© 2001, Cisco Systems, Inc. Classification and Marking

© 2001, Cisco Systems, Inc. QOS v1.0—2-2 Objectives Upon completing this module, you will be able to: Describe policy-based routing and how it can be used to classify and mark IP packets Describe QoS Policy Propagation on BGP and how it can be used to classify and mark IP packets List other mechanisms that also support classification and marking capabilities (committed access rate, class-based policing, and class-based marking)

© 2001, Cisco Systems, Inc. QOS v1.0—2-3 Traffic Classification and Marking Classification Most QoS mechanisms in Cisco IOS include some type of classification. Some mechanisms classify packets automatically; some require manual configuration. Marking Only a small number of mechanisms also include a marking capability.

© 2001, Cisco Systems, Inc. QOS v1.0—2-4 Traffic Classification and Marking (cont.) This module describes the two mechanisms that are used for classification and marking only: –Policy-based routing (PBR) –QoS Policy Propagation on BGP (QPPB) Other classification and marking mechanisms are described in other QoS modules.

Policy-based Routing QOS v1.0—2-5 © 2001, Cisco Systems, Inc.

QOS v1.0—2-6 Objectives Upon completing this lesson, you will be able to: Describe the PBR mechanism Configure the PBR mechanism on Cisco routers Monitor and troubleshoot PBR

© 2001, Cisco Systems, Inc. QOS v1.0—2-7 Policy-based Routing Policy-based Routing (PBR) is a mechanism that can be used to bypass the default destination-based forwarding functionality of routers PBR is implemented using a route map where match commands are used to classify packets and set commands are used to process packets Route maps are applied to interfaces for processing of inbound packets (forwarding and/or marking)

© 2001, Cisco Systems, Inc. QOS v1.0—2-8 PBR Match and Set Options PBR has two primary applications: Implementation of more complex routing paradigms than a simple destination-based forwarding Classification and marking of packets for QoS purposes Match on: Standard and extended access lists Length of packets (min, max) Match on: Standard and extended access lists Length of packets (min, max) Set: Output interface (bypass the routing table) Next-hop address (bypass the routing table) ToS field (QoS marking) IP Precedence (QoS marking) QoS group (QoS marking) Set: Output interface (bypass the routing table) Next-hop address (bypass the routing table) ToS field (QoS marking) IP Precedence (QoS marking) QoS group (QoS marking) Output interface Input interface IP

© 2001, Cisco Systems, Inc. QOS v1.0—2-9 Inbound or Locally originated PBR Capabilities ClassifierMarker Dropper Meter Outbound ClassifierMarker Shaper Dropper Meter Forwarding Queuing PBR can only classify and mark inbound or locally originated packets

© 2001, Cisco Systems, Inc. QOS v1.0—2-10 Configuring Classification and Marking Using PBR Create a route map Apply the route map to: –An incoming interface, or Apply the route map to: –Locally originated traffic Monitor and debug policy routing

© 2001, Cisco Systems, Inc. QOS v1.0—2-11 Route Map Rules Route maps are identified by a case-sensitive name. Route maps can have multiple statements (same name, different sequence number). Packets are processed in the specified sequence. Packets not matched by the route map are forwarded using the default destination-based forwarding. If packets are matched by the “match” condition but the route map statement is using the “deny” option, the default destination-based forwarding is applied to the packet. route-map [permit | deny] [ ] match set Router(config)#

© 2001, Cisco Systems, Inc. QOS v1.0—2-12 PBR Classification match ip address Router(config-route-map)# Classify using a standard access list against the source address Classify using an extended access list against the source or destination address; source or destination TCP/UDP port; IP Precedence; DSCP; or ToS match length Router(config-route-map)# Classify using a range of packet lengths that will be matched by the route-map statement

© 2001, Cisco Systems, Inc. QOS v1.0—2-13 PBR Marking set ip precedence Router(config-route-map)# Set the specified IP Precedence to packets matched by the route map IP Precedence supports eight classes, two are reserved (6 and 7) set ip tos Router(config-route-map)# Set the low-order four bits of the type of service (ToS) field These bits are used to specify the delay, throughput, reliability and monetary cost parameters. (specified in RFC 791; no longer used after RFC 1812) set ip qos-group Router(config-route-map)# Classify using a range of packet lengths that will be matched by the route-map statement QoS group supports 100 classes (0-99)

