0% found this document useful (0 votes)

193 views642 pages

BRKCRS-2501 Enterprise QoS Design

Uploaded by

Aaron Reyes Sanchez

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

193 views642 pages

BRKCRS-2501 Enterprise QoS Design

Uploaded by

Aaron Reyes Sanchez

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 642

Enterprise QoS Design

Tim Szigeti, Principal Engineer—Technical Marketing

BRKCRS-2501
Agenda
• Introduction to Strategic QoS Design
• WAN / IWAN QoS Design
• Campus QoS Design
• WLAN QoS Design
• Automating and Assuring QoS
• Summary and References
• Appendices

3
Introduction to Strategic
QoS Design

4
Cisco Enterprise QoS Design

154 pages

208 pages

328 pages

CH1-CH3:
320 pages

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 5
Cisco Enterprise QoS Design
• 1.0: Cisco’s first QoS Design Guide for Enterprise
was published in 2000 for VoIP (only!)
• 2.0: Multiple classes of data were added in 2002
• 3.0: Basic Video (conferencing and streaming) were
added in 2006
• 4.1: Extended video (TelePresence, Video
Surveillance, Digital Signage, etc.) and Medianet
were added in 2010
• 4.2: Wireless, Data-Centre, DMVPN and GETVPN
were added in 2014 1043 pages

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 5
The Why / How / What of Enterprise Networking
Cisco
Enterprise
Vision

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 6
The Why / How / What of Enterprise Networking
Cisco
Enterprise
Vision

Transform our customers’ businesses

through powerful yet simple networks.
BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 6
The Why / How / What of Enterprise Networking
Cisco
Enterprise
Vision

Why
Transform our customers’ businesses
through powerful yet simple networks.
BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 6
The Why / How / What of Enterprise Networking
Cisco
Enterprise
Vision

Why
Transform our customers’ businesses
through powerful yet simple networks.
How
BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 6
The Why / How / What of Enterprise Networking
Cisco
Enterprise
Vision

Why
Transform our customers’ businesses
through powerful yet simple networks.
How What
BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 6
What Do You Consider First?

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 7
What Do You Consider First?

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 7
Where to Begin?
Always, Always, Always Start with Defining Your Business Goals of QoS

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 8
Where to Begin?
Always, Always, Always Start with Defining Your Business Goals of QoS
• Guaranteeing voice quality meets enterprise standards
• Ensuring a high Quality of Experience for video applications
• Improving user productivity by minimising network response times
• Managing business applications that are “bandwidth hogs”
• Identifying and de-prioritising non-business applications
• Improving network availability by protecting the control planes
• Hardening the network infrastructure to deal with abnormal events

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 8
Determining Application Business Relevance
How Important is an Application to Your Business?

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 9
Determining Application Business Relevance
How Important is an Application to Your Business?

Relevant Default Irrelevant

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 9
Determining Application Business Relevance
How Important is an Application to Your Business?

Relevant Default Irrelevant

• These applications directly
support business objectives
• Applications should be
classified, marked and treated
marked according to industry
best-practice
recommendations

RFC 4594

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 9
Determining Application Business Relevance
How Important is an Application to Your Business?

Relevant Default Irrelevant

• These applications directly • These applications do not
support business objectives support business objectives
and are typically consumer-
• Applications should be
oriented
classified, marked and treated
marked according to industry • Applications of this type should be
best-practice treated with a “less-than Best
recommendations Effort” service

RFC 4594 RFC 3662

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 9
Determining Application Business Relevance
How Important is an Application to Your Business?

Relevant Default Irrelevant

• These applications directly • These applications may/may not • These applications do not
support business objectives support business objectives (e.g. support business objectives
HTTP/HTTPS/SSL) and are typically consumer-
• Applications should be
oriented
classified, marked and treated • Applications of this type should be
marked according to industry treated with a Default Forwarding • Applications of this type should be
best-practice service treated with a “less-than Best
recommendations Effort” service

RFC 4594 RFC 2474 RFC 3662

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 9
Determining Application Business Relevance
How Important is an Application to Your Business?
IMPORTANT

Relevant Default Irrelevant

RFC 4594 RFC 2474 RFC 3662

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 9
Determining Application Business Relevance
How Important is an Application to Your Business?
IMPORTANT UNIMPORTANT

Relevant Default Irrelevant

RFC 4594 RFC 2474 RFC 3662

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 9
Determining Application Business Relevance
How Important is an Application to Your Business?
IMPORTANT NEUTRAL UNIMPORTANT

Relevant Default Irrelevant

RFC 4594 RFC 2474 RFC 3662

Relevant Default Irrelevant

RFC 4594 RFC 2474 RFC 3662

Relevant Default Irrelevant

RFC 4594 RFC 2474 RFC 3662

Relevant Default Irrelevant

RFC 4594 RFC 2474 RFC 3662

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 9
Translating Business-Relevance to QoS Treatments
Apply RFC 4594-based Marking / Queuing / Dropping Treatments
Application Per-Hop Queuing & Application
Class Behaviour Dropping Examples

VoIP Telephony EF Priority Queue (PQ) Cisco IP Phones (G.711, G.729)

Broadcast Video CS5 (Optional) PQ Cisco IP Video Surveillance / Cisco Enterprise TV

Real-Time Interactive CS4 (Optional) PQ Cisco TelePresence

Multimedia Conferencing AF4 BW Queue + DSCP WRED Cisco Jabber, Cisco WebEx

Multimedia Streaming AF3 BW Queue + DSCP WRED Cisco Digital Media System (VoDs)

Network Control CS6 BW Queue EIGRP, OSPF, BGP, HSRP, IKE

Signalling CS3 BW Queue SCCP, SIP, H.323

Ops / Admin / Mgmt (OAM) CS2 BW Queue SNMP, SSH, Syslog

Transactional Data AF2 BW Queue + DSCP WRED ERP Apps, CRM Apps, Database Apps

Bulk Data AF1 BW Queue + DSCP WRED E-mail, FTP, Backup Apps, Content Distribution

Default Forwarding DF Default Queue + RED Default Class

Scavenger CS1 Min BW Queue (Deferential) YouTube, Netflix, iTunes, BitTorrent, Xbox Live

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 10
Translating Business-Relevance to QoS Treatments
Apply RFC 4594-based Marking / Queuing / Dropping Treatments
Application Per-Hop Queuing & Application
Class Behaviour Dropping Examples

VoIP Telephony EF Priority Queue (PQ) Cisco IP Phones (G.711, G.729)

Broadcast Video CS5 (Optional) PQ Cisco IP Video Surveillance / Cisco Enterprise TV

Real-Time Interactive CS4 (Optional) PQ Cisco TelePresence

Multimedia Conferencing AF4 BW Queue + DSCP WRED Cisco Jabber, Cisco WebEx

Multimedia Streaming AF3 BW Queue + DSCP WRED Cisco Digital Media System (VoDs)

Network Control CS6 BW Queue EIGRP, OSPF, BGP, HSRP, IKE

Signalling CS3 BW Queue SCCP, SIP, H.323

Ops / Admin / Mgmt (OAM) CS2 BW Queue SNMP, SSH, Syslog

Transactional Data AF2 BW Queue + DSCP WRED ERP Apps, CRM Apps, Database Apps

Bulk Data AF1 BW Queue + DSCP WRED E-mail, FTP, Backup Apps, Content Distribution

Default Default Forwarding DF Default Queue + RED Default Class

Scavenger CS1 Min BW Queue (Deferential) YouTube, Netflix, iTunes, BitTorrent, Xbox Live

VoIP Telephony EF Priority Queue (PQ) Cisco IP Phones (G.711, G.729)

Broadcast Video CS5 (Optional) PQ Cisco IP Video Surveillance / Cisco Enterprise TV

Real-Time Interactive CS4 (Optional) PQ Cisco TelePresence

Multimedia Conferencing AF4 BW Queue + DSCP WRED Cisco Jabber, Cisco WebEx

Multimedia Streaming AF3 BW Queue + DSCP WRED Cisco Digital Media System (VoDs)

Network Control CS6 BW Queue EIGRP, OSPF, BGP, HSRP, IKE

Signalling CS3 BW Queue SCCP, SIP, H.323

Ops / Admin / Mgmt (OAM) CS2 BW Queue SNMP, SSH, Syslog

Transactional Data AF2 BW Queue + DSCP WRED ERP Apps, CRM Apps, Database Apps

Bulk Data AF1 BW Queue + DSCP WRED E-mail, FTP, Backup Apps, Content Distribution

Default Default Forwarding DF Default Queue + RED Default Class

Irrelevant Scavenger CS1 Min BW Queue (Deferential) YouTube, Netflix, iTunes, BitTorrent, Xbox Live

VoIP Telephony EF Priority Queue (PQ) Cisco IP Phones (G.711, G.729)

Broadcast Video CS5 (Optional) PQ Cisco IP Video Surveillance / Cisco Enterprise TV

Real-Time Interactive CS4 (Optional) PQ Cisco TelePresence

Multimedia Conferencing AF4 BW Queue + DSCP WRED Cisco Jabber, Cisco WebEx

Multimedia Streaming AF3 BW Queue + DSCP WRED Cisco Digital Media System (VoDs)
Relevant
Network Control CS6 BW Queue EIGRP, OSPF, BGP, HSRP, IKE

Signalling CS3 BW Queue SCCP, SIP, H.323

Ops / Admin / Mgmt (OAM) CS2 BW Queue SNMP, SSH, Syslog

Transactional Data AF2 BW Queue + DSCP WRED ERP Apps, CRM Apps, Database Apps

Bulk Data AF1 BW Queue + DSCP WRED E-mail, FTP, Backup Apps, Content Distribution

Default Default Forwarding DF Default Queue + RED Default Class

Irrelevant Scavenger CS1 Min BW Queue (Deferential) YouTube, Netflix, iTunes, BitTorrent, Xbox Live

VoIP Telephony EF Priority Queue (PQ) Cisco IP Phones (G.711, G.729)

Broadcast Video CS5 (Optional) PQ Cisco IP Video Surveillance / Cisco Enterprise TV

Real-Time Interactive CS4 (Optional) PQ Cisco TelePresence

Multimedia Conferencing AF4 BW Queue + DSCP WRED Cisco Jabber, Cisco WebEx

Multimedia Streaming AF3 BW Queue + DSCP WRED Cisco Digital Media System (VoDs)
Relevant
Network Control CS6 BW Queue EIGRP, OSPF, BGP, HSRP, IKE

Signalling CS3 BW Queue SCCP, SIP, H.323

Ops / Admin / Mgmt (OAM) CS2 BW Queue SNMP, SSH, Syslog

Transactional Data AF2 BW Queue + DSCP WRED ERP Apps, CRM Apps, Database Apps

Bulk Data AF1 BW Queue + DSCP WRED E-mail, FTP, Backup Apps, Content Distribution
Default Default Forwarding DF Default Queue + RED Default Class

Irrelevant Scavenger CS1 Min BW Queue (Deferential) YouTube, Netflix, iTunes, BitTorrent, Xbox Live

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 11
Application Classification Rules
Is the Protocol a Control Plane Protocol?
Control
Plane?

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 12
Application Classification Rules
Is the Protocol a Control Plane Protocol?
Control Yes Network Yes
Network Control
Plane? Control?

• Network Control protocol?

• network routing and control-plane protocols
• E.g. BGP, OSPF, EIGRP, HSRP, IKE, etc.

• Signalling protocol?
• call signalling / bandwidth reservation protocols
• E.g. SIP, Skinny, H.323, RSVP etc.

• Operations / Administration / Management protocol?

• network management protocols (e.g. SNMP, Telnet, SSH, Syslog, NetFlow, etc.)

No Signalling Yes
Signalling
?

• Network Control protocol?

• network routing and control-plane protocols
• E.g. BGP, OSPF, EIGRP, HSRP, IKE, etc.

• Signalling protocol?
• call signalling / bandwidth reservation protocols
• E.g. SIP, Skinny, H.323, RSVP etc.

• Operations / Administration / Management protocol?

• network management protocols (e.g. SNMP, Telnet, SSH, Syslog, NetFlow, etc.)

No Signalling Yes
Signalling
?
Yes
No OAM? OAM
• Network Control protocol?
• network routing and control-plane protocols
• E.g. BGP, OSPF, EIGRP, HSRP, IKE, etc.

• Signalling protocol?
• call signalling / bandwidth reservation protocols
• E.g. SIP, Skinny, H.323, RSVP etc.

• Operations / Administration / Management protocol?

• network management protocols (e.g. SNMP, Telnet, SSH, Syslog, NetFlow, etc.)

No No Signalling Yes
Signalling
?
Yes
No OAM? OAM
• Network Control protocol?
• network routing and control-plane protocols
• E.g. BGP, OSPF, EIGRP, HSRP, IKE, etc.

• Signalling protocol?
• call signalling / bandwidth reservation protocols
• E.g. SIP, Skinny, H.323, RSVP etc.

• Operations / Administration / Management protocol?

• network management protocols (e.g. SNMP, Telnet, SSH, Syslog, NetFlow, etc.)

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 12
Application Classification Rules (cont.)
Is the Application Voice?

Voice?

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 13
Application Classification Rules (cont.)
Is the Application Voice?

Yes
Voice? Voice

• Voice?
• Audio-only media (e.g. G.711, G.729 etc.)
• Note: This class may be used for the audio-component of multimedia applications, such as Cisco Jabber
and/or Spark; however, this option should ONLY be considered if this causes no conflict with your overall
Call Admission Control strategy and voice-queue provisioning

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 13
Application Classification Rules (cont.)
Is the Application Voice?

Yes
Voice? Voice

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 13
Application Classification Rules (cont.)
Is the Application Video?

Video?

• Video?

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 14
Application Classification Rules (cont.)
Is the Application Video?
Yes
Video? Unidirectional?

• Video?
• Is the application is unidirectional or bidirectional?

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 14
Application Classification Rules (cont.)
Is the Application Video?
Yes
Yes Yes
Video? Unidirectional? Elastic? Multimedia-Streaming

No No
(Bidirectional)
Broadcast Video
(Inelastic)

Yes
Elastic? Multimedia-Conferencing

No Realtime-Interactive
(Inelastic)

• Video?
• Is the application is unidirectional or bidirectional?
• Is the application is elastic (i.e. adaptive to congestion/drops) or inelastic?

No No No
(Bidirectional)
Broadcast Video
(Inelastic)

Yes
Elastic? Multimedia-Conferencing

No Realtime-Interactive
(Inelastic)

• Video?
• Is the application is unidirectional or bidirectional?
• Is the application is elastic (i.e. adaptive to congestion/drops) or inelastic?

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 14
Application Classification Rules (cont.)
Is the Application Data?

Data?

• Data?

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 15
Application Classification Rules (cont.)
Is the Application Data?

Yes
Data? Foreground?

• Data?
• Is the application foreground or background?

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 15
Application Classification Rules (cont.)
Is the Application Data?

Yes Yes
Data? Foreground? Transactional Data

• Data?
• Is the application foreground or background?
• Foreground applications will directly impact user-productivity with network delays

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 15
Application Classification Rules (cont.)
Is the Application Data?

Yes Yes
Data? Foreground? Transactional Data

No
(Background)
Bulk Data

• Data?
• Is the application foreground or background?
• Foreground applications will directly impact user-productivity with network delays
• Background applications will not (as these are typically machine-to-machine flows)
• However, these apps can be very bandwidth intensive (if unrestrained)
• If it is not known if a data app is foreground, then assume it is background

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 15
Application Classification Rules (cont.)
Is the Application Data?

Yes Yes
Data? Foreground? Transactional Data

No No
(Background)
Bulk Data
Best Effort

• Otherwise – the application/protocol remains in the default class (Best Effort)

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 15
Strategic QoS Design At-A-Glance

https://cisco.box.com/v/QoS-AAGs
BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 16
Agenda
• Introduction to Strategic QoS Design
• WAN / IWAN QoS Design
• Campus QoS Design
• WLAN QoS Design
• Automating and Assuring QoS
• Summary and References
• Appendices

17
WAN / IWAN
QoS Design

18
LAN Edge QoS Design

19
NBAR2 Application Library 
Deployment Challenge

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 20
NBAR2 Application Library 
Deployment Challenge
• NBAR2 library is very large (1400+ apps)
• While powerful this toolset is not simple to wield
• To make the library more wieldy, every application has descriptive attributes

Category First level grouping of applications with similar functionalities

Sub-category Second level grouping of applications with similar functionalities

Application-group Grouping of applications based on brand or application suite

P2P-technology? Indicates application is peer-to-peer

Encrypted? Indicates application is encrypted

Tunneled? Indicates application uses tunnelling technique

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 20
Where Can I Find NBAR2 Attribute Details?

