1 © 2006 Cisco Systems, Inc. All rights reserved. NJEDge.Net DRG/VRG Video QoS NEXT GENERATION NETWORK Walter King System

222 © 2006 Cisco Systems, Inc. All rights reserved. Agenda QoS Technologies Review NJEDGE Model

333 © 2006 Cisco Systems, Inc. All rights reserved. QoS Technologies Review QoS overview Classification Tools Scheduling Tools Policing and Shaping Tools CAC - Call Admission control

444 © 2006 Cisco Systems, Inc. All rights reserved. Different Types of Traffic Have Different Needs Application Examples Sensitivity DelayJitter Packet Loss Interactive Voice and Video YYY Streaming Video NYY Transactional / Interactive YNN Bulk Data File Transfer NNN Real-time applications especially sensitive Interactive voice Videoconferencing Causes of degraded performance Congestion Convergence Peak traffic load Link speed & capacity differences  Set application service level objectives

555 © 2006 Cisco Systems, Inc. All rights reserved. Video QoS Requirements Provisioning for Interactive Video Latency ≤ 150 ms Jitter ≤ 30 ms Loss ≤ 1% Minimum priority bandwidth guarantee required is Video-stream + 10–20% e.g., a 384 kbps stream could require up to 460 kbps of priority bandwidth CAC must be enabled Video One-Way Requirements Bursty Drop sensitive Delay sensitive UDP priority

666 © 2006 Cisco Systems, Inc. All rights reserved. “P” and “B” Frames 128–256 Bytes “I” Frame 1024–1518 Bytes “I” Frame 1024–1518 Bytes 15pps 30pps 450Kbps 32Kbps Video QoS Requirements Video Conferencing Traffic Example (384 kbps) “I” frame is a full sample of the video “P” and “B” frames use quantization via motion vectors and prediction algorithms

777 © 2006 Cisco Systems, Inc. All rights reserved. Video QoS Requirements Video Conferencing Traffic Packet Size Breakdown 65–128 Bytes 1% 129–256 Bytes 34% 513–1024 Bytes 20% 1025–1500 Bytes 37% 257–512 Bytes 8%

888 © 2006 Cisco Systems, Inc. All rights reserved. Remote Sites 1000M Central Site METRO-E Frame Relay, ATM 10M 20M 30M 50M 100M Result: Buffering = Delay or Dropped Packets Problems in non-CoS Network Scenario Central to Remote Site Speed Mismatch Remote to Central Site Over-subscription Predictable (contractual) sharing of bandwidth

999 © 2006 Cisco Systems, Inc. All rights reserved. Quality of Service Operations How Do QoS Tools Work? Classification and Marking Queuing and (Selective) Dropping Post-Queuing Operations

10 © 2006 Cisco Systems, Inc. All rights reserved. QoS Technologies Review QoS overview Classification Tools Scheduling Tools Policing and Shaping Tools CAC - Call Admission control

11 © 2006 Cisco Systems, Inc. All rights reserved. Classification Tools Ethernet 802.1Q Class of Service 802.1p user priority field also called Class of Service (CoS) Different types of traffic are assigned different CoS values CoS 6 and 7 are reserved for network use TAG 4 Bytes Three Bits Used for CoS (802.1p User Priority) DataFCSPT SADASFDPream. Type 802.1Q/p Header PRIVLAN IDCFI Ethernet Frame Best Effort Data Bulk Data Critical Data Call Signaling Video Voice Routing Reserved CoSApplication

12 © 2006 Cisco Systems, Inc. All rights reserved. Classification Tools IP Precedence and DiffServ Code Points IPv4: three most significant bits of ToS byte are called IP Precedence (IPP)—other bits unused DiffServ: six most significant bits of ToS byte are called DiffServ Code Point (DSCP)—remaining two bits used for flow control DSCP is backward-compatible with IP precedence IDOffsetTTLProtoFCSIP SAIP DADataLen Version Length ToS Byte DiffServ Code Point (DSCP)IP ECN IPv4 Packet IP PrecedenceUnused Standard IPv4 DiffServ Extensions