© 2001, Cisco Systems, Inc. QOS v1.0—2-14 Applying a Route Map ip policy-map Router(config-if)# Specifies the route map used to set QoS and other policy-routing parameters for packets received through the specified interface ip local policy-map Router(config)# Specifies the route map used to set QoS and other policy-routing parameters for packets generated by the router

© 2001, Cisco Systems, Inc. QOS v1.0—2-15 Monitoring and Troubleshooting PBR show route-map Router# Displays the route map and number of packets and bytes matched by each statement debug ip policy Router# Displays all packets matched by policy routing route maps

© 2001, Cisco Systems, Inc. QOS v1.0—2-16 Monitoring and Debugging Policy Routing Router#show route-map CPE route-map CPE, permit, sequence 10 Match clauses: ip address (access-lists): 199 Set clauses: ip precedence flash-override Policy routing matches: 3418 packets, bytes route-map CPE, permit, sequence 20 Match clauses: ip address (access-lists): MatchPing Set clauses: ip precedence priority Policy routing matches: 82 packets, bytes Router#show access-list MatchPing Extended IP access list MatchPing permit icmp any any echo (25 matches) Router# Router#show route-map CPE route-map CPE, permit, sequence 10 Match clauses: ip address (access-lists): 199 Set clauses: ip precedence flash-override Policy routing matches: 3418 packets, bytes route-map CPE, permit, sequence 20 Match clauses: ip address (access-lists): MatchPing Set clauses: ip precedence priority Policy routing matches: 82 packets, bytes Router#show access-list MatchPing Extended IP access list MatchPing permit icmp any any echo (25 matches) Router#

© 2001, Cisco Systems, Inc. QOS v1.0—2-17 Monitoring and Debugging Policy Routing (cont.) Router#debug ip policy Policy routing debugging is on Router#ping Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to , timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 28/31/32 ms Router# 2d02h: IP: s= (local), d= , len 100, policy match 2d02h: IP: route map CPE, item 20, permit... Router#debug ip policy Policy routing debugging is on Router#ping Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to , timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 28/31/32 ms Router# 2d02h: IP: s= (local), d= , len 100, policy match 2d02h: IP: route map CPE, item 20, permit...

© 2001, Cisco Systems, Inc. QOS v1.0—2-18 IP Precedence Marking Case Study #1 A branch office of a bank has two LANs connected to an access router: Ethernet 0 serves the front office with the real-time transactions. Ethernet 1 serves the back office with not needed in real time transactions (like ). The network provides different services to two classes: Business traffic (marked with IP Precedence 2) Other traffic (marked with IP Precedence 0) Packets coming from Ethernet 0 should be classified and marked as business traffic. Packets coming from Ethernet 1 should be classified and marked as other traffic.

© 2001, Cisco Systems, Inc. QOS v1.0—2-19 Core WAN Core Branch Office E0 E1 Case #1 - Solution interface ethernet 0 ip policy-map set-prec-2 ! interface ethernet 1 ip policy-map set-prec-0 ! route-map set-prec-2 permit 10 set ip precedence 2 ! route-map set-prec-0 permit 10 set ip precedence 0 interface ethernet 0 ip policy-map set-prec-2 ! interface ethernet 1 ip policy-map set-prec-0 ! route-map set-prec-2 permit 10 set ip precedence 2 ! route-map set-prec-0 permit 10 set ip precedence 0 Mark all traffic with IP Precedence 2 Mark all traffic with IP Precedence 0

© 2001, Cisco Systems, Inc. QOS v1.0—2-20 IP Precedence Marking Case Study #2 A branch office of a bank has one LAN connected to an access router. The network provides different services to three classes: Transaction traffic (marked with IP Precedence 2) Business traffic (marked with IP Precedence 1) Other traffic (marked with IP Precedence 0) TN3270 should be marked as transaction traffic. Internal HTTP should be marked as business traffic. All other traffic should be marked as other traffic.

© 2001, Cisco Systems, Inc. QOS v1.0—2-21 Core WAN core Branch office E0 Mark IP Precedence: Telnet = 2 Corporate web = 1 Everything else = 0 Mark IP Precedence: Telnet = 2 Corporate web = 1 Everything else = 0 Case #2 - Solution interface eth 0 ip policy-map set-prec ! route-map set-prec permit 10 match ip address CorporateWebTraffic set ip precedence 1 route-map set-prec permit 20 match ip address TN3270 set ip precedence 2 route-map set-prec permit 30 set ip precedence 0 ! ip access-list extended CorporateWebTraffic permit tcp any eq www ip access-list extended TN3270 permit tcp any any eq telnet interface eth 0 ip policy-map set-prec ! route-map set-prec permit 10 match ip address CorporateWebTraffic set ip precedence 1 route-map set-prec permit 20 match ip address TN3270 set ip precedence 2 route-map set-prec permit 30 set ip precedence 0 ! ip access-list extended CorporateWebTraffic permit tcp any eq www ip access-list extended TN3270 permit tcp any any eq telnet

