Chapter 37: Quality of Service (QoS) Fundamentals

Learning Objectives

By the end of this chapter, you will be able to: - Understand QoS concepts and requirements - Implement traffic classification and marking - Configure queuing mechanisms and scheduling algorithms - Apply traffic shaping and policing techniques - Design QoS policies for voice, video, and data traffic

QoS Fundamentals

What is Quality of Service?

Quality of Service (QoS) is a set of technologies and techniques used to manage network resources and provide different levels of service to different types of traffic. QoS ensures that critical applications receive the network performance they require while managing bandwidth efficiently.

Why QoS is Needed

Limited Bandwidth: Network links have finite capacity
Varying Traffic Types: Different applications have different requirements
Network Congestion: Traffic bursts can overwhelm network resources
Service Level Agreements: Contractual obligations for performance
User Experience: Maintaining acceptable application performance

QoS Service Models

Best Effort

Default service: No guarantees
FIFO queuing: First in, first out
No differentiation: All traffic treated equally
Suitable for: Non-critical data applications

Integrated Services (IntServ)

Per-flow reservations: RSVP protocol
Hard guarantees: Strict resource allocation
Scalability issues: State information per flow
Suitable for: Small networks with specific requirements

Differentiated Services (DiffServ)

Class-based service: Traffic aggregation
Scalable approach: No per-flow state
Flexible policies: Multiple service classes
Industry standard: Most widely deployed

Traffic Characteristics

Voice Traffic

Bandwidth: 64 Kbps (G.711) to 32 Kbps (G.729)
Delay: < 150ms one-way
Jitter: < 30ms
Loss: < 1%
Characteristics: Smooth, predictable, delay-sensitive

Video Traffic

Bandwidth: 384 Kbps to 10+ Mbps
Delay: < 200ms for interactive, < 5s for streaming
Jitter: < 30ms for interactive
Loss: < 0.1% for interactive, < 1% for streaming
Characteristics: Bursty, variable bit rate

Data Traffic

Bandwidth: Highly variable
Delay: Generally tolerant (seconds to minutes)
Jitter: Not critical
Loss: Retransmission handles losses
Characteristics: Bursty, elastic

QoS Lab Environment

Comprehensive QoS Lab Setup

# QoS demonstration lab
name: qos-fundamentals
prefix: qos

topology:
  nodes:
    # Core router with QoS policies
    core-router:
      kind: cisco_iosxe
      image: cisco/iosxe:latest
      mgmt-ipv4: 172.20.20.10
      startup-config: |
        hostname Core-Router
        !
        ! Enable QoS globally
        ip cef
        !
        interface GigabitEthernet0/0/0
         description To-Branch-Router
         ip address 10.1.12.1 255.255.255.252
         bandwidth 10000
         no shutdown
        !
        interface GigabitEthernet0/0/1
         description To-Data-Center
         ip address 10.1.13.1 255.255.255.252
         bandwidth 100000
         no shutdown
        !
        interface GigabitEthernet0/0/2
         description To-Internet
         ip address 203.0.113.1 255.255.255.252
         bandwidth 50000
         no shutdown
        !
        ! QoS Class Maps
        class-map match-all VOICE
         match dscp ef
        !
        class-map match-all VIDEO
         match dscp af41 af42 af43
        !
        class-map match-all CRITICAL-DATA
         match dscp af31 af32 af33
        !
        class-map match-all BULK-DATA
         match dscp af11 af12 af13
        !
        ! QoS Policy Maps
        policy-map WAN-OUT
         class VOICE
          priority percent 20
          set dscp ef
         class VIDEO
          bandwidth percent 30
          set dscp af41
         class CRITICAL-DATA
          bandwidth percent 25
          set dscp af31
         class BULK-DATA
          bandwidth percent 15
          set dscp af11
         class class-default
          bandwidth percent 10
          fair-queue
        !
        ! Apply QoS policies
        interface GigabitEthernet0/0/0
         service-policy output WAN-OUT
        !