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 21
Where Can I Find NBAR2 Attribute Details?
Google Search: “NBAR Protocol Pack”
Cisco Protocol Pack Library: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/qos_nbar/prot_lib/config_library/nbar-prot-pack-library.html
Protocol Pack 35: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/qos_nbar/prot_lib/config_library/pp3500/nbar-prot-pack3500.html

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 21
WAP-WSP-WTP
WAP-WSP-WTP-S

Where Can I Find NBAR2 Attribute Details? WAR-ROCK

WARRIORFORUM
WASHINGTON
Google Search: “NBAR Protocol Pack” WASTE
WB-EXPAK
Cisco Protocol Pack Library: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/qos_nbar/prot_lib/config_library/nbar-prot-pack-library.html
WB-MON
WCCP
Protocol Pack 35: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/qos_nbar/prot_lib/config_library/pp3500/nbar-prot-pack3500.html
WEATHER-COM
WEATHER-GOV-WEB-
PORTAL
WEB-ANALYTICS
WEB-RTC
WEB-RTC-AUDIO
WEB-RTC-VIDEO
WEBEX-APP-SHARING
WEBEX-MEDIA
WEBEX-MEETING
WEBMD
WEBSENSE
WEBSTER
WEBTHUNDER
WECHAT
WEIBO
WELLS-FARGO
WETRANSFER
WHATSAPP
WHITEPAGES
WHOAMI
WHOIS++
WIFI-CALLING
WIKIA
WIKIPEDIA
WINDOWS-AZURE
WINDOWS-STORE
WINDOWS-UPDATE
WINMX
WINNY
WIRED-COM BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 21
WAP-WSP-WTP
WAP-WSP-WTP-S

Where Can I Find NBAR2 Attribute Details? WAR-ROCK

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 22
NBAR2 QoS Attributes 
New QoS Attributes: Traffic-Class and Business-Relevance 
Introduced in: IOS 15.5(3)M and IOS XE 3.16S

show ip nbar protocol-attribute airbnb

encrypted encrypted-no
tunnel tunnel-no
category browsing
sub-category Other
application-group Other
p2p-technology p2p-tech-no
traffic-class transactional-data
business-relevance business-irrelevant

show ip nbar protocol-attribute airbnb

encrypted encrypted-no
tunnel tunnel-no
category browsing
sub-category Other
application-group Other
p2p-technology p2p-tech-no
traffic-class transactional-data
business-relevance business-irrelevant

show ip nbar protocol-attribute airbnb

encrypted encrypted-no
tunnel tunnel-no
category browsing
sub-category Other
application-group Other
p2p-technology p2p-tech-no
traffic-class transactional-data
business-relevance business-irrelevant

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 23
Changing the Business-Relevancy of an Application

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 24
Changing the Business-Relevancy of an Application

Step 1: Create an Attribute-Map with the Desired Setting

ip nbar attribute-map BUSINESS-RELEVANT-MAP attribute business-relevance business-relevant

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 24
Changing the Business-Relevancy of an Application

Step 1: Create an Attribute-Map with the Desired Setting

ip nbar attribute-map BUSINESS-RELEVANT-MAP attribute business-relevance business-relevant

Step 2: Associate the Application with the Desired Attribute-Map

ip nbar attribute-set airbnb BUSINESS-RELEVANT-MAP

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 24
Changing Application Business-Relevance 
All Options

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 25
Changing Application Business-Relevance 
All Options

Scenario 1: Making an Application Business-Relevant

ip nbar attribute-map ATTIBUTE_MAP-RELEVANT attribute business-relevance business-relevant
ip nbar attribute-set application-name ATTIBUTE_MAP-RELEVANT

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 25
Changing Application Business-Relevance 
All Options

Scenario 1: Making an Application Business-Relevant

ip nbar attribute-map ATTIBUTE_MAP-RELEVANT attribute business-relevance business-relevant
ip nbar attribute-set application-name ATTIBUTE_MAP-RELEVANT

Scenario 2: Making an Application Default

ip nbar attribute-map ATTRIBUTE_MAP-DEFAULT attribute business-relevance default
ip nbar attribute-set application-name ATTRIBUTE_MAP-DEFAULT

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 25
Changing Application Business-Relevance 
All Options

Scenario 1: Making an Application Business-Relevant

ip nbar attribute-map ATTIBUTE_MAP-RELEVANT attribute business-relevance business-relevant
ip nbar attribute-set application-name ATTIBUTE_MAP-RELEVANT

Scenario 2: Making an Application Default

ip nbar attribute-map ATTRIBUTE_MAP-DEFAULT attribute business-relevance default
ip nbar attribute-set application-name ATTRIBUTE_MAP-DEFAULT

Scenario 3: Making an Application Business-Irrelevant

ip nbar attribute-map ATTRBUTE_MAP-SCAVENGER attribute business-relevance business-irrelevant
ip nbar attribute-set application-name ATTRBUTE_MAP-SCAVENGER

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 25
“Holy Grail” QoS Configuration: NBAR2 1400+ App / 12-Class Model

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
“Holy Grail” QoS Configuration: NBAR2 1400+ App / 12-Class Model
class-map match-all VOICE

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
“Holy Grail” QoS Configuration: NBAR2 1400+ App / 12-Class Model
class-map match-all VOICE
match protocol attribute traffic-class voip-telephony
match protocol attribute business-relevance business-relevant
class-map match-all BROADCAST-VIDEO
match protocol attribute traffic-class broadcast-video
match protocol attribute business-relevance business-relevant
class-map match-all REAL-TIME-INTERACTIVE
match protocol attribute traffic-class real-time-interactive
match protocol attribute business-relevance business-relevant
class-map match-all MULTIMEDIA-CONFERENCING
match protocol attribute traffic-class multimedia-conferencing
match protocol attribute business-relevance business-relevant
class-map match-all MULTIMEDIA-STREAMING
match protocol attribute traffic-class multimedia-streaming
match protocol attribute business-relevance business-relevant
class-map match-all SIGNALING
match protocol attribute traffic-class signaling
match protocol attribute business-relevance business-relevant
class-map match-all NETWORK-CONTROL
match protocol attribute traffic-class network-control
match protocol attribute business-relevance business-relevant
class-map match-all NETWORK-MANAGEMENT
match protocol attribute traffic-class ops-admin-mgmt

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
“Holy Grail” QoS Configuration: NBAR2 1400+ App / 12-Class Model
class-map match-all VOICE policy-map MARKING
match protocol attribute traffic-class voip-telephony class VOICE
match protocol attribute business-relevance business-relevant set dscp ef
class-map match-all BROADCAST-VIDEO class BROADCAST-VIDEO
match protocol attribute traffic-class broadcast-video set dscp cs5
match protocol attribute business-relevance business-relevant
class REAL-TIME-INTERACTIVE
class-map match-all REAL-TIME-INTERACTIVE
set dscp cs4
match protocol attribute traffic-class real-time-interactive
class MULTIMEDIA-CONFERENCING
match protocol attribute business-relevance business-relevant
class-map match-all MULTIMEDIA-CONFERENCING set dscp af41
match protocol attribute traffic-class multimedia-conferencing class MULTIMEDIA-STREAMING
match protocol attribute business-relevance business-relevant set dscp af31
class-map match-all MULTIMEDIA-STREAMING class SIGNALING
match protocol attribute traffic-class multimedia-streaming set dscp cs3
match protocol attribute business-relevance business-relevant
class-map match-all SIGNALING
match protocol attribute traffic-class signaling
match protocol attribute business-relevance business-relevant
class-map match-all NETWORK-CONTROL
match protocol attribute traffic-class network-control
match protocol attribute business-relevance business-relevant
class-map match-all NETWORK-MANAGEMENT
match protocol attribute traffic-class ops-admin-mgmt
match protocol attribute business-relevance business-relevant
class-map match-all TRANSACTIONAL-DATA
match protocol attribute traffic-class transactional-data
match protocol attribute business-relevance business-relevant
class-map match-all BULK-DATA
match protocol attribute traffic-class bulk-data
match protocol attribute business-relevance business-relevant
class-map match-all SCAVENGER
match protocol attribute business-relevance business-irrelevant

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
“Holy Grail” QoS Configuration: NBAR2 1400+ App / 12-Class Model
class-map match-all VOICE policy-map MARKING
match protocol attribute traffic-class voip-telephony class VOICE
match protocol attribute business-relevance business-relevant set dscp ef
class-map match-all BROADCAST-VIDEO class BROADCAST-VIDEO
match protocol attribute traffic-class broadcast-video set dscp cs5
match protocol attribute business-relevance business-relevant
class REAL-TIME-INTERACTIVE
class-map match-all REAL-TIME-INTERACTIVE
set dscp cs4
match protocol attribute traffic-class real-time-interactive
class MULTIMEDIA-CONFERENCING
match protocol attribute business-relevance business-relevant
class-map match-all MULTIMEDIA-CONFERENCING set dscp af41
match protocol attribute traffic-class multimedia-conferencing class MULTIMEDIA-STREAMING
match protocol attribute business-relevance business-relevant set dscp af31
class-map match-all MULTIMEDIA-STREAMING class SIGNALING
match protocol attribute traffic-class multimedia-streaming set dscp cs3
match protocol attribute business-relevance business-relevant class NETWORK-CONTROL
class-map match-all SIGNALING
match protocol attribute traffic-class signaling
match protocol attribute business-relevance business-relevant
class-map match-all NETWORK-CONTROL
match protocol attribute traffic-class network-control
match protocol attribute business-relevance business-relevant
class-map match-all NETWORK-MANAGEMENT
match protocol attribute traffic-class ops-admin-mgmt
match protocol attribute business-relevance business-relevant
class-map match-all TRANSACTIONAL-DATA
match protocol attribute traffic-class transactional-data
match protocol attribute business-relevance business-relevant
class-map match-all BULK-DATA
match protocol attribute traffic-class bulk-data
match protocol attribute business-relevance business-relevant
class-map match-all SCAVENGER
match protocol attribute business-relevance business-irrelevant

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
“Holy Grail” QoS Configuration: NBAR2 1400+ App / 12-Class Model
class-map match-all VOICE policy-map MARKING
match protocol attribute traffic-class voip-telephony class VOICE
match protocol attribute business-relevance business-relevant set dscp ef
class-map match-all BROADCAST-VIDEO class BROADCAST-VIDEO
match protocol attribute traffic-class broadcast-video set dscp cs5
match protocol attribute business-relevance business-relevant
class REAL-TIME-INTERACTIVE
class-map match-all REAL-TIME-INTERACTIVE
set dscp cs4
match protocol attribute traffic-class real-time-interactive
class MULTIMEDIA-CONFERENCING
match protocol attribute business-relevance business-relevant
class-map match-all MULTIMEDIA-CONFERENCING set dscp af41
match protocol attribute traffic-class multimedia-conferencing class MULTIMEDIA-STREAMING
match protocol attribute business-relevance business-relevant set dscp af31
class-map match-all MULTIMEDIA-STREAMING class SIGNALING
match protocol attribute traffic-class multimedia-streaming set dscp cs3
match protocol attribute business-relevance business-relevant class NETWORK-CONTROL
class-map match-all SIGNALING set dscp cs6
match protocol attribute traffic-class signaling
match protocol attribute business-relevance business-relevant
class-map match-all NETWORK-CONTROL
match protocol attribute traffic-class network-control
match protocol attribute business-relevance business-relevant
class-map match-all NETWORK-MANAGEMENT
match protocol attribute traffic-class ops-admin-mgmt
match protocol attribute business-relevance business-relevant
class-map match-all TRANSACTIONAL-DATA
match protocol attribute traffic-class transactional-data
match protocol attribute business-relevance business-relevant
class-map match-all BULK-DATA
match protocol attribute traffic-class bulk-data
match protocol attribute business-relevance business-relevant
class-map match-all SCAVENGER
match protocol attribute business-relevance business-irrelevant

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
“Holy Grail” QoS Configuration: NBAR2 1400+ App / 12-Class Model
class-map match-all VOICE policy-map MARKING
match protocol attribute traffic-class voip-telephony class VOICE
match protocol attribute business-relevance business-relevant set dscp ef
class-map match-all BROADCAST-VIDEO class BROADCAST-VIDEO
match protocol attribute traffic-class broadcast-video set dscp cs5
match protocol attribute business-relevance business-relevant
class REAL-TIME-INTERACTIVE
class-map match-all REAL-TIME-INTERACTIVE
set dscp cs4
match protocol attribute traffic-class real-time-interactive
class MULTIMEDIA-CONFERENCING
match protocol attribute business-relevance business-relevant
class-map match-all MULTIMEDIA-CONFERENCING set dscp af41
match protocol attribute traffic-class multimedia-conferencing class MULTIMEDIA-STREAMING
match protocol attribute business-relevance business-relevant set dscp af31
class-map match-all MULTIMEDIA-STREAMING class SIGNALING
match protocol attribute traffic-class multimedia-streaming set dscp cs3
match protocol attribute business-relevance business-relevant class NETWORK-CONTROL
class-map match-all SIGNALING set dscp cs6
match protocol attribute traffic-class signaling class NETWORK-MANAGEMENT
match protocol attribute business-relevance business-relevant
class-map match-all NETWORK-CONTROL
match protocol attribute traffic-class network-control
match protocol attribute business-relevance business-relevant
class-map match-all NETWORK-MANAGEMENT
match protocol attribute traffic-class ops-admin-mgmt
match protocol attribute business-relevance business-relevant
class-map match-all TRANSACTIONAL-DATA
match protocol attribute traffic-class transactional-data
match protocol attribute business-relevance business-relevant
class-map match-all BULK-DATA
match protocol attribute traffic-class bulk-data
match protocol attribute business-relevance business-relevant
class-map match-all SCAVENGER
match protocol attribute business-relevance business-irrelevant

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
“Holy Grail” QoS Configuration: NBAR2 1400+ App / 12-Class Model
class-map match-all VOICE policy-map MARKING
match protocol attribute traffic-class voip-telephony class VOICE
match protocol attribute business-relevance business-relevant set dscp ef
class-map match-all BROADCAST-VIDEO class BROADCAST-VIDEO
match protocol attribute traffic-class broadcast-video set dscp cs5
match protocol attribute business-relevance business-relevant
class REAL-TIME-INTERACTIVE
class-map match-all REAL-TIME-INTERACTIVE
set dscp cs4
match protocol attribute traffic-class real-time-interactive
class MULTIMEDIA-CONFERENCING
match protocol attribute business-relevance business-relevant
class-map match-all MULTIMEDIA-CONFERENCING set dscp af41
match protocol attribute traffic-class multimedia-conferencing class MULTIMEDIA-STREAMING
match protocol attribute business-relevance business-relevant set dscp af31
class-map match-all MULTIMEDIA-STREAMING class SIGNALING
match protocol attribute traffic-class multimedia-streaming set dscp cs3
match protocol attribute business-relevance business-relevant class NETWORK-CONTROL
class-map match-all SIGNALING set dscp cs6
match protocol attribute traffic-class signaling class NETWORK-MANAGEMENT
match protocol attribute business-relevance business-relevant set dscp cs2
class-map match-all NETWORK-CONTROL
match protocol attribute traffic-class network-control
match protocol attribute business-relevance business-relevant
class-map match-all NETWORK-MANAGEMENT
match protocol attribute traffic-class ops-admin-mgmt
match protocol attribute business-relevance business-relevant
class-map match-all TRANSACTIONAL-DATA
match protocol attribute traffic-class transactional-data
match protocol attribute business-relevance business-relevant
class-map match-all BULK-DATA
match protocol attribute traffic-class bulk-data
match protocol attribute business-relevance business-relevant
class-map match-all SCAVENGER
match protocol attribute business-relevance business-irrelevant

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
“Holy Grail” QoS Configuration: NBAR2 1400+ App / 12-Class Model
class-map match-all VOICE policy-map MARKING
match protocol attribute traffic-class voip-telephony class VOICE
match protocol attribute business-relevance business-relevant set dscp ef
class-map match-all BROADCAST-VIDEO class BROADCAST-VIDEO
match protocol attribute traffic-class broadcast-video set dscp cs5
match protocol attribute business-relevance business-relevant
class REAL-TIME-INTERACTIVE
class-map match-all REAL-TIME-INTERACTIVE
set dscp cs4
match protocol attribute traffic-class real-time-interactive
class MULTIMEDIA-CONFERENCING
match protocol attribute business-relevance business-relevant
class-map match-all MULTIMEDIA-CONFERENCING set dscp af41
match protocol attribute traffic-class multimedia-conferencing class MULTIMEDIA-STREAMING
match protocol attribute business-relevance business-relevant set dscp af31
class-map match-all MULTIMEDIA-STREAMING class SIGNALING
match protocol attribute traffic-class multimedia-streaming set dscp cs3
match protocol attribute business-relevance business-relevant class NETWORK-CONTROL
class-map match-all SIGNALING set dscp cs6
match protocol attribute traffic-class signaling class NETWORK-MANAGEMENT
match protocol attribute business-relevance business-relevant set dscp cs2
class-map match-all NETWORK-CONTROL class TRANSACTIONAL-DATA
match protocol attribute traffic-class network-control
match protocol attribute business-relevance business-relevant
class-map match-all NETWORK-MANAGEMENT
match protocol attribute traffic-class ops-admin-mgmt
match protocol attribute business-relevance business-relevant
class-map match-all TRANSACTIONAL-DATA
match protocol attribute traffic-class transactional-data
match protocol attribute business-relevance business-relevant
class-map match-all BULK-DATA
match protocol attribute traffic-class bulk-data
match protocol attribute business-relevance business-relevant
class-map match-all SCAVENGER
match protocol attribute business-relevance business-irrelevant