© 2001, Cisco Systems, Inc. QOS v1.0—2-22 Route Map - Review Policy routing with route maps can classify and mark IP packets based on a wide variety of conditions. No metering, shaping, or dropping is possible. Performance depends on the IOS version. –Policy routing is fast-switched in 11.3 and 12.0 –(d)CEF or NetFlow-switched in 12.0(3)T

© 2001, Cisco Systems, Inc. QOS v1.0—2-23 Summary Upon completing this lesson, you should be able to: Describe the PBR mechanism Configure the PBR mechanism on Cisco routers Monitor and troubleshoot PBR

© 2001, Cisco Systems, Inc. QOS v1.0—2-24 Lesson Review 1.What are the applications of policy-based routing? 2.What configuration tool is used to implement PBR? 3.How can PBR be applied to IP traffic? 4.Describe the classification options with PBR. 5.Describe the marking options with PBR.

QoS Policy Propagation through BGP (QPPB) QOS v1.0—2-25 © 2001, Cisco Systems, Inc.

QOS v1.0—2-26 Objectives Upon completing this lesson, you will be able to: Describe the QPPB mechanism Configure the QPPB mechanism on Cisco routers Monitor and troubleshoot QPPB

© 2001, Cisco Systems, Inc. QOS v1.0—2-27 IP QoS Policy Propagation on BGP (QPPB) QPPB uses BGP attributes to advertise class of service to other routers in the network. BGP communities are usually used to propagate class of service information bound to IP networks. Packet classification policy can be propagated via BGP without having to use complex access lists at each of a large number of border (edge) routers. A route map is used to translate BGP information (e.g., BGP community value) into IP Precedence or QoS group.

© 2001, Cisco Systems, Inc. QOS v1.0—2-28 QPPB Capabilities Inbound or locally originated ClassifierMarker Dropper Meter Outbound ClassifierMarker Shaper Dropper Meter Forwarding Queuing QPPB can only classify and mark inbound packets

© 2001, Cisco Systems, Inc. QOS v1.0—2-29 BGP Marking 1.Propagate the class of service by encoding it into BGP attributes: BGP communities, AS paths, IP prefixes, or Any other BGP attribute 2.Translate the selected BGP attribute into either: IP Precedence, or QoS group 3.Enable Cisco Express Forwarding (CEF) and packet marking on interfaces Inbound traffic stream ClassifierMarker Dropper Meter

© 2001, Cisco Systems, Inc. QOS v1.0—2-30 Cisco Express Forwarding Review The two main components of CEF operation –Forwarding Information Base –Adjacency Tables CEF was first introduced on the following platforms: –Cisco 7x00 series in 11.1CC –All RISC-based platforms in IOS 12.0 QPPB is only supported on high-end routers (Cisco 7x00 and above)

© 2001, Cisco Systems, Inc. QOS v1.0—2-31 Review: Standard IP Switching BGP Table AddressPrefixAS-PathCommunitiesOther AttributesNext-Hop / : IP Routing Table AddressPrefix... Switching Cache PrefixNext-HopOutgoing Interface --- /24---Ethernet 0 Address Protocol conn. / BGP IP Address... ARP Cache MAC Address... L2 Header /8MAC Header c

© 2001, Cisco Systems, Inc. QOS v1.0—2-32 Review: CEF Switching BGP Table AddressPrefixAS-PathCommunitiesOther AttributesNext-Hop / : IP Routing Table AddressPrefix... FIB Table (CEF Cache) Next-HopOutgoing InterfaceAddressProtocol BGP ARP Cache Adjacency Pointer Ethernet OSPF ---Ethernet conn. MAC Address... IP Address... Layer 2 Header... Adjacency Table IP Address MAC Header Prefix / /8 0c /

© 2001, Cisco Systems, Inc. QOS v1.0—2-33 CEF Switching with QoS Packet Marking BGP Table AddressPrefixAS-PathCommunitiesOther AttributesNext-Hop / : IP Routing Table AddressPrefix... FIB Table (CEF Cache) Next-HopOutgoing InterfaceAddressProtocol BGP ARP Cache Adjacency Pointer Ethernet OSPF ---Ethernet conn. MAC Address... IP Address... Layer 2 Header... Adjacency Table IP Address MAC header Prefix /24 Precedence --- QoS Group /837 BGP table map Precedence... QoS Group... 0c /