    # Branch router with traffic generation
    branch-router:
      kind: cisco_iosxe
      image: cisco/iosxe:latest
      mgmt-ipv4: 172.20.20.11
      startup-config: |
        hostname Branch-Router
        !
        interface GigabitEthernet0/0/0
         description To-Core-Router
         ip address 10.1.12.2 255.255.255.252
         no shutdown
        !
        interface GigabitEthernet0/0/1
         description Voice-VLAN
         ip address 192.168.10.1 255.255.255.0
         no shutdown
        !
        interface GigabitEthernet0/0/2
         description Data-VLAN
         ip address 192.168.20.1 255.255.255.0
         no shutdown
        !
        ! Traffic classification
        class-map match-all VOICE-SIGNALING
         match protocol sip
        !
        class-map match-all VOICE-BEARER
         match protocol rtp
        !
        class-map match-all HTTP-TRAFFIC
         match protocol http
        !
        class-map match-all FTP-TRAFFIC
         match protocol ftp
        !
        ! Marking policy
        policy-map CLASSIFY-TRAFFIC
         class VOICE-SIGNALING
          set dscp cs3
         class VOICE-BEARER
          set dscp ef
         class HTTP-TRAFFIC
          set dscp af31
         class FTP-TRAFFIC
          set dscp af11
         class class-default
          set dscp default
        !
        ! Apply classification
        interface GigabitEthernet0/0/1
         service-policy input CLASSIFY-TRAFFIC
        !
        interface GigabitEthernet0/0/2
         service-policy input CLASSIFY-TRAFFIC
        !

    # Data center server
    dc-server:
      kind: linux
      image: ubuntu:20.04
      mgmt-ipv4: 172.20.20.12
      exec:
        - ip addr add 10.1.13.2/30 dev eth1
        - ip route add default via 10.1.13.1
        - apt update && apt install -y iperf3 nginx
        - service nginx start
        - iperf3 -s -D

    # Voice phone simulation
    voice-phone:
      kind: linux
      image: alpine:latest
      mgmt-ipv4: 172.20.20.20
      exec:
        - ip addr add 192.168.10.10/24 dev eth1
        - ip route add default via 192.168.10.1
        - apk add --no-cache iperf3

    # Data workstation
    data-workstation:
      kind: linux
      image: alpine:latest
      mgmt-ipv4: 172.20.20.21
      exec:
        - ip addr add 192.168.20.10/24 dev eth1
        - ip route add default via 192.168.20.1
        - apk add --no-cache iperf3 curl

    # Internet simulation
    internet-sim:
      kind: linux
      image: alpine:latest
      mgmt-ipv4: 172.20.20.100
      exec:
        - ip addr add 203.0.113.2/30 dev eth1
        - ip route add default via 203.0.113.1
        - apk add --no-cache iperf3

  links:
    # Core network connections
    - endpoints: ["core-router:eth1", "branch-router:eth1"]
    - endpoints: ["core-router:eth2", "dc-server:eth1"]
    - endpoints: ["core-router:eth3", "internet-sim:eth1"]

    # Branch connections
    - endpoints: ["branch-router:eth2", "voice-phone:eth1"]
    - endpoints: ["branch-router:eth3", "data-workstation:eth1"]

Traffic Classification and Marking

Classification Methods

Layer 3 Classification

IP Precedence: 3-bit field (0-7)
DSCP: 6-bit field (0-63)
Source/Destination IP: Address-based classification
Protocol: TCP, UDP, ICMP, etc.

Layer 4 Classification

Source/Destination Port: Application identification
TCP Flags: Connection state information
Packet Size: Large vs. small packets

Deep Packet Inspection

Application Recognition: NBAR (Network-Based Application Recognition)
Protocol Analysis: Application-specific patterns
Behavioral Analysis: Traffic flow characteristics

DSCP Values and Classes

Standard DSCP Values

Class	DSCP Name	DSCP Value	Binary	Decimal	Usage
Default	Default	DF	000000	0	Best effort
Expedited Forwarding	EF	EF	101110	46	Voice
Assured Forwarding	AF41	AF41	100010	34	Video
Assured Forwarding	AF31	AF31	011010	26	Critical data
Assured Forwarding	AF21	AF21	010010	18	Standard data
Assured Forwarding	AF11	AF11	001010	10	Bulk data
Class Selector	CS6	CS6	110000	48	Network control
Class Selector	CS3	CS3	011000	24	Signaling

Classification Configuration

NBAR-Based Classification

# Deploy QoS lab
containerlab deploy -t qos-fundamentals.yml

# Configure NBAR on branch router
docker exec -it clab-qos-branch-router cli

configure terminal
! Enable NBAR
ip nbar port-map http tcp 8080
ip nbar port-map https tcp 8443

! Create class maps using NBAR
class-map match-all VOICE-RTP
 match protocol rtp audio
!
class-map match-all VIDEO-STREAMING
 match protocol rtsp
!
class-map match-all WEB-BROWSING
 match protocol http
 match protocol https
!
class-map match-all FILE-TRANSFER
 match protocol ftp
 match protocol sftp
!
class-map match-all EMAIL
 match protocol smtp
 match protocol pop3
 match protocol imap
!

