- CheatSheet
- (Voip, mikrotik, qos) Парни активно используют QoS для решений клиентов на базе VoIP Asterisk, первоначально ставили cisco (было много б/у), потом переехали на Mikrotik и рады – более 200 инсталляций для soho/medium бизнеса; по рекомендации Cisco (да и из логики) для голоса лучше всего подходит Low Latency Queue (LLQ) (Linkmeup)
- Контроль исходящей полосы (какой трафик отправит первым после обработки) – это то, что в основном решают механизмы QoS, но при этом есть и механизмы, которые реализуют некоторый контроль входящей полосы (контроль объема входящего трафика) – flow control/pause frame и внесение потерь в низкоприоритетный трафик в расчете что отправитель уменьшит рейт трафика за счет уменьшения TCP окна/congestion логики UDP приложения (bandwidth/policer, WRED, etc).
- Bufferbloat – проблемы с задержкой/джиттер из-за буфферизаций в сети
- Congestion management/avoidance возможно реализовать в Linux, см. например qdisc tc-sfb
- Когда SD-WAN еще не был моден – многие его реализовывали
- ViPNet координаторы умели (умеют?) отсылать SYN-ACK на SYN от себя, ускоряя 3whs для спутниковых каналов
- Запускал пару проектов с узлами во всех федеральных округах. Каналы надо было по 3-5 Мбит/с. Разбирательства с качеством там такая песня была. И это не какой-то один провайдер — за несколько месяцев пилотных тестов перепробовали всех, что смогли, ± у всех одинаково. В проекте ставили оборудование спец., которое требовало каналы с % потерь не более 0.5. Итог: арендовали полосу в 2.5 раза больше, на оборудовании включили режим дублирования (каждый пакет передается в 2-х экземплярах).
-
Сохранение маркировки на шифрованных пакетах – устоявшийся принцип работы большинства туннелей.
при инкапсуляции трафика в GRE/IPSec используют уже устоявшейся в индустрии механизм переноса внутренней DSCP маркировки во внешний GRE/IPSEC заголовок пакета, что позволяет синхронизировать политики QoS организации и оператора связи (при наличии соответствующего SLA).
База от fortinet
- Хорошая базовая статья про зачем нужен QoS и какие есть механизмы от fortinet
Негативные факторы/метрики
Packet Loss
Packet loss is one of the most common factors affecting application traffic. For example, even though voice CODECs can accept some packet loss without dramatically degrading speech quality, the loss of many consecutive packets dramatically affects the end result even if the total loss percentage is low.
Effect of Delay on Traffic
It is well known that network delay leads to two-way traffic difficulties. For example, Alice and Bob enact a VoIP call using an IP network with a high round-trip delay (for example, 500 ms). If Alice interrupts Bob, he will continue to speak until the interruption is perceived. It takes a moment to sort out the conversation. To meet quality requirements the one-way delay must be kept below 150 ms. VoIP calls are just one example of the importance of limiting delay in time-sensitive applications.
Jitter
Jitter is the measurement of receiver delay. Many devices implement a jitter buffer that accounts for the jitter effect. A jitter buffer minimizes delay variations by temporarily storing packets and discarding packets that arrive too late. If a jitter buffer is too small, then an excessive number of packets may be discarded, which can lead to degradation of service. The most common causes of jitter are network congestion and router/switch queuing methods.
There are several techniques that businesses can use to guarantee the high performance of their most critical applications. These include:
- Prioritization of delay-sensitive VoIP traffic via routers and switches: Many enterprise networks can become overly congested, which sees routers and switches start dropping packets as they come in and out faster than they can be processed. As a result, streaming applications suffer. Prioritization enables traffic to be classified and receive different priorities depending on its type and destination. This is particularly useful in a situation of high congestion, as packets with higher priority can be sent ahead of other traffic.
- Resource reservation: The Resource Reservation Protocol (RSVP) is a transport layer protocol that reserves resources across a network and can be used to deliver specific levels of QoS for application data streams. Resource reservation enables businesses to divide network resources by traffic of different types and origins, define limits, and guarantee bandwidth.
- Queuing: Queuing is the process of creating policies that provide preferential treatment to certain data streams over others. Queues are high-performance memory buffers in routers and switches, in which packets passing through are held in dedicated memory areas. When a packet is assigned higher priority, it is moved to a dedicated queue that pushes data at a faster rate, which reduces the chances of it being dropped. For example, businesses can assign a policy to give voice traffic priority over the majority of network bandwidth. The routing or switching device will then move this traffic’s packets and frames to the front of the queue and immediately transmit them.