© 2001, Cisco Systems, Inc. QOS v1.0—2-34 QPPB Configuration Tasks Create a route map to set IP precedence or QoS group Apply the route map to BGP routes transferred to the main IP routing table Enable per-interface packet marking

© 2001, Cisco Systems, Inc. QOS v1.0—2-35 Setting IP Precedence or QoS Group in the IP Routing Table table-map Router(config-router)# Specifies the route map used to set additional routing table attributes route-map permit set ip precedence set ip qos-group Router(config)# Specifies IP Precedence and QoS group values in the routing table/FIB table entry

© 2001, Cisco Systems, Inc. QOS v1.0—2-36 Enabling Per-Interface Packet Marking bgp-policy source ip-prec-map Router(config-if)# Is applied to packets received through this interface Uses FIB to map packet source IP address to IP Precedence Rewrites IP Precedence in the packet bgp-policy source ip-qos-map Router(config-if)# Is applied to packets received through this interface Uses FIB to map packet source IP address to QoS group Attaches QoS group to the incoming packet

© 2001, Cisco Systems, Inc. QOS v1.0—2-37 Enabling Per-Interface Packet Marking (cont.) bgp-policy destination ip-prec-map Router(config-if)# Is applied to packets received through this interface Uses FIB to map packet destination IP address to IP Precedence Rewrites IP Precedence in the packet bgp-policy destination ip-qos-map Router(config-if)# Is applied to packets received through this interface Uses FIB to map packet destination IP address to QoS group Attaches QoS group to the incoming packet

© 2001, Cisco Systems, Inc. QOS v1.0—2-38 Case Study Create an end-to-end IP QoS solution in a service provider network: Customer in AS 73 is a premium customer. All packets to and from AS 73 will be sent with IP Precedence Flash. AS 12 WAN core Customer (AS 73)AS 24 NAP Router POP Router

© 2001, Cisco Systems, Inc. QOS v1.0—2-39 Step #1 Distribute QoS Functions AS 12 Customer (AS 73)AS 24 NAP Router POP Router WAN Core Packets for AS73 marked with Precedence Flash Packets for AS73 marked with Precedence Flash Packets from serial interface marked with Precedence Flash Packets from serial interface marked with Precedence Flash

© 2001, Cisco Systems, Inc. QOS v1.0—2-40 AS 12 Customer (AS 73)AS 24 NAP Router POP Router Step #2 Select QoS Mechanisms WAN Core Packets for AS73 marked with Precedence Flash Packets for AS73 marked with Precedence Flash Packets from serial interface marked with Precedence Flash Packets from serial interface marked with Precedence Flash CEF-based marking PBR on interface

© 2001, Cisco Systems, Inc. QOS v1.0—2-41 Step #3 - Design Individual QoS Mechanisms AS 12 Customer (AS 73)AS 24 NAP Router POP Router WAN Core Mark BGP routes from AS 73 with special community (12:17) Mark BGP routes from AS 73 with special community (12:17) Configure community propagation Set FIB table based on BGP community Set FIB table based on BGP community Configure CEF packet marking for packets coming from adjacent AS Configure CEF packet marking for packets coming from adjacent AS

© 2001, Cisco Systems, Inc. QOS v1.0—2-42 Mark Routes Coming from AS 73 AS 12 Customer (AS 73)AS 24 NAP Router POP Router WAN Core router bgp 12 neighbor remote-as 73 neighbor route-map Premium in ! route-map Premium permit 10 set community 12:17 additive router bgp 12 neighbor remote-as 73 neighbor route-map Premium in ! route-map Premium permit 10 set community 12:17 additive

© 2001, Cisco Systems, Inc. QOS v1.0—2-43 Configure Community Propagation AS 12 Customer (AS 73)AS 24 NAP Router POP Router WAN Core router bgp 12 neighbor remote-as 12 neighbor send-community router bgp 12 neighbor remote-as 12 neighbor send-community

© 2001, Cisco Systems, Inc. QOS v1.0—2-44 Set FIB Table Based on BGP Community AS 12 Customer (AS 73)AS 24 NAP Router POP Router WAN Core router bgp 12 table-map PremiumCheck ! route-map PremiumCheck permit 10 match community 17 set ip precedence flash ! route-map PremiumCheck permit 20 set ip precedence 0 ! ip community-list 17 permit 12:17 router bgp 12 table-map PremiumCheck ! route-map PremiumCheck permit 10 match community 17 set ip precedence flash ! route-map PremiumCheck permit 20 set ip precedence 0 ! ip community-list 17 permit 12:17

© 2001, Cisco Systems, Inc. QOS v1.0—2-45 Configure CEF Packet Marking AS 12 Customer (AS 73)AS 24 NAP Router POP Router WAN Core ip cef ! interface hssi 0/0 bgp-policy destination ip-prec-map ! ip cef ! interface hssi 0/0 bgp-policy destination ip-prec-map !