ACL-Based Classification

# Create access lists for classification
ip access-list extended VOICE-TRAFFIC
 permit udp any any range 16384 32767
 permit tcp any any eq 5060
 permit tcp any any eq 5061

ip access-list extended VIDEO-TRAFFIC
 permit udp any any range 1024 65535 dscp af41
 permit tcp any any eq 554

ip access-list extended CRITICAL-DATA
 permit tcp any any eq 443
 permit tcp any any eq 993
 permit tcp any any eq 995

! Apply ACLs to class maps
class-map match-all VOICE-CLASS
 match access-group name VOICE-TRAFFIC
!
class-map match-all VIDEO-CLASS
 match access-group name VIDEO-TRAFFIC
!
class-map match-all CRITICAL-CLASS
 match access-group name CRITICAL-DATA

Marking Strategies

Trust Boundaries

# Configure trust boundaries
interface GigabitEthernet0/0/1
 description Trusted-Phone-Port
 mls qos trust dscp

interface GigabitEthernet0/0/2
 description Untrusted-PC-Port
 mls qos trust cos
 mls qos cos 0

! Conditional trust
mls qos map cos-dscp 0 8 16 24 32 46 48 56

Marking Policies

# Create marking policy
policy-map MARK-TRAFFIC
 class VOICE-CLASS
  set dscp ef
  set ip precedence 5
 class VIDEO-CLASS
  set dscp af41
 class CRITICAL-CLASS
  set dscp af31
 class class-default
  set dscp default

! Apply marking policy
interface GigabitEthernet0/0/1
 service-policy input MARK-TRAFFIC

Queuing Mechanisms

Queuing Algorithms

First In, First Out (FIFO)

Simple: Single queue, no prioritization
Fair: All packets treated equally
Limitations: No QoS differentiation
Usage: Default behavior without QoS

Priority Queuing (PQ)

Strict Priority: High priority always served first
Starvation Risk: Low priority may never be served
Usage: Voice traffic in LLQ

Weighted Fair Queuing (WFQ)

Flow-based: Separate queue per flow
Fairness: Bandwidth allocated by flow weight
Automatic: No configuration required
Limitations: Not suitable for high-speed interfaces

Class-Based Weighted Fair Queuing (CBWFQ)

Class-based: Queues based on traffic classes
Bandwidth Guarantees: Minimum bandwidth per class
Scalable: Suitable for high-speed interfaces
Flexible: Configurable class definitions

Queuing Configuration

Basic CBWFQ Configuration

# Configure CBWFQ policy
policy-map CBWFQ-POLICY
 class VOICE-CLASS
  bandwidth 1000
 class VIDEO-CLASS
  bandwidth 3000
 class CRITICAL-CLASS
  bandwidth 2000
 class class-default
  bandwidth 1000
  fair-queue

! Apply to interface
interface GigabitEthernet0/0/0
 service-policy output CBWFQ-POLICY

Low Latency Queuing (LLQ)

# Configure LLQ for voice
policy-map LLQ-POLICY
 class VOICE-CLASS
  priority 1000
 class VIDEO-CLASS
  bandwidth 3000
 class CRITICAL-CLASS
  bandwidth 2000
 class class-default
  bandwidth remaining percent 20
  fair-queue

! Verify LLQ configuration
show policy-map interface GigabitEthernet0/0/0

Advanced Queuing Features

Bandwidth Allocation

# Percentage-based bandwidth allocation
policy-map PERCENT-POLICY
 class VOICE-CLASS
  priority percent 20
 class VIDEO-CLASS
  bandwidth percent 30
 class CRITICAL-CLASS
  bandwidth percent 25
 class class-default
  bandwidth percent 25