13 © 2006 Cisco Systems, Inc. All rights reserved. Payload Label Header Label Stack Layer-2 Header Classification Tools MPLS EXP Bits Packet class and drop precedence inferred from EXP (three-bit) field RFC3270 does not recommend specific EXP values for DiffServ PHB (EF/AF/DF) Used for frame-based MPLS Label EXP S TTL MPLS Shim Header EXP Frame Encapsulation 3210 MPLS EXP S

14 © 2006 Cisco Systems, Inc. All rights reserved. Classification Tools DSCP Per-Hop Behaviors IETF RFCs have defined special keywords, called Per-Hop Behaviors, for specific DSCP markings EF: Expedited Forwarding (RFC3246) (DSCP 46) CSx: Class Selector (RFC2474) Where x corresponds to the IP Precedence value (1–7) (DSCP 8, 16, 24, 32, 40, 48, 56) AFxy: Assured Forwarding (RFC2597) Where x corresponds to the IP Precedence value (only 1–4 are used for AF Classes) And y corresponds to the Drop Preference value (either 1 or 2 or 3) With the higher values denoting higher likelihood of dropping (DSCP 10/12/14, 18/20/22, 26/28/30, 34/36/38) BE: Best Effort or Default Marking Value (RFC2474) (DSCP 0)

15 © 2006 Cisco Systems, Inc. All rights reserved. Classification Tools Network-Based Application Recognition Identifies over 90 applications and protocols TCP and UDP port numbers Statically assigned Dynamically assigned during connection establishment Non-TCP and non-UDP IP protocols Data packet inspection for matching values ToSSource IP Addr Dest IP Addr Src Port Sub-Port/Deep Inspection Dst Port Protocol TCP/UDP PacketData AreaIP Packet Stateful and Dynamic Inspection

16 © 2006 Cisco Systems, Inc. All rights reserved. 4-GB Ethernet interfaces System bypass mechanism Deep Packet Inspection for up to 2 million concurrent unidirectional application flows Up to 4Gbps throughput Up to 80,000 concurrent subscribers Support for redundant topologies FRU AC or DC power supplies/fans Redundant management interfaces SCE 2000 Series 2-GB Ethernet interfaces System bypass mechanism Deep Packet Inspection for up to 2 million concurrent unidirectional application flows Up to 2Gbps throughput Up to 40,000 concurrent subscribers FRU AC or DC power supplies/fans Redundant management interfaces SCE 1000 Series Cisco Service Control Engine Traffic Shaper (All QoS Tools) State of the Art Performance and Carrier-grade Reliabilty

17 © 2006 Cisco Systems, Inc. All rights reserved. Traffic Reports Bi-Directional Bandwidth per Video Service Global Concurrent Session per VoIP/Video Service Global Hourly Call Minutes per VoIP/Video Service Hourly SIP/H323 Top Talkers Top SIP Domains by Volume Understand Usage Trends of VoIP Service and Other Offerings Voice Experience Reports (Part of 3.0.X)

18 © 2006 Cisco Systems, Inc. All rights reserved. Top SIP Domains by Volume Voice Experience Reports (Part of 3.0.X) Voice Reports—Example Bi-Directional Bandwidth per VoIP Service Global Concurrent Session per VoIP Service Global Hourly Call Minutes per VoIP Service Hourly SIP Top Talkers Example—Call Minutes Usage My Broadband Customers Are Using Skype for 500min of Call Time per Hour…

19 © 2006 Cisco Systems, Inc. All rights reserved. QoS Technologies Review QoS overview Classification Tools Scheduling Tools Policing and Shaping Tools CAC - Call Admission control