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
“Holy Grail” QoS Configuration: NBAR2 1400+ App / 12-Class Model
class-map match-all VOICE policy-map MARKING
match protocol attribute traffic-class voip-telephony class VOICE
match protocol attribute business-relevance business-relevant set dscp ef
class-map match-all BROADCAST-VIDEO class BROADCAST-VIDEO
match protocol attribute traffic-class broadcast-video set dscp cs5
match protocol attribute business-relevance business-relevant
class REAL-TIME-INTERACTIVE
class-map match-all REAL-TIME-INTERACTIVE
set dscp cs4
match protocol attribute traffic-class real-time-interactive
class MULTIMEDIA-CONFERENCING
match protocol attribute business-relevance business-relevant
class-map match-all MULTIMEDIA-CONFERENCING set dscp af41
match protocol attribute traffic-class multimedia-conferencing class MULTIMEDIA-STREAMING
match protocol attribute business-relevance business-relevant set dscp af31
class-map match-all MULTIMEDIA-STREAMING class SIGNALING
match protocol attribute traffic-class multimedia-streaming set dscp cs3
match protocol attribute business-relevance business-relevant class NETWORK-CONTROL
class-map match-all SIGNALING set dscp cs6
match protocol attribute traffic-class signaling class NETWORK-MANAGEMENT
match protocol attribute business-relevance business-relevant set dscp cs2
class-map match-all NETWORK-CONTROL class TRANSACTIONAL-DATA
match protocol attribute traffic-class network-control set dscp af21
match protocol attribute business-relevance business-relevant
class-map match-all NETWORK-MANAGEMENT
match protocol attribute traffic-class ops-admin-mgmt
match protocol attribute business-relevance business-relevant
class-map match-all TRANSACTIONAL-DATA
match protocol attribute traffic-class transactional-data
match protocol attribute business-relevance business-relevant
class-map match-all BULK-DATA
match protocol attribute traffic-class bulk-data
match protocol attribute business-relevance business-relevant
class-map match-all SCAVENGER
match protocol attribute business-relevance business-irrelevant

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
“Holy Grail” QoS Configuration: NBAR2 1400+ App / 12-Class Model
class-map match-all VOICE policy-map MARKING
match protocol attribute traffic-class voip-telephony class VOICE
match protocol attribute business-relevance business-relevant set dscp ef
class-map match-all BROADCAST-VIDEO class BROADCAST-VIDEO
match protocol attribute traffic-class broadcast-video set dscp cs5
match protocol attribute business-relevance business-relevant
class REAL-TIME-INTERACTIVE
class-map match-all REAL-TIME-INTERACTIVE
set dscp cs4
match protocol attribute traffic-class real-time-interactive
class MULTIMEDIA-CONFERENCING
match protocol attribute business-relevance business-relevant
class-map match-all MULTIMEDIA-CONFERENCING set dscp af41
match protocol attribute traffic-class multimedia-conferencing class MULTIMEDIA-STREAMING
match protocol attribute business-relevance business-relevant set dscp af31
class-map match-all MULTIMEDIA-STREAMING class SIGNALING
match protocol attribute traffic-class multimedia-streaming set dscp cs3
match protocol attribute business-relevance business-relevant class NETWORK-CONTROL
class-map match-all SIGNALING set dscp cs6
match protocol attribute traffic-class signaling class NETWORK-MANAGEMENT
match protocol attribute business-relevance business-relevant set dscp cs2
class-map match-all NETWORK-CONTROL class TRANSACTIONAL-DATA
match protocol attribute traffic-class network-control set dscp af21
match protocol attribute business-relevance business-relevant class BULK-DATA
class-map match-all NETWORK-MANAGEMENT
match protocol attribute traffic-class ops-admin-mgmt
match protocol attribute business-relevance business-relevant
class-map match-all TRANSACTIONAL-DATA
match protocol attribute traffic-class transactional-data
match protocol attribute business-relevance business-relevant
class-map match-all BULK-DATA
match protocol attribute traffic-class bulk-data
match protocol attribute business-relevance business-relevant
class-map match-all SCAVENGER
match protocol attribute business-relevance business-irrelevant

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
“Holy Grail” QoS Configuration: NBAR2 1400+ App / 12-Class Model
class-map match-all VOICE policy-map MARKING
match protocol attribute traffic-class voip-telephony class VOICE
match protocol attribute business-relevance business-relevant set dscp ef
class-map match-all BROADCAST-VIDEO class BROADCAST-VIDEO
match protocol attribute traffic-class broadcast-video set dscp cs5
match protocol attribute business-relevance business-relevant
class REAL-TIME-INTERACTIVE
class-map match-all REAL-TIME-INTERACTIVE
set dscp cs4
match protocol attribute traffic-class real-time-interactive
class MULTIMEDIA-CONFERENCING
match protocol attribute business-relevance business-relevant
class-map match-all MULTIMEDIA-CONFERENCING set dscp af41
match protocol attribute traffic-class multimedia-conferencing class MULTIMEDIA-STREAMING
match protocol attribute business-relevance business-relevant set dscp af31
class-map match-all MULTIMEDIA-STREAMING class SIGNALING
match protocol attribute traffic-class multimedia-streaming set dscp cs3
match protocol attribute business-relevance business-relevant class NETWORK-CONTROL
class-map match-all SIGNALING set dscp cs6
match protocol attribute traffic-class signaling class NETWORK-MANAGEMENT
match protocol attribute business-relevance business-relevant set dscp cs2
class-map match-all NETWORK-CONTROL class TRANSACTIONAL-DATA
match protocol attribute traffic-class network-control set dscp af21
match protocol attribute business-relevance business-relevant class BULK-DATA
class-map match-all NETWORK-MANAGEMENT set dscp af11
match protocol attribute traffic-class ops-admin-mgmt
match protocol attribute business-relevance business-relevant
class-map match-all TRANSACTIONAL-DATA
match protocol attribute traffic-class transactional-data
match protocol attribute business-relevance business-relevant
class-map match-all BULK-DATA
match protocol attribute traffic-class bulk-data
match protocol attribute business-relevance business-relevant
class-map match-all SCAVENGER
match protocol attribute business-relevance business-irrelevant

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
“Holy Grail” QoS Configuration: NBAR2 1400+ App / 12-Class Model
class-map match-all VOICE policy-map MARKING
match protocol attribute traffic-class voip-telephony class VOICE
match protocol attribute business-relevance business-relevant set dscp ef
class-map match-all BROADCAST-VIDEO class BROADCAST-VIDEO
match protocol attribute traffic-class broadcast-video set dscp cs5
match protocol attribute business-relevance business-relevant
class REAL-TIME-INTERACTIVE
class-map match-all REAL-TIME-INTERACTIVE
set dscp cs4
match protocol attribute traffic-class real-time-interactive
class MULTIMEDIA-CONFERENCING
match protocol attribute business-relevance business-relevant
class-map match-all MULTIMEDIA-CONFERENCING set dscp af41
match protocol attribute traffic-class multimedia-conferencing class MULTIMEDIA-STREAMING
match protocol attribute business-relevance business-relevant set dscp af31
class-map match-all MULTIMEDIA-STREAMING class SIGNALING
match protocol attribute traffic-class multimedia-streaming set dscp cs3
match protocol attribute business-relevance business-relevant class NETWORK-CONTROL
class-map match-all SIGNALING set dscp cs6
match protocol attribute traffic-class signaling class NETWORK-MANAGEMENT
match protocol attribute business-relevance business-relevant set dscp cs2
class-map match-all NETWORK-CONTROL class TRANSACTIONAL-DATA
match protocol attribute traffic-class network-control set dscp af21
match protocol attribute business-relevance business-relevant class BULK-DATA
class-map match-all NETWORK-MANAGEMENT set dscp af11
match protocol attribute traffic-class ops-admin-mgmt class SCAVENGER
match protocol attribute business-relevance business-relevant
class-map match-all TRANSACTIONAL-DATA
match protocol attribute traffic-class transactional-data
match protocol attribute business-relevance business-relevant
class-map match-all BULK-DATA
match protocol attribute traffic-class bulk-data
match protocol attribute business-relevance business-relevant
class-map match-all SCAVENGER
match protocol attribute business-relevance business-irrelevant

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
“Holy Grail” QoS Configuration: NBAR2 1400+ App / 12-Class Model
class-map match-all VOICE policy-map MARKING
match protocol attribute traffic-class voip-telephony class VOICE
match protocol attribute business-relevance business-relevant set dscp ef
class-map match-all BROADCAST-VIDEO class BROADCAST-VIDEO
match protocol attribute traffic-class broadcast-video set dscp cs5
match protocol attribute business-relevance business-relevant
class REAL-TIME-INTERACTIVE
class-map match-all REAL-TIME-INTERACTIVE
set dscp cs4
match protocol attribute traffic-class real-time-interactive
class MULTIMEDIA-CONFERENCING
match protocol attribute business-relevance business-relevant
class-map match-all MULTIMEDIA-CONFERENCING set dscp af41
match protocol attribute traffic-class multimedia-conferencing class MULTIMEDIA-STREAMING
match protocol attribute business-relevance business-relevant set dscp af31
class-map match-all MULTIMEDIA-STREAMING class SIGNALING
match protocol attribute traffic-class multimedia-streaming set dscp cs3
match protocol attribute business-relevance business-relevant class NETWORK-CONTROL
class-map match-all SIGNALING set dscp cs6
match protocol attribute traffic-class signaling class NETWORK-MANAGEMENT
match protocol attribute business-relevance business-relevant set dscp cs2
class-map match-all NETWORK-CONTROL class TRANSACTIONAL-DATA
match protocol attribute traffic-class network-control set dscp af21
match protocol attribute business-relevance business-relevant class BULK-DATA
class-map match-all NETWORK-MANAGEMENT set dscp af11
match protocol attribute traffic-class ops-admin-mgmt class SCAVENGER
match protocol attribute business-relevance business-relevant set dscp cs1
class-map match-all TRANSACTIONAL-DATA
match protocol attribute traffic-class transactional-data
match protocol attribute business-relevance business-relevant
class-map match-all BULK-DATA
match protocol attribute traffic-class bulk-data
match protocol attribute business-relevance business-relevant
class-map match-all SCAVENGER
match protocol attribute business-relevance business-irrelevant

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
“Holy Grail” QoS Configuration: NBAR2 1400+ App / 12-Class Model
class-map match-all VOICE policy-map MARKING
match protocol attribute traffic-class voip-telephony class VOICE
match protocol attribute business-relevance business-relevant set dscp ef
class-map match-all BROADCAST-VIDEO class BROADCAST-VIDEO
match protocol attribute traffic-class broadcast-video set dscp cs5
match protocol attribute business-relevance business-relevant
class REAL-TIME-INTERACTIVE
class-map match-all REAL-TIME-INTERACTIVE
set dscp cs4
match protocol attribute traffic-class real-time-interactive
class MULTIMEDIA-CONFERENCING
match protocol attribute business-relevance business-relevant
class-map match-all MULTIMEDIA-CONFERENCING set dscp af41
match protocol attribute traffic-class multimedia-conferencing class MULTIMEDIA-STREAMING
match protocol attribute business-relevance business-relevant set dscp af31
class-map match-all MULTIMEDIA-STREAMING class SIGNALING
match protocol attribute traffic-class multimedia-streaming set dscp cs3
match protocol attribute business-relevance business-relevant class NETWORK-CONTROL
class-map match-all SIGNALING set dscp cs6
match protocol attribute traffic-class signaling class NETWORK-MANAGEMENT
match protocol attribute business-relevance business-relevant set dscp cs2
class-map match-all NETWORK-CONTROL class TRANSACTIONAL-DATA
match protocol attribute traffic-class network-control set dscp af21
match protocol attribute business-relevance business-relevant class BULK-DATA
class-map match-all NETWORK-MANAGEMENT set dscp af11
match protocol attribute traffic-class ops-admin-mgmt class SCAVENGER
match protocol attribute business-relevance business-relevant set dscp cs1
class-map match-all TRANSACTIONAL-DATA class class-default
match protocol attribute traffic-class transactional-data
match protocol attribute business-relevance business-relevant
class-map match-all BULK-DATA
match protocol attribute traffic-class bulk-data
match protocol attribute business-relevance business-relevant
class-map match-all SCAVENGER
match protocol attribute business-relevance business-irrelevant

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
“Holy Grail” QoS Configuration: NBAR2 1400+ App / 12-Class Model
class-map match-all VOICE policy-map MARKING
match protocol attribute traffic-class voip-telephony class VOICE
match protocol attribute business-relevance business-relevant set dscp ef
class-map match-all BROADCAST-VIDEO class BROADCAST-VIDEO
match protocol attribute traffic-class broadcast-video set dscp cs5
match protocol attribute business-relevance business-relevant
class REAL-TIME-INTERACTIVE
class-map match-all REAL-TIME-INTERACTIVE
set dscp cs4
match protocol attribute traffic-class real-time-interactive
class MULTIMEDIA-CONFERENCING
match protocol attribute business-relevance business-relevant
class-map match-all MULTIMEDIA-CONFERENCING set dscp af41
match protocol attribute traffic-class multimedia-conferencing class MULTIMEDIA-STREAMING
match protocol attribute business-relevance business-relevant set dscp af31
class-map match-all MULTIMEDIA-STREAMING class SIGNALING
match protocol attribute traffic-class multimedia-streaming set dscp cs3
match protocol attribute business-relevance business-relevant class NETWORK-CONTROL
class-map match-all SIGNALING set dscp cs6
match protocol attribute traffic-class signaling class NETWORK-MANAGEMENT
match protocol attribute business-relevance business-relevant set dscp cs2
class-map match-all NETWORK-CONTROL class TRANSACTIONAL-DATA
match protocol attribute traffic-class network-control set dscp af21
match protocol attribute business-relevance business-relevant class BULK-DATA
class-map match-all NETWORK-MANAGEMENT set dscp af11
match protocol attribute traffic-class ops-admin-mgmt class SCAVENGER
match protocol attribute business-relevance business-relevant set dscp cs1
class-map match-all TRANSACTIONAL-DATA class class-default
match protocol attribute traffic-class transactional-data set dscp default
match protocol attribute business-relevance business-relevant
class-map match-all BULK-DATA
match protocol attribute traffic-class bulk-data
match protocol attribute business-relevance business-relevant
class-map match-all SCAVENGER
match protocol attribute business-relevance business-irrelevant

https://cisco.box.com/v/QoS-AAGs
BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 27
WAN Edge QoS Design

28
QoS Tools Review: Queuing & Dropping Tools
(Flow-Based) Fair-Queuing

Packets In Fair-Queuing
Sorter/Pre-Sorter

Packets Out

A flow is defined by five matching tuples:

Source Address + Source Port
Destination Address + Destination Port
Layer 4 Protocol (TCP or UDP)
BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 29
QoS Tools Review: Queuing & Dropping Tools
(Flow-Based) Fair-Queuing

Packets In Fair-Queuing
Sorter/Pre-Sorter

Packets Out

A flow is defined by five matching tuples:

policy-map FQ
class class-default
fair-queue
Packets In Fair-Queuing
Sorter/Pre-Sorter

Packets Out

A flow is defined by five matching tuples:

Network Control CBWFQ

Call Signalling CBWFQ

OAM CBWFQ

FQ
Multimedia Conferencing CBWFQ
Packets In FQ CBWFQ
Multimedia Streaming CBWFQ Scheduler
Tx-Ring Packets Out
FQ
Transactional Data CBWFQ

FQ
Bulk Data CBWFQ

Network Control CBWFQ

Call Signalling CBWFQ

OAM CBWFQ

FQ
Multimedia Conferencing CBWFQ
Packets In FQ CBWFQ
Multimedia Streaming CBWFQ Scheduler
Tx-Ring Packets Out
FQ
Transactional Data CBWFQ

FQ
Bulk Data CBWFQ

Network Control CBWFQ

Call Signalling CBWFQ

OAM CBWFQ

FQ
Multimedia Conferencing CBWFQ
Packets In FQ CBWFQ
Multimedia Streaming CBWFQ Scheduler
Tx-Ring Packets Out
FQ
Transactional Data CBWFQ

FQ
Bulk Data CBWFQ

FQ
Best Effort / Default CBWFQ
FQ
Pre-Sorters
Scavenger CBWFQ
BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 30
QoS Tools Review: Queuing & Dropping Tools
policy-map WAN
CBWFQ IOS Interface Buffers class NETWORK-CONTROL
bandwidth remaining percent 5
class CALL-SIGNALING
Network Control CBWFQ bandwidth remaining percent 4
class STREAMING-VIDEO
bandwidth remaining percent 10
fair-queue
Call Signalling CBWFQ
random-detect dscp-based
class MM-CONFERENCING
bandwidth remaining percent 30
OAM CBWFQ fair-queue
random-detect dscp-based
FQ …
Multimedia Conferencing CBWFQ
Packets In FQ CBWFQ
Multimedia Streaming CBWFQ Scheduler
Tx-Ring Packets Out
FQ
Transactional Data CBWFQ

FQ
Bulk Data CBWFQ

IOS Interface Buffers

LLQ

Packets In
Packets Out
CBWFQ
Scheduler
Tx-Ring

FQ
CBWFQs
Pre-Sorters

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 31
QoS Tools Review: Queuing & Dropping Tools
LLQ: Single-LLQ Operation and Configuration

IOS Interface Buffers

10% Strict
VOICE
Policer

LLQ

Packets In
Packets Out
CBWFQ
Scheduler
Tx-Ring

FQ
CBWFQs
Pre-Sorters

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 31
QoS Tools Review: Queuing & Dropping Tools
LLQ: Single-LLQ Operation and Configuration

IOS Interface Buffers

10% Strict
VOICE
Policer

LLQ

Packets In
Packets Out
CBWFQ
Scheduler
Tx-Ring

FQ
CBWFQs
Pre-Sorters

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 31
QoS Tools Review: Queuing & Dropping Tools
LLQ: Single-LLQ Operation and Configuration

IOS Interface Buffers

10% Strict
VOICE policy-map WAN
Policer
class VOICE
LLQ
priority level 1
police cir percent 10