# Remaining bandwidth allocation
policy-map REMAINING-POLICY
 class VOICE-CLASS
  priority 1000
 class VIDEO-CLASS
  bandwidth remaining percent 40
 class CRITICAL-CLASS
  bandwidth remaining percent 35
 class class-default
  bandwidth remaining percent 25

Queue Limits and Drop Policies

# Configure queue limits
policy-map QUEUE-LIMITS
 class VOICE-CLASS
  priority 1000
  queue-limit 32
 class VIDEO-CLASS
  bandwidth 3000
  queue-limit 64
 class BULK-CLASS
  bandwidth 1000
  queue-limit 128
  random-detect

Congestion Avoidance

Random Early Detection (RED)

RED prevents global synchronization by randomly dropping packets before queues become full.

Weighted Random Early Detection (WRED)

# Configure WRED
policy-map WRED-POLICY
 class CRITICAL-CLASS
  bandwidth 2000
  random-detect dscp-based
  random-detect dscp af31 20 40 10
  random-detect dscp af32 15 35 10
  random-detect dscp af33 10 30 10
 class BULK-CLASS
  bandwidth 1000
  random-detect
  random-detect exponential-weighting-constant 9

! Verify WRED configuration
show policy-map interface GigabitEthernet0/0/0
show queueing interface GigabitEthernet0/0/0

WRED Parameters

Minimum Threshold: Start dropping probability
Maximum Threshold: 100% drop probability
Mark Probability Denominator: Drop probability calculation
Exponential Weighting Constant: Average queue depth calculation

Traffic Shaping and Policing

Traffic Shaping

Traffic shaping delays excess traffic to conform to a configured rate.

Generic Traffic Shaping (GTS)

# Configure traffic shaping
interface GigabitEthernet0/0/0
 traffic-shape rate 10000000 20000 20000
 # Rate: 10 Mbps, Burst: 20KB, Excess burst: 20KB

# Class-based shaping
policy-map SHAPE-POLICY
 class VIDEO-CLASS
  shape average 5000000
 class BULK-CLASS
  shape average 2000000 4000 4000
 class class-default
  shape average 1000000

interface GigabitEthernet0/0/0
 service-policy output SHAPE-POLICY

Hierarchical QoS

# Parent policy for shaping
policy-map PARENT-SHAPE
 class class-default
  shape average 10000000
  service-policy CHILD-QUEUE

# Child policy for queuing
policy-map CHILD-QUEUE
 class VOICE-CLASS
  priority percent 20
 class VIDEO-CLASS
  bandwidth percent 30
 class CRITICAL-CLASS
  bandwidth percent 25
 class class-default
  bandwidth percent 25

interface GigabitEthernet0/0/0
 service-policy output PARENT-SHAPE

Traffic Policing

Traffic policing drops or marks excess traffic that exceeds configured rates.

Single-Rate Policing

# Configure single-rate policer
policy-map POLICE-POLICY
 class BULK-CLASS
  police rate 2000000 burst 4000
   conform-action transmit
   exceed-action drop
 class class-default
  police rate 1000000 burst 2000
   conform-action transmit
   exceed-action set-dscp-transmit default

interface GigabitEthernet0/0/1
 service-policy input POLICE-POLICY

Dual-Rate Policing

# Configure dual-rate policer
policy-map DUAL-RATE-POLICE
 class CRITICAL-CLASS
  police cir 2000000 bc 4000 pir 4000000 be 8000
   conform-action transmit
   exceed-action set-dscp-transmit af32
   violate-action drop

interface GigabitEthernet0/0/1
 service-policy input DUAL-RATE-POLICE

QoS Monitoring and Troubleshooting

QoS Statistics

# Monitor QoS statistics
show policy-map interface GigabitEthernet0/0/0
show queueing interface GigabitEthernet0/0/0
show interfaces GigabitEthernet0/0/0 | include drops

# Detailed class statistics
show policy-map interface GigabitEthernet0/0/0 output class VOICE-CLASS
show policy-map interface GigabitEthernet0/0/0 input class BULK-CLASS

Traffic Analysis

# Analyze traffic patterns
show ip nbar protocol-discovery
show ip nbar protocol-discovery interface GigabitEthernet0/0/1