20 © 2006 Cisco Systems, Inc. All rights reserved. Scheduling Tools Queuing Algorithms Congestion can occur at any point in the network where there are speed mismatches Routers use Cisco IOS-based software queuing Low-Latency Queuing (LLQ) used for highest-priority traffic (voice/video) Class-Based Weighted-Fair Queuing (CBWFQ) used for guaranteeing bandwidth to data applications Cisco Catalyst switches use hardware queuing Voice Video Data

21 © 2006 Cisco Systems, Inc. All rights reserved. Time Bandwidth Utilization 100% Tail Drop Three Traffic Flows Start at Different Times Another Traffic Flow Starts at This Point TCP Global Synchronization: The Need for Congestion Avoidance All TCP flows synchronize in waves Synchronization wastes available bandwidth

22 © 2006 Cisco Systems, Inc. All rights reserved TAIL DROP 3 33 WRED Queue Scheduling Tools Congestion Avoidance Algorithms Queueing algorithms manage the front of the queue  Which packets get transmitted first Congestion avoidance algorithms manage the tail of the queue  Which packets get dropped first when queuing buffers fill Weighted Random Early Detection (WRED) WRED can operate in a DiffServ-compliant mode  Drops packets according to their DSCP markings WRED works best with TCP-based applications, like data

23 © 2006 Cisco Systems, Inc. All rights reserved. Scheduling Tools DSCP-Based WRED Operation Average Queue Size 100% 0 Drop Probability Begin Dropping AF13 Drop All AF11 Max Queue Length (Tail Drop) Drop All AF12 Drop All AF13 Begin Dropping AF12 Begin Dropping AF11 50% AF = (RFC 2597) Assured Forwarding

24 © 2006 Cisco Systems, Inc. All rights reserved. Congestion Avoidance IP header Type of Service (ToS) byte Explicit Congestion Notification (ECN) bits ECT Bit: ECN-Capable Transport CE Bit: Congestion Experienced IDOffsetTTLProtoFCSIP SAIP DADataLen Version Length ToS Byte DiffServ Code Point (DSCP)CE IPv4 Packet ECT RFC3168: IP Explicit Congestion Notification

25 © 2006 Cisco Systems, Inc. All rights reserved. QoS Technologies Review QoS overview Classification Tools Scheduling Tools Policing and Shaping Tools CAC - Call Admission control

26 © 2006 Cisco Systems, Inc. All rights reserved. Policing Tools RFC 2697 Single Rate Three Color Policer Action Overflow B<Tc B<Te ConformExceedViolate CBSEBS CIR Yes No Action Packet of Size B

27 © 2006 Cisco Systems, Inc. All rights reserved. Policing Tools RFC 2698 Two Rate Three Color Policer Action B>Tp B>Tc ExceedViolate PBSCBS PIR Yes No Conform Action Packet of Size B CIR

28 © 2006 Cisco Systems, Inc. All rights reserved. Traffic Shaping Policers typically drop traffic Shapers typically delay excess traffic, smoothing bursts and preventing unnecessary drops Very common on Non-Broadcast Multiple-Access (NBMA) network topologies such as Frame Relay and ATM With Traffic Shaping Without Traffic Shaping Line Rate Shaped Rate Traffic Shaping Limits the Transmit Rate to a Value Lower Than Line Rate

29 © 2006 Cisco Systems, Inc. All rights reserved. QoS Technologies Review QoS overview Classification Tools Scheduling Tools Policing and Shaping Tools CAC - Call Admission Control

30 © 2006 Cisco Systems, Inc. All rights reserved. Introduction Why Is Call Admission Control (CAC) Needed? PSTN Circuit-Switched Networks Packet-Switched Networks PBX Physical Trunks STOP IP WAN Link IP WAN Link’s LLQ Is Provisioned for Two Calls (Equivalent to Two “Virtual” Trunks) Third Call Rejected No Physical Limitation on IP Links; Third Call Can Go Through, but Voice Quality of All Calls Degrades  Call Admission Control Blocks Third Call IP WAN Router/ Gateway Call Manager

