Cisco Catalyst QoS Trust Concept 61
Catalyst QoS Congestion Management
Catalyst switches use scheduling and transmit queues to achieve congestion management.
All the currently shipping switches in the Catalyst product line support a form of sched-
uling that is more advanced than FIFO. The specific mechanisms differ on a platform basis.
With regard to output scheduling, the QoS marking determines the scheduling and output
queue. In the case of the Catalyst 6500 Family of switches, for example, there are different
queue types and drop thresholds per line module. Other platforms, such as the Catalyst
3500 Family and the Catalyst 4000 IOS Family of switches, use a single queue type for all
line modules and product families.
Congestion Avoidance
At time of publication, only the Catalyst 3550 Family and the Catalyst 6500 Family of
switches support congestion avoidance. In brief, congestion avoidance attempts to prevent
congestion by applying specific queuing parameters. The Catalyst 3550 Family and the
Catalyst 6500 Family of switches utilize WRED and several other queuing configurations
to support congestion avoidance. This book discusses the Catalyst 3500 Family and
Catalyst 6500 Family of switches in Chapters 6 and 8, respectively.
Cisco Catalyst QoS Trust Concept
The trust concept is a classification configuration option supported on all Catalyst switches
that support QoS classification. The trust state of a switch port or interface defines how
ingress packets are classified, marked, and subsequently scheduled. For a Cisco Catalyst
switch that bases QoS only on CoS values, a port that is configured as untrusted reclassifies
any CoS values to zero or to a statically configured CoS value. The CoS values of packets
arriving on an untrusted port are assumed not verifiable and deemed unnecessary by the
system administrator of the switch. Depending on the platform, untrusted ports may be
configured to reclassify or mark IP precedence, DSCP, or CoS values on any ingress frame
based on an 802.1q tag or access list.
Figure 2-8 illustrates the QoS trust concept. A workstation attached to a Catalyst 6500
switch is sending 802.1q tagged frames to the Catalyst 6500 switch with a CoS value of 5.
If the port is configured as untrusted, the switch sets an internal DSCP value associated with
the frame to 0. The switch does not actually alter the CoS value of the frame until trans-
mission. All untrusted ports set the internal DSCP to 0 by default. However, the overriding
internal DSCP value is configurable on various platforms. If the switch port is configured
for Trust-CoS, the CoS value is not altered on ingress. Figure 2-6 applies to trusting IP
precedence and DSCP values as well.
62 Chapter 2: End-to-End QoS: Quality of Service at Layer 3 and Layer 2
Figure 2-6 Catalyst QoS Trust Concept
Switches that support classification of frames based on DSCP values derive an internal
DSCP value for internal priority as the packet transits the switch. Several options exist to
derive this internal DSCP value depending on platform. In brief, the general possible
configurations for mapping an internal DSCP value are as follows:
• Trust-IPPrec—Internal DSCP is derived from the received IP precedence.
• Trust-DSCP—Internal DSCP is derived from the received DSCP.
• Trust-CoS—Internal DSCP is derived from the received CoS.
• Untrusted—Internal DSCP is derived from port configuration.
Additional configuration parameters are involved in determining an internal DSCP value,
and caveats apply to this process. These caveats and configuration parameters are discussed
on a per-platform basis throughout the book.
In summary, trusted ports are assumed to have ingress packets marked with IP precedence,
DSCP, or CoS values that are valid. Untrusted ports are considered to have ingress frames
marked with IP precedence, DSCP, or CoS values that are not deemed valid or desired by
the system administrator of the switch.
The Cisco IP Phone
The Cisco IP Phone plays an important role in Cisco Catalyst QoS. A large majority of
customers implement Cisco Catalyst QoS for the sole purpose of VoIP using Cisco IP
Phones. Although a variety of IP Phone models exist, each phone uses a similar archi-
tecture. All current Cisco IP Phones include an internal three-port Layer 2 switch. As shown
in Figure 2-7, the internal three-port switch enables customers to connect workstations
through the IP Phone, which is in turn connected to a Catalyst switch using a single cable.
Most customers actually use this daisy-chaining feature for both the phone and workstation
to reduce the cable plant size and cost.