Packets In
Packets Out
CBWFQ
Scheduler
Tx-Ring

FQ
CBWFQs
Pre-Sorters

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 31
QoS Tools Review: Queuing & Dropping Tools
The Need for Congestion Avoidance

Bandwidth  
100% Utilisation
BW

Time

Tail Drop

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 32
QoS Tools Review: Queuing & Dropping Tools
The Need for Congestion Avoidance

▪ All TCP flows synchronise in waves

▪ TCP synchronisation wastes available bandwidth
Bandwidth  
100% Utilisation
BW

Time

Tail Drop

Three Traffic Flows   Another Traffic Flow

Start at Different Times Starts at This Point

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 32
QoS Tools Review: Queuing & Dropping Tools
DSCP-Based WRED

Tail Front
of of
Queue Bulk Data CBWFQ Queue
Fair- Direction
Queuing
Pre-Sorter of
Packet
Flow

AF13 Minimum WRED Threshold:

Begin randomly dropping AF13 packets

AF12 Minimum WRED Threshold:

Begin randomly dropping AF12 packets

AF11 Minimum WRED Threshold:

Begin randomly dropping AF11 packets

Tail Front
of of
Queue Bulk Data CBWFQ Queue
Fair- Direction
Queuing
Pre-Sorter of
Packet
Flow

AF13 Minimum WRED Threshold:

Begin randomly dropping AF13 packets

AF12 Minimum WRED Threshold:

Begin randomly dropping AF12 packets

AF11 Minimum WRED Threshold:

Begin randomly dropping AF11 packets

Tail Front
of of
Queue Bulk Data CBWFQ Queue
Fair- Direction
Queuing
Pre-Sorter of
Packet
Flow

AF13 Minimum WRED Threshold:

Begin randomly dropping AF13 packets

AF12 Minimum WRED Threshold:

Begin randomly dropping AF12 packets

AF11 Minimum WRED Threshold:

Begin randomly dropping AF11 packets

Tail Front
of of
Queue Bulk Data CBWFQ Queue
Fair- Direction
Queuing
Pre-Sorter of
Packet
Flow

AF13 Minimum WRED Threshold:

Begin randomly dropping AF13 packets

AF12 Minimum WRED Threshold:

Begin randomly dropping AF12 packets

AF11 Minimum WRED Threshold:

Begin randomly dropping AF11 packets

Tail Front
of of
Queue Bulk Data CBWFQ Queue
Fair- Direction
Queuing
Pre-Sorter of
Packet
Flow

AF13 Minimum WRED Threshold:

Begin randomly dropping AF13 packets

AF12 Minimum WRED Threshold:

Begin randomly dropping AF12 packets

AF11 Minimum WRED Threshold:

Begin randomly dropping AF11 packets

Maximum WRED Thresholds for AF11, AF12 and AF13 are set to the tail of the queue in this example
BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 33
QoS Tools Review: Queuing & Dropping Tools
DSCP-Based WRED
policy-map BULK-WRED
class BULK
bandwidth remaining percent 10
Tail Front
random-detect dscp-based of
of
Queue Bulk Data CBWFQ Queue
Fair- Direction
Queuing
Pre-Sorter of
Packet
Flow

AF13 Minimum WRED Threshold:

Begin randomly dropping AF13 packets

AF12 Minimum WRED Threshold:

Begin randomly dropping AF12 packets

AF11 Minimum WRED Threshold:

Begin randomly dropping AF11 packets

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 34
RFC 4594-Based 12-Class
WAN-Edge Queuing Model

Network Control Multimedia Streaming

2% 10%
BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 34
RFC 4594-Based 12-Class  
Queuing Model Configuration

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 35
policy-map WAN_EDGE-QUEUING

RFC 4594-Based 12-Class   class VOICE-DSCP

priority percent 10

Queuing Model Configuration

class BROADCAST_VIDEO-DSCP
priority percent 10
class REALTIME_INTERACTIVE-DSCP
priority percent 13
class NETWORK-CONTROL-DSCP
class-map match-all VOICE-DSCP bandwidth percent 2
match dscp ef class SIGNALING-DSCP
class-map match-all BROADCAST_VIDEO-DSCP bandwidth percent 2
match dscp cs5 class OAM-DSCP
class-map match-all REALTIME_INTERACTIVE-DSCP bandwidth percent 3
match dscp cs4 class MULTIMEDIA_CONFERENCING-DSCP
class-map match-all NETWORK-CONTROL-DSCP bandwidth percent 10
match cs6 fair-queue
class-map match-all SIGNALING-DSCP random-detect dscp-based
match cs3 class MULTIMEDIA_STREAMING-DSCP
class-map match-all OAM-DSCP bandwidth percent 10
match cs2 fair-queue
class-map match-all MULTIMEDIA_CONFERENCING-DSCP random-detect dscp-based
match dscp af41 class TRANSACTIONAL-DATA-DSCP
class-map match-all MULTIMEDIA_STREAMING-DSCP bandwidth percent 10
match dscp af31 fair-queue
random-detect dscp-based
class-map match-all TRANSACTIONAL-DATA-DSCP
class BULK-DATA-DSCP
match dscp af21
bandwidth percent 4
class-map match-all BULK-DATA-DSCP fair-queue
match dscp af11 random-detect dscp-based
class-map match-all SCAVENGER-DSCP class SCAVENGER-DSCP
match dscp cs1 bandwidth percent 1
class class-default
bandwidth percent 25
fair-queue
random-detect dscp-based

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 35
policy-map WAN_EDGE-QUEUING

RFC 4594-Based 12-Class   class VOICE-DSCP

priority percent 10

Queuing Model Configuration

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 36
What Changes for Sub-Line-Rate Interfaces?

▪ Queuing policies will not engage unless the interface is congested

TX
Ring

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 36
What Changes for Sub-Line-Rate Interfaces?

▪ Queuing policies will not engage unless the interface is congested

GE Interface
with a sub-line-rate
access service
(e.g. 50 Mbps)
TX
Ring

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 36
What Changes for Sub-Line-Rate Interfaces?
policy-map HQoS-50MBPS
class class-default
shape average 50000000

▪ Queuing policies will not engage unless the interface is congested

▪ A shaper will guarantee that traffic will not exceed the contracted rate

GE Interface
with a sub-line-rate
access service
(e.g. 50 Mbps)
Class-
Based TX
Ring
Shaper

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 36
What Changes for Sub-Line-Rate Interfaces?
policy-map QUEUING policy-map HQoS-50MBPS
class REALTIME class class-default
priority 1000 shape average 50000000
class SIGNALING service-policy QUEUING
bandwidth x
class TRANSACTIONAL ▪ Queuing policies will not engage unless the interface is congested
bandwidth y… ▪ A shaper will guarantee that traffic will not exceed the contracted rate
class class-default
fair-queue ▪ A nested queuing policy will force queuing to engage at the contracted sub-
line-rate to prioritise packets prior to shaping
GE Interface
1 Mbps with a sub-line-rate
REALTIME 1 Mbps LLQ access service
Policer (e.g. 50 Mbps)
Class-
Based TX
Signalling CBWFQ Ring
Shaper
CBWFQ
FQ Transactional CBWFQ Scheduler
FQ Default Queue

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 36
Hierarchical (Shaping + Queuing) QoS Policy Config

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 37
Hierarchical (Shaping + Queuing) QoS Policy Config

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 37
Hierarchical (Shaping + Queuing) QoS Policy Config
policy-map HQOS-50M-OUT A Parent QoS Policy is required to shape to the contracted rate
class class-default
shape average 50M
service-policy WAN-EDGE-QUEUING A (nested) Child QoS Policy queues traffic within the shaped rate

interface GigabitEthernet0/2
description AT&T Circuit from SJ-13-12 to RTP-Ridge-7 @ 50 Mbps Contracted Rate
service-policy output HQOS-50M-OUT

The Parent QoS Policy (shaper with nested queuing policy) is

applied to the sub-line-rate interface

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 37
IWAN QoS Design

38
What is IWAN from a QoS Perspective?
• Augment expensive MPLS service with business class internet
• Performance Routing (PfR) to load balance / provide resiliency / best path
• Dynamic Multipoint VPN (DMVPN) overlay on MPLS and Internet
• Up to 2,000 remote sites per hub router in a single domain
• MPLS will have Service Provider QoS, but with Internet we assume none

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 39
Hybrid Model – MPLS and Internet
Hub
Master
MPLS
Controller
T1
Branch

Hub
Router T1
Branch
INTERNET
Hub T3
Branch
Router
10 Mbps
Branch

T3
Branch

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 40
IWAN Egress QoS Models 
Example: Combining 12 Classes into an 8-Class Model

Application DSCP 8-Class Model

Internetwork Control CS6 VOICE

PQ-10%
VoIP EF
NET-CTRL
Broadcast Video CS5 5% BWR

Multimedia Conferencing AF41 INTERACTIVE-VIDEO

30% BWR
Real-Time Interactive CS4
STREAMING-VIDEO
Multimedia Streaming AF31 10% BWR
Signalling CS3 CALL-SIGNALING
4% BWR
Transactional Data AF21

Network Management (OAM) CS2 CRITICAL-DATA

25% BWR
Bulk Data AF11

Scavenger CS1 SCAVENGER—1% BWR

DEFAULT
Best Effort DF 25% BWR

PQ = Priority Queue Note: Bandwidth Remaining

BWR = Bandwidth Remaining Percentages must equal 100%

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 41
IWAN Egress QoS Models 
Example: Combining 12 Classes into an 8-Class Model

Application DSCP 8-Class Model

Internetwork Control CS6 VOICE

PQ-10%
VoIP EF
NET-CTRL
Broadcast Video CS5 5% BWR

Multimedia Conferencing AF41 INTERACTIVE-VIDEO

30% BWR
Real-Time Interactive CS4
STREAMING-VIDEO
Multimedia Streaming AF31 10% BWR
Signalling CS3 CALL-SIGNALING
4% BWR
Transactional Data AF21

Network Management (OAM) CS2 CRITICAL-DATA

25% BWR
Bulk Data AF11

Scavenger CS1 SCAVENGER—1% BWR

DEFAULT
Best Effort DF 25% BWR

PQ = Priority Queue Note: Bandwidth Remaining

BWR = Bandwidth Remaining Percentages must equal 100%

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 41
IWAN 8-Class Egress Queuing Model
Child Policy
IWAN 8-Class Queuing Model Class-Maps
class-map match-any VOICE-DSCP
match dscp ef
class-map match-any INTERACTIVE-VIDEO-DSCP
match dscp cs4 af41 af42 af43
class-map match-any STREAMING-VIDEO-DSCP
match dscp cs5 af31 af32 af33
class-map match-any NETWORK-CONTROL-DSCP
match dscp cs6
class-map match-any SIGNALING-DSCP
match dscp cs3
class-map match-any CRITICAL-DATA-DSCP
match dscp cs2 af11 af12 af13 af21 af22 af23
class-map match-any SCAVENGER-DSCP
match dscp cs1

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 42
IWAN 8-Class Egress Queuing Model
Child Policy
IWAN 8-Class Queuing Model Class-Maps IWAN 8-Class Queuing Policy-Map
class-map match-any VOICE-DSCP policy-map IWAN-EDGE-QUEUING
match dscp ef class VOICE-DSCP
class-map match-any INTERACTIVE-VIDEO-DSCP priority level 1
match dscp cs4 af41 af42 af43 police cir percent 10
class-map match-any STREAMING-VIDEO-DSCP class INTERACTIVE-VIDEO-DSCP
match dscp cs5 af31 af32 af33 bandwidth remaining percent 30
class-map match-any NETWORK-CONTROL-DSCP random-detect dscp-based
match dscp cs6 class STREAMING-VIDEO-DSCP
class-map match-any SIGNALING-DSCP bandwidth remaining percent 10
match dscp cs3 random-detect dscp-based
class-map match-any CRITICAL-DATA-DSCP class NETWORK-CONTROL-DSCP
match dscp cs2 af11 af12 af13 af21 af22 af23
class-map match-any SCAVENGER-DSCP bandwidth remaining percent 5
match dscp cs1 class SIGNALING-DSCP
bandwidth remaining percent 4
class CRITICAL-DATA-DSCP
bandwidth remaining percent 25
random-detect dscp-based
class SCAVENGER-DSCP
bandwidth remaining percent 1
class class-default
bandwidth remaining percent 25
random-detect

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 42
Branch QoS Scheduling Hierarchy
Two Levels: Child / Parent

Police
1M

priority data class-default

Child Queuing
Policy on Physical
Bandwidth sharing
within tunnel

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 43
Branch QoS Scheduling Hierarchy
Two Levels: Child / Parent

Police
1M

priority data class-default

P1
Parent Shaping
Child Queuing
Policy on Physical
Policy on Physical
Shape for service rate
Bandwidth sharing
within tunnel

To Physical

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 43
Branch QoS Scheduling Hierarchy
Two Levels: Child / Parent
policy-map IWAN-EDGE-QUEUING policy-map POLICY-TRANSPORT-1
class INTERACTIVE-VIDEO class class-default
bandwidth remaining percent 30 shape average 10 Mbps
random-detect dscp-based service-policy WAN-EDGE-QUUEING
class STREAMING-VIDEO
bandwidth remaining percent 10
random-detect dscp-based
class CALL-SIGNALING
bandwidth remaining percent 4
class NET-CTRL
bandwidth remaining percent 5
class CRITICAL-DATA
bandwidth remaining percent 25
random-detect dscp-based
class SCAVENGER Always On Police
bandwidth remaining percent 1 Policer 1M
class VOICE
priority level 1
police cir percent 10
class class-default
bandwidth remaining percent 25
priority data class-default
random-detect

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 44
Branch QoS Scheduling Hierarchy
Two Levels: Child / Parent
policy-map IWAN-EDGE-QUEUING policy-map POLICY-TRANSPORT-1
class INTERACTIVE-VIDEO class class-default
bandwidth remaining percent 30 shape average 10 Mbps
random-detect dscp-based service-policy WAN-EDGE-QUUEING
class STREAMING-VIDEO
bandwidth remaining percent 10
random-detect dscp-based
class CALL-SIGNALING
bandwidth remaining percent 4
class NET-CTRL ▪ A shaper will guarantee that traffic will not exceed the contracted rate
bandwidth remaining percent 5
class CRITICAL-DATA
bandwidth remaining percent 25
random-detect dscp-based
class SCAVENGER Always On Police
bandwidth remaining percent 1 Policer 1M
class VOICE
priority level 1
police cir percent 10
class class-default
bandwidth remaining percent 25
priority data class-default
random-detect

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 44
Branch QoS Scheduling Hierarchy
Two Levels: Child / Parent
policy-map IWAN-EDGE-QUEUING policy-map POLICY-TRANSPORT-1
class INTERACTIVE-VIDEO class class-default
bandwidth remaining percent 30 shape average 10 Mbps
random-detect dscp-based service-policy WAN-EDGE-QUUEING
class STREAMING-VIDEO
bandwidth remaining percent 10
random-detect dscp-based
class CALL-SIGNALING
bandwidth remaining percent 4
class NET-CTRL ▪ A shaper will guarantee that traffic will not exceed the contracted rate
bandwidth remaining percent 5 ▪ A nested queuing policy will force queuing to engage at the contracted
class CRITICAL-DATA
bandwidth remaining percent 25 sub-line-rate to prioritise packets prior to shaping
random-detect dscp-based
class SCAVENGER Always On Police
bandwidth remaining percent 1 Policer 1M
class VOICE
priority level 1
police cir percent 10
class class-default
bandwidth remaining percent 25
priority data class-default
random-detect

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 44
Branch QoS Scheduling Hierarchy
Two Levels: Child / Parent
policy-map IWAN-EDGE-QUEUING policy-map POLICY-TRANSPORT-1 interface GigabitEthernet0/0
class INTERACTIVE-VIDEO class class-default bandwidth 10000
bandwidth remaining percent 30 shape average 10 Mbps service-policy output POLICY-TRANSPORT-1
random-detect dscp-based service-policy WAN-EDGE-QUUEING
class STREAMING-VIDEO
bandwidth remaining percent 10
random-detect dscp-based
class CALL-SIGNALING
bandwidth remaining percent 4
class NET-CTRL ▪ A shaper will guarantee that traffic will not exceed the contracted rate
bandwidth remaining percent 5 ▪ A nested queuing policy will force queuing to engage at the contracted
class CRITICAL-DATA
bandwidth remaining percent 25 sub-line-rate to prioritise packets prior to shaping
random-detect dscp-based
class SCAVENGER Always On Police
bandwidth remaining percent 1 Policer 1M
class VOICE
priority level 1
police cir percent 10
class class-default
bandwidth remaining percent 25
priority data class-default
random-detect

Min: 0 GigE Interface with

Max: 10M
Excess: 10
service rate of 10 Mbps
BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 44
Hub Site QoS Scheduling 
Three Levels: Child / Parent / Grandparent

T1
Branch
1.5 Mbps

50 Mbps 50 Mbps
Branch

Hub 20 Mbps 20 Mbps

Branch
BR GE

10 Mbps
10 Mbps
Branch

45 Mbps

T3
Branch

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 45
Hub Site QoS Scheduling 
Three Levels: Child / Parent / Grandparent

T1
Branch
1.5 Mbps
Shape for
Service Rate
50 Mbps 50 Mbps
Branch

Hub 100 Mbps 20 Mbps 20 Mbps

Branch
BR GE Service
Rate
10 Mbps
10 Mbps
Branch

45 Mbps

T3
Branch

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 45
Hub Site QoS Scheduling 
Three Levels: Child / Parent / Grandparent
Shape for
Remote Site
Last Mile
T1
Branch
1.5 Mbps
Shape for
Service Rate
50 Mbps 50 Mbps
Branch

