Providing QoS in IP Networks Future: next generation Internet with QoS guarantees m Differentiated Services: differential guarantees m Integrated Services: firm guarantees r simple model for sharing and congestion studies:

Principles for QoS Guarantees r Example: 1Mbps IP phone, FTP share 1.5 Mbps link. m bursts of FTP can congest router, cause audio packets to be excessively delayed or lost m want to give priority to audio over FTP packet marking needed for router to distinguish among packets belonging to different classes of traffic; new router policy needed to treat packets accordingly Principle 1

Principles for QoS Guarantees what if applications misbehave (e.g. audio sends higher than declared rate)? r policing: force source adherence to certain criteria (drop or delay packets, e.g., leaky bucket) r Packet classification/marking and policing done at network edge (in the host or at an edge router) provide protection (isolation) for one class from others Principle 2

Principles for QoS Guarantees r Allocating fixed (non-sharable) bandwidth to each flow: inefficient use of bandwidth if flows doesn’t use its allocation While providing isolation among flows, it is desirable to use resources as efficiently as possible Principle 3

Principles for QoS Guarantees r Basic fact of life: can not support traffic demands beyond link capacity Call Admission: flow declares its QoS requirement, network either accepts the flow or blocks the flow (if it cannot provide the required QoS). Principle 4

Scheduling Mechanisms r scheduling: choose next packet to send on link r FIFO (first in first out) scheduling: send in order of arrival to queue r Drawbacks of FIFO scheduling m No special treatment is given to packets from flows that are of higher priority or are more delay sensitive m Flows of larger packets get better service m A greedy flow will adversely affect other flows

Scheduling Mechanisms Priority scheduling: r Multiple priority classes, each has its own queue r A packet’s priority class may depend on an explicit marking or other header info, e.g. source/dest IP address, source/dest port number, etc. r Transmit a packet from the highest priority class that has a nonempty queue

Scheduling Mechanisms Round Robin scheduling: r multiple classes, each has own queue r cyclically scan class queues, serving one packet from each class (if available) m No advantage in being greedy r Work-conserving queuing discipline: never allow the link to remain idle whenever there are packets queued for transmission

Scheduling Mechanisms Weighted Fair Queuing (WFQ): approximate fluid fair queuing (FFQ) r FFQ: m A separate FIFO queue for each connection sharing the same link. m During any time interval when there are N nonempty queues, the server serves the N packets at the head of the queues simultaneously m At any time t, the service rate for a nonempty queue i is where w i is the weight associated with queue i, B(t) is the set of nonempty queues, and C is the link speed. m FFQ allows different connections to have different service shares.

WFQ r FFQ is impractical because m Only one connection can receive service at a time m An entire packet must be served before another packet can be served r WFQ: When the server is ready to transmit the next packet at time t, it picks the first packet that would complete service in the corresponding FFQ system if no additional packets were to arrive after time t

Policing Mechanisms Goal: regulate the rate at which a flow is allowed to inject packets into the network Three policing criteria: r (Long term) Average Rate: how many packets can be sent per time interval m crucial question: what is the interval length? r Peak Rate: max. number of packets that can be sent over a short period of time. r Burst Size: max. number of packets that can be sent consecutively (with no intervening idle)

Policing Mechanisms Token Bucket: limit input to specified Burst Size and Average Rate. r bucket can hold b tokens r tokens generated at rate r token/sec m Token added to bucket if bucket not full, ignored otherwise r A packet must remove a token from the token bucket before it is transmitted into the network

Policing Mechanisms (more) For a leaky-bucket-policed flow: r The max. burst size is b packets r Over interval of length t: max. number of packets admitted is (r t + b)  r limit the long term average rate r Leaky bucket + WFQ = guaranteed upper bound on end-to-end delay and delay jitter, i.e., QoS guarantee! m A connection’s guaranteed rate must be greater than or equal to the connection’s average rate