Network administrators generally accept a Cisco IP Phone as a trusted device. Most QoS
campus network designs suggest using the trust feature with Cisco IP Phones.
Trust
Boundary
CoS = 5
Workstation
Catalyst 6500
Trusted: Internal DSCP = 40 (Mapped from CoS = 5)
Untrusted: Internal DSCP = 0 (Mapped from CoS = 0)
Cisco Catalyst QoS Trust Concept 63
Figure 2-7 Cisco IP Phone Physical Network Example
The internal switch ports of the Cisco IP Phone are referred to as P0, P1, and P2. P0 inter-
nally connects to the internal IP Phone appliance, P1 is an external 10/100-Mbps Fast
Ethernet port that connects PCs and workstations, and P2 is an external 10/100-Mbps Fast
Ethernet port that connects to the Catalyst switch. Figure 2-8 illustrates the integrated
switch architecture in the Cisco IP Phone.
Figure 2-8 Cisco IP Phone Integrated Switch Architecture
Each Cisco IP Phone port has four queues comprised of a single threshold statically
configured at 100 percent, 4q1t. Queue 0 functions as a high-priority queue for traffic with
a CoS value of 5. Spanning-tree bridge protocol data units (BPDUs) also use this queue.
Voice traffic from the internal IP Phone appliance has a CoS value of 5 by default. All
queues are serviced in a round-robin fashion. However, a timer maintains queue priority by
limiting service to the low-priority queues when there is traffic in the high-priority queue.
Subsequently, the Cisco IP Phone itself manages input and output scheduling for traffic
traversing the integrated switch ports.
Voice VLANs and Extended Trust
Through the use of dot1q trunks, voice traffic from an IP Phone connected to an access port
can reside on a separate VLAN and subnet. The workstation attached to the IP Phone might
still reside on the access, or native, VLAN. This additional VLAN on an access port for
voice traffic is referred to as a voice VLAN in Cisco IOS Software and auxiliary VLAN in
CatOS. Subsequently, with the use of voice VLANs, all voice traffic is tagged to and from
the Cisco IP Phone and Catalyst switch. The Catalyst switches use Cisco Discovery
Protocol (CDP) to inform the IP Phone of the voice VLAN ID. By default, Cisco IP Phone
IP Phone
Catalyst
Switch
Workstation
IP Phone
Electronics
Catalyst
Switch
Workstation
Queue 0
Queue 1
Queue 2
Queue 3
P2 Port
P0 Port
P1 Port
64 Chapter 2: End-to-End QoS: Quality of Service at Layer 3 and Layer 2
voice traffic has a CoS value of 5. Figure 2-9 provides an example logical depiction of a
voice VLAN. A common network design is to deploy both voice VLANs with trusting
configurations for Cisco IP telephony applications (such as Cisco IP Phones).
Figure 2-9 Example Logical Depiction of Voice VLAN
Another QoS option for IP Phones is extended trust. The switch can inform the IP Phone
via CDP whether to trust ingress frames on its P1 port. The IP Phone may also be informed
to overwrite the CoS value of the ingress frames on the P1 port with a specific CoS value.
By default, the IP Phone does not trust frames arriving on the P1 port and rewrites the CoS
value to 0 of any tagged frames. Untagged frames do not have CoS value.
Extended trust is a feature available to any device that can interpret the CDP fields
describing the voice VLAN information. At the time of publication, Cisco IP Phones and
other Cisco appliances are the only devices to use this feature.
Figure 2-10 Catalyst Extended Trust Concept
Workstation
Catalyst 6500
Trust
Boundary
Native VLAN 2
(untagged)
Voice (Aux) VLAN 70
(802.1q tagged)
Native VLAN 2
(untagged)
Workstation
Catalyst 6500
Trust
Boundary
Native VLAN
Voice (Aux) VLAN
Native VLAN
Extended Trust
Boundary
Tagged Frames
CoS = 5
Ext Untrusted: CoS = 0
Ext Trusted: CoS = 5
Ext Untrusted CoS = 2: CoS = 2
..................Content has been hidden....................
You can't read the all page of ebook, please click here login for view all page.