploying DoS/Worm mitigation designs.<br />
For example, some enterprises have deployed advanced <strong>QoS</strong> policies on their Branch Switches and<br />
Routers, only to have DoS/Worm attacks originate from within the Branch. Remember, queuing will not<br />
engage on a switch unless its links are congested, and even if it does, should the Branch switch hands<br />
off 100 Mbps of (correctly queued) traffic to a Branch router, it will more than likely bring it down.<br />
Thus, the following design principles for the Campus-to-WAN handoff can help mitigate these types of<br />
scenarios:<br />
First, resist the urge to automatically use a GigabitEthernet connection to the WAN Aggregation<br />
router, even if the router supports GE.<br />
It is extremely unlikely that the WAN Aggregator (WAG) is serving anywhere close to a (combined)<br />
WAN-circuit-rate of 1 Gbps. Therefore, use one (or more) FastEthernet connections on the distribution<br />
layer Catalyst switch to connect to the WAG, so that the aggregate traffic sent to the WAG is not only<br />
limited (in 100 Mbps increments), but also (since congestion points are now pulled back into the Catalyst<br />
switch, thus forcing queuing to engage on the FE switch port) the traffic will be correctly queued within<br />
these (100 Mbps-increment) limits.<br />
Version 3.3