IETF Integrated Services (RFC1633) r Architecture for providing QoS guarantees to individual application sessions r Call setup: A session requiring QoS guarantees must first reserve sufficient resources at each router on its path before transmitting data r Arriving session must: m declare its QoS requirement using R-spec m characterize traffic it will send into network using T-spec r A signaling protocol is needed to carry R-spec and T-spec to routers m RSVP r Router must determine whether or not it can admit the call r Router must maintain per-flow state (allocated resources, QoS requests)

Router components  Classifier: perform a Multi-Field (MF) classification and put the packet in a specific queue based on the classification result.  Packet scheduler: schedule the packet accordingly to meet its QoS requirements.

RSVP r RSVP: a signaling protocol for applications to reserve resources (link bandwidth and buffer space) m Provide reservations for bandwidth in multicast trees m Receiver-oriented m Can reserve resources for heterogeneous receivers r Sender sends a PATH message to the receiver specifying the characteristic of the traffic and QoS requirement r Receiver responds with a RESV message to request resources for the flow m An intermediate router can reject or accept the request of the RESV message m A router may merge the reservation messages arriving from downstream

Intserv Service Models Guaranteed service: r Provide firm bounds on end-to- end datagram queuing delays. r Provide bandwidth guarantee r Leaky-bucket-policed source + WFQ WFQ token rate, r bucket size, b per-flow rate, R D = b/R max arriving traffic Controlled load service: r Provide a quality of service closely approximating the QoS that the same flow would receive from an unloaded network element. m A very high percentage of transmitted packets will be successfully delivered to the destination. m A very high percentage of transmitted packets will experience a queuing delay close to 0.

IETF Differentiated Services Concerns with Intserv: r Scalability: router need to process resource reservations and maintaining state for each flow. r Flexible Service Models: Intserv has only two classes. Also want “qualitative” service classes Diffserv approach: r Goal: provide the ability to handle different classes of traffic in different ways r Scalable: simple functions in network core, relatively complex functions at network edge r Flexible: don’t define specific service classes, provide functional components to build service classes

Diffserv Architecture Edge router: -Packets are marked -The mark of a packet identifies the class of traffic to which the packet belongs Core router: -Packet forwarded to the next hop according to the per-hop behavior (PHB) associated with that packet’s class -PHB determines buffering and scheduling at the routers - Routers needn’t maintain states for individual flows

Edge-Router Packet Marking r Class-based marking: packets classified based on packet header fields, packets of different classes marked differently r Intra-class marking: packet marking based on per-flow profile, conforming portion of flow marked differently than non-conforming one m Traffic profile: pre-negotiated rate A, bucket size B r Out-of-profile packets might be shaped (i.e. delayed) or dropped

Packet Marking r Packet is marked in the Type of Service (TOS) in IPv4, and Traffic Class in IPv6 r 6 bits used for Differentiated Service Code Point (DSCP) and determine PHB that the packet will receive r 2 bits are currently unused r DS field of the packets can be marked by end hosts or leaf router

Forwarding (PHB) r PHB is defined as “a description of externally observable forwarding behavior of a Diffserv node applied to a particular Diffserv behavior aggregate”. m A PHB can result in different classes of traffic receiving different performance. m A PHB does not specify what mechanisms to use to ensure required performance behaviors m Differences in performance must be observable and hence measurable r Examples: m Class A gets x% of outgoing link bandwidth over time intervals of a specified length m Class A packets leave first before packets from class B

Service Level Agreements r A customer must have a Service Level Agreement (SLA) with its ISP.  A SLA specifies the service classes supported and the amount of traffic allowed in each class. m Static SLA: negotiated on a regular basis (e.g. monthly and yearly) m Dynamic SLA: customers must use a signaling protocol (e.g. RSVP) to request for services on demand r The classification, policing and shaping rules at the ingress routers are derived from the SLAs. r The amount of buffering space needed for these operations is also derived from the SLAs. r When a packet enters one domain from another domain, its DS field may be re-marked, as determined by the SLA between the two domains.

