BRKCRS-2501.Pdf

BRKCRS-2501

Campus QoS Design - Simplified

Roland Saville – Technical Leader Engineering Agenda • Campus QoS Design Considerations and Best Practices • Cisco Catalyst 2960-X / 3560-X / 3750-X QoS Design • Cisco Catalyst 9000 / 3850 / 3650 Series QoS Design • Cisco Catalyst 4500E QoS Design • Cisco Catalyst 6800 / 6500-E QoS Design • Meraki MS Series Switch QoS Design

• Campus WLAN QoS Design Considerations and Best Practices • Cisco AireOS WLC AVC / QoS Design • Meraki MR Series AP QoS Design

• What are we doing to make this simpler?

• Summary and References

Questions? Use Cisco Webex Teams (formerly Cisco Spark) to chat with the speaker after the session How 1 Find this session in the Cisco Events Mobile App 2 Click “Join the Discussion” 3 Install Webex Teams or go directly to the team space 4 Enter messages/questions in the team space cs.co/ciscolivebot#BRKCRS-2501

BRKRST-2056: The QoS Paradigm Shift https://cisco.box.com/s/8izevlg4k6gaggh3cmrc16lugm6sdr8y https://www.ciscolive.com/online/connect/sessionDetail.ww?SESSION_ID=83633&backBtn=true

https://cisco.app.box.com/v/QoS-AAGs

• The primary role of QoS in campus networks is to manage packet loss • In campus networks, it takes only a few milliseconds of congestion to cause drops • Rich media applications are extremely sensitive to packet drops • Queuing policies at every node can prevent packet loss for real-time apps

• The secondary role of QoS in campus networks is to condition traffic at the access edge, which can include any of the following: • Trust • Classify and Mark • Police

1080p60

1080 x 1920 lines =

2,073,600 pixels per frame

x 24 bits of color per pixel

x 60 frames per second

= 2,985,984,000 bps

or 3 Gbps Uncompressed! 1080 lines of Horizontal Resolution

Cisco (H264/H.265) codecs transmit 3-5 Mbps per 1080p60 video stream which represents over 99.8% compression (~ 1000:1) Packet loss is proportionally magnified by compression ratios. Users can notice a single packet lost in 10,000 — Making HD Video One Hundred Times More Sensitive to Packet Loss than VoIP!

Voice Packets Video Packets 1400 1400 Video Video Video Frame Frame Frame

1000 1000

Bytes

600 Audio 600 Samples

200 200

Time 20 msec 33 msec

BRKCRS-2501 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 10 Campus QoS Design Considerations How Long Can Queue-Buffers Accommodate Line-Rate Bursts? GE Linecard Example Begin dropping at 11 ms but overall utilization is only 1%!

140 Gbps Line Rate GE Linecard Example (WS-X6148) 120 ms 100 Total Per-Port Buffer: 5.4 MB 80 Per Per 60 Total Per-Queue Buffer*: 1.35 MB 40 20 Gbps Line Rate: 1 Gbps = 125 MB/s

0 or 125 KB/ms

KBytes

10 50 90

450 570 690 810 170 210 250 290 330 370 410 490 530 610 650 730 770 850 890 930 970 130 Total Per-Queue Buffering Capacity: 10.8 ms ms

*Assuming (4) equal-sized queues 1 second BRKCRS-2501 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 11 Campus QoS Design Considerations How Long Can Queue-Buffers Accommodate Line-Rate Bursts? 10-GE Linecard Example Begin dropping at 9 ms but overall utilization is still only 1%!

1400 10 Gbps Line Rate 1200 10 GE Linecard Example (WS-X6908) ms 1000 Total Per-Port Buffer: 90 MB 800

Per Per 600 Total Per-Queue Buffer*: 11.25 MB 400 200 Gbps Line Rate: 10 Gbps = 1.25 GB/s 0

KBytes or 1250 KB/ms

10 50 90

210 410 610 810 130 170 250 290 330 370 450 490 530 570 650 690 730 770 850 890 930 970 Total Per-Queue Buffering Capacity: 9.0 ms ms

x 11

• Catalyst and Nexus switch hardware

• Software and Syntax

• Global Default QoS Settings

• Trust States and Conditional Trust

• Logical vs. Physical Interface QoS

• Network Based Application Recognition (NBAR2)

• Domain Name System—Authoritative Source (DNS-AS)

• Ingress and Egress Queuing Models

Utility

Performance

BRKCRS-2501 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 18 Software and Syntax Variations • Catalyst 2960-X/3560-X/3750-X are the last platforms to use Multilayer Switch QoS (MLS QoS) • QoS is disabled by default and must be globally enabled with the mls qos command • Once enabled, all ports are set to an untrusted port-state

• Catalyst 9000, Catalyst 3650/3850, and Catalyst 4500E use IOS Modular QoS Command Line Interface (MQC) • QoS is enabled by default • All ports trust at layer 2 and layer 3 by default

• Catalyst 6500-E/6800 (Sup6T & Sup2T) use Cisco Common Classification Policy Language (C3PL) QoS • QoS is enabled by default • All ports trust at layer 2 and layer 3 by default • C3PL presents queuing policies similar to MQC, but as a defined “type” of policy

• Nexus 7000/7700 use NX-OS QoS • QoS is enabled by default • All ports trust at layer 2 and layer 3 by default • NX-OS presents queuing policies similar to MQC, but as a defined “type” and with default class-map names

Trust Boundaries Untrusted / User-Administered Devices no mls qos trust The trust boundary is the edge where • Layer 2 (CoS / UP) and/or • Layer 3 (DSCP) Trust Boundary QoS markings are accepted or rejected

Trusted Centrally-Administered Devices mls qos trust dscp

Trust Boundary

Centrally-Administered & Conditionally-Trusted Devices mls qos trust device • cisco-phone • cts • ip-camera • media-player

Trust Boundary Extension to Cisco Devices If a Cisco IP Phone is detected then the trust boundary extends to the IP Phone Access Switch CoS-to-DSCP Mapping Table CoS 7  DSCP CS7 (56) The IP Phone sets CoS for Voice and CoS 6  DSCP CS6 (48) Signaling and resets all else to 0 IP Phone CoS 5  DSCP EF (46)* CoS Mapping Table CoS 4  DSCP CS4 (32) The access switch maps CoS-to-DSCP CoS 6-7  CoS 0 CoS 3  DSCP CS3 (24) Voice  CoS 5 CoS 2  DSCP CS2 (16) Signaling  CoS 3 CoS 1  DSCP CS1 (8) CoS 0-4  CoS 0 CoS 0  DSCP DF (0) * Non-Default Mapping

Trust Boundary

• The Policy Enforcement Point (PEP) is the edge where classification and marking policies are enforced • The PEP may or may not be the same as the trust boundary • Multiple PEPs may exist for different types of network devices • e.g. switch PEP vs. router PEP

Note: For the sake of simplification, in this deck PEP will refer to

Trust Boundary classification and marking policy enforcement points (only) Switch Router and will not include other policy enforcement points (e.g. queuing). PEP PEP

Per-Port QoS Per-VLAN QoS Policy map is applied to the logical VLAN interface

VLAN Interfaces VLAN Interfaces Vlan10 Vlan20 Vlan10 Vlan20

Physical Ports Physical Ports

Policy map is applied to the interface gig 1/1-48 physical switch port mls qos vlan-based

interface gig 1/1-48 interface Vlan 10 service-policy input MARKING service-policy input MARKING

• Cisco Catalyst 6500 Sup32 Programmable Intelligent Services Accelerator (PISA)—Jan 2007

• Supported 90+ protocols

• Maximum Throughput: ~2 Gbps

BRKCRS-2501 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 24 NBAR2 in Hardware—Today • UADP-based platforms: • Catalyst 3650 • Catalyst 3850 • Catalyst 9000 Series (UADP 2.0 or 3.0)

• Supported 1400+ protocols 1400% increase

• Maximum Throughput (Catalyst 3850 / 3650): • ~500 connections per second at less than 50% CPU • Up to 5,000 bi-directional flows (24 access ports) • Up to 10,000 bi-directional flows (48 access ports) • Maximum Throughput (Catalyst 9000): • ~2000 connections per second at less than 50% CPU • Up to 10,000 bi-directional flows (24 access ports) • Up to 20,000 bi-directional flows (48 access ports)

• Light-weight application detection process

• A scalable means of identifying encrypted & cloud applications

• An efficient means to distribute application metadata

• No client software requirement

• Simplified end-to-end policy enforcement

TXT Record: DNS A-Record: 1) Client requests a DNS Lookup 172.16.0.7 mail.timco.com is 172.16.0.7 2) Access Switch examines the DNS request mail.timco.com App ID = 378 3) Internal DNS Server returns a DNS response (A- App Class: BULK-DATA Record) Business Relevance: YES DNS 4) Access Switch requests application metadata Server App Server information by generating its own DNS query Internal Network 5) Internal DNS Server returns application metadata (A-Record + TXT Record) 6) Access Switch maintains a Binding Table of application metadata IP Address PTR App-ID App-Class Business- Relevance 172.16.0.7 mail.timco.com 378 Bulk Data YES

Each queue has 1 Drop Threshold (the tail of the queue) 1 Priority Queue

3 Non-Priority Queues

1P3Q1T

InterruptResume Scheduling

Tail of Front of Queue Queue Direction of Packet Flow

Red Minimum WTD Threshold 1: Begin tail dropping red packets

Yellow Minimum WTD Threshold 2: Begin tail dropping yellow packets

Tail of Queue is WTD Threshold 3

Tail of Front of Queue Queue Direction of Packet Flow AF13 Minimum WRED Threshold: Begin randomly dropping AF13 Packets

AF12 Minimum WRED Threshold: Begin randomly dropping AF12 Packets

AF11 Minimum WRED Threshold: Begin randomly dropping AF11 Packets

Maximum WRED Thresholds for AF11, AF12 and AF13 are set to the tail of the queue in this example

Applied to the (Logical) Applied to (Physical) Port- Platform Port-Channel Interface* Member Interfaces Ingress Classification & Catalyst 2960-X Marking and Egress Queuing Catalyst Ingress Classification & 9000/3850/3650 Marking and Egress Queuing Ingress Classification & Catalyst 4500E Egress Queuing Marking Catalyst Ingress Classification & Ingress and Egress Queuing 6800/6500-E Marking Ingress Classification & Nexus Marking and Egress 7700/7000 Queuing *EtherChannels are comprised of logical (Port-Channel) interfaces and physical (port-member) interfaces

• Always perform QoS in hardware rather than software when a choice exists

• Classify and mark applications as close to their sources as technically and administratively feasible • Establish the QoS trust boundary at the access-edge of the network • Trust QoS within the distribution and core layers of the network

• Police unwanted traffic flows as close to their sources as possible

• Enable queuing policies at every node where the potential for congestion exists

BRKCRS-2501 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 33 Campus Port QoS Roles Untrusted Endpoint: • Port Set to Untrusted State (or Explicit Policy to Mark to DSCP 0) • [Optional Ingress Marking and/or Policing] • [Ingress and] Egress Queuing

Trusted Port • Trust DSCP Conditionally-Trusted Endpoint (Default on all non-MLS QoS platforms) • Conditional-Trust with Trust-CoS or DSCP • [Ingress and] Egress Queuing • [Optional Ingress Marking and/or Policing] • [Ingress and] Egress Queuing

https://cisco.app.box.com/v/QoS-AAGs

BRKCRS-2501 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 35 Agenda • Campus QoS Design Considerations and Best Practices • Cisco Catalyst 2960-X / 3560-X / 3750-X QoS Design • Cisco Catalyst 9000 / 3850 / 3650 Series QoS Design • Cisco Catalyst 4500E QoS Design • Cisco Catalyst 6800 / 6500-E QoS Design • Meraki MS Series Switch QoS Design

• Campus WLAN QoS Design Considerations and Best Practices • Cisco AireOS WLC AVC / QoS Design • Meraki MR Series AP QoS Design

• What are we doing to make this simpler?

• Summary and References

No Trust + Ingress Queuing + Catalyst 2960-X / Egress Queuing 3560-X / 3750-X Access Switch Trust DSCP + Ingress Queuing + Egress Queuing

Conditional Trust + Ingress Queuing + Egress Queuing

Classification/Marking + [Optional Policing] + Distribution Ingress Queuing + Switches Egress Queuing

BRKCRS-2501 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 38 Catalyst 2960-X / 3560-X / 3750-X QoS Design Steps Note: Catalyst 2960-X QoS is compatible with 1. Enable QoS the Catalyst 3560-X & 3750-X, with the following exceptions: 2. Configure Ingress QoS Model(s): • The Catalyst 3560-X & 3750-X support ingress queuing policies, but the 2960-X  Trust Models does not.  Conditional Trust Model • Similarly, the Catalyst 3560-X & 3750-X  Service Policy Models support VLAN-based QoS policies, but the 2960-X does not. 3. Configure Egress Queuing Note: Catalyst 2960-X must be running a 4. Configure Ingress Queuing (Catalyst LAN Base image (not IP Lite) to support the following QoS features 3560-X & 3750-X) • Policy maps • Policing & marking • Mapping tables • Weighted Tail Drop (WTD)

BRKCRS-2501 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 39 Catalyst 2960-X / 3560-X / 3750-X Enabling QoS and Trust Models Enabling QoS: mls qos Grey shaded commands are global

Trust-CoS Model Example: mls qos map cos-dscp 0 8 16 24 32 46 48 56 Key commands/parameters are in RED mls qos trust cos Yellow shaded commands are interface specific Trust-DSCP Model Example: mls qos trust dscp Note: CoS 5 which is explicitly mapped to DSCP 46 Conditional-Trust Model Example: mls qos trust device cisco-phone [or] mls qos trust device cts [or] Note: Only one type of device may be configured at a time mls qos trust device ip-camera [or] mls qos trust device media-player

Conditional Trust Policy to a Cisco IP Phone:mls qos mls qos map cos-dscp 0 8 16 24 32 46 48 56 mls qos trust device cisco-phone mls qos trust cos Note: All CoS-to-DSCP values are left at default (DSCP = CoS * 8) CoS must be matched as Cisco Except for CoS 5 which is explicitly mapped to DSCP IP Phones only 46 (Expedite Forwarding/EF, per RFC 3246 & 4594). remark at Layer 2

Trust Boundary

BRKCRS-2501 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 41 The policy-map definition specifies an ordered list of Catalyst 2960-X / 3560-X / 3750-X classes, each with an action, with a default class Marking Policy Model Example – Policy-Map & Class-Maps at the bottom class-map match-all VOIP match access-group name VOIP policy-map MARKING-POLICY class-map match-all MULTIMEDIA-CONFERENCING class VOIP match access-group name MULTIMEDIA-CONFERENCING set dscp ef class-map match-all SIGNALING class MULTIMEDIA-CONFERENCING match access-group name SIGNALING set dscp af41 class-map match-all TRANSACTIONAL-DATA class SIGNALING match access-group name TRANSACTIONAL-DATA set dscp cs3 class-map match-all BULK-DATA class TRANSACTIONAL-DATA match access-group name BULK-DATA ‘match access- set dscp af21 class-map match-all SCAVENGER group’ matches class BULK-DATA The service-policy is match access-group name SCAVENGER on an access- set dscp af11 applied inbound list definition class SCAVENGER (ingress classification & marking policy) and The class-map definitions specify the set dscp cs1 Switch PEP references a policy- classes. ‘match-all’ matches all (logical class class-default map definition AND) match statements under a class. set dscp default ‘match-any’ matches any (logical OR) match statements under a class. service-policy input MARKING-POLICY Trust Boundary

ip access-list extended SIGNALING remark sccp The access-list definition can be an permit tcp any any eq 2000 standard or extended access-list permit tcp any any eq 2001 permit tcp any any eq 2002 Permit statements allow remark rtsp traffic to be matched. permit tcp any any eq 554 Statements can specify permit tcp any any eq 8554 source and destination IP remark sip addresses and ports. permit tcp any any eq 5060 permit udp any any eq 5060 remark sip-tls permit tcp any any eq 5061 Comments can be added to permit udp any any eq 5061 the ACL definition to help identify the application

BRKCRS-2501 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 43 Note: Remarking is performed by configuring a policed-DSCP map with the global configuration Catalyst 2960-X command mls qos map policed-dscp, which specifies which DSCP values are subject to remarking if out-of- Marking & Policing Policy Example profile and what value these should be remarked as. mls qos map policed-dscp 0 10 18 to 8 In this example exceeding: • Best Effort (DSCP 0) [class-maps omitted for brevity] • Bulk (AF11 / DSCP 10) policy-map MARKING&POLICING • Transactional Data (AF21 / DSCP 18) are remarked to Scavenger (CS1 / DSCP 8). class VVLAN-VOIP set dscp ef [continued] police 128k 8000 exceed-action drop class BULK-DATA class VVLAN-SIGNALING set dscp af11 set dscp cs3 police 10m 8000 exceed-action policed-dscp-transmit police 32k 8000 exceed-action drop class SCAVENGER class MULTIMEDIA-CONFERENCING set dscp cs1 set dscp af41 police 10m 8000 exceed-action drop police 5m 8000 exceed-action drop class DEFAULT class SIGNALING set dscp default set dscp cs3 police 10m 8000 exceed-action policed-dscp-transmit police 32k 8000 exceed-action drop class TRANSACTIONAL-DATA service-policy input MARKING&POLICING set dscp af21 police 10m 8000 exceed-action policed-dscp-transmit …

BRKCRS-2501 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 44 Catalyst 2960-X / 3560-X / 3750-X 1P3Q3T Egress Queuing Model Application DSCP 1P3Q3T AF1 Network Control (CS7) Queue 4 Q4T2 CS1 (5%) Q4T1 Internetwork Control CS6

VoIP EF Default Queue DF Broadcast Video CS5 Queue 3 (35%)

Multimedia Conferencing AF4 CS7 Q2T3

Realtime Interactive CS4 CS6

Multimedia Streaming AF3 CS3 Q2T2 Queue 2 Signaling CS3 AF4 (30%) Q2T1 Transactional Data AF2 AF3

Network Management CS2 AF2 CS2 Bulk Data AF1 EF Scavenger CS1 Queue 1 CS5 Priority Queue Best Effort DF CS4

BRKCRS-2501 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 45 Note: The Catalyst 2960-X can also be configured to use an 8-queue model; however Catalyst 2960-X / 3560-X / 3750-X this model is NOT supported in a stack, nor is it supported 1P3Q3T Egress Queuing Model Config—Part 1 of 2 if AutoQoS is enabled.