31 © 2006 Cisco Systems, Inc. All rights reserved. Gatekeeper Zones Basics Cisco IOS feature, based on H.323 RAS protocol Can be used between Cisco CallManager clusters, H.323 gateways and H.323 endpoints Provides CAC using concept of zones and associated bandwidth counters Static configuration approach limits supported topologies (mainly hub-and-spoke) gatekeeper zone local A abc.com zone local B abc.com zone remote C abc.com zone remote D abc.com bandwidth interzone zone A 384 bandwidth interzone zone B 256 bandwidth remote 512 GK

32 © 2006 Cisco Systems, Inc. All rights reserved. GK 1’s Local Zones GK 1 GK 2’s Local Zones GK 2 Zone BZone A Zone DZone C. Gatekeeper Zones Zone Concept Zones A Logical Representation of a Physical Location Gatekeeper A Physical Device Gatekeeper A Physical Device GK

33 © 2006 Cisco Systems, Inc. All rights reserved. Zone B Zone A Zone DZone C Gatekeeper Zones Bandwidth Configuration GK 1’s Local Zones GK 1 GK 2’s Local Zones GK 2 GK Bandwidth Remote bandwidth remote max-bw “bandwidth remote max-bw” The Total Bandwidth Allowed in/out of the Physical GK bandwidth interzone zone xyz max-bw “bandwidth interzone zone xyz max-bw” This Is the Total Bandwidth Allowed in/out of the Zone bandwidth total zone xyz max-bw “bandwidth total zone xyz max-bw” The Total Bandwidth Allowed Within a Zone as Well as in/out of the Zone bandwidth session zone xyz max-bw “bandwidth session zone xyz max-bw “ This Is the Maximum Bandwidth Allowed per Session

34 © 2006 Cisco Systems, Inc. All rights reserved. GK2 Remote= 48KIn Use = 0 Zone C InterZone= 32KIn Use = 0 Total= 32KIn Use = 0 Zone D InterZone= 32KIn Use = 0 Total= 32KIn Use = 0 Session = 16K GK1 Remote= 32KIn Use = 0 Zone A InterZone= 32KIn Use = 0 Total= 48KIn Use = 0 Zone B InterZone= 48KIn Use = 0 Total= 48KIn Use = 0 Session = 16K Gatekeeper Zones Bandwidth Calculations Zone B Zone A Zone DZone C GK 1’s Local ZonesGK 2’s Local Zones Blue Text Represents Configured Bandwidth Assume Requested Bandwidth for Each Call Equals 16K GK 1GK 2 GK X

35 © 2006 Cisco Systems, Inc. All rights reserved. Gatekeeper Zones Bandwidth Provisioning GatekeeperL3 Bandwidth L2 Bandwidth (Frame Relay) G.711 Audio 128 Kbps (64K x 2) 80 Kbps (64K + Header) 81.6 Kbps (80K + L2 Hdr) G.729 Audio 16 Kbps (8K x 2) 24 Kbps (8K + Header) 25.6 Kbps (24K + L2 Hdr) 384K Video 768 Kbps (384K x 2) 420 Kbps (384K + est. L2/L3 Headers) Provision LLQ PQ with These Values For More Details, Refer to the QoS SRND and IP Telephony SRND at:

36 © 2006 Cisco Systems, Inc. All rights reserved. Agenda QoS Technologies Review NJEDGE Model

38 © 2006 Cisco Systems, Inc. All rights reserved. SES EVC VLAN Internet Purchased Rate Policed Rate Inherited SubRates Based on Usage Traffic Classes Internet2 NJEDge Video Extranet Other SES EVC VLAN Internet Purchased Class Best Effort Policed Rate Purchased Rate Policed Rate Inherited SubRates Based on Usage Traffic Classes Internet2 NJEDge Video Purchased Class Priority Data Policed Rate Extranet Other Class Marking 2 Class Marking 0 EVC Full Policed Rate EVC Full Policed Rate Purchased Class Best Effort Policed Rate Purchased Class Priority Data Policed Rate Class Marking 0 Class Marking 2 SES EVC RATES and CLASSES TODAY