Example Diffserv Services r Premium Service: for applications requiring low delay and low jitter service; r Assured Service: for applications requiring better reliability than Best Effort Service r Olympic Service: provide three tiers of services: Gold, Silver and Bronze, with decreasing quality.

An End-to-End Service Architecture r Provide assured service, premium service, and best effort service r Assured service: provide reliable service even in time of network congestion r The SLA specifies the amount of bandwidth allocated for the customers m Customers decide how their applications share the bandwidth m SLA usually static

Rfc 2638 r Implementation of assured service r classification and policing done at the ingress routers of the ISP networks.  the token bucket depth is set by the Profile's burst size  When a token is present, packet is considered as in profile and has its A-bit in the DS field set to one, otherwise the packet is considered as out of profile and has it’s a-bit set to 0. m If the traffic does not exceed the bit-rate specified by the SLA, they are. r All packets are put into an Assured Queue (AQ).  For Premium service, the token bucket depth must be limited to the equivalent of only one or two packets. For Premium- configured Marker, arriving packets that see a token present have their P-bits set and are forwarded, but when no token is present, Premium flow packets are held until a token arrives. r the queue is managed by a queue management scheme called RED with In and Out, or RIO.

r we designate the forwarding path objects that test flows against their usage profiles "Profile Meters". r Border routers will require Profile Meters at their input interfaces. The bilateral agreement between adjacent administrative domains must specify a peak rate on all P traffic and a rate and burst for A traffic (and possibly a start time and duration). A Profile Meter is required at the ingress of a trust region to ensure that differentiated service packet flows are in compliance with their agreed-upon rates. Non- compliant packets of Premium flows are discarded while non-compliant packets of Assured flows have their A-bits reset. For example, in figure 1, if the ISP has agreed to supply Company A with r bytes/sec of Premium service, P-bit marked packets that enter the ISP through the link from Company A will be dropped if they exceed r. If instead, the service in figure 1 was Assured service, the packets would simply be unmarked, forwarded as best effort. r The simplest border router input interface is a Profile Meter constructed from a token bucket configured with the contracted rate across that ingress link (see figure 5). Each type, Premium or Assured, and each interface must have its own profile meter corresponding to a particular class across a particular boundary.

 When an allocation is desired for a particular flow, a request is sent to the BB. Requests include a service type, a target rate, a maximum burst, and the time period when service is required. A BB verifies there exists unallocated bandwidth sufficient to meet the request. If a request passes these tests, the available bandwidth is reduced by the requested amount and the flow specification is recorded.

RED and RIO r RED (random early detection): discarding packets before buffer space is exhausted m Router maintains a running average of the queue length for each output link m When the average queue length of an output link exceeds a threshold, pick a packet at random from the queue and drop it  TCP flow control mechanisms at different end hosts will reduce send rates at different time. r RIO: two thresholds for each queue. m When the queue size L is below the first threshold, no packets are dropped  better resource utilization m When L is between the two thresholds, only out packets are randomly dropped. m When L exceeds the second threshold, both in and out packets are randomly dropped, but out packets are dropped more aggressively.

Premium Service r provide low-delay and low-jitter service for customers that generate fixed peak bit-rate traffic. r The SLA specifies a desired peak bit-rate for a specific flow or an aggregation of flows. m The customer is responsible for not exceeding the peak rate: excess traffic will be dropped. m The ISP guarantees that the contracted bandwidth will be available when traffic is sent. r Premium Service is suitable for Internet Telephony, Video Conferencing. r it is desirable for ISPs to support both static SLAs and dynamic SLAs. r Admission control is needed for dynamic SLAs.