! This section configures egress buffers and thresholds mls qos queue-set output 1 buffers 15 30 35 20 Allocates buffers to Q1, Q2, Q3 and Q4 mls qos queue-set output 1 threshold 1 100 100 100 100 (respectively) mls qos queue-set output 1 threshold 2 80 90 100 400 mls qos queue-set output 1 threshold 3 100 100 100 3200 mls qos queue-set output 1 threshold 4 60 80 100 400 Each queue has 4 thresholds: • WTD Threshold 1 • WTD Threshold 2 • Reserved Threshold—buffers that may NOT be shared with adjacent port-queues ! This section configures egress CoS-to-Queue mappings • Maximum Threshold—maximum amount of buffers may be borrowed from common mls qos srr-queue output cos-map queue 1 threshold 3 4 5 buffer pools (if available) mls qos srr-queue output cos-map queue 2 threshold 1 2 mls qos srr-queue output cos-map queue 2 threshold 2 3 mls qos srr-queue output cos-map queue 2 threshold 3 6 7 mls qos srr-queue output cos-map queue 3 threshold 3 0 If the packet enters the switch on a port that is set to trust cos then these CoS-to-Queue mls qos srr-queue output cos-map queue 4 threshold 3 1 mappings will be used to determine how the packet is queued on egress

1P3Q3T Egress Queuing Model Config—Part 2 of 2 If the packet enters the switch on a port that is set to trust dscp then these ! This section configures egress DSCP-to-Queue mappings DSCP-to-Queue mappings will be used mls qos srr-queue output dscp-map queue 1 threshold 3 32 40 46 to determine how the packet is queued on egress mls qos srr-queue output dscp-map queue 2 threshold 1 16 18 20 22 mls qos srr-queue output dscp-map queue 2 threshold 1 26 28 30 34 36 38 mls qos srr-queue output dscp-map queue 2 threshold 2 24 mls qos srr-queue output dscp-map queue 2 threshold 3 48 56 mls qos srr-queue output dscp-map queue 3 threshold 3 0 mls qos srr-queue output dscp-map queue 4 threshold 1 8 mls qos srr-queue output dscp-map queue 4 threshold 2 10 12 14

! This section configures interface egress queuing parameters queue-set 1 srr-queue bandwidth share 1 30 35 5 priority-queue out

Enables the PQ Allocates bandwidth to each queue by means of a WRR weight. Q1 weight is ignored, as it’s operating as a PQ

BRKCRS-2501 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 47 Catalyst 3560-X / 3750-X 1P1Q3T Ingress Queuing Model 1P1Q3T Application DSCP EF Network Control (CS7) Queue 2 CS5 Priority Queue Internetwork Control CS6 CS4 (30%) VoIP EF CS7 Q1T3 Broadcast Video CS5 CS6

Multimedia Conferencing AF4 CS3 Q1T2

Realtime Interactive CS4 AF4 Q1T1 Multimedia Streaming AF3 AF3

Signaling CS3 Queue 1 Non-Priority Queue Transactional Data AF2 AF2 (70%)

Network Management CS2 CS2

Bulk Data AF1 AF1

Scavenger CS1 CS1

Best Effort DF DF

BRKCRS-2501 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 48 Q2 is enabled as a priority ingress Catalyst 3560-X and 3750-X queue with 30% BW allocation 1P1Q3T Ingress Queuing Model Config—Part 1 of 2

Assigns BW to Q1 and Q2 ! This section configures the ingress queues and thresholds respectively after servicing the PQ (Q2). Remaining mls qos srr-queue input priority-queue 2 bandwidth 30 70% of BW is allocated mls qos srr-queue input bandwidth 70 30 amongst Q1 & Q2 in a ratio mls qos srr-queue input buffers 90 10 of 70% and 30% mls qos srr-queue input threshold 1 80 90 respectively.

Assigns the two lower drop thresholds for the non- Allocates buffers to Q1 PQ. The third drop threshold is automatically set at and Q2 (respectively) 100% of the queue depth. Non-assigned thresholds automatically set for 100% of the queue-depth.

! This section configures the ingress CoS-to-Queue mappings mls qos srr-queue input cos-map queue 1 threshold 1 0 1 2 If the packet enters the switch on a port that is set to trust cos then mls qos srr-queue input cos-map queue 1 threshold 2 3 these CoS-to-Queue mappings will mls qos srr-queue input cos-map queue 1 threshold 3 6 7 be used to determine how the mls qos srr-queue input cos-map queue 2 threshold 1 4 5 packet is queued on ingress

BRKCRS-2501 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 49 Catalyst 3560-X and 3750-X 1P1Q3T Ingress Queuing Model Config—Part 2 of 2 If the packet enters the switch on a port that is set to trust dscp then these DSCP-to-Queue mappings will be used to determine how the packet is queued on egress

! This section configures ingress DSCP-to-Queue Mappings mls qos srr-queue input dscp-map queue 1 threshold 1 0 8 10 12 14 mls qos srr-queue input dscp-map queue 1 threshold 1 16 18 20 22 mls qos srr-queue input dscp-map queue 1 threshold 1 26 28 30 34 36 38 mls qos srr-queue input dscp-map queue 1 threshold 2 24 mls qos srr-queue input dscp-map queue 1 threshold 3 48 56 mls qos srr-queue input dscp-map queue 2 threshold 3 32 40 46

All QoS policies are configured on the physical port-member interfaces only

Applied to the (Logical) Applied to (Physical) Port- Platform Port-Channel Interface Member Interfaces Catalyst 2960-X Classification & Marking / 3560-X / (Ingress) and Queuing (Egress 3750-X and/or Ingress)

https://cisco.app.box.com/v/QoS-AAGs

BRKCRS-2501 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 53 Agenda • Campus QoS Design Considerations and Best Practices • Cisco Catalyst 2960-X / 3560-X / 3750-X QoS Design • Cisco Catalyst 9000 / 3850 / 3650 Series QoS Design • Cisco Catalyst 4500E QoS Design • Cisco Catalyst 6800 / 6500-E QoS Design • Meraki MS Series Switch QoS Design

• Campus WLAN QoS Design Considerations and Best Practices • Cisco AireOS WLC AVC / QoS Design • Meraki MR Series AP QoS Design

• What are we doing to make this simpler?

• Summary and References

BRKCRS-2501 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 54 Cisco Catalyst 9000 / 3850 / 3650 QoS Design Catalyst 9200 / 9300 / 9400 / 3850 / 3650 Series QoS Roles in the Campus Access

No Trust + Catalyst 9200 / Egress Queuing 9300 / 9400 / 3850 / 3650 Trust DSCP + Series Access Egress Queuing Switch Conditional Trust + Egress Queuing

Classification/Marking + [Optional Policing] + Egress Queuing

Distribution Switches

Cisco Catalyst 9500 Campus Core Switches Trust DSCP + Egress Queuing

Cisco Catalyst 9500 / 9400 Campus Distribution Switches

BRKCRS-2501 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 57 Catalyst 9000 / 3850 / 3650 Series QoS Design Steps 1. Configure Ingress QoS Model(s):  Trust DSCP / CoS Model (Default)  Conditional Trust Models  Service Policy Models 2. Configure Egress Queuing  Wired Queuing Models: 2P6Q3T

BRKCRS-2501 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 58 As of IOS XE 16.5.1 and higher match-all is also supported on Catalyst 3850 and 3650 Series Catalyst 9000 / 3850 / 3650 Series switches. Both match-any and Conditional Trust Models match-all are supported on Catalyst 9000 Series switches. Conditional-Trust Models: interface GigabitEthernet 1/0/1 Conditional-Trust (Cisco IP Phone) Example: trust device cisco-phone [or] class-map match-any VOICE CoS must be trust device cts [or] CoS must be match cos 5 matched as trust device ip-camera [or] matched as Cisco class-map match-any SIGNALING Cisco IP Phones trust device media-player IP Phones only match cos 3 only remark at remark at Layer 2 Layer 2 policy-map CISCO-IPPHONE Only one type of device can be class VOICE configured for conditional trust set dscp ef on an interface at a given time class SIGNALING set dscp cs3 Switch PEP class class-default set dscp default interface GigabitEthernet 1/0/1 trust device cisco-phone service-policy input CISCO-IPPHONE Trust Boundary © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 59 Catalyst 9000 / 3850 / 3650 Series Classification Options • ACL-based classification: match access-group ACL_NAME • Syntax is identical to Catalyst 2960-X / 3560-X / 3750-X ACL-based classification & marking examples

• NBAR2 classification: match protocol • Catalyst 3850 / 3650 IOS XE 16.3.1 and higher • Catalyst 9300 / 9500 IOS XE 16.5.1 and higher • Catalyst 9400 IOS XE 16.9.1 and higher

• NBAR2 classification: match protocol attribute business-relevance and match protocol attribute traffic-class • Catalyst 9300 / 9500 / 3850 / 3650 Series running IOS XE 16.8.1 and higher • Catalyst 9400 Series running IOS XE 16.9.1 or higher

BRKCRS-2501 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 60 Catalyst 9000 / 3850 / 3650 Series Configuring NBAR2 QoS Policies match protocol enables NBAR2 classification Note: Up to 16 match protocol statements are supported per class-map and up to 255 class-map match-any VOICE match protocol statements in all policies. match protocol cisco-phone policy-map NBAR-MARKING match protocol cisco-jabber-audio class VOICE match protocol ms-lync-audio set dscp ef match protocol citrix-audio Requires IOS class BROADCAST-VIDEO class-map match-any BROADCAST-VIDEO XE 16.3.1 and set dscp cs5 match protocol cisco-ip-camera class REAL-TIME-INTERACTIVE class-map match-any REAL-TIME-INTERACTIVE higher on set dscp cs4 match protocol telepresence-media Catalyst class CALL-SIGNALING class-map match-any CALL-SIGNALING 3850/3650 for set dscp cs3 match protocol skinny Wired Ports class TRANSACTIONAL-DATA match protocol telepresence-control set dscp af21 class-map match-any TRANSACTIONAL-DATA class BULK-DATA match protocol citrix set dscp af11 match protocol sap NBAR2 based match class SCAVENGER … protocol is allowed only set dscp cs1 with marking or policing class class-default actions - not queuing. set dscp default

BRKCRS-2501 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 61 Holy Grail QoS Config: NBAR2 1400+ App / 12-Class Model class-map match-all VOICE match protocol attribute traffic-class voip-telephony match protocol attribute business-relevance business-relevant class-map match-all BROADCAST-VIDEO policy-map MARKING match protocol attribute traffic-class broadcast-video class VOICE match protocol attribute business-relevance business-relevant set dscp ef class-map match-all REAL-TIME-INTERACTIVE class BROADCAST-VIDEO match protocol attribute traffic-class real-time-interactive set dscp cs5 match protocol attribute business-relevance business-relevant class REAL-TIME-INTERACTIVE class-map match-all MULTIMEDIA-CONFERENCING set dscp cs4 match protocol attribute traffic-class multimedia-conferencing class MULTIMEDIA-CONFERENCING match protocol attribute business-relevance business-relevant set dscp af41 class-map match-all MULTIMEDIA-STREAMING class MULTIMEDIA-STREAMING match protocol attribute traffic-class multimedia-streaming set dscp af31 match protocol attribute business-relevance business-relevant class SIGNALING class-map match-all SIGNALING set dscp cs3 match protocol attribute traffic-class signaling class NETWORK-CONTROL match protocol attribute business-relevance business-relevant set dscp cs6 class-map match-all NETWORK-CONTROL class NETWORK-MANAGEMENT match protocol attribute traffic-class network-control set dscp cs2 match protocol attribute business-relevance business-relevant class TRANSACTIONAL-DATA class-map match-all NETWORK-MANAGEMENT set dscp af21 match protocol attribute traffic-class ops-admin-mgmt class BULK-DATA match protocol attribute business-relevance business-relevant set dscp af11 class-map match-all TRANSACTIONAL-DATA class SCAVENGER match protocol attribute traffic-class transactional-data set dscp cs1 match protocol attribute business-relevance business-relevant class class-default class-map match-all BULK-DATA set dscp default match protocol attribute traffic-class bulk-data Provisioned within Cisco DNA Center 1.2.8 Application match protocol attribute business-relevance business-relevant Policy on Catalyst 9300 / 9400 / 9500 series switches class-map match-all SCAVENGER access-layer switches with IOS XE 16.10.1 and higher match protocol attribute business-relevance business-irrelevant

BRKCRS-2501 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 62 All markdown and/or Catalyst 9000 / 3850 / 3650 mapping operations are configured Marking & Policing Policy Example Policers can may be through table-maps set to either remark or policy-map MARKING&POLICING class VVLAN-VOIP drop excess traffic set dscp ef table-map TABLE-MAP police 128K conform-action transmit exceed-action drop map from 0 to 8 class VVLAN-SIGNALING set dscp cs3 map from 10 to 8 police 32K conform-action transmit exceed-action drop map from 18 to 8 class MULTIMEDIA-CONFERENCING set dscp af41 Policing to remark traffic police 5M conform-action transmit exceed-action drop is done by referencing class SIGNALING the previously- set dscp cs3[continued] configured table-map police 32K conformclass TRANSACTIONAL-action transmit-DATA exceed-action drop … set dscp af21 police 10M conform-action transmit exceed-action set-dscp-transmit dscp table TABLE-MAP class BULK-DATA set dscp af11 police 100K conform-action transmit exceed-action set-dscp-transmit dscp table TABLE-MAP class SCAVENGER set dscp cs1 police 10M conform-action transmit exceed-action drop class class-default set dscp default police 10M conform-action transmit exceed-action set-dscp-transmit dscp table TABLE-MAP

Interrupt SchedulingInterrupt Scheduling

2P6Q3T Application DSCP BWR = Bandwidth Remaining Network Control (CS7) EF PQ Level 1 (10%) WTD = Weighted Tail Internetwork Control CS6 CS5 PQ Level 2 (20%) Drop CS4 VoIP EF CS7 & CS6 Q6 Broadcast Video CS5 Catalyst 9000 Series (BWR 10%) CS3 & CS2 Only Multimedia Conferencing AF4 AF4 Q5 Realtime Interactive CS4 WRED = Weighted (BWR 15% + DSCP-Based WTD or WRED) Random Early Detect Multimedia Streaming AF3 AF3 Q4 Signaling CS3 (BWR 15% + DSCP-Based WTD or WRED)

Transactional Data AF2 AF2 Q3 (BWR 15% + DSCP-Based WTD or WRED) Network Management CS2

Bulk Data AF1 AF1 CS1 Q2 Scavenger CS1 (BWR 10% + DSCP-Based WTD or WRED)

Best Effort DF DF Q1 (BWR 35% + DSCP-Based WRED)

BRKCRS-2501 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 65 Catalyst 9000 / 3850 / 3650 2P6Q3T with WTD or WRED: Wired Port Egress Queuing Class Maps class-map match-any VOICE-PQ1 match dscp ef class-map match-any VIDEO-PQ2 match dscp cs4 [continued] match dscp cs5 class-map match-any MULTIMEDIA-STREAMING-QUEUE class-map match-any CONTROL-MGMT-QUEUE match dscp af31 match dscp cs7 match dscp af32 match dscp cs6 match dscp af33 match dscp cs3 class-map match-any TRANSACTIONAL-DATA-QUEUE match dscp cs2 match dscp af21 class-map match-any MULTIMEDIA-CONFERENCING-QUEUE match dscp af22 match dscp af41 match dscp af23 match dscp af42 class-map match-any SCAVENGER-BULK-DATA-QUEUE match dscp af43 match dscp af11 … match dscp af12 match dscp af13 match dscp cs1

BRKCRS-2501 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 66 If a PQ is enabled Catalyst 9000 / 3850 / 3650 then non-PQs must use bandwidth 2P6Q3T with WTD: Wired Port Egress Queuing – Policy Map remaining policy-map 2P6Q3T Two-levels of [continued] class VOICE-PQ1 priority queuing class MULTIMEDIA-STREAMING-QUEUE priority level 1 are supported bandwidth remaining percent 15 Allocates buffers police rate percent 10 queue-buffers ratio 10 to queues class VIDEO-PQ2 queue-limit dscp af33 percent 80 priority level 2 queue-limit dscp af32 percent 90 police rate percent 20 class TRANSACTIONAL-DATA-QUEUE class CONTROL-MGMT-QUEUE bandwidth remaining percent 15 Enables DSCP- bandwidth remaining percent 10 queue-buffers ratio 10 based WTD and queue-buffers ratio 10 queue-limit dscp af23 percent 80 tunes tail-drop class MULTIMEDIA-CONFERENCING-QUEUE queue-limit dscp af22 percent 90 percentages to bandwidth remaining percent 15 class SCAVENGER-BULK-DATA-QUEUE align to AF PHBs queue-buffers ratio 10 bandwidth remaining percent 10 queue-limit dscp af43 percent 80 queue-buffers ratio 10 queue-limit dscp af42 percent 90 queue-limit dscp values af13 cs1 percent 80 … queue-limit dscp values af12 percent 90 class class-default interface GigabitEthernet 1/0/2 bandwidth remaining percent 35 service-policy output 2P6Q3T queue-buffers ratio 25

BRKCRS-2501 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 67 Catalyst 9000 (ONLY) 2P6Q3T with DSCP-Based WRED: Wired Port Egress Queuing – Policy Map class TRANSACTIONAL-DATA-QUEUE policy-map 2P6Q3T-WRED Enables DSCP-based class VOICE-PQ1 bandwidth remaining percent 15 priority level 1 queue-buffers ratio 10 WRED for the queue police rate percent 10 random-detect dscp-based class VIDEO-PQ2 random-detect dscp 18 percent 80 100 priority level 2 random-detect dscp 20 percent 70 100 police rate percent 20 random-detect dscp 22 percent 60 100 class CONTROL-MGMT-QUEUE class SCAVENGER-BULK-DATA-QUEUE Tunes min and max bandwidth remaining percent 10 bandwidth remaining percent 10 values of the three queue-buffers ratio 10 queue-buffers ratio 10 drop thresholds to random-detect dscp-based class MULTIMEDIA-CONFERENCING-QUEUE align to AF PHBs bandwidth remaining percent 15 random-detect dscp 8 percent 60 100 queue-buffers ratio 15 random-detect dscp 10 percent 80 100 queue-limit dscp af43 percent 80 random-detect dscp 12 percent 70 100 queue-limit dscp af42 percent 90 random-detect dscp 14 percent 60 100 Up to four class MULTIMEDIA-STREAMING-QUEUE class class-default queues can be bandwidth remaining percent 15 bandwidth remaining percent 35 queue-buffers ratio 25 configured for queue-buffers ratio 10 WRED queue-limit dscp af33 percent 80 random-detect dscp-based queue-limit dscp af32 percent 90 random-detect dscp 0 percent 80 100 … interface GigabitEthernet 1/0/3 service-policy output 2P6Q3T-WRED

BRKCRS-2501 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 68 Catalyst 9000 / 3850 / 3650 Hierarchical QoS Policies—Queuing within Shaped Rate Example policy-map 50MBPS-SHAPER class class-default Defines the sub-line rate (CIR) shape average 50000000 service-policy 2P6Q3T Provides back-pressure to the system to interface GigabitEthernet 1/0/1 engage the (previously-defined) queuing service-policy output 50MBPS-SHAPER policy, so that packets are properly prioritized within the sub-line rate

Only the Hierarchical Shaping policy is attached to the interface(s)

• Catalyst 3850 / 3650 Series supports two egress policies • All built-in front panel ports need to share the same egress queueing policy Egress Egress Egress Egress Egress Egress Policy Policy Policy Policy Policy Policy • All ports on network modules need to share the same egress queueing policy

• Catalyst 9000 Series supports per port egress policy which adds a lot flexibility

Egress Egress Egress Egress Egress Egress Policy Policy Policy Policy Policy Policy

All QoS policies are configured on the physical port-member interfaces only

Applied to the (Logical) Applied to (Physical) Port- Platform Port-Channel Interface Member Interfaces Catalyst 9000 / Classification & Marking 3850 / 3650 (Ingress) and Queuing (Egress)

https://cisco.app.box.com/v/QoS-AAGs

BRKCRS-2501 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 74 Agenda • Campus QoS Design Considerations and Best Practices • Cisco Catalyst 2960-X / 3560-X / 3750-X QoS Design • Cisco Catalyst 9000 / 3850 / 3650 Series QoS Design • Cisco Catalyst 4500E QoS Design • Cisco Catalyst 6800 / 6500-E QoS Design • Meraki MS Series Switch QoS Design

• Campus WLAN QoS Design Considerations and Best Practices • Cisco AireOS WLC AVC / QoS Design • Meraki MR Series AP QoS Design

• What are we doing to make this simpler?