Hub 100 Mbps 20 Mbps 20 Mbps

Branch
BR GE Service
Rate
10 Mbps
10 Mbps
Branch

45 Mbps

T3
Branch

Hub 100 Mbps 20 Mbps 20 Mbps

Branch
BR GE Service
Rate
10 Mbps
10 Mbps
Branch
Per Site
Bandwidth Sharing 45 Mbps
Within Tunnel
T3
Branch

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 45
Hub Site QoS Scheduling Hierarchy
Three Levels: Child / Parent / Grandparent

Police Per-SA QoS Site1 – T1 Police Police Per-SA QoS Site N – 10 Mbps
Per-SA QoS Site2 – T3
150K 4.5M 1M

priority data class-default priority data class-default priority data class-default

P1 P1 P1

Child Queuing
Policy on Tunnel
Bandwidth sharing
within tunnel

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 46
Hub Site QoS Scheduling Hierarchy
Three Levels: Child / Parent / Grandparent

Police Per-SA QoS Site1 – T1 Police Police Per-SA QoS Site N – 10 Mbps
Per-SA QoS Site2 – T3
150K 4.5M 1M

priority data class-default priority data class-default priority data class-default

P1 P1 P1

Child Queuing
Policy on Tunnel
Bandwidth sharing
within tunnel

Parent Shaping Shape for remote

Policies on Tunnel site last mile

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 46
Hub Site QoS Scheduling Hierarchy
Three Levels: Child / Parent / Grandparent

Police Per-SA QoS Site1 – T1 Police Police Per-SA QoS Site N – 10 Mbps
Per-SA QoS Site2 – T3
150K 4.5M 1M

priority data class-default priority data class-default priority data class-default

P1 P1 P1

Child Queuing
Policy on Tunnel
Bandwidth sharing
within tunnel

Grandparent Shaping
Parent Shaping Shape for remote Policy on Physical
Policies on Tunnel site last mile
Shape for service rate

To Physical
BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 46
DMVPN Per Tunnel QoS CE
Per-Site Shaping to Avoid Overruns 50 Mbps

CE
50 Mbps
Service Rate
100 Mbps CE
CE
CE 20 Mbps

CE
CE
Shape only 20 Mbps
(100 Mbps)

CE
10 Mbps
CE
CE

10 Mbps

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 47
DMVPN Per Tunnel QoS CE
Per-Site Shaping to Avoid Overruns 50 Mbps

CE
50 Mbps
Service Rate
100 Mbps CE
CE
CE 20 Mbps

CE
CE
Shape only 20 Mbps
(100 Mbps)

CE
10 Mbps
100 Mbps in to DMVPN cloud can easily CE
overrun the lower speed committed rates at CE
spoke sites
10 Mbps

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 47
DMVPN Hub Per Tunnel QoS
Implementing Per-Site Traffic Shaping
policy-map GROUP-50MBPS-POLICY
class class-default
shape average 50 Mbps
bandwidth remaining ratio 50
service-policy IWAN-EDGE-QUEUING

policy-map GROUP-20MBPS-POLICY
service-policy WAN
class class-default
shape average 20 Mbps
bandwidth remaining ratio 20
service-policy IWAN-EDGE-QUEUING
policy-map GROUP-10MBPS-POLICY
class class-default
shape average 10 Mbps
bandwidth remaining ratio 10
service-policy IWAN-EDGE-QUEUING

Separate parent shaper policies for

each remote-site bandwidth

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 48
DMVPN Hub Per Tunnel QoS
Implementing Per-Site Traffic Shaping
policy-map GROUP-50MBPS-POLICY
class class-default
shape average 50 Mbps
bandwidth remaining ratio 50
service-policy IWAN-EDGE-QUEUING

Separate parent shaper policies for

each remote-site bandwidth
policy-map TRANSPORT-1-SHAPE-ONLY
class class-default
shape average 100 Mbps
!
interface GigabitEthernet0/0/3
bandwidth 100000
service-policy output TRANSPORT-1-SHAPE-ONLY

interface Tunnel10
bandwidth 100000
nhrp map group GROUP-10MBPS service-policy output GROUP-10MBPS-POLICY
nhrp map group GROUP-20MBPS service-policy output GROUP-20MBPS-POLICY
nhrp map group GROUP-50MBPS service-policy output GROUP-50MBPS-POLICY

List all available policies as map groups on hub tunnel interface

Separate parent shaper policies for

each remote-site bandwidth
policy-map TRANSPORT-1-SHAPE-ONLY
class class-default
shape average 100 Mbps
!
interface GigabitEthernet0/0/3
bandwidth 100000
service-policy output TRANSPORT-1-SHAPE-ONLY

List all available policies as map groups on hub tunnel interface

Add a class-default shape-only policy on the hub physical interface
for the service rate
BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 48
DMVPN Hub Per Tunnel QoS
Implementing Per-Site Traffic Shaping
policy-map GROUP-50MBPS-POLICY
class class-default
shape average 50 Mbps
bandwidth remaining ratio 50
service-policy IWAN-EDGE-QUEUING

policy-map GROUP-20MBPS-POLICY
service-policy WAN
class class-default
shape average 20 Mbps
bandwidth remaining ratio 20
service-policy IWAN-EDGE-QUEUING
Bandwidth remaining
policy-map GROUP-10MBPS-POLICY
class class-default ratio provides
shape average 10 Mbps
bandwidth remaining ratio 10 proportional sharing
service-policy IWAN-EDGE-QUEUING
between tunnels
Separate parent shaper policies for
each remote-site bandwidth
policy-map TRANSPORT-1-SHAPE-ONLY
class class-default
shape average 100 Mbps
!
interface GigabitEthernet0/0/3
bandwidth 100000
service-policy output TRANSPORT-1-SHAPE-ONLY

List all available policies as map groups on hub tunnel interface

Add a class-default shape-only policy on the hub physical interface
for the service rate
BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 48
Remote Site Tunnel Configurations
DMVPN Hub Per Tunnel QoS interface GigabitEthernet0/0
bandwidth 100000
service-policy output POLICY-TRANSPORT-1

Implementing Per-Site Traffic Shaping 10 Mbps spoke !

interface Tunnel10
bandwidth 10000

policy-map GROUP-50MBPS-POLICY
Signal from the nhrp group GROUP-10MBPS
tunnel source GigabitEthernet0/0
class class-default
shape average 50 Mbps
spoke to the hub to tunnel vrf IWAN-TRANSPORT-1

bandwidth remaining ratio 50

service-policy IWAN-EDGE-QUEUING
use the correct interface GigabitEthernet0/0
bandwidth 20000
policy for each service-policy output POLICY-TRANSPORT-1
policy-map GROUP-20MBPS-POLICY
service-policy WAN 20 Mbps spoke !
class class-default
shape average 20 Mbps
remote site interface Tunnel10
bandwidth 20000
bandwidth remaining ratio 20 nhrp group GROUP-20MBPS
service-policy IWAN-EDGE-QUEUING tunnel source GigabitEthernet0/0
Bandwidth remaining tunnel vrf IWAN-TRANSPORT-1
policy-map GROUP-10MBPS-POLICY
class class-default ratio provides interface GigabitEthernet0/0
shape average 10 Mbps
bandwidth remaining ratio 10 proportional sharing bandwidth 50000
service-policy output POLICY-TRANSPORT-1
service-policy IWAN-EDGE-QUEUING
between tunnels 50 Mbps spoke !
interface Tunnel10
Separate parent shaper policies for bandwidth 50000
nhrp group GROUP-50MBPS
each remote-site bandwidth tunnel source GigabitEthernet0/0
tunnel vrf IWAN-TRANSPORT-1
policy-map TRANSPORT-1-SHAPE-ONLY
class class-default
shape average 100 Mbps
!
interface GigabitEthernet0/0/3
bandwidth 100000
service-policy output TRANSPORT-1-SHAPE-ONLY

List all available policies as map groups on hub tunnel interface

Implementing Per-Site Traffic Shaping 10 Mbps spoke !

interface Tunnel10
bandwidth 10000

policy-map GROUP-50MBPS-POLICY
Signal from the nhrp group GROUP-10MBPS
tunnel source GigabitEthernet0/0
class class-default
shape average 50 Mbps
spoke to the hub to tunnel vrf IWAN-TRANSPORT-1

bandwidth remaining ratio 50

List all available policies as map groups on hub tunnel interface

Implementing Per-Site Traffic Shaping 10 Mbps spoke !

interface Tunnel10
bandwidth 10000

policy-map GROUP-50MBPS-POLICY
Signal from the nhrp group GROUP-10MBPS
tunnel source GigabitEthernet0/0
class class-default
shape average 50 Mbps
spoke to the hub to tunnel vrf IWAN-TRANSPORT-1

bandwidth remaining ratio 50

service-policy IWAN-EDGE-QUEUING
use the correct interface GigabitEthernet0/0
bandwidth 20000
policy for each service-policy output POLICY-TRANSPORT-1
policy-map GROUP-20MBPS-POLICY
service-policy WAN 20 Mbps spoke !
class class-default
shape average 20 Mbps
remote site interface Tunnel10
bandwidth 20000
bandwidth remaining ratio 20 nhrp group GROUP-20MBPS
service-policy IWAN-EDGE-QUEUING tunnel source GigabitEthernet0/0
Bandwidth remaining tunnel vrf IWAN-TRANSPORT-1
policy-map GROUP-10MBPS-POLICY
class class-default ratio provides interface GigabitEthernet0/0
shape average 10 Mbps
bandwidth remaining ratio 10 proportional sharing bandwidth 50000
service-policy output POLICY-TRANSPORT-1
service-policy IWAN-EDGE-QUEUING
between tunnels 50 Mbps spoke !
interface Tunnel10
Separate parent shaper policies for bandwidth 50000
nhrp group GROUP-50MBPS
each remote-site bandwidth tunnel source GigabitEthernet0/0
tunnel vrf IWAN-TRANSPORT-1
policy-map TRANSPORT-1-SHAPE-ONLY
class class-default
shape average 100 Mbps Per-Tunnel shapers
!
interface GigabitEthernet0/0/3
bandwidth 100000 50 Mbps BRR=50
Service rate
service-policy output TRANSPORT-1-SHAPE-ONLY
50 Mbps BRR=50 shaper
interface Tunnel10
bandwidth 100000
nhrp map group GROUP-10MBPS service-policy output GROUP-10MBPS-POLICY 20 Mbps BRR=20
Shape
nhrp map group GROUP-20MBPS service-policy output GROUP-20MBPS-POLICY
(100 Mbps)
nhrp map group GROUP-50MBPS service-policy output GROUP-50MBPS-POLICY 20 Mbps BRR=20

10 Mbps BRR=10
List all available policies as map groups on hub tunnel interface
10 Mbps BRR=10
Add a class-default shape-only policy on the hub physical interface
for the service rate
BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 48
Enterprise to Service-Provider QoS
Mapping

49
Enterprise to SP Mapping 
Example: 4-Class SP Model
Application DSCP 4-Class Model

Internetwork Control CS6 EF SP-VOICE

VoIP EF

Broadcast Video CS5 ! AF31

Multimedia Conferencing AF41 ! AF31

AF31 SP-CLASS1DATA
Real-Time Interactive CS4 ! AF31 (UDP)

Multimedia Streaming AF31

Signalling CS3 ! AF21

Transactional Data AF21 SP-CLASS2DATA

AF21
(TCP)
Network Management CS2 ! AF21

Bulk Data AF11 ! AF21

Scavenger CS1 DF
SP-DEFAULT
Best Effort DF

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 50
Enterprise to SP Mapping 
Example: 4-Class SP Model
CS6 Sent
Application DSCP Unchanged 4-Class Model

Internetwork Control CS6 EF SP-VOICE

VoIP EF

Broadcast Video CS5 ! AF31

Multimedia Conferencing AF41 ! AF31

AF31 SP-CLASS1DATA
Real-Time Interactive CS4 ! AF31 (UDP)

Multimedia Streaming AF31

Signalling CS3 ! AF21

Transactional Data AF21 SP-CLASS2DATA

AF21
(TCP)
Network Management CS2 ! AF21

Bulk Data AF11 ! AF21

Scavenger CS1 DF
SP-DEFAULT
Best Effort DF

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 50
4-Class SP QoS Model Configuration 
Tunnel Interface  
IWAN Hub BR

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 51
4-Class SP QoS Model Configuration 
Tunnel Interface  
policy-map IWAN-EDGE-QUEUING
IWAN Hub BR class INTERACTIVE-VIDEO
bandwidth remaining percent 30
random-detect dscp-based
set dscp tunnel af31 Hub Router:
class STREAMING-VIDEO policy-map GROUP-10MBPS-POLICY
bandwidth remaining percent 10 class class-default
random-detect dscp-based shape average 10 Mbps
set dscp tunnel af31 bandwidth remaining ratio 10
class NET-CTRL-MGMT service-policy IWAN-EDGE-QUEUING
bandwidth remaining percent 5
set dscp tunnel cs6
class CALL-SIGNALING
bandwidth remaining percent 4
set dscp tunnel af21
class CRITICAL-DATA
bandwidth remaining percent 25
random-detect dscp-based
set dscp tunnel af21
class SCAVENGER
bandwidth remaining percent 1
set dscp tunnel default
class VOICE
priority level 1
police cir percent 10
set dscp tunnel ef
class class-default
bandwidth remaining percent 25
random-detect
set dscp tunnel default

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 51
4-Class SP QoS Model Configuration 
Tunnel Interface  
policy-map IWAN-EDGE-QUEUING
IWAN Hub BR class INTERACTIVE-VIDEO
bandwidth remaining percent 30
random-detect dscp-based
set dscp tunnel af31 Hub Router:
class STREAMING-VIDEO policy-map GROUP-10MBPS-POLICY
bandwidth remaining percent 10 class class-default
random-detect dscp-based shape average 10 Mbps
set dscp tunnel af31 bandwidth remaining ratio 10
class NET-CTRL-MGMT service-policy IWAN-EDGE-QUEUING
bandwidth remaining percent 5
set dscp tunnel cs6
class CALL-SIGNALING interface Tunnel10
bandwidth remaining percent 4 bandwidth <service-rate>
nhrp map group GROUP-10MBPS service-policy
set dscp tunnel af21 output GROUP-10MBPS-POLICY
class CRITICAL-DATA
bandwidth remaining percent 25
random-detect dscp-based
set dscp tunnel af21
class SCAVENGER
bandwidth remaining percent 1
set dscp tunnel default
class VOICE
priority level 1
police cir percent 10
set dscp tunnel ef
class class-default
bandwidth remaining percent 25
random-detect
set dscp tunnel default

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 51
4-Class SP QoS Model Configuration 
Tunnel Interface  
policy-map IWAN-EDGE-QUEUING
IWAN Hub BR class INTERACTIVE-VIDEO
bandwidth remaining percent 30
random-detect dscp-based
set dscp tunnel af31 Hub Router:
class STREAMING-VIDEO policy-map GROUP-10MBPS-POLICY
bandwidth remaining percent 10 class class-default
random-detect dscp-based shape average 10 Mbps
set dscp tunnel af31 bandwidth remaining ratio 10
class NET-CTRL-MGMT service-policy IWAN-EDGE-QUEUING
bandwidth remaining percent 5
set dscp tunnel cs6
class CALL-SIGNALING interface Tunnel10
bandwidth remaining percent 4 bandwidth <service-rate>
nhrp map group GROUP-10MBPS service-policy
set dscp tunnel af21 output GROUP-10MBPS-POLICY
class CRITICAL-DATA
bandwidth remaining percent 25
random-detect dscp-based
set dscp tunnel af21
class SCAVENGER Branch Router:
bandwidth remaining percent 1 interface GigabitEthernet0/0
set dscp tunnel default bandwidth 10000
class VOICE service-policy output POLICY-TRANSPORT-1
priority level 1 !
police cir percent 10 interface Tunnel10
set dscp tunnel ef bandwidth 10000
class class-default nhrp group GROUP-10MBPS
tunnel source GigabitEthernet0/0
bandwidth remaining percent 25 tunnel vrf IWAN-TRANSPORT-1
random-detect
set dscp tunnel default

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 51
4-Class SP QoS Model Configuration 
Physical Interface  
IWAN Branch

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 52
4-Class SP QoS Model Configuration 
Physical Interface   policy-map IWAN-EDGE-QUEUING
IWAN Branch class INTERACTIVE-VIDEO
bandwidth remaining percent 30
random-detect dscp-based
set dscp af31
class STREAMING-VIDEO
bandwidth remaining percent 10
random-detect dscp-based
set dscp af31
class NET-CTRL-MGMT
bandwidth remaining percent 5
set dscp cs6
class CALL-SIGNALING
bandwidth remaining percent 4
set dscp af21
class CRITICAL-DATA
bandwidth remaining percent 25
random-detect dscp-based
set dscp af21
class SCAVENGER
bandwidth remaining percent 1
set dscp default
class VOICE
priority level 1
police cir percent 10
set dscp ef
class class-default
bandwidth remaining percent 25
random-detect
set dscp default