Implementation of Premium Service r At the customer side, some entity will decide which application flow can use Premium Service. r The leaf routers directly connected to the senders will do MF classifications and shape the traffic. r After the shaping, the P-bits in the DS field of all packets are set for the flow that is allowed to use Premium Service.  Burst parameter is expected to be small, in the one or two packet range. First-hop routers (or other edge devices) set the Premium bit of those that match a Premium service specification, and perform traffic shaping on the flow that smooths all traffic bursts before they enter the network. r The exit routers of the customer domain may need to reshape the traffic to make sure that the traffic does not exceed the peak rate specified by the SLA. r The ingress routers at the provider will police the traffic (excess traffic is dropped) r All packets with the P-bit set enter a Premium Queue (PQ). r Packets in the PQ will be sent before packets in the AQ.

r by admission control, the amount of premium traffic can be limited to a small percentage, say 10%,of the bandwidth of input links. r excess packets are dropped at the ingress routers of the networks. Non- conformant flows cannot impact the performance of conformant flows. r premium packets are forwarded before packets of other classes, they can potentially use 100% of the bandwidth of the output links. r if premium traffic is distributed evenly among the links, these three factors should guarantee that the service rate of the PQ is much higher than the arrival rate. Therefore, arriving premium packets should find the PQ empty or very short most of the time. The delay or jitter experienced by premium packets should be very low. However, Premium Service provides no quantified guarantee on the delay or jitter bound.

r uneven distribution of premium traffic may cause a problem for Premium Service. aggregation ofpremium traffic in the core may invalidate the assumption that the arrival rate of premium traffic is r far below the service rate. Differentiated Traffic Engineering/ r Constraint Based Routing must be used to avoid such congestion caused by uneven traffic distribution.

r By limiting the total amount of bandwidth requested by Premium traffic, the network administrators can r guarantee that premium traffic will not starve the Assured and Best Effort traffic. Another scheme is to use r Weight Fair Queuing (WFQ) [22] between the PQ and the AQ.

Service Allocation in Customer Domains r Service allocation: decide how the host in a customer domain share the services specified by the SLA r bandwidth broker (BB) used to allocate resources in a customer domain r Before a host starts sending packets, it may decide the service class for the packets by itself or it may consult a BB for a service class. r The host may mark the packets by itself or may send the packets unmarked. m If the host sends the packets unmarked, the BB must use some protocols, (e.g., RSVP) to set the classification, marking and shaping rules at the leaf router directly connected to the sender so that the leaf router knows how to mark the sender’s packets. r If the SLA between a customer and its ISP is dynamic, the BB in the customer domain must also use a signaling protocol to request resources on demand from its ISP.

Resource Allocations in ISP Domains r Given the SLAs, ISP must decide how to configure the boundary routers so that they know how to handle the incoming traffic r For static SLAs, boundary routers can be manually configured with the classification, policing and shaping rules. Resources are therefore statically allocated for each customer. r For a dynamic SLA, the BB in the customer domain uses RSVP to request for resources from its ISP. At the ISP side, the admission control decisions can be made in a distributed manner by the boundary routers or by a Bandwidth Broker. If boundary r routers are directly involved in the signaling process, they are configured with the corresponding classification, r policing and shaping rules when they grant a request. If a BB is involved rather than the boundary r routers, then the BB must configure the boundary routers when it grants a request.

Examples of end-to-end service delivery

Intserv and Diffserv Retrospective r To provide end-to-end Intserv or Diffserv service, all the ISPs between the end systems must m Provide the service m Cooperate and make settlements r Complex and costly to m police and shape traffic m bill the service by volume r No perceived difference between a best-effort service and an Intsev/Diffserv service if the network has moderate load

WFQ  during any interval of length U, the number of bits in that interval is less than a + pu. In the (a, p ) model, a and p can be viewed as the maximum burst size and the long term bounding rate of the source respectively.

WFQ  If a connection satisfies the traffic constraint, and is  allocated the amount of buffer space as listed in the fifth  column, it can be guaranteed an end-to-end delay bound and  delay-jitter bound as listed in the third and fourth column,  respectively,  Ci is link speed of the ith switch on the path traversed by the connection,  rj is the guaranteed rate for the connection, and L,,, is the largest packet size.  n is the number of hops traversed by the connection,