© 2001, Cisco Systems, Inc. QOS v1.0—2-46 IP QoS and BGP Interaction Review IP QoS features work independently of BGP routing. BGP is used only to propagate policies for source or destination IP prefixes through the network. QPPB works only on high-end platforms.

© 2001, Cisco Systems, Inc. QOS v1.0—2-47 Summary Upon completing this lesson, you should be able to: Describe the QPPB mechanism Configure the QPPB mechanism on Cisco routers Monitor and troubleshoot QPPB

© 2001, Cisco Systems, Inc. QOS v1.0—2-48 Lesson Review 1.Why do we need QPPB? 2.What is used to propagate QoS policies? 3.How are QoS traffic classes defined by QPPB? 4.Which IP forwarding mechanisms support QPPB?

Other QoS Mechanisms with Classification and Marking Capability QOS v1.0—2-49 © 2001, Cisco Systems, Inc.

QOS v1.0—2-50 Objectives Upon completing this lesson, you will be able to: Explain how most QoS mechanisms support some type of classification Name CAR, class-based, policing and class- based marking as mechanisms that support classification and marking

© 2001, Cisco Systems, Inc. QOS v1.0—2-51 Classification Most QoS mechanisms include some type of classification. Some mechanisms have automatic classification (e.g., WFQ, WRED, etc.). Some mechanisms require manual configuration of classification (e.g., CQ, PQ, CBWFQ, etc.).

© 2001, Cisco Systems, Inc. QOS v1.0—2-52 Marking The following mechanisms (in addition to PBR and QPPB) contain classification and marking capability: Committed access rate (CAR) Class-based policing Class-based marking

© 2001, Cisco Systems, Inc. QOS v1.0—2-53 Committed Access Rate (CAR) CAR is a mechanism used for traffic policing. CAR uses a token bucket model to measure the rate of traffic and (optionally) to drop excess traffic. CAR can also be used to mark packets with: –IP Precedence –DiffServ code point (DSCP) –MPLS experimental bits –QoS group CAR can mark packets with different values depending on whether they conform or exceed the specified policy.

© 2001, Cisco Systems, Inc. QOS v1.0—2-54 Class-Based Policing Class-based policing is similar to CAR except that it is implemented using the Modular QoS CLI. Class-based policing uses two token buckets to determine if packets conform, exceed or violate the QoS policy. Class-based policing can also be used to mark packets with: –IP Precedence –DiffServ code point (DSCP) –MPLS experimental bits –QoS group –ATM CLP bit –Frame Relay DE bit Class-based policing can mark packets with different values depending on whether they conform, exceed, or violate the policy.

© 2001, Cisco Systems, Inc. QOS v1.0—2-55 Class-Based Marking Class-based marking is used to classify and mark packets This mechanism uses the Modular QoS CLI where classes are manually configured Class-based marking can mark packets with the following markers: –IP Precedence –DSCP –MPLS experimental bits –QoS group –ATM CLP bit –Frame Relay DE bit –IEEE 802.1Q or ISL CoS/priority bits

© 2001, Cisco Systems, Inc. QOS v1.0—2-56 Summary Upon completing this lesson, you should be able to: Explain how most QoS mechanisms support some type of classification Name CAR, class-based policing, and class- based marking as mechanisms that support classification and marking

© 2001, Cisco Systems, Inc. QOS v1.0—2-57 Lesson Review 1.Which mechanism in Cisco IOS supports classification and marking of packets? 2.Which fields or parameters can be used to mark packets in Cisco IOS?

© 2001, Cisco Systems, Inc. QOS v1.0—2-58 Module Summary Upon completing this module, you should be able to: Describe Policy-based routing and how it can be used to classify and mark IP packets Describe QoS policy Propagation on BGP and how it can be used to classify and mark IP packets List other mechanisms that also support classification and marking capabilities (committed access rate, class-based marking)

Classification and Marking -59 © 2001, Cisco Systems, Inc.