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 52
4-Class SP QoS Model Configuration 
Physical Interface   policy-map IWAN-EDGE-QUEUING
IWAN Branch class INTERACTIVE-VIDEO
bandwidth remaining percent 30
random-detect dscp-based
set dscp af31
class STREAMING-VIDEO
bandwidth remaining percent 10
random-detect dscp-based Branch Router:
set dscp af31
class NET-CTRL-MGMT policy-map POLICY-TRANSPORT-1
bandwidth remaining percent 5 class class-default
set dscp cs6 shape average 10 Mbps
service-policy WAN-EDGE-QUEUING
class CALL-SIGNALING
bandwidth remaining percent 4
set dscp af21
class CRITICAL-DATA
bandwidth remaining percent 25
random-detect dscp-based
set dscp af21
class SCAVENGER
bandwidth remaining percent 1
set dscp default
class VOICE
priority level 1
police cir percent 10
set dscp ef
class class-default
bandwidth remaining percent 25
random-detect
set dscp default

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 52
4-Class SP QoS Model Configuration 
Physical Interface   policy-map IWAN-EDGE-QUEUING
IWAN Branch class INTERACTIVE-VIDEO
bandwidth remaining percent 30
random-detect dscp-based
set dscp af31
class STREAMING-VIDEO
bandwidth remaining percent 10
random-detect dscp-based Branch Router:
set dscp af31
class NET-CTRL-MGMT policy-map POLICY-TRANSPORT-1
bandwidth remaining percent 5 class class-default
set dscp cs6 shape average 10 Mbps
service-policy WAN-EDGE-QUEUING
class CALL-SIGNALING
bandwidth remaining percent 4
set dscp af21
class CRITICAL-DATA interface GigabitEthernet0/0
bandwidth 10000
bandwidth remaining percent 25 service-policy output POLICY-TRANSPORT-1
random-detect dscp-based
set dscp af21
class SCAVENGER
bandwidth remaining percent 1
set dscp default
class VOICE
priority level 1
police cir percent 10
set dscp ef
class class-default
bandwidth remaining percent 25
random-detect
set dscp default

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 52
WAN / IWAN QoS Design 
Key Takeaways

IWAN Considerations Egress WAN Queuing

Ingress LAN Marking QoS and App Control
Design Issues NBAR2 QoS Attributes
WAN Queuing
Aggregate Priority Load Sub-Line Rate Interfaces
Traffic-Class
Latency for Low Speed DMVPN Per Tunnel QoS
Business-Relevance
IPSec Anti-Replay Enterprise to SP Mapping

IWAN CVD:
https://www.cisco.com/c/dam/en/us/td/docs/solutions/CVD/Sep2017/CVD-IWANDeployment-SEP17.pdf

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 53
IWAN QoS Design: At-A-Glance

https://cisco.box.com/v/QoS-AAGs
BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 54
Agenda
• Introduction to Strategic QoS Design
• WAN / IWAN QoS Design
• Campus QoS Design
• WLAN QoS Design
• Automating and Assuring QoS
• Summary and References
• Appendices

55
Campus QoS
Design

56
The Case for Campus QoS

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 57
The Case for Campus QoS

• The primary role of QoS in campus networks is to manage packet loss

• In campus networks, it takes only a few milliseconds of congestion to cause drops
• Rich media applications are extremely sensitive to packet drops
• Queuing policies at every node can prevent packet loss for real-time apps

• The secondary role of QoS in campus networks is to condition traffic at the access
edge, which can include any/all of the following:
• Trust
• Classify and Mark
• Police

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 57
Why Is Video So Sensitive to Packet Loss?
1920 lines of Vertical Resolution (Widescreen Aspect Ratio is 16:9)

1080p60
1080 lines of Horizontal Resolution
1080 x 1920 lines =

2,073,600 pixels per frame

x 24 bits of colour per pixel

x 60 frames per second

= 2,985,984,000 bps

or 3 Gbps Uncompressed!

Cisco (H.264/H.265) codecs transmit 3-5 Mbps per 1080p60 video stream
which represents over 99.8% compression (~ 1000:1)
Packet loss is proportionally magnified by compression ratios
Users can notice a single packet lost in 10,000—
Making HD Video One Hundred Times More Sensitive to Packet Loss than VoIP!
BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 58
VoIP vs. HD Video—At the Packet Level
Voice Packets Video Packets

1400 1400
Frame Frame Frame

1000 1000

Bytes
Audio
600 Samples 600

200 200

20 msec 33 msec

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 59
Campus QoS Design Considerations
How Long Can Queue-Buffers Accommodate Line-Rate Bursts?

140 Gbps Line Rate GE Linecard Example (WS-X6148)

105 Total Per-Port Buffer: 5.4 MB
KBytes Per ms

70 Total Per-Queue Buffer*: 1.35 MB

35 Gbps Line Rate: 1 Gbps = 125 MB/s

or 125 KB/ms
0
10 70 130 190 250 310 370 430 490 550 610 670 730 790 850 910 970 Total Per-Queue Buffering Capacity: 10.8 ms

msec

*Assuming (4) equal-sized queues

1 second
BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 60
Campus QoS Design Considerations
How Long Can Queue-Buffers Accommodate Line-Rate Bursts?
Begin dropping at 11 ms
but overall utilisation is only 1%!

140 Gbps Line Rate GE Linecard Example (WS-X6148)

105 Total Per-Port Buffer: 5.4 MB
KBytes Per ms

70 Total Per-Queue Buffer*: 1.35 MB

35 Gbps Line Rate: 1 Gbps = 125 MB/s

or 125 KB/ms
0
10 70 130 190 250 310 370 430 490 550 610 670 730 790 850 910 970 Total Per-Queue Buffering Capacity: 10.8 ms

msec

*Assuming (4) equal-sized queues

1 second
BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 60
Campus QoS Design Considerations
How Long Can Queue-Buffers Accommodate Line-Rate Bursts

1400
10 Gbps Line Rate 10 GE Linecard Example (WS-X6908)
1050 Total Per-Port Buffer: 90 MB
KBytes Per ms

700 Total Per-Queue Buffer*: 11.25 MB

350 Gbps Line Rate: 10 Gbps = 1.25 GB/s

or 1250 KB/ms
0
10 70 130 190 250 310 370 430 490 550 610 670 730 790 850 910 970 Total Per-Queue Buffering Capacity: 9.0 ms

msec

*Assuming (8) equal-sized queues

1 second
BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 61
Campus QoS Design Considerations
How Long Can Queue-Buffers Accommodate Line-Rate Bursts
Begin dropping at 9 ms
but overall utilisation is still only 1%!

1400
10 Gbps Line Rate 10 GE Linecard Example (WS-X6908)
1050 Total Per-Port Buffer: 90 MB
KBytes Per ms

700 Total Per-Queue Buffer*: 11.25 MB

350 Gbps Line Rate: 10 Gbps = 1.25 GB/s

or 1250 KB/ms
0
10 70 130 190 250 310 370 430 490 550 610 670 730 790 850 910 970 Total Per-Queue Buffering Capacity: 9.0 ms

msec

*Assuming (8) equal-sized queues

1 second
BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 61
 
Congestion at the Access Layer of the Campus

GE Link

10GE Link

40GE Link

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 62
 
Congestion at the Access Layer of the Campus

GE Link

10GE Link

40GE Link

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 62
Congestion at the Access Layer of the Campus

GE Link

10GE Link

40GE Link

x 11

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 63
Congestion at the Access Layer of the Campus

GE Link

10GE Link

40GE Link

x 11

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 63
Congestion at the Distribution Layer of the Campus

GE Link

10GE Link

40GE Link

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 64
Congestion at the Distribution Layer of the Campus

GE Link

10GE Link

40GE Link

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 64
Congestion at the Core Layer of the Campus

GE Link

10GE Link

40GE Link

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 65
Congestion at the Core Layer of the Campus

GE Link

10GE Link

40GE Link

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 65
Know Your Tools
• Catalyst switch hardware
• Software and Syntax
• Global Default QoS Settings
• Trust States and Conditional Trust
• Logical vs. Physical Interface QoS
• Ingress and Egress Queuing Models

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 66
Catalyst Hardware Queuing
1P3Q1T Example

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 67
Catalyst Hardware Queuing
1P3Q1T Example

1 Priority Queue

1P BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 67
Catalyst Hardware Queuing
1P3Q1T Example

1 Priority Queue

3 Non-Priority
Queues

1P3Q BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 67
Catalyst Hardware Queuing
1P3Q1T Example

Each queue has 1 Drop Threshold

(the tail of the queue) 1 Priority Queue

3 Non-Priority
Queues

1P3Q 1T
BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 67
Catalyst Hardware Queuing
1P3Q1T Example

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 68
Catalyst Hardware Queuing
1P3Q1T Example

Interrupt
Scheduling

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 68
Catalyst Hardware Queuing
1P3Q1T Example

Resume
Scheduling

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 68
Weighted Tail Drop (WTD) Operation
3T WTD Example

Tail of Front of
Queue Queue
Packet
Flow
Direction

Red Minimum WTD Threshold 1:

Begin tail dropping red packets

Yellow Minimum WTD Threshold 2:

Begin tail dropping yellow packets

Tail of Queue is WTD Threshold 3

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 69
Weighted Tail Drop (WTD) Operation
3T WTD Example

Tail of Front of
Queue Queue
Packet
Flow
Direction

Red Minimum WTD Threshold 1:

Begin tail dropping red packets

Yellow Minimum WTD Threshold 2:

Begin tail dropping yellow packets

Tail of Queue is WTD Threshold 3

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 69
Weighted Tail Drop (WTD) Operation
3T WTD Example

Tail of Front of
Queue Queue
Packet
Flow
Direction

Red Minimum WTD Threshold 1:

Begin tail dropping red packets

Yellow Minimum WTD Threshold 2:

Begin tail dropping yellow packets

Tail of Queue is WTD Threshold 3

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 69
Weighted Tail Drop (WTD) Operation
3T WTD Example

Tail of Front of
Queue Queue
Packet
Flow
Direction

Red Minimum WTD Threshold 1:

Begin tail dropping red packets

Yellow Minimum WTD Threshold 2:

Begin tail dropping yellow packets

Tail of Queue is WTD Threshold 3

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 69
Weighted Random Early Detect (WRED) Operation
4T WTD Example

Tail of Front of
Queue Queue
Packet
Flow
Direction

AF13 Minimum WRED Threshold:

Begin randomly dropping AF13
Packets

AF12 Minimum WRED Threshold:

Begin randomly dropping AF12 Packets

AF11 Minimum WRED Threshold:

Begin randomly dropping AF11 Packets

Maximum WRED Thresholds for AF11, AF12 and AF13

are set to the tail of the queue in this example

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 70
Software and Syntax Variations

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 71
Software and Syntax Variations
• Catalyst 2960-X / 3560 / 3750 are the last platforms to use Multilayer Switch QoS (MLS QoS)
• QoS is disabled by default and must be globally enabled with mls qos command
• Once enabled, all ports are set to an untrusted port-state

• Catalyst 3650/3850 and 4500 use IOS Modular QoS Command Line Interface (MQC)
• QoS is enabled by default
• All ports are trusted at layer 2 and layer 3 by default
• Catalyst 6500/6800 use Cisco Common Classification Policy Language (C3PL) QoS
• QoS is enabled by default (Sup2T) – Disabled by default (Sup720)
• All ports are trusted at layer 2 and layer 3 by default
• C3PL presents queuing policies similar to MQC, but as a defined “type” of policy
• Nexus 7000/7700 use NX-OS QoS
• QoS is enabled by default
• All ports are trusted at layer 2 and layer 3 by default
• NX-OS presents queuing policies similar to MQC, but as a defined “type” and with default class-map names

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 71
Trust Boundaries

The trust boundary is the edge

where Layer 2 (CoS / UP) and/or
Layer 3 (DSCP) markings are
accepted or rejected

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 72
Trust Boundary
Trust Boundaries
Untrusted / User-
Administered Devices
no mls qos trust

The trust boundary is the edge

where Layer 2 (CoS / UP) and/or
Layer 3 (DSCP) markings are
accepted or rejected

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 72
Trust Boundary
Trust Boundaries
Untrusted / User-
Administered Devices
no mls qos trust

Trust Boundary
The trust boundary is the edge
where Layer 2 (CoS / UP) and/or
Layer 3 (DSCP) markings are Trusted Centrally-
Administered Devices
accepted or rejected mls qos trust dscp

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 72
Trust Boundary
Trust Boundaries
Untrusted / User-
Administered Devices
no mls qos trust

Trust Boundary
The trust boundary is the edge
where Layer 2 (CoS / UP) and/or
Layer 3 (DSCP) markings are Trusted Centrally-
Administered Devices
accepted or rejected mls qos trust dscp

Trust Boundary

Centrally-Administered &
Conditionally-Trusted Devices
mls qos trust device
• cisco-phone
• cts
• ip-camera
• media-player

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 72
Policy Enforcement Points (PEPs)

Note: For the sake of simplification, in this deck PEP will refer to
classification and marking policy enforcement points (only)
and will not include other policy enforcement points (e.g. queuing).

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 73
Policy Enforcement Points (PEPs)
• The Policy Enforcement Point (PEP) is the edge where classification and marking policies are enforced
• The PEP may or may not be the same as the trust boundary
• Multiple PEPs may exist for different types of network devices
• e.g. switch PEP vs. router PEP

Note: For the sake of simplification, in this deck PEP will refer to
classification and marking policy enforcement points (only)
Trust Boundary
Switch Router and will not include other policy enforcement points (e.g. queuing).
PEP PEP

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 73
EtherChannel QoS
• EtherChannels are comprised of logical (port-channel) interfaces and physical
(port-member) interfaces
Platform QoS Policies Applied to the QoS Policies Applied to the
(Logical) Port-Channel Interface (Physical) Port-Member Interfaces
Catalyst 2960-X • Classification & Marking (Ingress)
and Queuing (Egress)
Catalyst 3650/3850 • Classification & Marking (Ingress)
and Queuing (Egress)
Catalyst 4500 • Classification & Marking • Queuing (Egress)
(Ingress)
Catalyst 6500 • Classification & Marking • Queuing (Ingress & Egress)
(Ingress)
Cisco Nexus 7000/7700 • Classification & Marking
(Ingress) and Queuing (Ingress
& Egress)

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 74
Campus QoS Design Best Practices
• Always perform QoS in hardware rather than software when a choice exists
• Classify and mark applications as close to their sources as technically and
administratively feasible
• Police unwanted traffic flows as close to their sources as possible
• Enable queuing policies at every node where the potential for congestion exists

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 75
Campus Port QoS Roles

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 76
Campus Port QoS Roles Untrusted Endpoint:
• Port Set to Untrusted State
(or Explicit Policy to Mark to DSCP 0)
• [Optional Ingress Marking and/or Policing]
• [Ingress and] Egress Queuing

Conditionally-Trusted Endpoint
• Conditional-Trust with Trust-CoS or DSCP
• [Optional Ingress Marking and/or Policing]
• [Ingress and] Egress Queuing

Trusted Port
Conditionally-Trusted Endpoint • Trust DSCP
• Conditional-Trust with Trust-CoS or DSCP (Default on all non-MLS QoS platforms)
• [Optional Ingress Marking and/or Policing] • [Ingress and] Egress Queuing
• [Ingress and] Egress Queuing

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 76
Campus QoS Design—At-A-Glance

https://cisco.box.com/v/QoS-AAGs

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 77
Catalyst 3650/3850 
(and 9300/9400/9500) 
QoS Design

78
Catalyst 3650/3850/9300
QoS Roles in the Campus Access

No Trust +
C3650/3850 Egress Queuing
Access
Switch Trust DSCP +
Egress Queuing

Conditional Trust +
Egress Queuing

Classification/Marking +
[Optional Policing] +
Distribution Egress Queuing
Switches

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 79
Catalyst 3650/3850
QoS Design Steps
1. Configure Ingress QoS Model(s):
❑ Trust DSCP Model*
❑ Conditional Trust Models
❑ Service Policy Models

2. Configure Egress Queuing

❑ Wired Queuing Models (2P6Q3T)

*Note: Catalyst 3650/3850 uses IOS MQC, which trusts by default;

therefore no explicit policy is required for DSCP trust

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 80
Catalyst 3650/3850
Conditional Trust Models

Cisco IP Phone Conditional Trust Example

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 81
Catalyst 3650/3850
Conditional Trust Models

Cisco IP Phone Conditional Trust Example

Conditional-Trust Models:
interface GigabitEthernet 1/0/1
trust device cisco-phone [or]
trust device cts [or]
trust device ip-camera [or]
trust device media-player

Only one type of device can be

configured for conditional trust on
an interface at a given time

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 81
Catalyst 3650/3850
Conditional Trust Models
Only match-any is supported (i.e. Conditional-Trust (CiscoConditional
Cisco IP Phone IP Phone) Example:
Trust Example
match-all is not supported)
class-map match-any VOICE
match cos 5
Conditional-Trust Models: class-map match-any SIGNALING
match cos 3
interface GigabitEthernet 1/0/1
 
trust device cisco-phone [or] CoS must be
policy-map CISCO-IPPHONE
trust device cts [or] matched as Cisco
class VOICE
trust device ip-camera [or] IP Phones only
set dscp ef
trust device media-player remark at Layer 2
class SIGNALING
set dscp cs3
class class-default
set dscp default

Only one type of device can be

configured for conditional trust on
an interface at a given time

Only one type of device can be

configured for conditional trust on interface GigabitEthernet 1/0/1
an interface at a given time trust device cisco-phone
service-policy input CISCO-IPPHONE

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 81
Catalyst 3650/3850
Classification Options