• Summary and References

BRKCRS-2501 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 75 Cisco Catalyst 4500E QoS Design The primary role of the Catalyst 4500E Catalyst 4500E Series switch QoS Roles in the Campus Distribution or Access is as a distribution-layer switch. However, it is also sometimes deployed as an Catalyst 4500E access-layer switch. Access Switch

No Trust + Egress Queuing

Trust DSCP + Egress Queuing

Conditional Trust + Egress Queuing

Classification/Marking + [Optional Policing] + Egress Queuing

Catalyst 4500E Distribution Switches

1. Configure Ingress QoS Model(s):  Trust DSCP / CoS Model (Default)*  Conditional Trust Model  Service Policy Models 2. Configure Egress Queuing

* Note: Catalyst 4500E uses MQC QoS, which trusts by default. Therefore no explicit policy is required for DSCP trust.

Conditional Trust Example class-map match-all VOICE match cos 5 Catalyst 4500E supports both class-map match-all SIGNALING match-all (logical AND) and match cos 3 match-any (logical OR) operators ! policy-map CISCO-IPPHONE class VOICE Conditional trust command set dscp ef (trust device) must be prefaced class SIGNALING by qos on the Catalyst 4500E set dscp cs3 class class-default set dscp default Switch PEP interface GigabitEthernet 3/1 qos trust device cisco-phone service-policy input CISCO-IPPHONE

Trust Boundary

BRKCRS-2501 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 79 Catalyst 4500E Classification Options • ACL-based classification: match access-group ACL_NAME • Syntax is identical to Catalyst 2960-X / 3560-X / 3750-X ACL-based classification & marking examples

• Application Visibility and Control with Domain Name System-Authoritative Source (AVC with DNS-AS) classification (IOS 15.2(5)E / IOS XE 3.9.0E and Higher) match protocol attribute • Supervisor Engines 9-E, 8-E, 8L-E, 7-E, 7L-E with IP Base and IP Services • Note: The Catalyst 4500E does NOT support NBAR2

! avc dns-as client enable Enables DNS-AS ! IOS 15.2(5)E avc dns-as client trusted-domains domain ^.*f1.*$ Identifies domains from which IOS XE 3.9.0E domain ^.*cisco.*$ metadata may be received and and Higher domain *.toocoolforyou.net trusted for policy-purposes domain *.sontowski.de domain *.pension-solutions.de domain *.bav-spezialist.de Configures basic domain *.sontowski-immobilien.de domain *.pegasus-cp.de DNS lookup-info domain *.via-vorsorge.de domain *.blackberry.net domain *.eu.blackberry.net ip domain round-robin domain *.evorsorge.de ip domain-list toocoolforyou.net domain *.dns-as.org ip domain-lookup source-interface Loopback0 domain *.nbar2web.org ip domain-name toocoolforyou.net domain *.f1-consult.com ip name-server 192.168.167.244 domain *.f1-consult.de ip name-server 192.168.168.244 domain *.f1-online.net domain *.f1v4.net domain *.f1v6.net

BRKCRS-2501 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 81 Catalyst 4500E AVC with DNS-AS Classification & Marking Example class-map match-all VOICE match protocol attribute traffic-class voip-telephony IOS 15.2(5)E match protocol attribute business-relevance business-relevant class-map match-all BROADCAST-VIDEO policy-map MARKING IOS XE 3.9.0E match protocol attribute traffic-class broadcast-video class VOICE and Higher match protocol attribute business-relevance business-relevant set dscp ef class-map match-all REAL-TIME-INTERACTIVE class BROADCAST-VIDEO match protocol attribute traffic-class real-time-interactive set dscp cs5 match protocol attribute business-relevance business-relevant class REAL-TIME-INTERACTIVE class-map match-all MULTIMEDIA-CONFERENCING set dscp cs4 match protocol attribute traffic-class multimedia-conferencing class MULTIMEDIA-CONFERENCING match protocol attribute business-relevance business-relevant set dscp af41 class-map match-all MULTIMEDIA-STREAMING class MULTIMEDIA-STREAMING match protocol attribute traffic-class multimedia-streaming set dscp af31 match protocol attribute business-relevance business-relevant class SIGNALING class-map match-all SIGNALING set dscp cs3 match protocol attribute traffic-class signaling class NETWORK-CONTROL match protocol attribute business-relevance business-relevant set dscp cs6 class-map match-all NETWORK-CONTROL class NETWORK-MANAGEMENT match protocol attribute traffic-class network-control set dscp cs2 match protocol attribute business-relevance business-relevant class TRANSACTIONAL-DATA class-map match-all NETWORK-MANAGEMENT set dscp af21 match protocol attribute traffic-class ops-admin-mgmt class BULK-DATA match protocol attribute business-relevance business-relevant set dscp af11 class-map match-all TRANSACTIONAL-DATA class SCAVENGER match protocol attribute traffic-class transactional-data set dscp cs1 match protocol attribute business-relevance business-relevant class class-default class-map match-all BULK-DATA set dscp default match protocol attribute traffic-class bulk-data match protocol attribute business-relevance business-relevant Same ‘Holy Grail’ classification policy class-map match-all SCAVENGER match protocol attribute business-relevance business-irrelevant as on other router/switch platforms

BRKCRS-2501 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 82 Catalyst 4500E Marking & Policing Policy Example policy-map MARKING&POLICING class BULK-DATA class VOIP police 10m bc 8000 police 128k bc 8000 conform-action set-dscp-transmit af11 conform-action set-dscp-transmit ef exceed-action set-dscp-transmit af12 exceed-action drop class SCAVENGER class SIGNALING police 10m bc 8000 police 32k bc 8000 conform-action set-dscp-transmit cs1 conform-action set-dscp-transmit cs3 exceed-action drop exceed-action drop class class-default class MULTIMEDIA-CONFERENCING police 10m bc 8000 police 5m bc 8000 conform-action set-dscp-transmit default conform-action set-dscp-transmit af41 exceed-action set-dscp-transmit cs1 exceed-action set-dscp-transmit af42 class TRANSACTIONAL-DATA interface GigabitEthernet 3/1 police 10m bc 8000 service-policy input MARKING&POLICING conform-action set-dscp-transmit af21 exceed-action set-dscp-transmit af22 Marking / remarking is configured as part of the policing action (i.e. no table-map or markdown-map is referenced)

Application DSCP 1P7Q1T (+DBL) BWR = Bandwidth Network Control (CS7) EF Remaining Internetwork Control CS6 CS5 PQ CS4 VoIP EF CS7 & CS6 Broadcast Video CS5 Q7 CS3 & CS2 (BWR 10%) Multimedia Conferencing AF4 Q6 AF4 Realtime Interactive CS4 (BWR 15%)

Multimedia Streaming AF3 AF3 Q5 (BWR 15%) Signaling CS3 Q4 AF2 Transactional Data AF2 (BWR 15%) Network Management CS2 Q3 AF1 Bulk Data AF1 (BWR 6%)

Scavenger CS1 CS1 Q2 (BWR 1%)

Best Effort DF DF Q1 (38%)

BRKCRS-2501 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 84 If PQ is enabled then Catalyst 4500E bandwidth remaining must be used 1P7Q1T+DBL Egress Queuing Config policy-map 1P7Q1T class PRIORITY-QUEUE class-map match-all PRIORITY-QUEUE Enables the PQ match dscp cs4 cs5 ef priority class-map match-all CONTROL-MGMT-QUEUE class CONTROL-MGMT-QUEUE match dscp cs7 cs6 cs3 cs2 bandwidth remaining percent 10 class-map match-all MULTIMEDIA-CONFERENCING-QUEUE class MULTIMEDIA-CONFERENCING-QUEUE match dscp af41 af42 af43 bandwidth remaining percent 15 class-map match-all MULTIMEDIA-STREAMING-QUEUE class MULTIMEDIA-STREAMING-QUEUE match dscp af31 af32 af33 bandwidth remaining percent 15 class-map match-all TRANSACTIONAL-DATA-QUEUE class TRANSACTIONAL-DATA-QUEUE match dscp af21 af22 af23 bandwidth remaining percent 15 class-map match-all BULK-DATA-QUEUE dbl match dscp af11 af12 af13 class BULK-DATA-QUEUE class-map match-all SCAVENGER-QUEUE bandwidth remaining percent 6 match dscp cs1 dbl class SCAVENGER-QUEUE DBL can be enabled on a per-class bandwidth remaining percent 1 basis, but should not be enabled on class class-default the PQ or Control traffic queues. bandwidth remaining percent 38 Enabling DBL on UDP-based queues dbl and/or Scavenger queue is optional. service-policy output 1P7Q1T

• Classification & Marking (Ingress) QoS policies are configured on the logical Port- Channel interface

• Queuing (Egress) QoS policies are configured on the physical port-member interfaces

Applied to the (Logical) Applied to (Physical) Port- Platform Port-Channel Interface Member Interfaces Classification & Marking Catalyst 4500 Queuing (Egress) (Ingress)

https://cisco.app.box.com/v/QoS-AAGs

BRKCRS-2501 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 88 Agenda • Campus QoS Design Considerations and Best Practices • Cisco Catalyst 2960-X / 3560-X / 3750-X QoS Design • Cisco Catalyst 9000 / 3850 / 3650 Series QoS Design • Cisco Catalyst 4500E QoS Design • Cisco Catalyst 6800 / 6500-E QoS Design • Meraki MS Series Switch QoS Design

• Campus WLAN QoS Design Considerations and Best Practices • Cisco AireOS WLC AVC / QoS Design • Meraki MR Series AP QoS Design

• What are we doing to make this simpler?

• Summary and References

Catalyst 6800 / 6500-E Series Core Switch Trust DSCP + Ingress Queuing + Egress Queuing

Catalyst 6800 / 6500-E Series Distribution-Layer Switch

1. Configure Ingress Queuing 2. Configure Egress Queuing

Catalyst 6800 / 6500-E (Sup6T & Sup2T) are C3PL platforms which trust by default. Therefore no explicit policy is required for DSCP trust.

BRKCRS-2501 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 92 Additional Catalyst 6800 / 6500-E Sup2T/6T queuing models are Cisco Catalyst 6800 / 6500-E detailed in the Appendix 2P6Q4T Ingress & Egress Queuing Models—DSCP-to-Queue

Application-Class DSCP 2P6Q4T Ingress and egress queuing models varies by line card / Network Control (CS7) Voice-PQ1 module. EF (Priority Level 1) Internetwork Control CS6 (10%) Video-PQ2 VoIP EF CS5 (Priority Level 2) Refer to the 6500-E / 6800 Broadcast Video CS5 CS4 (20%) QoS Configuration Guide or CS6 & CS7 data sheets to ensure that you Multimedia Conferencing AF4 Control/Mgmt Queue CS2 & CS3 (10% BWR) use the proper queuing Realtime Interactive CS4 module for a given line card. Multimedia-Conferencing Queue AF4 Multimedia Streaming AF3 AF4 (15% BWR + DSCP-WRED) Signaling CS3 WS-X6904-40G-2T AF3 Multimedia-Streaming Queue (15% BWR + DSCP-WRED) WS-X6904-40G-2TXL Transactional Data AF2 C6800-8P10G Transactional Data Queue Network Management CS2 AF2 C6800-8P10G-XL (15% BWR + DSCP-WRED) C6800-16P10G Bulk Data AF1 AF1 Bulk Data Queue C6800-16P10G-XL Scavenger CS1 CS1 (10% BWR + DSCP-WRED) C6800-32P10G Default Queue C6800-32P10G-XL Best Effort DF DF (WRED) http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/15-1SY/config_guide/sup2T/15_1_sy_swcg_2T/qos_policy_based_queueing.html

BRKCRS-2501 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 93 Cisco Catalyst 6800 / 6500-E —2P6Q4T Model Part 1 of 3—Common Ingress & Egress Queuing Class-Maps class-map type lan-queuing match-all VOICE-PQ1 Class-maps and policy-maps match dscp ef used for ingress and/or class-map type lan-queuing match-all VIDEO-PQ2 egress queuing policies must match dscp cs4 cs5 be explicitly configured as class-map type lan-queuing match-all CONTROL-MGMT-QUEUE type lan-queuing match dscp cs2 cs3 cs6 cs7 class-map type lan-queuing match-all MULTIMEDIA-CONFERENCING-QUEUE match dscp af41 af42 af43 class-map type lan-queuing match-all MULTIMEDIA-STREAMING-QUEUE Unless specified otherwise, the match dscp af31 af32 af33 default C3PL class-map and class-map type lan-queuing match-all TRANSACTIONAL-DATA-QUEUE policy-map type is qos match dscp af21 af22 af23 (classification, marking, policing) class-map type lan-queuing match-all SCAVENGER-BULK-DATA-QUEUE match dscp cs1 af11 af12 af13

BRKCRS-2501 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 94 Cisco Catalyst 6800 / 6500-E —2P6Q4T Model Part 2 of 3—2P6Q4T Queuing Policy-Map Policy-map must be defined as type lan-queuing

policy-map type lan-queuing 2P6Q4T Enables egress Priority Queue 1 class VOICE-PQ1 (highest level of service) priority level 1 class VIDEO-PQ2 priority level 2 Enables egress Priority Queue 2 class CONTROL-MGMT-QUEUE (can only be interrupted by PQ1) bandwidth remaining percent 10 class MULTIMEDIA-CONFERENCING-QUEUE bandwidth remaining percent 15 bandwidth remaining is random-detect dscp af41 percent 80 100 required (as PQs are enabled) random-detect dscp af42 percent 70 100 random-detect dscp af43 percent 60 100 class MULTIMEDIA-STREAMING-QUEUE bandwidth remaining percent 15 Tunes WRED to better random-detect dscp af31 percent 80 100 align to the AF PHB random-detect dscp af32 percent 70 100 random-detect dscp af33 percent 60 100 …

[continued] class TRANSACTIONAL-DATA-QUEUE bandwidth remaining percent 15 random-detect dscp-based random-detect dscp af21 percent 80 100 type lan-queuing must also be random-detect dscp af22 percent 70 100 specified in the service-policy random-detect dscp af23 percent 60 100 statement class BULK-DATA-QUEUE bandwidth remaining percent 10 random-detect dscp-based random-detect dscp af11 percent 80 100 Generally Catalyst 6800 / random-detect dscp af12 percent 70 100 6500-E Series linecards which random-detect dscp cs1 percent 50 100 support the 2P6Q4T queuing class class-default structure also support both random-detect dscp-based ingress and egress queuing random-detect dscp default percent 80 100

service-policy type lan-queuing input 2P6Q4T service-policy type lan-queuing output 2P6Q4T

BRKCRS-2501 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 96 Cisco Catalyst 6800 / 6500-E EtherChannel QoS Design • Classification & Marking (Ingress) QoS policies are configured on the logical Port-Channel interface • Queuing (Ingress & Egress) QoS policies are configured on the physical port-member interfaces

Applied to the (Logical) Applied to (Physical) Port- Platform Port-Channel Interface Member Interfaces Catalyst 6800 / Classification & Marking Queuing (Ingress & Egress) 6500 (Ingress)

https://cisco.app.box.com/v/QoS-AAGs

BRKCRS-2501 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 99 Agenda • Campus QoS Design Considerations and Best Practices • Cisco Catalyst 2960-X / 3560-X / 3750-X QoS Design • Cisco Catalyst 9000 / 3850 / 3650 Series QoS Design • Cisco Catalyst 4500E QoS Design • Cisco Catalyst 6800 / 6500-E QoS Design • Meraki MS Series Switch QoS Design

• Campus WLAN QoS Design Considerations and Best Practices • Cisco AireOS WLC AVC / QoS Design • Meraki MR Series AP QoS Design

• What are we doing to make this simpler?