- Traffic marking: When applications that require priority over other bandwidth on a network have been identified, the traffic needs to be marked. This is possible through processes like Class of Service (CoS), which marks a data stream in the Layer 2 frame header, and Differentiated Services Code Point (DSCP), which marks a data stream in the Layer 3 packet header.
l2 qos (cos)
L2QoS provides best-effort quality of service (QoS) or class of service (CoS) at layer 2 without requiring reservation setup. User priority as defined by the 802.1p specification (also called class of service) is used to prioritize network traffic at the data link/MAC sub-layer.
The 802.1p field is a three bits field in the 802.1Q header of an Ethernet tagged frame. It defines eight different classes of service using a priority value between 0 and 7 (inclusive). It identifies the class of the incoming traffic and transmits it based on class when the switch or network is congested. Figure shows the format of a VLAN header.
Network administrators can setup the queues to match various business requirements and priority levels. The IEEE recommendation for QoS classifications is shown in Table.
L2QoS is typically implemented in access and metro Ethernet networks where packets are switched instead of routed. It enables bridges/switches to reduce processing time by inspecting layer 2 headers for QoS information, without looking at layer 3 content.
Most of the routing/switching vendors implement a complex queuing and scheduling mechanism to process packets with different priorities. Different VLAN priorities are mapped to different queues.
l3 qos
- L3 QoS allows network administrators to configure QoS from source to destination endpoints. Traffic path devices must adhere to the same configured QoS policy.
- Predictable networkperformance results from classifying packets as close to their source as possible, and enforcing the classification along the entire network path.
- There are multiple layer 3 QoS mechanisms to satisfy network needs. However, IntServ and DiffServ are the most common methods of implementing layer 3 QoS.
- IntServ is a rich and granular QoS solution by using RSVP for end-to-end signaling, state maintenance, and admission control. IntServ requires that network elements keep track of each individual traffic flow on the network. This requires that core network routers and switches maintain a soft state by setting aside resources.
- Diffserv, while coarser, offers a simpler QoS method by categorizing traffic into different classes and then providing each class a different QoS service. This method sidesteps the issues of cost, complexity, and scalability associated with Intserv. Diffserv uses the type of service (TOS) byte in IP (both IPv4 and IPv6) headers. There are two Diffserv implementations developed by vendors in the field:
TOS/IP Precedence
The TOS byte in the IP header is sub-divided into three different fields. Bits 0-2 give the packet one of the eight possible IP precedence values. Higher precedence packets are dropped less than those with lower precedence. In addition, the TOS field provides different delay, throughput, and reliability to the packet.
The TOS/IP precedence method not only defines the relative priority of a packet, but also assigns a no-drop precedence to packets belonging to the same class. For example, FTP and Telnet traffic may belong to the same precedence class. During network congestion, however, a network operator might assign higher drop probability to FTP traffic. Three bits in the header for precedence only allows eight possible priority classes.
Differentiated Services
Differentiated services have two main components: packet marking and per-hop behavior (PHB).
Packet Marking: The TOS byte in the IP header has been completely redefined. The first 6 bits are set aside for differentiated services code point (DSCP) values. DSCP values are used to support up to 64 different aggregates/classes of traffic. All packets sharing the same DSCP value and direction are called a behavior aggregate (BA).
Per Hop Behavior (PHB): PHB is the packet scheduling, queuing, policing, and shaping performed by a network node on packets belonging to any particular BA. The network operator can configure different policies for different BAs. Per-Hop Behavior – определяет, что QoS работает по модели diff-service и каждый хоп на основе своих политик определяет приоритет пакета в очереди.
The following PHBs are widely used to implement a Diffserv-enabled network:
Default PHB – the PHB defined for packets marked with DSCP value of 000000. Packets marked with this DSCP value get the best effort service. BE (Best Effort) – лучшее усилие. Низкоприоритетная передача.
Class-Selector PHB – the PHB used to ensure compatibility with TOS/IP precedence and is associated with packets marked with DSCP values of the form “xxx000,” where xxx correspond to IP-Precedence values.
Expedited Forwarding PHB – the PHB for applications with low-loss, low-latency, low-jitter, and guaranteed bandwidth service, such as VoIP and IPTV. EF (Expedited Forwarding) – ускоренная передача. Рекомендован для высокоприоритетного трафика, например, для передачи пакетов голосового сервиса LTE – VoLTE.