• ACL-based classification: match access-group ACL_NAME

• Syntax is identical to Catalyst 2K ACL-based classification & marking examples

• NBAR2 classification (as of IOS XE 16.3): match protocol APPLICATION

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 82
NBAR in Hardware—Yesterday
• Cisco Catalyst 6500 Sup32 Programmable Intelligent Services Accelerator
(PISA)—Jan 2007

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 83
NBAR in Hardware—Yesterday
• Cisco Catalyst 6500 Sup32 Programmable Intelligent Services Accelerator
(PISA)—Jan 2007
• Supported 90+ protocols

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 83
NBAR2 in Hardware—Today
• UADP-based platforms:
• Catalyst 3650
• Catalyst 3850
• Catalyst 9000-series (UADP 2.0)

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 84
NBAR2 in Hardware—Today
• UADP-based platforms:
• Catalyst 3650
• Catalyst 3850
• Catalyst 9000-series (UADP 2.0)

• Supports 1400+ protocols 1400% increase

• Maximum Throughput (Catalyst 3850 / 3650):
• ~500 connections per second
• Up to 5,000 bi-directional flows (24 access ports)
• Up to 10,000 bi-directional flows (48 access ports)

• Supports 1400+ protocols 1400% increase

• Maximum Throughput (Catalyst 3850 / 3650):
• ~500 connections per second
• Up to 5,000 bi-directional flows (24 access ports)
• Up to 10,000 bi-directional flows (48 access ports)

• MSRP (beginning at) ~$3K 90% decrease

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 84
Catalyst 3650/3850 IOS XE 16.3
Configuring NBAR2 QoS Policies policy-map NBAR-MARKING
class-map match-any VOICE class VOICE
match protocol cisco-phone set dscp ef
match protocol cisco-jabber-audio class BROADCAST-VIDEO
match protocol ms-lync-audio set dscp cs5
match protocol citrix-audio class REAL-TIME-INTERACTIVE
class-map match-any BROADCAST-VIDEO set dscp cs4
match protocol cisco-ip-camera class CALL-SIGNALING
class-map match-any REAL-TIME-INTERACTIVE set dscp cs3
match protocol telepresence-media class TRANSACTIONAL-DATA
class-map match-any CALL-SIGNALING set dscp af21
match protocol skinny class BULK-DATA
match protocol telepresence-control set dscp af11
class-map match-any TRANSACTIONAL-DATA class SCAVENGER
match protocol citrix set dscp cs1
match protocol sap class class-default
class-map match-any BULK-DATA set dscp default
match protocol attribute category email
match protocol attribute category file-sharing
match protocol attribute sub-category backup-systems
class-map match-any SCAVENGER
match protocol attribute category gaming
match protocol attribute application-group skype-group
BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 85
match protocol enables NBAR2 classification
Catalyst 3650/3850 IOS XE 16.3 Note: Up to 16 match protocol statements are
supported per class-map
Configuring NBAR2 QoS Policies policy-map NBAR-MARKING
class-map match-any VOICE class VOICE
match protocol cisco-phone set dscp ef
match protocol cisco-jabber-audio class BROADCAST-VIDEO
match protocol ms-lync-audio set dscp cs5
match protocol citrix-audio class REAL-TIME-INTERACTIVE
class-map match-any BROADCAST-VIDEO set dscp cs4
match protocol cisco-ip-camera class CALL-SIGNALING
class-map match-any REAL-TIME-INTERACTIVE set dscp cs3
match protocol telepresence-media class TRANSACTIONAL-DATA
class-map match-any CALL-SIGNALING set dscp af21
match protocol skinny class BULK-DATA
match protocol telepresence-control set dscp af11
class-map match-any TRANSACTIONAL-DATA class SCAVENGER
match protocol citrix set dscp cs1
match protocol sap class class-default
class-map match-any BULK-DATA set dscp default
match protocol attribute category email
match protocol attribute category file-sharing
match protocol attribute sub-category backup-systems Note: Multiple application protocols can be
class-map match-any SCAVENGER identified using attributes, including:
match protocol attribute category gaming • category
match protocol attribute application-group skype-group • sub-category
• application-group More to come!
BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 85
Catalyst 3650/3850/9300/9400/8500  IOS XE 16.8—March 2018
NBAR2 QoS Attributes Support
class-map match-all VOICE policy-map MARKING
match protocol attribute traffic-class voip-telephony class VOICE
match protocol attribute business-relevance business-relevant set dscp ef
class-map match-all BROADCAST-VIDEO class BROADCAST-VIDEO
match protocol attribute traffic-class broadcast-video set dscp cs5
match protocol attribute business-relevance business-relevant class REAL-TIME-INTERACTIVE
class-map match-all REAL-TIME-INTERACTIVE set dscp cs4
match protocol attribute traffic-class real-time-interactive class MULTIMEDIA-CONFERENCING
match protocol attribute business-relevance business-relevant set dscp af41
class-map match-all MULTIMEDIA-CONFERENCING class MULTIMEDIA-STREAMING
match protocol attribute traffic-class multimedia-conferencing set dscp af31
match protocol attribute business-relevance business-relevant class SIGNALING
class-map match-all MULTIMEDIA-STREAMING set dscp cs3
match protocol attribute traffic-class multimedia-streaming
class NETWORK-CONTROL
match protocol attribute business-relevance business-relevant
set dscp cs6
class-map match-all SIGNALING
match protocol attribute traffic-class signaling class NETWORK-MANAGEMENT
match protocol attribute business-relevance business-relevant set dscp cs2
class-map match-all NETWORK-CONTROL class TRANSACTIONAL-DATA
match protocol attribute traffic-class network-control set dscp af21
match protocol attribute business-relevance business-relevant class BULK-DATA
class-map match-all NETWORK-MANAGEMENT set dscp af11
match protocol attribute traffic-class ops-admin-mgmt class SCAVENGER
match protocol attribute business-relevance business-relevant set dscp cs1
class-map match-all TRANSACTIONAL-DATA class class-default
match protocol attribute traffic-class transactional-data set dscp default
match protocol attribute business-relevance business-relevant
class-map match-all BULK-DATA
match protocol attribute traffic-class bulk-data
match protocol attribute business-relevance business-relevant
class-map match-all SCAVENGER
match protocol attribute business-relevance business-irrelevant 86

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Catalyst 3650/3850
Marking & Policing Policy Example

table-map TABLE-MAP
map from 0 to 8
map from 10 to 8
map from 18 to 8

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 87
All markdown and/or
Catalyst 3650/3850 mapping operations
are configured through
Marking & Policing Policy Example table-maps

table-map TABLE-MAP
map from 0 to 8
map from 10 to 8
map from 18 to 8

policy-map MARKING&POLICING
class VVLAN-VOIP
set dscp ef table-map TABLE-MAP
police 128k map from 0 to 8
conform-action transmit map from 10 to 8
exceed-action drop map from 18 to 8
class VVLAN-SIGNALING
set dscp cs3
police 32k
conform-action transmit
exceed-action drop
class MULTIMEDIA-CONFERENCING
set dscp af41
police 5m
conform-action transmit
exceed-action drop
class SIGNALING
set dscp cs3
police 32k
conform-action transmit
exceed-action drop
…
Policers can may be set to either remark or drop excess
BRKCRS-2501 traffic
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 87
All markdown and/or
Catalyst 3650/3850 mapping operations
are configured through
Marking & Policing Policy Example table-maps

policy-map MARKING&POLICING …[continued]

class VVLAN-VOIP class TRANSACTIONAL-DATA
set dscp ef set dscp af21 table-map TABLE-MAP
police 128k police 10m map from 0 to 8
conform-action transmit conform-action transmit map from 10 to 8
exceed-action drop exceed-action TABLE-MAP map from 18 to 8
class VVLAN-SIGNALING class BULK-DATA
set dscp cs3 set dscp af11
police 32k police 10m
conform-action transmit conform-action transmit
exceed-action drop exceed-action TABLE-MAP
class MULTIMEDIA-CONFERENCING class SCAVENGER
set dscp af41 set dscp cs1
police 5m police 10m Policing to remark traffic is
conform-action transmit conform-action transmit done by referencing the
exceed-action drop exceed-action drop previously-configured
class SIGNALING class class-default table-map
set dscp cs3 set dscp default
police 32k police 10m
conform-action transmit conform-action transmit
exceed-action drop exceed-action TABLE-MAP
…
Policers can may be set to either remark or drop excess
BRKCRS-2501 traffic
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 87
All markdown and/or
Catalyst 3650/3850 mapping operations
are configured through
Marking & Policing Policy Example table-maps

policy-map MARKING&POLICING …[continued]

2P6Q3T Example
PQ2

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 88
Catalyst Hardware Queuing PQ1

2P6Q3T Example
PQ2

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 88
Catalyst Hardware Queuing PQ1

2P6Q3T Example
PQ2

Interrupt
Scheduling

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 88
Catalyst Hardware Queuing PQ1

2P6Q3T Example
PQ2

Interrupt
Scheduling
Interrupt
Scheduling

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 88
Catalyst Hardware Queuing PQ1

2P6Q3T Example
PQ2

Interrupt
Scheduling
Interrupt
Scheduling

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 88
Catalyst 3650/3850
2P6Q3T with Weighted Tail Drop (WTD) Wired Port Egress Queuing Model

Application DSCP 2P6Q3T

Network Control (CS7) EF PQ Level 1 (10%)
Internetwork Control CS6 CS4 & CS5
PQ Level 2 (33%)
VoIP EF AF4
CS7 & CS6 Q6
Broadcast Video CS5
CS3 & CS2 (BWR 12%)
Multimedia Conferencing AF4
AF3 Q4
Realtime Interactive CS4 (BWR 18% + DSCP-Based WTD)
Multimedia Streaming AF3 Q3
AF2
Signalling CS3 (BWR 18% + DSCP-Based WTD)
Transactional Data AF2 AF1 Q2
(BWR 7% + DSCP-Based WTD)
Network Management CS2
CS1 Q2 (BWR 1%)
Bulk Data AF1
Scavenger CS1 Q1
Best Effort DF DF (BWR 44%)

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 89
Catalyst 3650/3850
2P6Q3T with Weighted Tail Drop (WTD) Wired Port Egress Queuing Model

Application DSCP 2P6Q3T

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 89
Catalyst 3650/3850
2P6Q3T with Weighted Tail Drop (WTD) Wired Port Egress Queuing Model

Application DSCP 2P6Q3T

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 89
Catalyst 3650/3850
2P6Q3T with Weighted Tail Drop (WTD) Wired Port Egress Queuing Model

Application DSCP 2P6Q3T

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 89
Catalyst 3650/3850
2P6Q3T with Weighted Tail Drop (WTD) Wired Port Egress Queuing Model

Application DSCP 2P6Q3T

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 89
Catalyst 3650/3850
2P6Q3T with Weighted Tail Drop (WTD) Wired Port Egress Queuing Model

Application DSCP 2P6Q3T

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 89
Catalyst 3650/3850
2P6Q3T with Weighted Tail Drop (WTD) Wired Port Egress Queuing Model

Application DSCP 2P6Q3T

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 89
Catalyst 3650/3850
2P6Q3T with Weighted Tail Drop (WTD) Wired Port Egress Queuing Model

Application DSCP 2P6Q3T

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 89
Catalyst 3650/3850
2P6Q3T with Weighted Tail Drop (WTD) Wired Port Egress Queuing Model

Application DSCP 2P6Q3T

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 89
Catalyst 3650/3850
2P6Q3T+WTD Wired Port Egress Queuing Config – Part 1of 2

class-map match-any VOICE-PQ1

match dscp ef
class-map match-any VIDEO-PQ2
match dscp cs4 cs5
match dscp af41 af42 af43
class-map match-any CONTROL-MGMT-QUEUE
match dscp cs7 cs6 cs3 cs2
class-map match-any MULTIMEDIA-STREAMING-QUEUE
match dscp af31 af32 af33
class-map match-any TRANSACTIONAL-DATA-QUEUE
match dscp af21 af22 af23
class-map match-any BULK-DATA-QUEUE
match dscp af11 af12 af13
class-map match-any SCAVENGER-QUEUE
match dscp cs1

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 90
Catalyst 3650/3850
2P6Q3T+WTD Wired Port Egress Queuing Config – Part 2 of 2
policy-map 2P6Q3T [continued]
class VOICE-PQ1 class TRANSACTIONAL-DATA-QUEUE
priority level 1 percent 10 bandwidth remaining percent 18
queue-buffers ratio 5 queue-buffers ratio 10
class VIDEO-PQ2 queue-limit dscp af21 percent 100
priority level 2 percent 33 queue-limit dscp af22 percent 90
queue-buffers ratio 5 queue-limit dscp af23 percent 80
class CONTROL-MGMT-QUEUE class BULK-DATA-QUEUE
bandwidth remaining percent 12 bandwidth remaining percent 7
queue-buffers ratio 5 queue-buffers ratio 20
class MULTIMEDIA-STREAMING-QUEUE queue-limit dscp af11 percent 100
bandwidth remaining percent 18 queue-limit dscp af12 percent 90
queue-buffers ratio 10 queue-limit dscp af13 percent 80
queue-limit dscp af31 percent 100 class SCAVENGER-QUEUE
queue-limit dscp af32 percent 90 bandwidth remaining percent 1
queue-limit dscp af33 percent 80 queue-buffers ratio 5
… class class-default
bandwidth remaining percent 44
queue-buffers ratio 40

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 91
If a PQ is enabled then
Catalyst 3650/3850 non-PQs must use
bandwidth remaining
2P6Q3T+WTD Wired Port Egress Queuing Config – Part 2 of 2
policy-map 2P6Q3T [continued]
class VOICE-PQ1 class TRANSACTIONAL-DATA-QUEUE
Allocates buffers to
priority level 1 percent 10 bandwidth remaining percent 18
Two-levels of queues
queue-buffers ratio 5 queue-buffers ratio 10
class VIDEO-PQ2 priority queuing are queue-limit dscp af21 percent 100
priority level 2 percent 33 supported queue-limit dscp af22 percent 90
queue-buffers ratio 5 queue-limit dscp af23 percent 80
class CONTROL-MGMT-QUEUE class BULK-DATA-QUEUE
bandwidth remaining percent 12 bandwidth remaining percent 7
queue-buffers ratio 5 queue-buffers ratio 20
class MULTIMEDIA-STREAMING-QUEUE queue-limit dscp af11 percent 100
queue-limit dscp af12 percent 90 Tunes WTD
bandwidth remaining percent 18
queue-limit dscp af13 percent 80 to align to an
queue-buffers ratio 10
class SCAVENGER-QUEUE AF PHB
queue-limit dscp af31 percent 100
queue-limit dscp af32 percent 90 bandwidth remaining percent 1
queue-limit dscp af33 percent 80 queue-buffers ratio 5
… class class-default
bandwidth remaining percent 44
queue-buffers ratio 40

Defines the sub-line rate (CIR)

policy-map 50MBPS-SHAPER
class class-default
shape average 50000000
service-policy 2P6Q3T
Provides back-pressure to the system to
interface GigabitEthernet 1/0/1 engage the (previously-defined) queuing
service-policy output 50MBPS-SHAPER policy, so that packets are properly
prioritised within the sub-line rate

Only the Hierarchical Shaping policy is

attached to the interface(s)

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 92
Catalyst 3650/3850 QoS Design—At-A-Glance

https://cisco.box.com/v/QoS-AAGs

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 93
Catalyst 4500 
QoS Design

94
Catalyst 4500
QoS Roles in the Campus Distribution

Trust DSCP +
Egress Queuing

Core Switches

Access
Switches
Catalyst 4500
Distribution
Switches
BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 95
Catalyst 4500
QoS Design Steps
1. Configure Ingress QoS Model(s):
❑ DSCP-Trust Model*
❑ Conditional Trust Model
❑ Service Policy Models

2. Configure Egress Queuing

*Note: Catalyst 4500 uses IOS MQC, which trusts by default;

therefore no explicit policy is required for DSCP trust

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 96
Catalyst 4500
Conditional Trust Example
class-map match-all VOICE Catalyst 4500 supports both match-all
match cos 5 (logical AND) and match-any (logical
class-map match-all SIGNALING OR) operators
match cos 3
 
policy-map CISCO-IPPHONE
class VOICE
set dscp ef
class SIGNALING
set dscp cs3
class class-default
set dscp default

interface GigabitEthernet 3/1

qos trust device cisco-phone
service-policy input CISCO-IPPHONE Conditional trust command (trust
device) must be prefaced by qos
on the Catalyst 4500

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 97
Catalyst 4500
Part 1 of 2 – Marking & Policing Policy Example
policy-map MARKING&POLICING
class VOIP
police 128k bc 8000
conform-action set-dscp-transmit ef
exceed-action drop
class SIGNALING
police 32k bc 8000
conform-action set-dscp-transmit cs3
exceed-action drop Marking/remarking is configured as
class MULTIMEDIA-CONFERENCING part of the policing action (i.e. no
police 5m bc 8000 table-map or markdown-map is
conform-action set-dscp-transmit af41 referenced)
exceed-action set-dscp-transmit af42
class TRANSACTIONAL-DATA
police 10m bc 8000
conform-action set-dscp-transmit af21
exceed-action set-dscp-transmit af22