• Summary and References

BRKCRS-2501 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 100 Meraki MS Series Switch QoS Design Meraki MS Series Switches QoS on Meraki switches QoS Roles in the Campus Access is configured at the Network level, and applies to all switches in the Meraki Network Meraki MS Series Switches No Trust

Ingress Classification/Marking

Trust DSCP

Egress Queuing

Distribution Switches

DSCP to CoS Map Switch > Configure > Switch Settings

• DSCP markings of incoming packets are mapped to one

of the six configurable CoS 0

queues on the switch for 1

forwarding 2 • Multiple DSCP values can 3 be mapped to the same 4 CoS queue 5

• DSCP values do not have to be assigned to every CoS queue https://documentation.meraki.com/MS/Other_Topics/MS_Switch_Quality_of_Service_Defined

• Each CoS queue is assigned a weight which determines the ratio of bandwidth assigned to the queue

• QoS guarantees a certain fraction of the uplink to each configured queue when the link is congested

• If a queue is not fully utilized, the bandwidth will be used by other queues

• Note: Meraki MS Series switches do not support strict priority queuing

• Rules are user defined and processed from top to bottom • A rule can apply to any combination of VLAN, protocol, source port, or destination port • Each rule has one of the following actions – Trust or Set the DSCP marking • As soon as the first QoS rule is added, the switch will trust DSCP markings on incoming packets that have DSCP to CoS mappings. This rule is invisible and processed last. • If an incoming packet has a DSCP marking set but no matching QoS rule or DSCP to CoS mapping, it will be placed in the default queue

BRKCRS-2501 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 105 Agenda • Campus QoS Design Considerations and Best Practices • Cisco Catalyst 2960-X / 3560-X / 3750-X QoS Design • Cisco Catalyst 9000 / 3850 / 3650 Series QoS Design • Cisco Catalyst 4500E QoS Design • Cisco Catalyst 6800 / 6500-E QoS Design • Meraki MS Series Switch QoS Design

• Campus WLAN QoS Design Considerations and Best Practices • Cisco AireOS WLC AVC / QoS Design • Meraki MR Series AP QoS Design

• What are we doing to make this simpler?

• Summary and References

• QoS is like a chain • It’s only as strong as its weakest link

• The WLAN is one of the weakest links in enterprise QoS designs for three primary reasons: 1) Typical downshift in speed (and throughput) 2) Shift from full-duplex to half-duplex media 3) Shift from dedicated media to shared media

• WLAN QoS policies control both jitter and packet loss

• No priority servicing LAN QoS WLAN QoS • No bandwidth guarantees

• Non-deterministic media access

• Only 4 levels of service

Application Original Metric Improved Metric Percentage Improvement Voice 15 ms max jitter 5 ms max jitter 300% 3.92 MOS 4.2 MOS (Cellular Quality) (Toll Quality) Video 9 fps 14 fps 55% Visual MOS: Visual MOS: Good Excellent Transactional Data 14 ms latency 2 ms latency 700%

http://www.cisco.com/en/US/prod/collateral/wireless/cisco_avc_application_improvement.pdf

• IEEE 802.11 • User Priorities (UP) • Access Categories (AC) • Arbitration Inter-frame Spacing (AIFS) • Contention Windows (CW) • Enhanced Distributed Coordination Function (EDCF)

• DSCPUP Mapping

• Trust Boundaries

• Policy-Enforcement Points

• Application Visibility and Control (AVC)

3 Bit Field allows for UP values 0-7

802.11 802.11 WMM Cisco AireOS WLC UP Value Access Category Designation Designation 7 AC_VO Voice Platinum 6 5 AC_VI Video Gold 4 3 AC_BE Best Effort Silver 0 2 AC_BK Background Bronze 1

• Due to the nature of wireless as a shared media, a Congestion Avoidance algorithm (CSMA/CA) must be utilized • Wireless senders have to wait a fixed amount of time (the AIFS) • Wireless senders also have to wait a random amount of time (the Contention Window) • AIFS and Contention Window timers vary by Access Category

Access AIFS CWmin CWmax Category (Slot Times) Access Category (Slot Times) (Slot Times) Voice 2 Voice 3 7 Video 2 Video 7 15 Best Effort 3 Best-Effort 15 1023 Background 7 Background 15 1023

Round 1 Round 2 Round 3

Voice 2+1=3 2+3=5 2+2=4

2+1=3 Video 2+1=3 2+7=9

Best Effort 3+1=4 3+15=18 3+15=18

Background 7+1=8 7+15=22 7+15=22

Collision Voice Video

3-Bit UP 6-Bit DSCP

802.11 Frame CAPWAP Packet IP Packet

UP DSCP DSCP DSCP DSCP

BRKCRS-2501 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 116 Default IETF DSCP to IEEE 802.11 UP Mapping Sub-Optimal QoS Design Example 4-Class Enterprise Model Four-Class Wireless Model DSCP Based on IETF 4594 Based on IEEE 802.11e UP 7 Voice Voice EF Access UP 6 Category

UP 5 Video Signaling CS3 Access UP 4 Category

UP 3 Best Effort Transactional Data AF2 Access UP 0 Category Background UP 2 Best Effort DF Access UP 1 Category

RFC 4594-Based Model DSCP IEEE 802.11 Model Remark / Network Control (CS7) Drop if not in UP 7 Voice • Provides distinction Internetwork Control CS6 use between elastic and Access Voice + DSCP-Admit EF + 44 UP 6 inelastic video classes Category Broadcast Video CS5 • Aligns RFC 4594 Multimedia Conferencing AF4 Video recommendations into UP 5 Realtime Interactive CS4 Access the IEEE 802.11 model UP 4 Multimedia Streaming AF3 Category • Requires several custom Signaling CS3 DSCP-to-UP mappings UP 3 Best Effort Transactional Data AF2 Access OAM CS2 UP 0 Category Bulk Data AF1 UP 2 Background Scavenger CS1 Access Best Effort DF UP 1 Category

802.11 Frame CAPWAP Packet IP Packet

DSCP UP DSCP DSCP DSCP

Key Point: Radio Upstream QoS requires the device to set UP markings correctly 3-Bit UP 6-Bit DSCP Last 3 Bits are zeroed-out First 3 Bits are copied

802.11 Frame CAPWAP Packet IP Packet

DSCP UP DSCP DSCP DSCP

6-Bit DSCP 6-Bit DSCP All 6 Bits are copied

• Reconciles RFC 4594 with IEEE 802.11

• Summarizes our internal consensus on DSCP-to-UP mapping

• Advocates DSCP-trust in the upstream direction (vs. UP-to-DSCP mapping)

https://tools.ietf.org/html/rfc8325

https://cisco.app.box.com/v/QoS-AAGs

BRKCRS-2501 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 122 Agenda • Campus QoS Design Considerations and Best Practices • Cisco Catalyst 2960-X / 3560-X / 3750-X QoS Design • Cisco Catalyst 9000 / 3850 / 3650 Series QoS Design • Cisco Catalyst 4500E QoS Design • Cisco Catalyst 6800 / 6500-E QoS Design • Meraki MS Series Switch QoS Design

• Campus WLAN QoS Design Considerations and Best Practices • Cisco AireOS WLC AVC / QoS Design • Meraki MR Series AP QoS Design

• What are we doing to make this simpler?

• Summary and References

• Customizable DSCPUP Mappings (AireOS 8.1MR and higher) modify the QoS Roles of the AP and WLC: • Trust Boundary moves to the AP • PEP remains at the WLC Centralized Deployment Model

CAPWAP Tunnel

AireOS WLC

Trust Boundary With AireOS 8.1MR and higher the trust- PEP boundary can be extended to the AP

2. Select and Tune the WLAN QoS Profile

3. Configure an AVC Profile

4. Apply the QoS and AVC Profile to the WLAN and Enable Application Visibility

5. Modify default DSCP-to-UP mappings and enable Upstream DSCP-Trust

• The WLAN QoS Profile defines: WLAN Maximum Priority • It recommended to set the Maximum Priority to voice on multiservice WLANs Unicast and Multicast Default Priority • Typically these values are recommended to be set to best effort

• QoS Profiles override/control AVC Profiles

The WLAN Maximum Priority is a DSCP and UP Marking Ceiling If you want to preserve voice markings, then you *MUST* set this to voice

Broadcast Video (CS5) • AVC Profiles are applied to Real-Time Interactive (CS4) Multimedia-Conferencing both upstream and (AF41) downstream flows on WLC

ingress Call-Signaling (CS3)

• an AVC Profile can contain a maximum of 32 application Transactional Data (AF21) rules

• AVC profiles can be overridden by QoS Profiles Bulk Data (AF11) • So be sure to align these!

Scavenger (CS1)

BRKCRS-2501 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 129 AireOS WLC Step 4) Attaching QoS & AVC Profiles and Enabling AVC • Select the desired QoS and AVC Profiles to apply to the WLAN

• Check the box to enable Application Visibility

Step 2: Configure DSCP-to- UP mapping

Step 3: Configure DSCP-to- UP mapping exceptions

Step 4: Enable DSCP-trust, the new QoS maps, and the 802.11 networks

• Step 1: Enable Fastlane on the WLAN

• Step 2: Create an AVC Profile and replace the default profile created by Fastlane (AireOS 8.3.112 and higher only) or Edit the existing AUTOQOS-AVC-PROFILE generated by Fastlane (AireOS 8.3.102 and higher only)

https://cisco.app.box.com/v/QoS-AAGs

BRKCRS-2501 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 134 Agenda • Campus QoS Design Considerations and Best Practices • Cisco Catalyst 2960-X / 3560-X / 3750-X QoS Design • Cisco Catalyst 9000 / 3850 / 3650 Series QoS Design • Cisco Catalyst 4500E QoS Design • Cisco Catalyst 6800 / 6500-E QoS Design • Meraki MS Series Switch QoS Design

• Campus WLAN QoS Design Considerations and Best Practices • Cisco AireOS WLC AVC / QoS Design • Meraki MR Series AP QoS Design

• What are we doing to make this simpler?

• Summary and References

• Configured through the Meraki Dashboard

• Supports separate upload and download limits

• Per-SSID and per-device/user limits • Support for per-user bandwidth limits when a customer-hosted RADIUS server is used

• SpeedBurst allows up to 4 times the configured rate for 5 seconds https://documentation.meraki.com/MR/Firewall_and_Traffic_Shaping/Traffic_and_Bandwidth_Shaping

• Identifies traffic based on Layer 3 or Layer 7 (application) signatures and enforces QoS • Rule Definition – 2 Options • Select from pre-defined application categories • Custom rule definitions specifying HTTP hostnames, port number, IP address range, or combinations of IP address range and port

• Rule Action – Shaping and/or Prioritization • Allow unlimited bandwidth usage – ignoring limits set for a particular SSID • Obey the SSID limits defined on the Access Control page • Apply more restrictive limits than specified for the SSID

BRKCRS-2501 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 138 Meraki MR Series AP QoS Upstream and Downstream QoS • Default mapping of DSCP to 802.11 AC • Upstream QoS sent by the client is honored.

• DSCP field within the traffic sent from the client is maintained on the Ethernet network • Fastlane support with the ability to install a wireless profile on iOS devices via the Meraki EMM

BRKCRS-2501 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 139 Agenda • Campus QoS Design Considerations and Best Practices • Cisco Catalyst 2960-X / 3560-X / 3750-X QoS Design • Cisco Catalyst 9000 / 3850 / 3650 Series QoS Design • Cisco Catalyst 4500E QoS Design • Cisco Catalyst 6800 / 6500-E QoS Design • Meraki MS Series Switch QoS Design

• Campus WLAN QoS Design Considerations and Best Practices • Cisco AireOS WLC AVC / QoS Design • Meraki MR Series AP QoS Design

• What are we doing to make this simpler?

• Summary and References

• Simplifying Hardware

• Simplifying Software

• Cisco Validated Designs & At-A-Glance Documents

• Automating Best Practices • AutoQoS • Fastlane for iOS • APIC-EM EasyQoS • Cisco DNA Center Application Policy and Assurance

https://cisco.app.box.com/v/QoS-AAGs

Optimized Wi-Fi Connectivity Prioritized Business applications

Intelligent, and efficient roaming is automatically Business data gets priority configured and speed even if network is congested

Reduces complexity - IT can focus on the business– the network does the heavy lifting iOS and Cisco devices recognize each other and enable special capabilities BRKCRS-2501 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 144 Cisco DNA Center Application Policy / EasyQoS

Network Operators express high-level business-intent through Cisco DNA Center Application Policy / APIC-EM EasyQoS EM Southbound APIs translate business-intent to platform- specific configurations

Wireless AP ASR/ISRs Wireless AP Trust Boundary MQC Trust Boundary PEP Catalyst 4500 Nexus 7700 PEP 4Q (WMM) 1P7Q1T F3: 1P7Q1T 4Q (WMM)

Catalyst 3650 Catalyst 6500 WLC Catalyst 2960-X Trust Boundary 1P3Q4T PEP Trust Boundary PEP 1P7Q4T PEP 2P6Q3T 2P6Q4T 1P3Q3T … BRKCRS-2501 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 145 Cisco DNA Center Application Policy Demo Cisco DNA Center – Application Policy

BRKCRS-2501 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 147 Agenda • Campus QoS Design Considerations and Best Practices • Cisco Catalyst 2960-X / 3560-X / 3750-X QoS Design • Cisco Catalyst 9000 / 3850 / 3650 Series QoS Design • Cisco Catalyst 4500E QoS Design • Cisco Catalyst 6800 / 6500-E QoS Design • Meraki MS Series Switch QoS Design

• Campus WLAN QoS Design Considerations and Best Practices • Cisco AireOS WLC AVC / QoS Design • Meraki MR Series AP QoS Design

• What are we doing to make this simpler?

• Summary and References

• Start by defining your QoS Strategy

• Campus QoS is needed primarily to control packet drops

• WLAN QoS is needed to control both jitter and packet drops

• Know your QoS toolset, as this varies platform-to-platform

• Cisco provides many At-A-Glance guides to get you up and running quickly

• Cisco also provides Cisco Validated Design guides for more detail

• Cisco is continuing to focus on simplifying QoS—both in hardware and software

• Cisco DNA Center Application Policy / EasyQoS delivers maximum simplicity for Campus QoS

ip access-list extended APIC_EM-MM_STREAM-ACL remark citrix - Citrix permit tcp any any eq 1494 permit udp any any eq 1494 permit tcp any any eq 2598 permit udp any any eq 2598 remark citrix-static - Citrix-Static permit tcp any any eq 1604 permit udp any any eq 1604 permit tcp any any range 2512 2513 permit udp any any range 2512 2513 remark pcoip - PCoIP permit tcp any any eq 4172 permit udp any any eq 4172 permit tcp any any eq 5172 permit udp any any eq 5172 remark timbuktu - Timbuktu permit tcp any any eq 407 permit udp any any eq 407 remark xwindows - XWindows permit tcp any any range 6000 6003 https://www.cisco.com/c/en/us/solutions/ remark vnc - VNC permit tcp any any eq 5800 permit udp any any eq 5800 enterprise-networks/index.html permit tcp any any range 5900 5901 permit udp any any range 5900 5901 exit ip access-list extended APIC_EM-SIGNALING-ACL remark h323 - H.323 permit tcp any any eq 1300 permit udp any any eq 1300 permit tcp any any range 1718 1720 BRKCRS-2501 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 151 permit udp any any range 1718 1720 Campus QoS Design 4.0—In-Depth Comprehensive Design Chapters • Enterprise Quality of Service Design 4.0 http://www.cisco.com/en/US/docs/solutions/Enterprise/WAN_and_MAN/Q oS_SRND_40/QoSIntro_40.html

• Campus QoS Design 4.0 http://www.cisco.com/en/US/docs/solutions/Enterprise/WAN_and_MAN/Q oS_SRND_40/QoSCampus_40.html

• WLAN QoS Design (BYOD CVD) http://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Borderless_Ne tworks/Unified_Access/BYOD_Design_Guide/BYOD_AVC.html

• Release Date: Jan 2014

• Page Count: 1040

• Comprehensive QoS design guidance for PINs and platforms: • Campus Catalyst 3750/4500/6500 • WLAN WLC 5508 / Catalyst 3850 NGWC • Data Center Nexus 1000V/2000/5500/7000 • WAN & Branch Cisco ASR 1000 / ISR G2 • MPLS VPN Cisco ASR 9000 / CRS-3 • IPSec VPNs Cisco ISR G2

• ISBN: 1-58714-369-0 http://www.amazon.com/End---End-QoS-Network-Design/dp/1587143690/

BRKCRS-2501 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 153 Recommended Reading APIC-EM EasyQoS Solution Design Guide https://www.cisco.com/c/en/us/td/docs/solutions/CVD/Dec2017/APIC-EM-EasyQoS-DesignGuide-Dec2017.pdf

Course Description Cisco Certification

CCIE R&S Advanced Workshops (CIERS-1 & Expert level trainings including: instructor led workshops, self CCIE® Routing & Switching CIERS-2) plus assessments, practice labs and CCIE Lab Builder to prepare candidates Self Assessments, Workbooks & Labs for the CCIE R&S practical exam.

• Implementing Cisco IP Routing v2.0 Professional level instructor led trainings to prepare candidates for the CCNP® Routing & Switching • Implementing Cisco IP Switched CCNP R&S exams (ROUTE, SWITCH and TSHOOT). Also available in Networks V2.0 self study eLearning formats with Cisco Learning Labs. • Troubleshooting and Maintaining Cisco IP Networks v2.0 Interconnecting Cisco Networking Devices: Builds on ICND1 to provide capabilities needed to configure, implement CCNA® Routing & Switching Part 2 (or combined) and troubleshoot a small enterprise network. Including: understanding of Quality of Service (QoS), how virtualized and cloud services interact and impact enterprise networks, along with an overview of network programmability and the related controller types and tools that are available to support software-defined network architectures. Also available in self study eLearning format with Cisco Learning Lab.

Interconnecting Cisco Networking Devices: Understand layer 2 and layer 3 networking fundamentals needed to CCENT® Routing & Switching Part 1 install, configure, and provide basic support of small/branch networks. Covers network device security and IPv6 basics. Also available in self study eLearning format with Cisco Learning Lab.

For more details, please visit: http://learningnetwork.cisco.com Questions? Visit the Learning@Cisco Booth

Course Description Cisco Certification

Designing Cisco Network Service Architectures Provides learner with the ability to perform conceptual, intermediate, CCDP® (Design Professional) (ARCH) Version 3.0 and detailed design of a network infrastructure that supports desired capacity, performance, availability required for converged Enterprise (Available Now) network services and applications.

Designing for Cisco Internetwork Solutions Instructor led training focused on fundamental design methodologies CCDA® (Design Associate) (DESGN) Version 3.0 used to determine requirements for network performance, security, voice, and wireless solutions. Prepares candidates for the CCDA (Available Now) certification exam.