Assured Forwarding PHB – the PHB that defines which BAs can be assigned priority as well as drop precedence values. This allows for more granular QoS control of packets that share the same class but have different drop precedence (low, medium, and high).
примеры:
- AF1 (Assured Forwarding class 1) – гарантированная пересылка. Трафик нечувствительный к задержкам, но чувствительный к потерям.
- AF4 (Assured Forwarding class 4) – гарантированная пересылка. Трафик нечувствительный к задержкам, но чувствительный к потерям.
Очереди
Predictable network performance requires that different traffic types have different queue specifications. Latency-sensitive applications such as video and voice must have priority queuing, while general data applications only need some form of round-robin queuing.
простой пример – приоритетная очередь и две wrr очереди с разным bandwidth в зависимости от cos/802.1p значения.
Verify the DUT’s behavior by checking the traffic statistics again. Note:The DUT prioritizes the high priority TOS value of 7 while discarding the lower priority traffic in this oversubscription environment.
Разное
ping DSCP
Работает на Linux, нужно правильное по разрядности значение просто выставить
ping 8.8.8.8 -Q 96 ping 8.8.8.8 -Q 224 https://ttl255.com/build-dscp-tos-conversion-table-python
iperf dscp qos
Пример настройки QoS (маркировка трафика определенной подсети) на Cisco 3850.
Выставляем DSCP для подсети на определенном интерфейсе, весь остальной трафик метим нулевым.
csco(config)#access-list 1 permit 172.1.0.0 0.0.0.128 csco(config)#class-map match-all ef csco(config-cmap)#match access-group 1 csco(config)#policy-map ef csco(config-pmap)#class class-default csco(config-pmap-c)#set dscp default # можно так же set dscp 0 csco(config-pmap)#class ef csco(config-pmap-c)#set dscp ef csco(config)#interface tenGigabitEthernet 1/0/12 csco(config-if)#service-policy input/output ef
Пример разбивки bandwidth под разные классы приложений app на VSS линке
class map
class-map match-any VSL-MGMT-PACKETS match access-group name VSL-MGMT class-map match-any VSL-DATA-PACKETS match any class-map match-any VSL-L2-CONTROL-PACKETS match access-group name VSL-DOT1x match access-group name VSL-BPDU match access-group name VSL-CDP match access-group name VSL-LLDP match access-group name VSL-SSTP match access-group name VSL-GARP class-map match-any VSL-L3-CONTROL-PACKETS match access-group name VSL-IPV4-ROUTING match access-group name VSL-BFD match access-group name VSL-DHCP-CLIENT-TO-SERVER match access-group name VSL-DHCP-SERVER-TO-CLIENT match access-group name VSL-DHCP-SERVER-TO-SERVER match access-group name VSL-IPV6-ROUTING class-map match-any VSL-MULTIMEDIA-TRAFFIC match dscp af41 match dscp af42 match dscp af43 match dscp af31 match dscp af32 match dscp af33 match dscp af21 match dscp af22 match dscp af23 class-map match-any VSL-VOICE-VIDEO-TRAFFIC match dscp ef match dscp cs4 match dscp cs5 class-map match-any VSL-SIGNALING-NETWORK-MGMT match dscp cs2 match dscp cs3 match dscp cs6 match dscp cs7
policy map
Policy Map VSL-Queuing-Policy Class VSL-MGMT-PACKETS bandwidth percent 5 Class VSL-L2-CONTROL-PACKETS bandwidth percent 5 Class VSL-L3-CONTROL-PACKETS bandwidth percent 5 Class VSL-VOICE-VIDEO-TRAFFIC bandwidth percent 30 Class VSL-SIGNALING-NETWORK-MGMT bandwidth percent 10 Class VSL-MULTIMEDIA-TRAFFIC bandwidth percent 20 Class VSL-DATA-PACKETS bandwidth percent 20 Class class-default bandwidth percent 5
policy apply
interface TenGigabitEthernet1/1 service-policy output VSL-Queuing-Policy
RSVP
С точки зрения теории QoS RSVP использует IntServ модель, которая является противовесом diffserv модели.
Under IntServ, every router in the system implements IntServ, and every application that requires some kind of QoS guarantee has to make an individual reservation.
l2 qos – cos
Стандарт IEEE 802.1p нужен для
Нужен для указания приоритета кадра. Основан на использовании полей 802.1q