# Monitor DSCP distribution
show mls qos interface GigabitEthernet0/0/1 statistics
show ip cef switching-statistics

# Real-time monitoring
show interfaces GigabitEthernet0/0/0 | include rate
show policy-map interface GigabitEthernet0/0/0 | include offered

QoS Troubleshooting

Common QoS Issues

# 1. Classification problems
show class-map
show policy-map
show ip nbar protocol-discovery

# 2. Marking issues
show mls qos maps
show mls qos interface statistics

# 3. Queuing problems
show queueing interface GigabitEthernet0/0/0
show policy-map interface GigabitEthernet0/0/0

# 4. Bandwidth allocation
show interfaces GigabitEthernet0/0/0 | include BW
show policy-map interface GigabitEthernet0/0/0 | include bandwidth

Debug Commands

# Debug QoS (use carefully in production)
debug policy-map
debug qos set
debug mls qos

# Monitor specific classes
show policy-map interface GigabitEthernet0/0/0 output class VOICE-CLASS

QoS Design Best Practices

Voice QoS Requirements

# Voice QoS configuration
policy-map VOICE-OPTIMIZED
 class VOICE-BEARER
  priority percent 10
  set dscp ef
 class VOICE-SIGNALING
  bandwidth percent 5
  set dscp cs3
 class VIDEO-CLASS
  bandwidth percent 33
  set dscp af41
 class CRITICAL-DATA
  bandwidth percent 25
  set dscp af31
 class class-default
  bandwidth percent 27
  fair-queue
  random-detect dscp-based

Video QoS Requirements

# Video QoS configuration
policy-map VIDEO-OPTIMIZED
 class VOICE-CLASS
  priority percent 10
 class INTERACTIVE-VIDEO
  bandwidth percent 20
  set dscp af41
  queue-limit 64
 class STREAMING-VIDEO
  bandwidth percent 15
  set dscp af31
  random-detect dscp-based
 class class-default
  bandwidth percent 55
  fair-queue

Data QoS Requirements

# Data application QoS
policy-map DATA-OPTIMIZED
 class VOICE-CLASS
  priority percent 10
 class MISSION-CRITICAL
  bandwidth percent 25
  set dscp af31
 class TRANSACTIONAL-DATA
  bandwidth percent 20
  set dscp af21
 class BULK-DATA
  bandwidth percent 15
  set dscp af11
  random-detect
 class class-default
  bandwidth percent 30
  fair-queue

Testing QoS Implementation

Traffic Generation

# Generate test traffic from data workstation
docker exec -it clab-qos-data-workstation sh

# High-priority traffic test
iperf3 -c 10.1.13.2 -t 60 -b 5M --dscp 46

# Video traffic test
iperf3 -c 10.1.13.2 -t 60 -b 10M --dscp 34

# Bulk data test
iperf3 -c 10.1.13.2 -t 60 -b 20M --dscp 10

# Monitor QoS statistics during tests
docker exec -it clab-qos-core-router cli -c "show policy-map interface GigabitEthernet0/0/0"

Performance Validation

# Validate QoS performance
show policy-map interface GigabitEthernet0/0/0 | include offered|drop
show interfaces GigabitEthernet0/0/0 | include drops|rate

# Check queue depths
show queueing interface GigabitEthernet0/0/0

# Verify DSCP marking
show ip nbar protocol-discovery interface GigabitEthernet0/0/1 stats packet-count

Summary

Quality of Service is essential for managing network resources and ensuring application performance in modern networks. Understanding traffic characteristics, classification methods, queuing algorithms, and congestion management techniques enables effective QoS implementation for voice, video, and data applications.

Key concepts covered: - QoS fundamentals and service models - Traffic classification and DSCP marking - Queuing mechanisms (FIFO, PQ, WFQ, CBWFQ, LLQ) - Congestion avoidance with WRED - Traffic shaping and policing - QoS monitoring and troubleshooting

In the next chapter, we’ll explore advanced QoS implementation including Modular QoS CLI (MQC) and complex policy configurations.

Review Questions

What are the differences between IntServ and DiffServ QoS models?
How do you classify traffic using NBAR and ACLs?
What are the characteristics of voice, video, and data traffic?
How does Low Latency Queuing (LLQ) work?
What’s the difference between traffic shaping and policing?