39 © 2006 Cisco Systems, Inc. All rights reserved. Classifying Traffic from Internal Network ip access-list extended njedge-allother-traffic permit ip any any ip access-list extended mc-control-acl permit ip any ip access-list extended njedge-VoIP permit udp any any range ip access-list extended njedge-h323-VC permit tcp any any eq 1720 permit udp any any eq 1719 permit tcp any any eq 1719 permit udp any any eq 1718 permit ip host any permit tcp any any eq 1718 class-map match-any in-EF match ip dscp ef match ip precedence 5 match access-group name njedge-VoIP class-map match-all in-CS4 match access-group name mc-control-acl class-map match-any in-af41 match ip precedence 4 match access-group name njedge-h323-VC class-map match-all in-best-effort match access-group name njedge-allother-traffic Applying Classification from Internal Network policy-map in-SETDSCP class in-EF set ip dscp ef class in-af41 set ip dscp af41 class in-CS4 set ip dscp cs4 class in-best-effort set ip dscp default ! interface GigabitEthernet0/3 ip address ip pim sparse-mode load-interval 30 duplex auto speed auto media-type rj45 no negotiation auto service-policy input in-SETDSCP Interface GigabitEthernet0/3Interface GigabitEthernet0/0 12 Video1 ToS = p=0 Video1 ToS = p=0 HTTP ToS = p=0 HTTP ToS = p=0 Video2 ToS = p=0 Video2 ToS = p=0 Packets

40 © 2006 Cisco Systems, Inc. All rights reserved. Classifying Traffic out to SES class-map match-all out-ROUTING match ip dscp cs6 class-map match-all out-VOICE match ip dscp ef class-map match-any out-INTERACTIVE-VIDEO match ip dscp af41 af42 af43 match precedence 4 class-map match-all out-STREAMING-VIDEO match ip dscp cs4 class-map match-any out-DEFAULT-BEST-EFFORT match ip dscp default policy-map SCHOOL-EDGE-TWO-CLASS-SES class out-ROUTING bandwidth percent 1 set cos 2 class out-VOICE priority percent 4 set cos 2 class out-INTERACTIVE-VIDEO priority percent 12 set ip dscp cs4 set cos 2 class out-STREAMING-VIDEO set cos 0 class out-DEFAULT-BEST-EFFORT bandwidth percent 83 random-detect set cos 0 Applying Classification on to SES Interface policy-map SHAPE-PARENT class class-default shape average percent 4 service-policy SCHOOL-EDGE-TWO-CLASS-SES Interface GigabitEthernet0/2 no ip address load-interval 30 duplex auto speed auto media-type rj45 no negotiation auto ! interface GigabitEthernet0/2.93 description to CORE (I1) NJEDGEI1 VRF encapsulation dot1Q 93 ip address ip pim sparse-mode no snmp trap link-status service-policy output SHAPE-PARENT Interface GigabitEthernet0/3 Interface GigabitEthernet0/ Video1 DSCP=af p=2 Video1 DSCP=af p=2 HTTP DSCP = p=0 HTTP DSCP = p=0 Video2 DSCP = af p=2 Video2 DSCP = af p=2 Packets

41 © 2006 Cisco Systems, Inc. All rights reserved.

DESIGN Phase I NJEDge INSTITUTION EDGE

NJEDge II Applications and Network Services Internet2 Internet Video Conferencing National Lambda Rail National Research Foundation Apps Weather Modelling GRID Clustering GRID HPC Disaster Recovery Storage Video on Demand/Streaming Video DVI HDTV /Very High Bandwidth Video Multicast/Streaming Video Community Medical Computing VoIP IP Telephony VoIP Peering 1Mbps - 10Gbps and 40Gbps Access/Transport Ability Evolutional Growth Tiered Classified Site Models/Modularity Full Manageability/A-Z Provisioning Ability to bring on any service Rapid Enablement Shared Secure Access Any-to-Any Access Separation Segmentation Virtualization MPLS Security Scaling IPv6 QoS Redundancy/Resiliency/Multi-paths Non-Stop Forwarding Applications Network Services