For more details, please visit: http://learningnetwork.cisco.com Questions? Visit the Learning@Cisco Booth

• Designing Cisco Wireless Enterprise Professional level instructor led trainings to prepare candidates to CCNP® Wireless Networks conduct site surveys, implement, configure and support APs and • Deploying Cisco Wireless Enterprise controllers in converged Enterprise networks. Focused on 802.11 and Networks related technologies to design, deploy, troubleshoot as well as secure • Troubleshooting Cisco Wireless Enterprise Wireless infrastructure. Course also provide details around Cisco Networks mobility services Engine, Prime Infrastructure and wireless security. • Securing Cisco Wireless Enterprise Networks

Implementing Cisco Unified Wireless Network Prepares candidates to design, install, configure, monitor and conduct CCNA® Wireless Essential basic troubleshooting tasks of a Cisco WLAN in Enterprise installations. Understanding of the Cisco Unified Wireless Networking for enterprise deployment scenarios. In this course, you will learn the basics of how to Deploying Basic Cisco Wireless LANs (WDBWL) install, configure, operate, and maintain a wireless network, both as an 1.2 add-on to an existing wireless LAN (WLAN) and as a new Cisco Unified Wireless Networking solution. The WDAWL advanced course is designed with the goal of providing learners with the knowledge and skills to successfully plan, install, Deploying Advanced Cisco Wireless LANs configure, troubleshoot, monitor, and maintain advanced Cisco wireless 1.2 (WDAWL) LAN solutions such as QoS, “salt and pepper” mobility, high density deployments, and outdoor mesh deployments in an enterprise customer environment. Deploying Cisco Connected Mobile Experiences WCMX will prepare professionals to use the Cisco Unified Wireless Network to configure, administer, manage, troubleshoot, and optimize 2.0 (WCMX) utilization of mobile content while gaining meaningful client analytics.

For more details, please visit: http://learningnetwork.cisco.com Questions? Visit the Learning@Cisco Booth

Course Description Cisco Certification

For Technology Sellers: Adopting the Cisco Business Architecture Builds skills to discover and address technology needs using a Cisco Business Architecture Approach business-focused, consultative sales approach, broadly applicable and Analyst targeted to prepare for the digital transformation journey that is demanded across the business world.

Applying Cisco Business Architecture Provides tools and skills training to prepare the learner to use a business Cisco Business Architecture Techniques led approach to technology solutions sales and deployments. This Specialist continues the journey begun with the Adopting the Cisco Business Architecture Approach above

Mastering the Cisco Business Architecture Builds skills, and proven, real-world techniques to prepare for a Cisco Business Architecture Discipline Business architect leadership role in the sales and deployment of Practitioner transformative technology solutions.

Cisco Customer Success Manager Specialist Prepares for the crucial role that drives adoption and enablement, Cisco Certified Customer ensuring that customers achieve their expected business outcomes, and Success Manager reduces churn/increases renewal for services and subscription based products.

For more details, please visit: http://learningnetwork.cisco.com Questions? Visit the Learning@Cisco Booth

• Please complete your Online Session Survey after each session

• Complete 4 Session Surveys & the Overall Conference Survey (available from Thursday) to receive your Cisco Live T- shirt

• All surveys can be completed via the Cisco Events Mobile App or the Communication Stations

Don’t forget: Cisco Live sessions will be available for viewing on demand after the event at ciscolive.cisco.com

Related Demos in Walk-in Meet the sessions the Cisco self-paced engineer Showcase labs 1:1 meetings

Appendix: A Catalyst 6500-E/6800 Queuing Models Catalyst 6500-E / 6807-XL with Sup2T/6T Ingress & Egress Queueing Models • Ingress Queue Structures • 1Q8T CoS to Queue Mapping CoS-based Tail-Drop • 2Q4T CoS to Queue Mapping CoS-based Tail-Drop • 2Q8T CoS to Queue Mapping CoS-based Tail-Drop • 8Q4T DSCP to Queue Mapping DSCP-based WRED • 8Q8T CoS to Queue Mapping CoS-based WRED • 1P7Q2T DSCP to Queue Mapping DSCP-based WRED

• Ingress & Egress Queue Structures * 1P7Q4T can be implementing • *2P6Q4T DSCP to Queue Mapping DSCP-based WRED as an alternate ingress queueing structure to 2P6Q4T • Egress Queue Structures • 1P3Q8T CoS to Queue Mapping Cos-based WRED • 1P3Q4T CoS to Queue Mapping CoS-based WRED • 1P7Q4T DSCP to Queue Mapping DSCP-based WRED* • 1P7Q8T CoS to Queue Mapping CoS-based WRED

• WS-X6704-10GE with CFC

• WS-X6724-SFP with CFC

• WS-X6748-SFP and WS-X6748-GE-TX with CFC

Application-Class DSCP CoS 1Q8T

Network Control (CS7) CoS 7 Q1T8—100% CoS 7 Internetwork Control CS6 CoS 6 Q1T7—95% VoIP EF CoS 6 CoS 5 Broadcast Video CS5 Q1T6—90% CoS 5 Multimedia Conferencing AF4 CoS 4 Realtime Interactive CS4 Q1T5—85% CoS 4 Multimedia Streaming AF3 CoS 3 Q1T4—80% Signaling CS3 CoS 3 Transactional Data AF2 CoS 2 Q1T3—75% All noted thresholds are CoS 2 Network Management CS2 tail-drop thresholds

Bulk Data AF1 Q1T2—70% CoS 1 CoS 0 Scavenger CS1 Q1T1—65% Best Effort DF CoS 0 CoS 1

policy-map type lan-queuing APIC_EM-QUEUING-1Q8T-IN class class-default Un-configured CoS values default to queue-limit cos 7 percent 100 threshold 8 which is 100%. May not queue-limit cos 6 percent 95 need to configure the CoS 7 value, as queue-limit cos 5 percent 90 this should default to 100%. queue-limit cos 4 percent 85 However, it is shown here for queue-limit cos 3 percent 80 completeness. queue-limit cos 2 percent 75 queue-limit cos 0 percent 70 Recommend to explicitly configure it. queue-limit cos 1 percent 65 Interface GigabitEthernet1/1 service-policy type lan-queuing input APIC_EM-QUEUING-1Q8T-IN

• VS-S2T-10G and VS-S2T-10G-XL with Gigabit Ethernet ports enabled

• Applies to all ports on the Supervisor 2T

Application-Class DSCP CoS 2Q4T

Network Control (CS7) CoS 7 CoS 7 Q2 40% BW Internetwork Control CS6 CoS 6

VoIP EF CoS 6 CoS 5 Broadcast Video CS5 CoS 5 Multimedia Conferencing AF4 CoS 4 Realtime Interactive CS4 CoS 4 Multimedia Streaming AF3 CoS 3 Signaling CS3 CoS 3 Q1 60% BW

Transactional Data AF2 CoS 2 Network Management CS2 CoS 2

Bulk Data AF1 CoS 1 CoS 0 Scavenger CS1

Best Effort DF CoS 0 CoS 1

Application-Class DSCP CoS 2Q4T

Network Control (CS7) CoS 7 Q2T4—100% CoS 7 Internetwork Control CS6 CoS 6 Q2T3—95% VoIP EF CoS 6 CoS 5 Broadcast Video CS5 Q2T2—90% CoS 5 Multimedia Conferencing AF4 CoS 4 Q2 40% BW Q2T1—85% Realtime Interactive CS4 CoS 4 Multimedia Streaming AF3 CoS 3 Q1T4—100% Signaling CS3 CoS 3 Q1 60% BW

Transactional Data AF2 CoS 2 Q1T3—95% Network Management CS2 CoS 2 All noted thresholds are tail-drop thresholds Bulk Data AF1 Q1T2—90% CoS 1 Cos 0 Scavenger CS1 Q1T1—85% Best Effort DF CoS 0 CoS1

BRKCRS-2501 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 173 Catalyst 6500-E/6807-XL—2Q4T Ingress Model class-map type lan-queuing match-all APIC_EM-Q2-2Q4T-QUEUE match cos 7 6 5 4 policy-map type lan-queuing APIC_EM-QUEUING-2Q4T-IN Un-configured CoS values default to threshold 8 which is class APIC_EM-Q2-2Q4T-QUEUE 100%. May not need to bandwidth percent 40 configure the CoS 7 or CoS 3 queue-limit cos 7 percent 100 values, as this should default to queue-limit cos 6 percent 95 100%, but is shown here for queue-limit cos 5 percent 90 completeness. queue-limit cos 4 percent 85 Recommend explicitly class class-default configuring thresholds however. queue-limit cos 3 percent 100 queue-limit cos 2 percent 95 queue-limit cos 0 percent 90 queue-limit cos 1 percent 85 interface GigabitEthernet1/3/1 service-policy type lan-queuing input APIC_EM-QUEUING-2Q4T-IN interface TenGigabitEthernet1/3/4 service-policy type lan-queuing input APIC_EM-QUEUING-2Q4T-IN

• WS-X6724-SFP with DFC4/DFC4XL upgrade (WS-F6k-DFC4-A, WS-F6k-DFC4- AXL)

• WS-X6748-SFP and WS-X6748-GE-TX with DFC4/DFC4XL upgrade (WS-F6k- DFC4-A, WS-F6k-DFC4-AXL)

• WS-X6824-SFP-2T and WS-X6824-SFP-2TXL

• WS-X6848-SFP-2T, WS-X6848-SFP-2TXL, WS-X6848-TX-2T and WS-X6848- TX-2TXL

Application-Class DSCP CoS 2Q8T

Network Control (CS7) CoS 7 CoS 7 Q2 40% BW Internetwork Control CS6 CoS 6

VoIP EF CoS 6 CoS 5 Broadcast Video CS5 CoS 5 Multimedia Conferencing AF4 CoS 4 Realtime Interactive CS4 CoS 4 Multimedia Streaming AF3 CoS 3 Signaling CS3 CoS 3 Q1 60% BW

Transactional Data AF2 CoS 2 Network Management CS2 CoS 2

Bulk Data AF1 CoS 1 CoS 0 Scavenger CS1

Best Effort DF CoS 0 CoS 1

Application-Class DSCP CoS 2Q8T

Transactional Data AF2 CoS 2 Q1T3—95% CoS 2 Network Management CS2 All noted thresholds are Bulk Data AF1 Q1T2—90% tail-drop thresholds CoS 1 Cos 0 Scavenger CS1 Q1T1—85% Best Effort DF CoS 0 CoS1

BRKCRS-2501 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 178 Catalyst 6500-E/6807-XL—2Q8T Ingress Model class-map type lan-queuing match-all APIC_EM-Q2-2Q8T-QUEUE match cos 7 6 5 4 policy-map type lan-queuing APIC_EM-QUEUING-2Q8T-IN class APIC_EM-Q2-2Q8T-QUEUE bandwidth percent 40 Un-configured CoS values queue-limit cos 7 percent 100 default to threshold 8 which queue-limit cos 6 percent 95 is 100%. May not need to queue-limit cos 5 percent 90 configure the CoS 7 or CoS queue-limit cos 4 percent 85 3 values, as this should class class-default default to 100%. queue-limit cos 3 percent 100 Recommend explicitly queue-limit cos 2 percent 95 configuring thresholds queue-limit cos 0 percent 90 queue-limit cos 1 percent 85 interface GigabitEthernet1/3/2 service-policy type lan-queuing input APIC_EM-QUEUING-2Q8T-IN

• VS-S2T-10G, VS-S2T-10G-XL with Gigabit Ethernet ports disabled

• WS-X6908-10G-2T, WS-X6908-10G-2TXL

• WS-X6816-10T-2T, WS-X6816-10T-2TXL, WS-X6816-10G-2T, WS- X6816-10G-2TXL in performance mode

• WS-X6716-10G-3C, WS-X6716-10G-3CXL, WS-X6716-10T-3C, WS- X6716-10T-3CXL with a DFC4 or DFC4XL upgrade (WS-F6k-DFC4-E, WS-F6k-DFC4-EXL) in performance mode)

o23-6500-1(config)#platform qos 10g-only Global command disables GigabitEthernet interfaces on the Sup2T.

o23-6500-1#show platform qos module 3 QoS is enabled globally Port QoS is enabled globally QoS serial policing mode enabled globally Exec-level command to show whether the Distributed Policing is Disabled GigabitEthernet interfaces on the Sup2T are Secondary PUPs are enabled enabled or disabled QoS Trust state is DSCP on the following interface: EO0/2 Gi1/1 Gi1/2 Gi1/3 Gi1/4 Gi1/5 Gi1/6 Gi1/7 Gi1/8 Gi1/9 Gi1/10 Gi1/11 Gi1/12 Gi1/13 Gi1/14 Gi1/15 Gi1/16 Gi1/17 Gi1/18 Gi1/19 Gi1/20 Gi1/21 Gi1/22 Gi1/23 Gi1/24 Gi1/25 Gi1/26 Gi1/27 Gi1/28 Gi1/29 Gi1/30 Gi1/31 Gi1/32 Gi1/33 Gi1/34 Gi1/35 Gi1/36 Gi1/37 Gi1/38 Gi1/39 Gi1/40 Gi1/41 Gi1/42 Gi1/43 Gi1/44 Gi1/45 Gi1/46 Gi1/47 Gi1/48 Te2/1 Te2/2 Te2/3 Te2/4 Te2/5 Te2/6 Te2/7 Te2/8 Gi3/1 Gi3/2 Gi3/3 Te3/4 Te3/5 Te5/1 Te5/2 Te5/3 Te5/4 Te5/5 Te5/6 Te5/7 Te5/8 Te5/9 Te5/10 Te5/11 Te5/12 Te5/13 Te5/14 Te5/15 Te5/16 Te6/1 Te6/2 Te6/3 Te6/4 CPP CPP.1 Vl1 GigabitEthernet interfaces on the QoS 10g-only mode supported: Yes [Current mode: Off] Global Policy-map: ingress[] Sup2T are currently enabled …

Global command enables performance mode on a port o23-6500-1(config)#no hw-module slot 5 oversubscription port-group 4 group of a linecard

o23-6500-1#show hw-module slot 5 oversubscription port-group oversubscription-mode 1 enabled 2 enabled 3 enabled 4 disabled Exec-level command to show whether the oversubscription is enabled or disabled (performance mode) per port group of a linecard

BRKCRS-2501 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 183 Cisco Catalyst 6500-E/6807-XL with Sup2T 8Q4T Ingress Queuing Models—DSCP-to-Queue Mapping 8Q4T Application-Class DSCP EF Realtime Queue Network Control (CS7) CS5 (10% BW) Internetwork Control CS6 CS4 CS7 VoIP EF CS6 Control Queue Broadcast Video CS5 CS3 (10% BW) CS2 Multimedia Conferencing AF4

Realtime Interactive CS4 AF4 Multimedia-Conferencing Queue (20% BW + DSCP-WRED) Multimedia Streaming AF3 AF3 Multimedia-Streaming Queue (20% Signaling CS3 BW + DSCP-WRED)

Transactional Data AF2 AF2 Transactional Data Queue (10% BW + DSCP-WRED) Network Management CS2 AF1 Bulk Data Queue Bulk Data AF1 (4% BW + DSCP-WRED)

Scavenger CS1 CS1 Scavenger Queue (1% BW)

Best Effort DF DF Default Queue (25% BW + DSCP-WRED)

BRKCRS-2501 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 184 Cisco Catalyst 6500-E/6807-XL with Sup2T 8Q4T Ingress Queuing Models— 8Q4T EF DSCP-to-Queue with DSCP-WRED Realtime Queue All noted thresholds are CS5 (10% BW) CS4 Min WRED thresholds Application-Class DSCP CS7 Network Control (CS7) All max WRED thresholds CS6 Control-Plane Queue Are set to 100% Internetwork Control CS6 CS3 (10% BW) CS2 VoIP EF AF41 Q6T3—80% Broadcast Video CS5 AF42 Q6T2—70% Multimedia-Conferencing Queue AF43 (20% BW + DSCP-WRED) Multimedia Conferencing AF4 Q6T1—60%

Realtime Interactive CS4 AF31 Q5T3—80% Multimedia-Streaming Queue (20% AF32 Q5T2—70% BW + DSCP-WRED) Multimedia Streaming AF3 AF33 Q5T1—60% Signaling CS3 AF21 Q4T3—80% Transactional Data AF2 AF22 Q4T2—70% AF23 Transactional Data Queue Q4T1—60% (10% BW + DSCP-WRED) Network Management CS2 AF11 Q3T3—80% Bulk Data AF1 AF12 Q3T2—70% AF13 Q3T1—60% Bulk Data Queue Scavenger CS1 (4% BW + DSCP-WRED) CS1 Scavenger Queue (1% BW) Best Effort DF DF Default Queue (25% BW + DSCP-WRED)

BRKCRS-2501 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 185 Catalyst 6500-E/6807-XL —8Q4T Ingress Model class-map type lan-queuing match-all APIC_EM-REALTIME-8Q4T-QUEUE match dscp cs4 cs5 ef class-map type lan-queuing match-all APIC_EM-CONTROL-8Q4T-QUEUE match dscp cs2 cs3 cs6 cs7 class-map type lan-queuing match-all APIC_EM-MM_CONF-8Q4T-QUEUE match dscp af41 af42 af43 class-map type lan-queuing match-all APIC_EM-MM_STREAM-8Q4T-QUEUE match dscp af31 af32 af33 class-map type lan-queuing match-all APIC_EM-TRANS_DATA-8Q4T-QUEUE match dscp af21 af22 af23 class-map type lan-queuing match-all APIC_EM-BULK_DATA-8Q4T-QUEUE match dscp af11 af12 af13 class-map type lan-queuing match-all APIC_EM-SCAVENGER-8Q4T-QUEUE match dscp cs1

BRKCRS-2501 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 186 Catalyst 6500-E/6807-XL —8Q4T Ingress Model policy-map type lan-queuing APIC_EM-QUEUEING-8Q4T-IN class APIC_EM-REALTIME-8Q4T-QUEUE bandwidth percent 10 class APIC_EM-CONTROL-8Q4T-QUEUE bandwidth percent 10 class APIC_EM-MM_CONF-8Q4T-QUEUE bandwidth percent 20 random-detect dscp-based random-detect dscp af41 percent 80 100 random-detect dscp af42 percent 70 100 random-detect dscp af43 percent 60 100 class APIC_EM-MM_STREAM-8Q4T-QUEUE bandwidth percent 20 random-detect dscp-based random-detect dscp af31 percent 80 100 random-detect dscp af32 percent 70 100 random-detect dscp af33 percent 60 100

