Enterprise QoS Solution Reference Network Design Guide

Chapter 2 Campus QoS Design
Version 3.3
WAN Aggregator/Branch Router Handoff Considerations
For example, a WAN Aggregation router may support two DS3 WAN connections (totaling 90 Mbps of
WAN circuit-capacity). In this case, the Distribution Layer switch port connecting to the WAG should
be FastEthernet. Then, if more than 100 Mbps of traffic attempts to traverse the WAN, the Catalyst
switch engages queuing on the switch port and aggressively drops flows according to the defined
application hierarchies. Only 100 Mbps of correctly-queued traffic is ever handed off to the WAG.
In the case of a WAG supporting over 100 Mbps of WAN circuits, like the case of a WAG running one
or more OC-3 ports (at 155 Mbps each), then multiple FastEthernet connections can be used to connect
to the WAG from the Distribution Layer switch to achieve the same net effect.
The point is to bring back, as much as possible, the choke point into Catalyst hardware and engage
hardware queuing there, rather than overwhelming the software-based policing and/or queueing policies
within the WAG.
Second, if the combined WAN circuit-rate is significantly below 100 Mbps, enable egress shaping
on the Catalyst switches (when supported).
If there is no hope of engaging queuing on the Catalyst switch because the combined WAN circuit-rates
are far below FastEthernet (the minimum port speed of Catalyst switches), then enable shaping on
platforms that support this feature. Such platforms include the Catalyst 2970, 3560, 3750, and 4500.
In this manner, the Catalyst switch can hold back traffic and selectively drop (according to defined
policies) from flows that would otherwise flood the WAN/Branch router.
For example, if a Branch router is using two ATM-IMA T1 links (3 Mbps combined throughput) to
connect the Branch to the WAN, then the Branch switch could be configured to shape all WAN-destined
traffic to 3 Mbps or could be configured to shape on a per-application basis to smaller increments.
Refer to the queuing/dropping sections of these platforms in this chapter and Cisco IOS documentation
for additional guidance on enabling shaping.
Finally, if the combined WAN circuit-rate is significantly below 100 Mbps and the Catalyst switch
does not support shaping, enable egress policing (when supported).
If the Catalyst switch does not support shaping, then egress policing is the next-best alternative for this
scenario.
For example, the Catalyst 3550 does not support shaping, but it does support up to 8 policers on all egress
ports. Thus it could still protect its Branch Router from being overwhelmed by policing on egress. Egress
policing may be done on an aggregate level or on a per-application-basis.
Again, the objective is to discard, as intelligently as possible, traffic that will inevitably be dropped
anyway (by the WAN/Branch router) but, whenever possible, perform the dropping within Catalyst
hardware (as opposed to IOS software).
Egress policers are configured in the same manner as ingress policers, but the direction specified in the
service-policy interface-configuration statement will be out, not in.
Note The only Catalyst switch discussed in this chapter that did not support either shaping or egress policing
is the Catalyst 2950. Unfortunately there is no way that the Catalyst 2950 can offload QoS from the
Branch router. If such functionality is required, then a hardware upgrade would be advisable.
Note For a case study example of Campus QoS design, refer to Figure 12-32 and Examples 12-76 through
12-81 of the Cisco Press book, End-to-End QoS Network Design by Tim Szigeti and Christina Hattingh.
Enterprise QoS Solution Reference Network Design Guide
2-123