44 © 2006 Cisco Systems, Inc. All rights reserved. NJEDge II Applications and Network Services Next Gen Impact Segmentation Differentiation How PVC VLAN MPLS QoS ATM vs SES vs Fiber: 1.544Mbps -1GE - 10GE: QoS: Implementation How Classification Shaping Policing Sharing BGP or Not Default Routing – General Routing Full Routes - Specific routing BGP: T1 1.5Mbps 10Mbps,20Mbps,50Mbps OC-3,100Mbps,200Mbps 1GE 10 GE Dark Fiber, GE, WDM

45 © 2006 Cisco Systems, Inc. All rights reserved. NJEDge II Applications and Network Services Next Gen Impact Institutional Routing Separation of I1 vs I2 vs DR vs Intra-campus bond traffic MPLS at the Edge: I2 Multicast Streams VPN IPv4 vs IPv6: PIX 6.3 vs 7.0 FWSM 2.3 vs 3.1 Traffic Control with RPs and QoS RPs Inside and Out Multicast: Regulatory : CLEA SOX HIPPA High Speed Synchronous Replication Moderate Asynchronous Replication Jumbo Frames Encryption Storage over IP :

46 © 2006 Cisco Systems, Inc. All rights reserved. Receiver for NJEDge Connectivity School Site CE Change CE Intranet/Internet 2 ATM PVC Internet ATM PVC SchoolX Internet ATM PVC Intranet /Internet2 ATM PVC PE PE Verizon MPLS CORE Commodity Internet PE Internet 2 Receiver for CE Intranet/Internet 2 VRF under single PVC Internet VRF under singlePVC Internet VRF Intranet /Internet2 VRF SchoolX ATM Managed Service today ATM Managed Service Tomorrow Verizon ATM CORE 165 Halsey St. Carrier Hotel Commodity Internet 10G 32Lambda MAGPI Internet 2 GK OR

47 © 2006 Cisco Systems, Inc. All rights reserved. NJEDge II Connectivity School Site CE Change Receiver for Intranet/Internet 2 VRF under single PVC Internet VRF under singlePVC Internet VLAN VRF Intranet /Internet2 VLAN VRF SchoolX GE Managed Service or Dark Fiber Tomorrow 165 Halsey St. Carrier Hotel Commodity Internet 10G 32Lambda MAGPI Internet 2 GK OR CE 100Mbps/1000Mbps Rate 3845NS, 7200 NPE-G1/2 or 7301/4 Router 100Mbps/1000/10000Mbps Rate M /Sup32 1GE/10GE Access Method CE Direct Fiber CE CWDM and/or DWDM 100Mbps and Multiple 100Mbps Rates CE SES or Direct Fiber-Ethernet

48 © 2006 Cisco Systems, Inc. All rights reserved. NJEDge II Connectivity Example Internet and DMZ Design – De-aggregation School DMZ Design IPS GUARD XT DDOS SSL /IPSEC VPN Public Servers Application Servers Database Servers Institution/Internet Edge Router Firewall IPS Global Loadbalancer Server LoadBalancer SSL Offload Content Engine WAAF Shown are de-aggregated functions of combination appliance as well appliance functions– various switch and firewall functions are virtual GK CS-MARS SCE Service Control Engine NJEDgeNet Core

49 © 2006 Cisco Systems, Inc. All rights reserved.

50 © 2006 Cisco Systems, Inc. All rights reserved.

51 © 2006 Cisco Systems, Inc. All rights reserved.

52 © 2006 Cisco Systems, Inc. All rights reserved.

53 © 2006 Cisco Systems, Inc. All rights reserved.

54 © 2006 Cisco Systems, Inc. All rights reserved.

55 © 2006 Cisco Systems, Inc. All rights reserved.

56 © 2006 Cisco Systems, Inc. All rights reserved.