[continued] class APIC_EM-TRANS_DATA-8Q4T-QUEUE bandwidth percent 10 random-detect dscp-based random-detect dscp af21 percent 80 100 random-detect dscp af22 percent 70 100 random-detect dscp af23 percent 60 100 class APIC_EM-BULK_DATA-8Q4T-QUEUE bandwidth percent 4 random-detect dscp-based random-detect dscp af11 percent 80 100 random-detect dscp af12 percent 70 100 random-detect dscp af13 percent 60 100 class APIC_EM-SCAVENGER-8Q4T-QUEUE bandwidth percent 1 class class-default random-detect dscp-based random-detect dscp default percent 80 100 interface TenGigabitEthernet1/3/4 service-policy type lan-queuing input APIC_EM-QUEUEING-8Q4T-IN

BRKCRS-2501 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 188 8Q8T – Ingress Queueing CoS to Queue Mapping CoS-based Tail-Drop 8Q8T Ingress Queueing Linecards WS-X6704-10GE supported with a DFC4/DFC4XL upgrade (WS-F6k- DFC4-A, WS-F6k-DFC4-AXL)

o23-6500-1#show module Mod Ports Card Type Model Serial No. ------1 48 CEF720 48 port 10/100/1000mb Ethernet WS-X6748-GE-TX SAL10478SWP 2 8 DCEF2T 8 port 10GE WS-X6908-10G SAL172682AK 3 5 Supervisor Engine 2T 10GE w/ CTS (Acti VS-SUP2T-10G SAL1702WNR0 5 16 CEF720 16 port 10GE WS-X6716-10GE SAL1228WYB7 6 4 CEF720 4 port 10-Gigabit Ethernet WS-X6704-10GE SAL15013XBH

…

Mod Sub-Module Model Serial Hw Status ------1 Centralized Forwarding Card WS-F6700-CFC SAD074308C9 1.1 Ok 2 Distributed Forwarding Card WS-F6K-DFC4-E SAL17152T2R 1.2 Ok 3 Policy Feature Card 4 VS-F6K-PFC4 SAL1638N3R3 1.2 Ok 3 CPU Daughterboard VS-F6K-MSFC5 SAL1702WNG1 1.5 Ok 5 Distributed Forwarding Card WS-F6K-DFC4-E SAL1541SQHX 1.1 Ok 6 Centralized Forwarding Card WS-F6700-CFC SAL1518CRZ3 4.1 PwrDown

Application-Class DSCP CoS 8Q8T Network Control (CS7) CoS 7 Q8-VoIP-Broadcast Queue Internetwork Control CS6 CoS 6 CoS 5 (10% BW ) VoIP EF CoS 7 Q7-Network Control Queue CoS 5 (5% BW) Broadcast Video CS5

Multimedia Conferencing AF4 Q6-Internetwork Control Queue CoS 4 CoS 6 (5% BW) Realtime Interactive CS4 Q5-Multimedia-Realtime Queue Multimedia Streaming AF3 CoS 4 (20% BW) CoS 3 Signaling CS3 Q4-Streaming-Signaling Queue CoS 3 (20% BW) Transactional Data AF2 CoS 2 Q3-Transactional-Management Queue Network Management CS2 CoS 2 (10% BW) Bulk Data AF1 CoS 1 Q2-Bulk-Scavenger Queue Scavenger CS1 CoS 1 (5% BW) Q1-Default Queue Best Effort DF CoS 0 CoS 0 (25% BW)

BRKCRS-2501 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 191 Catalyst 6500-E/6807-XL —8Q8T Ingress Model class-map type lan-queuing match-all APIC_EM-Q8-8Q8T-QUEUE match cos 7 Class-map type lan-queuing match-all APIC_EM-Q7-8Q8T-QUEUE match cos 6 class-map type lan-queuing match-all APIC_EM-Q6-8Q8T-QUEUE match cos 5 class-map type lan-queuing match-all APIC_EM-Q5-8Q8T-QUEUE match cos 4 class-map type lan-queuing match-all APIC_EM-Q4-8Q8T-QUEUE match cos 3 class-map type lan-queuing match-all APIC_EM-Q3-8Q8T-QUEUE match cos 2 class-map type lan-queuing match-all APIC_EM-Q2-8Q8T-QUEUE match cos 1

policy-map type lan-queuing APIC_EM-QUEUEING-8Q8T-IN class APIC_EM-Q8-8Q8T-QUEUE bandwidth percent 10 class APIC_EM-Q7-8Q8T-QUEUE bandwidth percent 5 class APIC_EM-Q6-8Q8T-QUEUE bandwidth percent 5 class APIC_EM-Q5-8Q8T-QUEUE bandwidth percent 20 class APIC_EM-Q4-8Q8T-QUEUE bandwidth percent 20 class APIC_EM-Q3-8Q8T-QUEUE bandwidth percent 10 class APIC_EM-Q2-8Q8T-QUEUE bandwidth percent 5 class class-default interface TenGigabitEthernet1/3/4 service-policy type lan-queuing input APIC_EM-QUEUEING-8Q8T-IN

• WS-X6716-10G-3C, WS-X6716-10G-3CXL, WS-X6716-10T-3C, WS- X6716-10T-3CXL with a DFC4 or DFC4XL upgrade (WS-F6k-DFC4-E, WS-F6k-DFC4-EXL) in oversubscription mode

• WS-X6816-10T-2T, WS-X6816-10T-2TXL, WS-X6816-10G-2T, WS- X6816-10G-2TXL in oversubscription mode

1P7Q2T Application-Class DSCP EF Network Control (CS7) CS5 Realtime Queue (Priority) Internetwork Control CS6 CS4

VoIP EF CS7 CS6 Control Plane Queue Broadcast Video CS5 CS3 (10% BWR) Multimedia Conferencing AF4 CS2

Realtime Interactive CS4 Multimedia-Conferencing Queue AF4 (20% BWR + DSCP-WRED) Multimedia Streaming AF3 Multimedia-Streaming Queue Signaling CS3 AF3 (15% BWR + DSCP-WRED)

Transactional Data AF2 Transactional Data Queue AF2 (15% BWR + DSCP-WRED) Network Management CS2 Bulk Data Queue AF1 Bulk Data AF1 (9% BWR + DSCP-WRED)

Scavenger CS1 CS1 Scavenger Queue (1% BW) Best Effort DF Default Queue DF (30% BWR + DSCP-WRED)

BRKCRS-2501 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 196 Cisco Catalyst 6500-E/6807-XL with Sup2T 1P7Q2T Ingress Queuing Models—DSCP- 1P7Q2T to-Queue Mapping (DSCP-WRED) EF Realtime Queue All noted thresholds are CS5 (Priority) Min WRED thresholds Application-Class DSCP CS4 All max WRED thresholds CS7 Network Control (CS7) Are set to 100% CS6 Control Plane Queue Internetwork Control CS6 CS3 (10% BWR) CS2 VoIP EF AF41 Q6T2—80% Broadcast Video CS5 Multimedia-Conferencing Queue AF42 (20% BWR + DSCP-WRED) Multimedia Conferencing AF4 AF43 Q6T1—70% Realtime Interactive CS4 AF31 Q5T2—80% Multimedia-Streaming Queue (15% Multimedia Streaming AF3 AF32 BWR + DSCP-WRED) AF33 Q5T1—70% Signaling CS3 AF21 Q4T2—80% Transactional Data AF2 AF22 Q4T1—70% Transactional Data Queue AF23 Network Management CS2 (15% BWR + DSCP-WRED) AF11 Q3T2—80% Bulk Data AF1 AF12 Q3T1—70% Scavenger CS1 AF13 Bulk Data Queue (9% BWR + DSCP-WRED) Scavenger Queue (1% BW) Best Effort DF CS1 DF Default Queue (30% BWR + DSCP-WRED)

BRKCRS-2501 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 197 Cisco Catalyst 6500-E/6807-XL - 1P7Q2T Ingress Model class-map type lan-queuing match-all APIC_EM-REALTIME-1P7Q2T-QUEUE match dscp cs4 cs5 ef class-map type lan-queuing match-all APIC_EM-CONTROL-1P7Q2T-QUEUE match dscp cs2 cs3 cs6 cs7 class-map type lan-queuing match-all APIC_EM-MM_CONF-1P7Q2T-QUEUE match dscp af41 af42 af43 class-map type lan-queuing match-all APIC_EM-MM_STREAM-1P7Q2T-QUEUE match dscp af31 af32 af33 class-map type lan-queuing match-all APIC_EM-TRANS_DATA-1P7Q2T-QUEU match dscp af21 af22 af23 class-map type lan-queuing match-all APIC_EM-BULK_DATA-1P7Q2T-QUEUE match dscp af11 af12 af13 class-map type lan-queuing match-all APIC_EM-SCAVENGER-1P7Q2T-QUEUE match dscp cs1

BRKCRS-2501 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 198 Catalyst 6500-E/6807-XL —1P7Q2T Ingress Model policy-map type lan-queuing APIC_EM-QUEUEING-1P7Q2T-IN class APIC_EM-REALTIME-1P7Q2T-QUEUE priority class APIC_EM-CONTROL-1P7Q2T-QUEUE bandwidth remaining percent 10 class APIC_EM-MM_CONF-1P7Q2T-QUEUE bandwidth remaining percent 20 class APIC_EM-MM_STREAM-1P7Q2T-QUEUE bandwidth remaining percent 15

BRKCRS-2501 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 199 Catalyst 6500-E/6807-XL - 1P7Q2T Ingress Model [continued] class APIC_EM-TRANS_DATA-1P7Q2T-QUEU bandwidth remaining percent 15 class APIC_EM-BULK_DATA-1P7Q2T-QUEUE bandwidth remaining percent 9 class APIC_EM-SCAVENGER-1P7Q2T-QUEUE bandwidth remaining percent 1 class class-default interface TenGigabitEthernet1/3/4 service-policy type lan-queuing input APIC_EM-QUEUEING-1P7Q2T-IN

• WS-X6904-40G-2T and WS-X6904-40G-2TXL

• C6800-8P10G, C6800-8P10G-XL

• C6800-16P10G, C6800-16P10G-XL

• C6800-32P10G, C6800-32P10G-XL

Application-Class DSCP 2P6Q4T

Network Control (CS7) Voice-PQ1 EF (Priority Level 1) Internetwork Control CS6 CS4 VoIP EF CS5 Video-PQ2 (Priority Level 2) Broadcast Video CS5 AF4

Multimedia Conferencing AF4 CS7 & CS6 Control Plane Queue Realtime Interactive CS4 CS3 & CS2 (10% BWR)

Multimedia Streaming AF3 Multimedia-Streaming Queue AF3 (20% BWR + DSCP-WRED) Signaling CS3 Transactional Data Queue Transactional Data AF2 AF2 (20% BWR + DSCP-WRED)

Network Management CS2 Bulk Data Queue AF1 (14% BWR + DSCP-WRED) Bulk Data AF1 Scavenger Queue CS1 Scavenger CS1 (1% BWR + DSCP-WRED) DF Default Queue Best Effort DF (35% BWR + WRED)

BRKCRS-2501 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 203 Cisco Catalyst 6500-E/6807-XL with Sup2T 2P6Q4T (Ingress & Egress Queuing Models—DSCP-to-Queue with DSCP WRED 2P6Q4T Voice-PQ1 Application-Class DSCP EF (Priority Level 1) CS4 Network Control (CS7) CS5 Video-PQ2 Internetwork Control CS6 (Priority Level 2) AF4 VoIP EF CS7 & CS6 Control Plane Queue Broadcast Video CS5 CS3 & CS2 (10% BWR) Multimedia Conferencing AF4 AF31 Q4T3—80% Realtime Interactive CS4 AF32 Q4T2—70% AF33 Multimedia Streaming AF3 Q4T1—60% AF21 Q3T3—80% Transactional Data Queue Signaling CS3 AF22 Q3T2—70% (20% BWR + DSCP-WRED) Transactional Data AF2 AF23 Q3T1—60%

Network Management CS2 AF11 Q2T3—80% AF12 Q2T2—70% Bulk Data Queue Bulk Data AF1 (14% BWR + DSCP-WRED) AF13CS1 Q2T1—60% Scavenger CS1 Scavenger Queue CS1 (1% BWR ) Best Effort DF DF Default Queue (35% BWR + WRED)

BRKCRS-2501 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 204 Cisco Catalyst 6500-E/6807-XL—2P6Q4T Model Part 1 of 3—Common Ingress & Egress Queuing Class-Maps class-map type lan-queuing match-all APIC_EM-VOICE-2P6Q4T-PQ1 match dscp ef class-map type lan-queuing match-all APIC_EM-VIDEO-2P6Q4T-PQ2 match dscp cs4 cs5 af41 af42 af43 class-map type lan-queuing match-all APIC_EM-CONTROL-2P6Q4T-QUEUE match dscp cs2 cs3 cs6 cs7 class-map type lan-queuing match-all APIC_EM-MM_STREAM-2P6Q4T-QUEUE match dscp af31 af32 af33 class-map type lan-queuing match-all APIC_EM-TRANS_DATA-2P6Q4T-QUEUE match dscp af21 af22 af23 class-map type lan-queuing match-all APIC_EM-BULK_DATA-2P6Q4T-QUEUE match dscp af11 af12 af13 class-map type lan-queuing match-all APIC_EM-SCAVENGER-2P6Q4T-QUEUE match dscp cs1

policy-map type lan-queuing APIC_EM-QUEUING-2P6Q4T class APIC_EM-VOICE-2P6Q4T-PQ1 priority level 1 class APIC_EM-VIDEO-2P6Q4T-PQ2 priority level 2 class APIC_EM-CONTROL-2P6Q4T-QUEUE bandwidth remaining percent 10 class APIC_EM-MM_STREAM-2P6Q4T-QUEUE bandwidth remaining percent 20 random-detect dscp-based random-detect dscp af31 percent 80 100 random-detect dscp af32 percent 70 100 random-detect dscp af33 percent 60 100 class APIC_EM-TRANS_DATA-2P6Q4T-QUEUE bandwidth remaining percent 20 random-detect dscp-based random-detect dscp af21 percent 80 100 random-detect dscp af22 percent 70 100 random-detect dscp af23 percent 60 100

[continued] class APIC_EM-BULK_DATA-2P6Q4T-QUEUE bandwidth remaining percent 14 random-detect dscp-based random-detect dscp af11 percent 80 100 random-detect dscp af12 percent 70 100 random-detect dscp af13 percent 60 100 class APIC_EM-SCAVENGER-2P6Q4T-QUEUE bandwidth remaining percent 1 class class-default random-detect dscp-based random-detect dscp default percent 80 100

interface TenGigabitEthernet1/1/13 service-policy type lan-queuing input APIC_EM-QUEUEING-2P6Q4T service-policy type lan-queuing output APIC_EM-QUEUEING-2P6Q4T

• WS-X6724-SFP, WS-X6748-SFP and WS-X6748-GE-TX with CFC

• WS-X6724-SFP, WS-X6748-SFP, and WS-X6748-GE-TX with a DFC4 or DFC4XL upgrade (WS-F6k-DFC4-A, WS-F6k-DFC4-AXL)

• WS-X6824-SFP-2T and WS-X6824-SFP-2TXL

• WS-X6848-SFP-2T, WS-X6848-SFP-2TXL, WS-X6848-TX-2T and WS- X6848-TX-2TXL

BRKCRS-2501 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 209 Cisco Catalyst 6500-E/6807-XL with Sup2T 1P3Q8T Egress Queuing Models—CoS-to-Queue Mapping 1P3Q8T Application-Class DSCP CoS

Network Control (CS7) CoS 7 CoS 5 Realtime Queue Internetwork Control CS6 CoS 6 CoS 4 (Priority) VoIP EF CoS 5 Broadcast Video CS5 CoS 7 Control Plane Queue Multimedia Conferencing AF4 CoS 6 (10% BWR) CoS 4 Realtime Interactive CS4 CoS 3 Multimedia Streaming AF3 CoS 3 Transactional Data Queue Signaling CS3 CoS 2 (45% BWR + COS-WRED) Transactional Data AF2 CoS 2 Network Management CS2

Bulk Data AF1 CoS 0 CoS 1 Scavenger CS1 Default Queue (45% BWR + COS WRED) Best Effort DF CoS 0 CoS 1

1P3Q8T Application-Class DSCP CoS

Network Control (CS7) CoS 7 CoS 5 Realtime Queue Internetwork Control CS6 CoS 6 CoS 4 (Priority) VoIP EF CoS 5 Broadcast Video CS5 CoS 7 Control Plane Queue Multimedia Conferencing AF4 CoS 6 (10% BWR) CoS 4 Realtime Interactive CS4 CoS 3 Q2T2—80% Multimedia Streaming AF3 CoS 3 Transactional Data Queue Signaling CS3 CoS 2 (45% BWR + COS-WRED)

Transactional Data AF2 Q2T1—70% CoS 2 All noted thresholds are Network Management CS2 Min WRED thresholds Q2T2—80% Bulk Data AF1 CoS 0 CoS 1 Default Queue All max WRED thresholds Scavenger CS1 (45% BWR + COS WRED) Are set to 100% CoS 1 Best Effort DF CoS 0 Q2T1—70%

BRKCRS-2501 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 211 Catalyst 6500-E/6807-XL—1P3Q8T Egress Model class-map type lan-queuing match-all APIC_EM-REALTIME-1P3Q8T-QUEUE match cos 4 5 class-map type lan-queuing match-all APIC_EM-CONTROL-1P3Q8T-QUEUE match cos 6 7 class-map type lan-queuing match-all APIC_EM-TRANS_DATA-1P3Q8T-QUEUE match cos 2 3

BRKCRS-2501 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 212 Cisco Catalyst 6500-E/6807-XL —1P3Q8T Egress Model policy-map type lan-queuing APIC_EM-QUEUING-1P3Q8T-OUT class APIC_EM-REALTIME-1P3Q8T-QUEUE priority class APIC_EM-CONTROL-1P3Q8T-QUEUE bandwidth remaining percent 5 class APIC_EM-TRANS_DATA-1P3Q8T-QUEUE bandwidth remaining percent 45 random-detect cos-based random-detect cos 3 percent 80 100 random-detect cos 2 percent 70 100 class class-default random-detect cos-based random-detect cos 0 percent 80 100 random-detect cos 1 percent 70 100 interface GigabitEthernet1/3/2 service-policy type lan-queuing output APIC_EM-QUEUING-1P3Q8T-OUT

• VS-S2T-10G and VS-S2T-10G-XL with Gigabit Ethernet ports enabled

BRKCRS-2501 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 215 Cisco Catalyst 6500-E/6807-XL with Sup2T 1P3Q4T Egress Queuing Models—CoS-to-Queue Mapping 1P3Q4T Application-Class DSCP CoS

Bulk Data AF1 CoS 0 CoS 1 Scavenger CS1 Default Queue (45% BWR + COS WRED) Best Effort DF CoS 0 CoS 1

BRKCRS-2501 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 216 Cisco Catalyst 6500-E/6807-XL with Sup2T 1P3Q4T Egress Queuing Models—CoS-to-Queue Mapping with CoS WRED 1P3Q4T Application-Class DSCP CoS

Network Control (CS7) CoS 7 CoS 5 Realtime Queue Internetwork Control CS6 CoS 6 CoS 4 (Priority) VoIP EF CoS 5 Broadcast Video CS5 CoS 7 Control Plane Queue Multimedia Conferencing AF4 CoS 6 (10% BWR) CoS 4 Realtime Interactive CS4 CoS 3 Q2T2—80% Multimedia Streaming AF3 CoS 3 Transactional Data Queue Signaling CS3 CoS 2 (45% BWR + COS-WRED)

Transactional Data AF2 Q2T1—70% CoS 2 All noted thresholds are Network Management CS2 Min WRED thresholds Q2T2—80% Bulk Data AF1 CoS 0 CoS 1 All max WRED thresholds Default Queue Scavenger CS1 Are set to 100% (45% BWR + COS WRED) Best Effort DF CoS 0 CoS 1 Q2T1—70%

BRKCRS-2501 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 217 Catalyst 6500-E/6807-XL —1P3Q4T Egress Model class-map type lan-queuing match-all APIC_EM-REALTIME-1P3Q4T-QUEUE match cos 4 5 class-map type lan-queuing match-all APIC_EM-CONTROL-1P3Q4T-QUEUE match cos 6 7 class-map type lan-queuing match-all APIC_EM-TRANS_DATA-1P3Q4T-QUEUE match cos 2 3

BRKCRS-2501 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 218 Catalyst 6500-E/6807-XL —1P3Q4T Egress Model policy-map type lan-queuing APIC_EM-QUEUING-1P3Q4T-OUT class APIC_EM-REALTIME-1P3Q4T-QUEUE priority class APIC_EM-CONTROL-1P3Q4T-QUEUE bandwidth remaining percent 5 class APIC_EM-TRANS_DATA-1P3Q4T-QUEUE bandwidth remaining percent 45 random-detect cos-based random-detect cos 3 percent 80 100 random-detect cos 2 percent 70 100 class class-default random-detect cos-based random-detect cos 0 percent 80 100 random-detect cos 1 percent 70 100 interface GigabitEthernet1/3/1 service-policy type lan-queuing output APIC_EM-QUEUING-1P3Q4T-OUT interface TenGigabitEthernet1/3/4 service-policy type lan-queuing output APIC_EM-QUEUING-1P3Q4T-OUT

• WS-X6716-10G-3C, WS-X6716-10G-3CXL, WS-X6716-10T-3C, WS- X6716-10T-3CXL with a DFC4 or DFC4XL upgrade (WS-F6k-DFC4-E, WS-F6k-DFC4-EXL) in performance or oversubscription mode

• WS-X6816-10T-2T, WS-X6816-10T-2TXL, WS-X6816-10G-2T, WS- X6816-10G-2TXL in performance or oversubscription mode

• WS-X6908-10G-2T and WS-X6908-10G-2TXL

BRKCRS-2501 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 221 Cisco Catalyst 6500-E/6807-XL with Sup2T 1P7Q4T Egress Queuing Models—DSCP-to-Queue Mapping 1P7Q4T Application-Class DSCP EF Network Control (CS7) Realtime Queue CS5 (Priority) Internetwork Control CS6 CS4

VoIP EF CS7 CS6 Control Plane Queue Broadcast Video CS5 CS3 (10% BWR) CS2 Multimedia Conferencing AF4

Realtime Interactive CS4 AF4 Multimedia-Conferencing Queue Multimedia Streaming AF3 (20% BWR + DSCP-WRED) AF3Multimedia-Streaming Queue (15% Signaling CS3 BWR + DSCP-WRED)

Transactional Data AF2 AF2 Transactional Data Queue (15% BWR + DSCP-WRED) Network Management CS2 AF1 Bulk Data Queue Bulk Data AF1 (9% BWR + DSCP-WRED) Scavenger CS1 CS1 Scavenger Queue (1% BW)

Best Effort DF Default Queue DF (30% BWR + DSCP-WRED)

1P7Q4T Egress Queuing Models— 1P7Q4T DSCP-to-Queue with DSCP-WRED EF Realtime Queue CS5 All noted thresholds are Application-Class DSCP (Priority) CS4 Min WRED thresholds Network Control (CS7) CS7 All max WRED thresholds Internetwork Control CS6 CS6 Control Queue Are set to 100% CS3 (10% BWR) VoIP EF CS2

Q6T3—80% Broadcast Video CS5 AF41 Multimedia-Conferencing Queue AF42 Q6T2—70% (20% BWR + DSCP-WRED) Multimedia Conferencing AF4 AF43 Q6T1—60% Realtime Interactive CS4 AF31 Q5T3—80% AF32 Q5T2—70% Multimedia-Streaming Queue (15% Multimedia Streaming AF3 BWR + DSCP-WRED) AF33 Q5T1—60% Signaling CS3 AF21 Q4T3—80% Transactional Data AF2 AF22 Q4T2—70% Transactional Data Queue AF23 Q4T1—60% Network Management CS2 (15% BWR + DSCP-WRED) AF11 Q3T3—80% Bulk Data AF1 AF12 Q3T2—70% AF13 Q3T1—60% Bulk Data Queue Scavenger CS1 (9% BWR + DSCP-WRED) CS1 Scavenger Queue (1% BWR) Best Effort DF DF Default Queue (30% BWR + DSCP-WRED)

BRKCRS-2501 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 223 Catalyst 6500-E/6807-XL —1P7Q4T Egress Model class-map type lan-queuing match-all APIC_EM-REALTIME-1P7Q4T-QUEUE match dscp cs4 cs5 ef class-map type lan-queuing match-all APIC_EM-CONTROL-1P7Q4T-QUEUE match dscp cs2 cs3 cs6 cs7 class-map type lan-queuing match-all APIC_EM-MM_CONF-1P7Q4T-QUEUE match dscp af41 af42 af43 class-map type lan-queuing match-all APIC_EM-MM_STREAM-1P7Q4T-QUEUE match dscp af31 af32 af33 class-map type lan-queuing match-all APIC_EM_TRANS_DATA-1P7Q4T-QUEUE match dscp af21 af22 af23 class-map type lan-queuing match-all APIC_EM_BULK_DATA-1P7Q4T-QUEUE match dscp af11 af12 af13 class-map type lan-queuing match-all APIC_EM_SCAVENGER-1P7Q4T-QUEUE match dscp cs1

BRKCRS-2501 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 224 Cisco Catalyst 6500-E/6807-XL —1P7Q4T Egress Model policy-map type lan-queuing APIC_EM-QUEUING-1P7Q4T-OUT class APIC_EM-REALTIME-1P7Q4T-QUEUE priority class APIC_EM-CONTROL-1P7Q4T-QUEUE bandwidth remaining percent 10 class APIC_EM-MM_CONF-1P7Q4T-QUEUE bandwidth remaining percent 20 random-detect dscp-based random-detect dscp af41 percent 80 100 random-detect dscp af42 percent 70 100 random-detect dscp af42 percent 60 100 class APIC_EM-MM_STREAM-1P7Q4T-QUEUE bandwidth remaining percent 15 random-detect dscp-based random-detect dscp af31 percent 80 100 random-detect dscp af32 percent 70 100 random-detect dscp af33 percent 60 100

BRKCRS-2501 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 225 Cisco Catalyst 6500-E/6807-XL —1P7Q4T Egress Model [continued] class APIC_EM_TRANS_DATA-1P7Q4T-QUEUE bandwidth remaining percent 15 random-detect dscp-based random-detect dscp af21 percent 80 100 random-detect dscp af22 percent 70 100 random-detect dscp af23 percent 60 100 class APIC_EM_BULK_DATA-1P7Q4T-QUEUE bandwidth remaining percent 9 random-detect dscp-based random-detect dscp af11 percent 80 100 random-detect dscp af12 percent 70 100 random-detect dscp af13 percent 60 100 class APIC_EM_SCAVENGER-1P7Q4T-QUEUE bandwidth remaining percent 1 class class-default random-detect dscp-based random-detect dscp default percent 80 100

interface TenGigabitEthernet1/3/4 service-policy type lan-queuing output APIC_EM-QUEUING-1P7Q4T-OUT

• WS-X6704-10GE with CFC

• WS-X6704-10GE with a DFC4 or DFC4XL upgrade (WS-F6k-DFC4-A, WS-F6k-DFC4-AXL)

Application-Class DSCP CoS 1P7Q8T Network Control (CS7) CoS 7 Q8-VoIP-Broadcast Queue Internetwork Control CS6 CoS 6 CoS 5 (Priority)

VoIP EF CoS 7 Q7 - Network Control Queue CoS 5 (5% BWR) Broadcast Video CS5 Q6 - Internetwork Control Queue Multimedia Conferencing AF4 (5% BWR) CoS 4 CoS 6 Realtime Interactive CS4 Q5 - Multimedia-Realtime Queue Multimedia Streaming AF3 CoS 4 (20% BWR) CoS 3 Signaling CS3 Q4 - Streaming-Signaling Queue CoS 3 (20% BWR) Transactional Data AF2 CoS 2 Q3-Transactional-Management Queue Network Management CS2 CoS 2 (10% BWR)

Bulk Data AF1 Q2 - Bulk-Scavenger Queue CoS 1 CoS 1 (10% BWR) Scavenger CS1 Default Queue Best Effort DF CoS 0 CoS 0 (30% BWR)

BRKCRS-2501 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 229 Catalyst 6500-E/6807-XL —1P7Q8T Egress Model class-map type lan-queuing match-all APIC_EM-Q8-1P7Q8T-QUEUE match cos 7 class-map type lan-queuing match-all APIC_EM-Q7-1P7Q8T-QUEUE match cos 6 class-map type lan-queuing match-all APIC_EM-Q6-1P7Q8T-QUEUE match cos 5 class-map type lan-queuing match-all APIC_EM-Q5-1P7Q8T-QUEUE match cos 4 class-map type lan-queuing match-all APIC_EM-Q4-1P7Q8T-QUEUE match cos 3 class-map type lan-queuing match-all APIC_EM-Q3-1P7Q8T-QUEUE match cos 2 class-map type lan-queuing match-all APIC_EM-Q2-1P7Q8T-QUEUE match cos 1

BRKCRS-2501 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 230 Catalyst 6500-E/6807-XL —1P7Q8T Egress Model policy-map type lan-queuing APIC_EM-QUEUING-1P7Q8T-OUT class APIC_EM-Q8-1P7Q8T-QUEUE priority class APIC_EM-Q7-1P7Q8T-QUEUE bandwidth remaining percent 5 class APIC_EM-Q6-1P7Q8T-QUEUE bandwidth remaining percent 5 class APIC_EM-Q5-1P7Q8T-QUEUE bandwidth remaining percent 20 class APIC_EM-Q4-1P7Q8T-QUEUE bandwidth remaining percent 20 class APIC_EM-Q3-1P7Q8T-QUEUE bandwidth remaining percent 10 class APIC_EM-Q2-1P7Q8T-QUEUE bandwidth remaining percent 10 class class-default interface TenGigabitEthernet1/3/4 service-policy type lan-queuing output APIC_EM-QUEUING-1P7Q8T-OUT

Cisco Nexus 7000/7700 Campus Core Switches

Trust DSCP + Ingress Queuing + Egress Queuing

1. Configure System QoS (F-Series Modules) 2. Configure Ingress Queuing 3. Configure Egress Queuing 4. Configure CoS-Queue and Bandwidth Ratios for Fabric QoS (Nexus 7000 with M2 Modules) NX-OS trusts by default. Therefore no explicit policy is required for DSCP trust

Application DSCP CoS 4Q1T Network Control (CS7) CoS 7 CoS 7 8e-4q8q-in-q1 Internetwork Control CS6 CoS 6 CoS 6 Bandwidth 30% VoIP EF Queue-Limit 10% CoS 5 CoS 5 Broadcast Video CS5 Multimedia Conferencing AF4 8e-4q8q-in-q-default CoS 4 Realtime Interactive CS4 CoS 0 Bandwidth 25% Queue-Limit 30% Multimedia Streaming AF3 CoS 3 Signaling CS3 8e-4q8q-in-q3 Transactional Data AF2 CoS 4 CoS 2 CoS 3 Bandwidth 40% Network Management CS2 CoS 2 Queue-Limit 30% Bulk Data AF1 CoS 1 Scavenger CS1 8e-4q8q-in-q4 Best Effort DF DF CoS 1 Bandwidth 5% Queue-Limit 30%

Application DSCP 4Q1T Network Control (CS7) CS7 CS6 8e-4q8q-in-q1 Internetwork Control CS6 EF Bandwidth 30% VoIP EF CS5 Queue-Limit 10% CS4 Broadcast Video CS5 Multimedia Conferencing AF4 8e-4q8q-in-q-default Realtime Interactive CS4 DF Bandwidth 25% Queue-Limit 30% Multimedia Streaming AF3 Signaling CS3 AF4 8e-4q8q-in-q3 Transactional Data AF2 AF3 CS3 Bandwidth 40% Network Management CS2 AF2 Queue-Limit 30% Bulk Data AF1 CS2 Scavenger CS1 8e-4q8q-in-q4 AF1 Bandwidth 5% Best Effort DF CS1 Queue-Limit 30%

N7706-1(config)# system qos DC-7010-2(config-sys-qos)# service-policy type network-qos default-nq-8e-4q8q-policy Verification: N7706-1# show policy-map system

Type network-qos policy-maps ======policy-map type network-qos default-nq-8e-4q8q-policy template 8e-4q8q class type network-qos c-nq-8e-4q8q match cos 0-7 congestion-control tail-drop threshold burst-optimized mtu 1500 … Service-policy input: default-8e-4q8q-in-policy … Service-policy output: default-8e-4q8q-out-policy …

Undesired default DSCP- to-Ingress Queue class-map type queuing match-any 8e-4q8q-in-q1 mappings need to be match cos 5-7 explicitly removed no match dscp 40-63 match dscp 32, 40, 46, 48, 56 Similar to C3PL, NX-OS allows for class-map type queuing match-any 8e-4q8q-in-q3 multiple types of QoS policies: match cos 2-4 • type qos for classification, match dscp 16, 18, 20, 22 marking and policing match dscp 24, 26, 28, 30 • type queuing for ingress and match dscp 34, 36, 38 egress queuing class-map type queuing match-any 8e-4q8q-in-q4 match cos 1 match dscp 8, 10, 12, 14 NX-OS has (non-configurable) class-map type queuing match-any 8e-4q8q-in-q-default system-defined names for match cos 0 queuing class-maps

BRKCRS-2501 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 239 Cisco Nexus 7700 (F2E, F3, M3 Modules) Part 2 of 2: 4Q1T-Ingress Queuing Policy-Map policy-map type queuing CAMPUS-F3-4Q1T-INGRESS Used for Data Center Bridging class type queuing 8e-4q8q-in-q1 Exchange (DCBX) to advertise QoS capabilities to any DCB-peers bandwidth percent 30 queue-limit percent 10 class type queuing 8e-4q8q-in-q-default Q2 is the Default Queue bandwidth percent 25 queue-limit percent 30 class type queuing 8e-4q8q-in-q3 Allocates buffers to queues bandwidth percent 40 queue-limit percent 30 class type queuing 8e-4q8q-in-q4 bandwidth percent 5 queue-limit percent 30 interface Ethernet 1/1-24 service-policy type queuing input CAMPUS-F3-4Q1T-INGRESS

Application DSCP CoS 1P7Q1T

Network Control (CS7) CoS 7 CoS 7 CoS 6 8e-4q8q-out-q1 Internetwork Control CS6 CoS 6 CoS 5 PQ-Shaped to 30% VoIP EF CoS 4 CoS 5 CoS 3 8e-4q8q-out-q2 Broadcast Video CS5 BWR 55% CoS 2 Multimedia Conferencing AF4 CoS 4 CoS 1 8e-4q8q-out-q3 Realtime Interactive CS4 BWR 10%

Multimedia Streaming AF3 8e-4q8q-out-q4 CoS 3 BWR 1% Signaling CS3 8e-4q8q-out-q5 Transactional Data AF2 BWR 1% CoS 2 Network Management CS2 8e-4q8q-out-q6 BWR 1% Bulk Data AF1 CoS 1 8e-4q8q-out-q7 Scavenger CS1 BWR 1% 8e-4q8q-out-q-default Best Effort DF DF CoS 0 BWR 31%

class-map type queuing match-any 8e-4q8q-out-q1 no match cos 0-7 match cos 5-7 class-map type queuing match-any 8e-4q8q-out-q2 no match cos 0-7 match cos 2-4 class-map type queuing match-any 8e-4q8q-out-q3 no match cos 0-7 match cos 1

Note: Modifies the default CoS-to-Queue mappings

Part 2 of 2: 1P7Q1T Egress Queuing Policy-Map Note: Indicates the policy-map type queuing APIC_EM-1P7Q1T-OUT class type queuing 8e-4q8q-out-q1 Priority Queue priority level 1 shape average percent 30 class type queuing 8e-4q8q-out-q2 bandwidth remaining percent 55 class type queuing 8e-4q8q-out-q3 Note: Queue-Limits bandwidth remaining percent 10 are not supported class type queuing 8e-4q8q-out-q4 in egress direction bandwidth remaining percent 1 class type queuing 8e-4q8q-out-q5 bandwidth remaining percent 1 class type queuing 8e-4q8q-out-q6 bandwidth remaining percent 1 class type queuing 8e-4q8q-out-q7 bandwidth remaining percent 1 class type queuing 8e-4q8q-out-q-default bandwidth remaining percent 31 interface Ethernet 1/1-24 service-policy type queuing output CAMPUS-F3-1P3Q1T-EGRESS

https://cisco.app.box.com/v/QoS-AAGs

Application DSCP CoS 4Q1T Network Control (CS7) CoS 7 CoS 7 8e-4q4q-in-q1 Internetwork Control CS6 CoS 6 CoS 6 Bandwidth 30% VoIP EF Queue-Limit 10% CoS 5 CoS 5 Broadcast Video CS5 Multimedia Conferencing AF4 8e-4q4q-in-q-default CoS 4 Realtime Interactive CS4 CoS 0 Bandwidth 25% Queue-Limit 30% Multimedia Streaming AF3 CoS 3 Signaling CS3 8e-4q4q-in-q3 Transactional Data AF2 CoS 4 CoS 2 CoS 3 Bandwidth 40% Network Management CS2 CoS 2 Queue-Limit 30% Bulk Data AF1 CoS 1 Scavenger CS1 8e-4q4q-in-q4 Best Effort DF DF CoS 1 Bandwidth 5% Queue-Limit 30%

Application DSCP 4Q1T Network Control (CS7) CS7 CS6 8e-4q4q-in-q1 Internetwork Control CS6 EF Bandwidth 30% VoIP EF CS5 Queue-Limit 10% CS4 Broadcast Video CS5 Multimedia Conferencing AF4 8e-4q4q-in-q-default Realtime Interactive CS4 DF Bandwidth 25% Queue-Limit 30% Multimedia Streaming AF3 Signaling CS3 AF4 8e-4q4q-in-q3 Transactional Data AF2 AF3 CS3 Bandwidth 40% Network Management CS2 AF2 Queue-Limit 30% Bulk Data AF1 CS2 Scavenger CS1 8e-4q4q-in-q4 AF1 Bandwidth 5% Best Effort DF CS1 Queue-Limit 30%

DC-7010-2(config)# system qos DC-7010-2(config-sys-qos)# service-policy type network-qos default-nq-8e-4q4q-policy Verification: DC-7010-2# show policy-map system

Type network-qos policy-maps ======policy-map type network-qos default-nq-8e-4q4q-policy template 8e-4q4q class type network-qos c-nq-8e-4q4q match cos 0-7 congestion-control tail-drop mtu 1500 … Service-policy input: default-8e-4q4q-in-policy … Service-policy output: default-8e-4q4q-out-policy …

hardware qos dscp-to-queue ingress module-type all From NX-OS 6.2.2 on class-map type queuing match-any 4q1t-8e-4q4q-in-q1 no match dscp 0-63 no match cos 0-7 Recommended to remove all currently mapped marking (default or otherwise) values to class-map type queuing match-any 4q1t-8e-4q4q-in-q3 prevent errors during deployment from all no match dscp 0-63 classes except class-default (where removing no match cos 0-7 markings is not permitted) class-map type queuing match-any 4q1t-8e-4q4q-in-q4 no match dscp 0-63 no match cos 0-7

BRKCRS-2501 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 249 Nexus 7000 with F2, F2E, and F3 Series QoS Design Steps Step 2: Configure Ingress Queuing Class-Maps (2 of 2) class-map type queuing match-any 4q1t-8e-4q4q-in-q1 match cos 5-7 All non-standard DSCP match dscp 32, 40, 46, 48, 56 values have been implicitly ! mapped to the default- class-map type queuing match-any 4q1t-8e-4q4q-in-q3 queue in previous slide. match cos 2-4 match dscp 16, 18, 20, 22, 24, 26, 28, 30, 34, 36, 38 ! class-map type queuing match-any 4q1t-8e-4q4q-in-q4 match cos 1 match dscp 8, 10, 12, 14

BRKCRS-2501 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 250 Nexus 7000 with F2, F2E, and F3 Series QoS Design Steps Step 3: Create and Apply the Ingress Queuing Policy-Map policy-map type queuing APIC_EM-8e-4q4q-in class type queuing 4q1t-8e-4q4q-in-q1 queue-limit percent 10 New policy may bandwidth percent 30 be created class type queuing 4q1t-8e-4q4q-in-q-default queue-limit percent 30 bandwidth percent 25 class type queuing 4q1t-8e-4q4q-in-q3 Queuing policy is queue-limit percent 30 applied to bandwidth percent 40 physical interfaces class type queuing 4q1t-8e-4q4q-in-q4 queue-limit percent 30 bandwidth percent 5 For interfaces which are part interface Ethernet x/x-x of a EtherChannel, the service-policy type queuing input APIC_EM-8e-4q4q-in ingress queuing policy is applied to the logical port- interface Port-Channel xxx channel interface. service-policy type queuing input APIC_EM-8e-4q4q-in

Application DSCP CoS 1P3Q1T

Network Control (CS7) CoS 7 CoS 7 8e-4q4q-out-pq1 Internetwork Control CS6 CoS 6 CoS 6 Priority Level 1 CoS 5 Shape Average 30% VoIP EF CoS 5 Broadcast Video CS5 CoS 4 Multimedia Conferencing AF4 CoS 4 CoS 3 8e-4q4q-out-q2 Realtime Interactive CS4 Bandwidth Remaining 55% Multimedia Streaming AF3 CoS 2 CoS 3 Signaling CS3

Transactional Data AF2 CoS 1 8e-4q4q-out-q3 CoS 2 Bandwidth Remaining 10% Network Management CS2

Bulk Data AF1 CoS 1 4q4q-out-q-default CoS 0 Scavenger CS1 Bandwidth Remaining 35% Best Effort DF DF

BRKCRS-2501 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 252 Nexus 7000 with F2, F2E, and F3 Series QoS Design Steps Step 4: Configure Egress Queuing Class-Maps class-map type queuing match-any 1p3q1t-8e-4q4q-out-pq1 Reset all CoS no match cos 0-7 values to the class-map type queuing match-any 1p3q1t-8e-4q4q-out-q2 default queue no match cos 0-7 class-map type queuing match-any 1p3q1t-8e-4q4q-out-q3 no match cos 0-7 ! CoS 0 is implicitly class-map type queuing match-any 1p3q1t-8e-4q4q-out-pq1 mapped to the default match cos 5-7 queue based on the class-map type queuing match-any 1p3q1t-8e-4q4q-out-q2 above configuration match cos 2-4 class-map type queuing match-any 1p3q1t-8e-4q4q-out-q3 match cos 1

BRKCRS-2501 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 253 Nexus 7000 with F2, F2E, and F3 Series QoS Design Steps Step 5: Create and Apply the Egress Queuing Policy-Map policy-map type queuing APIC_EM-8e-4q4q-out class type queuing 1p3q1t-8e-4q4q-out-pq1 priority level 1 New policy may shape average percent 30 be created class type queuing 1p3q1t-8e-4q4q-out-q3 bandwidth remaining percent 10 class type queuing 1p3q1t-8e-4q4q-out-q2 bandwidth remaining percent 55 Queuing policy is class type queuing 1p3q1t-8e-4q4q-out-q-default applied to bandwidth remaining percent 35 physical interfaces interface Ethernet 1/1-24 For interfaces which are part service-policy type queuing output APIC_EM-8e-4q4q-out of a EtherChannel, the ingress queuing policy is interface Port-Channel xxx applied to the logical port- service-policy type queuing input APIC_EM-8e-4q4q-out channel interface.

Application DSCP CoS 8Q2T Network Control (CS7) CoS 7 CoS 7 8q2t-in-q1 CoS 6 Internetwork Control CS6 CoS 6 BW 30% / QL 10% CoS 5 VoIP EF CoS 4 CoS 5 8q2t-in-q2 CoS 3 Broadcast Video CS5 BW 40% / QL 30% CoS 2 Multimedia Conferencing AF4 8q2t-in-q3 CoS 4 CoS 1 Realtime Interactive CS4 BW 5% / QL 30% 8q2t-in-q4 Multimedia Streaming AF3 CoS 3 BW 1% / QL 1% These Signaling CS3 8q2t-in-q5 queues are Transactional Data AF2 BW 1% / QL1% unused CoS 2 due to only Network Management CS2 8q2t-in-q6 BW 1% / QL1% 4 queues Bulk Data AF1 CoS 1 8q2t-in-q7 in fabric Scavenger CS1 BW 1% / QL 1% QoS 8q2t-in-q-default Best Effort DF DF CoS 0 BW 21% / QL 26%

BRKCRS-2501 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 256 Cisco Nexus 7000 (M2 Module) Ingress Queuing Model (8Q2T) – DSCP-to-Queue Mapping 8Q2T Application DSCP CS7 Network Control (CS7) CS6 8q2t-in-q1 EF Internetwork Control CS6 CS5 BW 30% / QL 10% CS4 VoIP EF AF4 AF3 Broadcast Video CS5 CS3 8q2t-in-q2 AF2 BW 40% / QL 30% + DSCP-WRED Multimedia Conferencing AF4 CS2 Realtime Interactive CS4 AF1 8q2t-in-q3 CS1 BW 5% / QL 30% + DSCP-WRED Multimedia Streaming AF3 8q2t-in-q4 Signaling CS3 BW 1% / QL 1% These queues are Transactional Data AF2 8q2t-in-q5 BW 1% / QL1% unused Network Management CS2 8q2t-in-q6 due to only Bulk Data AF1 BW 1% / QL1% 4 queues Scavenger CS1 8q2t-in-q7 in fabric BW 1% / QL 1% QoS Best Effort DF 8q2t-in-q-default DF BW 21% / QL 26% + DSCP-WRED

Enables DSCP-to-Queue Mapping (ingress only) class-map type queuing match-any 8q2t-in-q1 no match dscp 0-63 hardware qos dscp-to-queue ingress module-type all no match cos 0-7 class-map type queuing match-any 8q2t-in-q2 no match dscp 0-63 no match cos 0-7 From NX-OS 6.2.2 on class-map type queuing match-any 8q2t-in-q3 no match dscp 0-63 no match cos 0-7 Class-maps will have class-map type queuing match-any 8q2t-in-q4 default/non-default CoS and/or DSCP values to them. These can no match dscp 0-63 no match cos 0-7 be reset with “no match” class-map type queuing match-any 8q2t-in-q5 commands. This results in all CoS and DSCP values mapped no match dscp 0-63 no match cos 0-7 to the default queue class-map type queuing match-any 8q2t-in-q6 no match dscp 0-63 no match cos 0-7 NX-OS provides system-defined class-map type queuing match-any 8q2t-in-q7 class-map names (which cannot no match dscp 0-63 be renamed) no match cos 0-7

class-map type queuing match-any 8q2t-in-q1 match cos 5-7 match dscp 32, 40, 46, 48, 56

class-map type queuing match-any 8q2t-in-q2 match cos 2-4 match dscp 16, 18, 20, 22, 24 match dscp 26, 28, 30, 34, 36, 38

class-map type queuing match-any 8q2t-in-q3 match cos 1 match dscp 8, 10, 12, 14

policy-map type queuing APIC_EM-QUEUING-8Q2T-IN class type queuing 8q2t-in-q1 bandwidth percent 30 DSCP-based WRED queue-limit percent 10 not enabled for Q1 class type queuing 8q2t-in-q2 bandwidth percent 40 queue-limit percent 30 random-detect dscp-based AF4x random-detect dscp 34,36,38 minimum-threshold percent 80 maximum-threshold percent 100 AF3x random-detect dscp 26,28,30 minimum-threshold percent 80 maximum-threshold percent 100 AF2x random-detect dscp 18,20,22 minimum-threshold percent 80 maximum-threshold percent 100 …

AF4x, AF3x, and AF2x traffic set for WRED min threshold of 80% and max threshold of 100% CS3 and CS2 traffic implicitly set for WRED min and max threshold of 100%

[continued] class type queuing 8q2t-in-q3 bandwidth percent 5 queue-limit percent 30 random-detect dscp-based AF1x random-detect dscp 10,12,14 minimum-threshold percent 80 maximum-threshold percent 100 CS1 random-detect dscp 8 minimum-threshold percent 80 maximum-threshold percent 100 class type queuing 8q2t-in-q4 bandwidth percent 1 queue-limit percent 1 class type queuing 8q2t-in-q5 bandwidth percent 1 queue-limit percent 1 class type queuing 8q2t-in-q6 bandwidth percent 1 queue-limit percent 1 … AF1x and CS1 traffic set for WRED min threshold of 80% and max threshold of 100%

[continued] class type queuing 8q2t-in-q7 Default traffic set for WRED min bandwidth percent 1 threshold of 80% and max threshold of queue-limit percent 1 100% class type queuing 8q2t-in-q-default All non-standard DSCP values implicitly bandwidth percent 21 set to min and max thresholds of 100%. queue-limit percent 26 random-detect dscp-based Default random-detect dscp 0 minimum-threshold percent 80 maximum-threshold percent 100

Queuing policy is interface Ethernet x/x-x applied to service-policy type queuing input APIC_EM-QUEUING-8Q2T-IN physical interfaces

interface Port-Channel xxx For interfaces which are part service-policy type queuing input APIC_EM-QUEUING-8Q2T-IN of a EtherChannel, the ingress queuing policy is applied to the logical port- channel interface.

Application DSCP CoS 1P7Q1T

BRKCRS-2501 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 263 Nexus 7000 (M2)—Egress Queuing Design Part 1 of 4: 1P7Q4T-Egress Queuing Class-Maps (CoS-to-Queue) class-map type queuing match-any 1p7q4t-out-pq1 no match cos 0-7 class-map type queuing match-any 1p7q4t-out-q2 All CoS values implicitly no match cos 0-7 mapped to the default- class-map type queuing match-any 1p7q4t-out-q3 queue. no match cos 0-7 class-map type queuing match-any 1p7q4t-out-q4 no match cos 0-7 class-map type queuing match-any 1p7q4t-out-q5 no match cos 0-7 class-map type queuing match-any 1p7q4t-out-q6 no match cos 0-7 class-map type queuing match-any 1p7q4t-out-q7 no match cos 0-7

BRKCRS-2501 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 264 Nexus 7000 (M2)—Egress Queuing Design Part 2 of 4: 1P7Q4T-Egress Queuing Class-Maps (CoS-to-Queue) class-map type queuing match-any 1p7q4t-out-pq1 match cos 5-7 class-map type queuing match-any 1p7q4t-out-q2 CoS 0 implicitly mapped match cos 2-4 to the default-queue class-map type queuing match-any 1p7q4t-out-q3 still. match cos 1

BRKCRS-2501 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 265 Nexus 7000 (M2)—Egress Queuing Design Part 3 of 4: 1P7Q4T-Egress Queuing Policy-Map with CoS-Based WRED policy-map type queuing APIC_EM-QUEUING-1P7Q4T-OUT class type queuing 1p7q4t-out-pq1 priority shape average percent 30 queue-limit percent 10 class type queuing 1p7q4t-out-q2 bandwidth remaining percent 55 queue-limit percent 30 random-detect cos-based random-detect cos 4 minimum-threshold percent 80 maximum-threshold percent 100 random-detect cos 3 minimum-threshold percent 80 maximum-threshold percent 100 random-detect cos 2 minimum-threshold percent 80 maximum-threshold percent 100 class type queuing 1p7q4t-out-q3 bandwidth remaining percent 10 queue-limit percent 30 random-detect cos-based random-detect cos 1 minimum-threshold percent 80 maximum-threshold percent 100 …

BRKCRS-2501 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 266 Nexus 7000 (M2)—Egress Queuing Design Part 4 of 4: 1P7Q4T-Egress Queuing Policy-Map with CoS-Based WRED class(cont type) queuing 1p7q4t-out-q4 bandwidth remaining percent 1 queue-limit percent 1 class type queuing 1p7q4t-out-q5 bandwidth remaining percent 1 queue-limit percent 1 class type queuing 1p7q4t-out-q6 bandwidth remaining percent 1 queue-limit percent 1 class type queuing 1p7q4t-out-q7 bandwidth remaining percent 1 queue-limit percent 1 class type queuing 1p7q4t-out-q-default Queuing policy is applied to bandwidth remaining percent 31 physical interfaces queue-limit percent 26 random-detect cos-based random-detect cos 0 minimum-threshold percent 80 maximum-threshold percent 100 interface Ethernet x/x-x For interfaces which are part service-policy type queuing output APIC_EM-QUEUING-1P7Q4T-OUT of a EtherChannel, the egress queuing policy is applied to interface Port-Channel xxx the logical port-channel service-policy type queuing output APIC_EM-QUEUING-1P7Q4T-OUT interface

qos copy policy-map type queuing system-in-policy prefix APIC_EM- qos copy policy-map type queuing system-out-policy prefix APIC_EM-

class-map type queuing system-pq1 match cos 5, 6, 7 class-map type queuing system-q2 match cos 2, 3, 4 class-map type queuing system-q3 match cos 1 class-map type queuing system-q-default match cos 0

policy-map type queuing APIC_EM-system-in-policy class type queuing system-pq1 class type queuing system-q2 class type queuing system-q3 class type queuing system-q-default queue-limit default

policy-map type queuing APIC_EM-system-out-policy Note that order is class type queuing system-pq1 important, since bandwidth priority level 1 remaining cannot exceed class type queuing system-q3 100%, and there are bandwidth remaining percent 10 system-defined default class type queuing system-q-default values already in place. bandwidth remaining percent 35 class type queuing system-q2 bandwidth remaining percent 55

BRKCRS-2501 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 271 Configure CoS-Queue and Bandwidth Ratios for Fabric QoS Step1: Configuring the New User-defined Policies on the Fabric

system fabric service-policy type queuing input APIC_EM-system-in-policy service-policy type queuing output APIC_EM-system-out-policy

BRKCRS-2501 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 272 Appendix C: Per-Port Per-VLAN QoS Campus QoS Design Considerations Per-Port/Per-VLAN QoS VLAN Interfaces Data Vlan10 Voice Vlan110 Data VLAN policy map is applied to the Data VLAN (only) on a given trunked switch port Trunked Physical Ports

Voice VLAN policy map is applied to the Voice VLAN (only) on a given trunked switch port

class-map VVLAN match vlan 110 IndividualIndividual (trunked)(trunked) VLANsVLANs areare class-map DVLAN matchedmatched byby thethe matchmatch vlanvlancommandcommand match vlan 10 policy-map VLAN-POLICERS class VVLAN PolicersPolicersare police 192000 conform-action transmit exceed-action drop appliedare applied on a class DVLAN Peron -aVLAN per- police 50000000 conform-action transmit exceed-action drop basisVLAN basis interface GigabitEthernet 1/0/1 Per-VLAN policers are then applied on a Per-Port service-policy input VLAN-POLICERS basis

BRKCRS-2501 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 275 Catalyst 4500 Per-Port/Per-VLAN QoS Policy Example interface range GigabitEthernet 2/1-48 qos trust device cisco-phone vlan 10 Per-Port/Per-VLAN policies can be applied service-policy input DVLAN-POLICERS to a specific VLAN on a trunked interface via vlan 110 anvia interfacean interface-VLAN-VLAN configuration configuration mode mode service-policy input VVLAN-POLICERS