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 98
Catalyst 4500
Part 2 of 2 – Marking & Policing Policy Example

class BULK-DATA
police 10m bc 8000
conform-action set-dscp-transmit af11
exceed-action set-dscp-transmit af12
class SCAVENGER
police 10m bc 8000
conform-action set-dscp-transmit cs1
exceed-action drop
class class-default
police 10m bc 8000
conform-action set-dscp-transmit default
exceed-action set-dscp-transmit cs1

interface GigabitEthernet 3/1

service-policy input MARKING&POLICING

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 99
Catalyst 4500
1P7Q1T+Dynamic Buffer Limiting (DBL) Egress Queuing Model

Application DSCP 1P7Q1T (+DBL)

Network Control (CS7) EF
Internetwork Control CS6 CS5 PQ
VoIP EF CS4

Broadcast Video CS5 CS7 & CS6 Q7

CS3 & CS2 (BWR 10%)
Multimedia Conferencing AF4
Realtime Interactive CS4 AF4 Q6 (BWR 10%)
Multimedia Streaming AF3 AF3 Q5 (BWR 10%)
Signalling CS3
Transactional Data AF2 AF2 Q4 (BWR 10%)
Network Management CS2
AF1 Q3 (BWR 4%)
Bulk Data AF1
Scavenger CS1 CS1 Q2 (BWR 1%)

Best Effort DF DF Q1 (25%)

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 100
Catalyst 4500
1P7Q1T+Dynamic Buffer Limiting (DBL) Egress Queuing Model

Application DSCP 1P7Q1T (+DBL)

Network Control (CS7) EF
Internetwork Control CS6 CS5 PQ
VoIP EF CS4

Broadcast Video CS5 CS7 & CS6 Q7

Best Effort DF DF Q1 (25%)

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 100
Catalyst 4500
1P7Q1T+Dynamic Buffer Limiting (DBL) Egress Queuing Model

Application DSCP 1P7Q1T (+DBL)

Network Control (CS7) EF
Internetwork Control CS6 CS5 PQ
VoIP EF CS4

Broadcast Video CS5 CS7 & CS6 Q7

Best Effort DF DF Q1 (25%)

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 100
Catalyst 4500
1P7Q1T+Dynamic Buffer Limiting (DBL) Egress Queuing Model

Application DSCP 1P7Q1T (+DBL)

Network Control (CS7) EF
Internetwork Control CS6 CS5 PQ
VoIP EF CS4

Broadcast Video CS5 CS7 & CS6 Q7

Best Effort DF DF Q1 (25%)

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 100
Catalyst 4500
1P7Q1T+DBL Egress Queuing Config
class-map match-all PRIORITY-QUEUE policy-map 1P7Q1T
match dscp cs4 cs5 ef class PRIORITY-QUEUE
class-map match-all CONTROL-MGMT-QUEUE priority
match dscp cs7 cs6 cs3 cs2 class CONTROL-MGMT-QUEUE
class-map match-all MULTIMEDIA-CONFERENCING-QUEUE bandwidth remaining percent 10
match dscp af41 af42 af43 class MULTIMEDIA-CONFERENCING-QUEUE
class-map match-all MULTIMEDIA-STREAMING-QUEUE bandwidth remaining percent 10
match dscp af31 af32 af33 class MULTIMEDIA-STREAMING-QUEUE
class-map match-all TRANSACTIONAL-DATA-QUEUE bandwidth remaining percent 10
match dscp af21 af22 af23 class TRANSACTIONAL-DATA-QUEUE
class-map match-all BULK-DATA-QUEUE bandwidth remaining percent 10
match dscp af11 af12 af13 dbl
class-map match-all SCAVENGER-QUEUE class BULK-DATA-QUEUE
match dscp cs1 bandwidth remaining percent 4
dbl
class SCAVENGER-QUEUE
bandwidth remaining percent 1
class class-default
bandwidth remaining percent 25
dbl

service-policy output 1P7Q1T

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 101
Catalyst 4500 If PQ is enabled then
bandwidth remaining
1P7Q1T+DBL Egress Queuing Config must be used

class-map match-all PRIORITY-QUEUE Enables the PQ policy-map 1P7Q1T

match dscp cs4 cs5 ef class PRIORITY-QUEUE
class-map match-all CONTROL-MGMT-QUEUE priority
match dscp cs7 cs6 cs3 cs2 class CONTROL-MGMT-QUEUE
class-map match-all MULTIMEDIA-CONFERENCING-QUEUE bandwidth remaining percent 10
match dscp af41 af42 af43 class MULTIMEDIA-CONFERENCING-QUEUE
class-map match-all MULTIMEDIA-STREAMING-QUEUE bandwidth remaining percent 10
match dscp af31 af32 af33 class MULTIMEDIA-STREAMING-QUEUE
class-map match-all TRANSACTIONAL-DATA-QUEUE bandwidth remaining percent 10
match dscp af21 af22 af23 class TRANSACTIONAL-DATA-QUEUE
class-map match-all BULK-DATA-QUEUE bandwidth remaining percent 10
match dscp af11 af12 af13 dbl
class-map match-all SCAVENGER-QUEUE class BULK-DATA-QUEUE
match dscp cs1 bandwidth remaining percent 4
dbl
class SCAVENGER-QUEUE
bandwidth remaining percent 1
DBL can be enabled on a per-class basis,
class class-default
but should not be enabled on the PQ or Control traffic queues
bandwidth remaining percent 25
dbl
Enabling DBL on UDP-based queues and/or Scavenger queue
is optional
service-policy output 1P7Q1T
BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 101
Catalyst 4500 Campus QoS Design At-A-Glance

https://cisco.box.com/v/QoS-AAGs
BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 102
Catalyst 6500/6800  
QoS Design

103
Cisco Catalyst 6500/6800
QoS Roles in the Campus Core

Catalyst 6500/6800
Core Switches

Trust DSCP
+ Ingress Queuing
+ Egress Queuing

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 104
Cisco Catalyst 6500/6800
QoS Design Steps

1. Configure Ingress Queuing

2. Configure Egress Queuing

Catalyst 6500 IOS C3PL trusts by default;

therefore no explicit policy is required for DSCP trust

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 105
Cisco Catalyst 6500/6800
2P6Q4T (Ingress & Egress Queuing Models—DSCP-to-Queue)
Application-Class DSCP 2P6Q4T Ingress and Egress
queuing models varies
Network Control (CS7) Voice-PQ1 by line card/module.
EF
(Priority Level 1)
Internetwork Control CS6

VoIP EF CS5 Video-PQ2 Refer to the 6500/6800

CS4 (Priority Level 2) QoS Configuration
Broadcast Video CS5 Guide or data sheets
CS6 & CS7 Control/Mgmt Queue to ensure that you use
Multimedia Conferencing AF4 CS2 & CS3 (5% BWR)
the proper queuing
Realtime Interactive CS4 Multimedia-Conferencing Queue
module for a given line
AF4 (20% BWR + DSCP-WRED) card.
Multimedia Streaming AF3 AF4

Signalling CS3 AF3 Multimedia-Streaming Queue

(20% BWR + DSCP-WRED)
Transactional Data AF2
AF2 Transactional Data Queue
Network Management CS2 (10% BWR + DSCP-WRED)

Bulk Data AF1 AF1 Bulk Data Queue

Scavenger CS1 CS1 (5% BWR + DSCP-WRED)

DF Default Queue
Best Effort DF
(WRED)

VoIP EF CS5 Video-PQ2 Refer to the 6500/6800

Signalling CS3 AF3 Multimedia-Streaming Queue

(20% BWR + DSCP-WRED)
Transactional Data AF2
AF2 Transactional Data Queue
Network Management CS2 (10% BWR + DSCP-WRED)

Bulk Data AF1 AF1 Bulk Data Queue

Scavenger CS1 CS1 (5% BWR + DSCP-WRED)

DF Default Queue
Best Effort DF
(WRED)

http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/15-1SY/config_guide/sup2T/15_1_sy_swcg_2T/qos_policy_based_queueing.html
BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 106
Cisco Catalyst 6500/6800—2P6Q4T Model
Part 1 of 3—Common Ingress & Egress Queuing Class-Maps
class-map type lan-queuing match-all VOICE-PQ1
match dscp ef
class-map type lan-queuing match-all VIDEO-PQ2
match dscp cs4 cs5
class-map type lan-queuing match-all CONTROL-MGMT-QUEUE
match dscp cs2 cs3 cs6 cs7
class-map type lan-queuing match-all MULTIMEDIA-CONFERENCING-QUEUE
match dscp af41 af42 af43
class-map type lan-queuing match-all MULTIMEDIA-STREAMING-QUEUE
match dscp af31 af32 af33
class-map type lan-queuing match-all TRANSACTIONAL-DATA-QUEUE
match dscp af21 af22 af23
class-map type lan-queuing match-all SCAVENGER-BULK-DATA-QUEUE
match dscp cs1 af11 af12 af13

Note: A C3PL interface may support up to 4 QoS policies:

• service-policy type qos input
• service-policy type qos output
• service-policy type lan-queuing input
• service-policy type lan-queuing output
BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 107
Cisco Catalyst 6500/6800—2P6Q4T Model
Part 1 of 3—Common Ingress & Egress Queuing Class-Maps Unless specified
otherwise, the default
class-map type lan-queuing match-all VOICE-PQ1 C3PL class-map and
match dscp ef policy-map type is qos
class-map type lan-queuing match-all VIDEO-PQ2 (classification, marking,
match dscp cs4 cs5 policing)
class-map type lan-queuing match-all CONTROL-MGMT-QUEUE
match dscp cs2 cs3 cs6 cs7
class-map type lan-queuing match-all MULTIMEDIA-CONFERENCING-QUEUE
match dscp af41 af42 af43
class-map type lan-queuing match-all MULTIMEDIA-STREAMING-QUEUE
match dscp af31 af32 af33
class-map type lan-queuing match-all TRANSACTIONAL-DATA-QUEUE
match dscp af21 af22 af23
class-map type lan-queuing match-all SCAVENGER-BULK-DATA-QUEUE
match dscp cs1 af11 af12 af13

Note: A C3PL interface may support up to 4 QoS policies:

• service-policy type qos input
• service-policy type qos output
• service-policy type lan-queuing input
• service-policy type lan-queuing output
BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 107
Cisco Catalyst 6500/6800—2P6Q4T Model
Part 1 of 3—Common Ingress & Egress Queuing Class-Maps Unless specified
otherwise, the default
class-map type lan-queuing match-all VOICE-PQ1 C3PL class-map and
match dscp ef policy-map type is qos
class-map type lan-queuing match-all VIDEO-PQ2 (classification, marking,
match dscp cs4 cs5 policing)
class-map type lan-queuing match-all CONTROL-MGMT-QUEUE
match dscp cs2 cs3 cs6 cs7
class-map type lan-queuing match-all MULTIMEDIA-CONFERENCING-QUEUE Class-maps and policy-
match dscp af41 af42 af43 maps used for ingress and/
class-map type lan-queuing match-all MULTIMEDIA-STREAMING-QUEUE or egress queuing policies
match dscp af31 af32 af33 must be explicitly configured
class-map type lan-queuing match-all TRANSACTIONAL-DATA-QUEUE as type lan-queuing
match dscp af21 af22 af23
class-map type lan-queuing match-all SCAVENGER-BULK-DATA-QUEUE
match dscp cs1 af11 af12 af13

Note: A C3PL interface may support up to 4 QoS policies:

policy-map type lan-queuing 2P6Q4T

class VOICE-PQ1
priority level 1 Enables egress Priority Queue 1 (highest level of service)
class VIDEO-PQ2
priority level 2 Enables egress Priority Queue 2 (can only be interrupted by PQ1)
class CONTROL-MGMT-QUEUE
bandwidth remaining percent 5 bandwidth remaining is required
class MULTIMEDIA-CONFERENCING-QUEUE (as PQ is enabled)
bandwidth remaining percent 20
random-detect dscp af41 percent 80 100
random-detect dscp af42 percent 70 100
random-detect dscp af43 percent 60 100
Tunes WRED to better align to
class MULTIMEDIA-STREAMING-QUEUE
the AF PHB
bandwidth remaining percent 20
random-detect dscp af31 percent 80 100
random-detect dscp af32 percent 70 100
random-detect dscp af33 percent 60 100
…

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 108
Cisco Catalyst 6500/6800—2P6Q4T Model
Part 3 of 3—2P6Q4T Queuing Policy-Map (continued)
[continued]
class TRANSACTIONAL-DATA-QUEUE
bandwidth remaining percent 10
random-detect dscp-based
random-detect dscp af21 percent 80 100
random-detect dscp af22 percent 70 100
random-detect dscp af23 percent 60 100
class BULK-DATA-QUEUE
bandwidth remaining percent 5
random-detect dscp-based
random-detect dscp af11 percent 80 100
random-detect dscp af12 percent 70 100
random-detect dscp cs1 percent 50 100
class class-default
random-detect dscp-based
random-detect dscp default percent 80 100

service-policy type lan-queuing input 2P6Q4T

service-policy type lan-queuing output 2P6Q4T

type lan-queuing must also be specified

in the service-policy statement
BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 109
Cisco Catalyst 6500 QoS Design At-A-Glance

https://cisco.box.com/v/QoS-AAGs

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 110
Campus QoS Design 
Key Takeaways
• Start by defining your QoS Strategy
• Campus QoS is needed primarily to control packet drops
• Know your QoS toolset, as this varies platform-to-platform
• Cisco provides many At-A-Glance guides to get you up and running quickly
• Cisco also provides Cisco Validated Design guides for more detail

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 111
Agenda
• Introduction to Strategic QoS Design
• WAN / IWAN QoS Design
• Campus QoS Design
• WLAN QoS Design
• Automating and Assuring QoS
• Summary and References
• Appendices

112
WLAN QoS Design

113
The Case for Wireless QoS

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 114
The Case for Wireless QoS

• QoS is like a chain

• It’s only as strong as its weakest link
• the WLAN is one of the weakest links in enterprise
QoS designs for three primary reasons:

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 114
The Case for Wireless QoS

• QoS is like a chain

• It’s only as strong as its weakest link
• the WLAN is one of the weakest links in enterprise
QoS designs for three primary reasons:
1) Typical downshift in speed (and throughput)
2) Shift from full-duplex to half-duplex media
3) Shift from a dedicated media to a shared media

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 114
The Case for Wireless QoS

• QoS is like a chain

• WLAN QoS policies control both jitter and packet loss

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 114
Wireless QoS-Specific Limitations

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 115
Wireless QoS-Specific Limitations
• No priority servicing

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 115
Wireless QoS-Specific Limitations
• No priority servicing
• No bandwidth guarantees

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 115
Wireless QoS-Specific Limitations
• No priority servicing
• No bandwidth guarantees
• Non-deterministic media access

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 115
Wireless QoS-Specific Limitations
• No priority servicing LAN QoS WLAN QoS
• No bandwidth guarantees
• Non-deterministic media access
• Only 4 levels of service

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 115
WLAN QoS Improvements Quantified
Application Original Metric Improved Metric Percentage
Improvement
Voice 15 ms max jitter 5 ms max jitter 300%
3.92 MOS 4.2 MOS
(Cellular Quality) (Toll Quality)
Video 9 fps 14 fps 55%
Visual MOS: Visual MOS:
Good Excellent
Transactional Data 14 ms latency 2 ms latency 700%

http://www.cisco.com/en/US/prod/collateral/wireless/cisco_avc_application_improvement.pdf

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 116
Know Your Tools
• Trust Boundaries and PEPs
• Wi-Fi OTA Access and Queuing
• Maintaining Access (EDCA)
• Bandwidth Control
• AVC
• Marking and Mapping

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 117
Cisco AireOS WLC
QoS Roles in the Wireless LAN

• AireOS WLCs are deployed in a Centralised Deployment Model, where:

• Trust Boundary is at the WLC
• PEP is at the WLC

Centralised Deployment Model

CAPWAP Tunnel

AireOS WLC

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 118
Cisco AireOS WLC
QoS Roles in the Wireless LAN

• AireOS WLCs are deployed in a Centralised Deployment Model, where:

• Trust Boundary is at the WLC
• PEP is at the WLC

Centralised Deployment Model

CAPWAP Tunnel

AireOS WLC

Trust Boundary
PEP

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 118
Cisco AireOS WLC
QoS Roles in the Wireless LAN (Introduced in AireOS 8.1MR)

• Customisable DSCP"!UP Mappings will modify QoS Roles:

• Trust Boundary moves to the AP
• PEP remains at the WLC

Centralised Deployment Model

CAPWAP Tunnel

AireOS WLC

Trust Boundary
PEP

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 119
Cisco AireOS WLC
QoS Roles in the Wireless LAN (Introduced in AireOS 8.1MR)

• Customisable DSCP"!UP Mappings will modify QoS Roles:

• Trust Boundary moves to the AP
• PEP remains at the WLC

Centralised Deployment Model

CAPWAP Tunnel

AireOS WLC

Trust Boundary
PEP

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 119
IEEE 802.11 User Priority (UP)

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 120
IEEE 802.11 User Priority (UP)

3 Bit Field allows for UP values 0-7

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 120
IEEE 802.11 UP Values and Access Categories
802.11 802.11 WMM Cisco AireOS WLC
UP Value Access Category Designation Designation
7 AC_VO Voice Platinum
6
5 AC_VI Video Gold
4
3 AC_BE Best Effort Silver
0
2 AC_BK Background Bronze
1

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 121
IEEE 802.11 Arbitration Inter-Frame Spacing (AIFS) and
Contention Windows (CW)

Access Category AIFS

(Slot Times)
Voice 2
Video 2
Best Effort 3
Background 7

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 122
IEEE 802.11 Arbitration Inter-Frame Spacing (AIFS) and
Contention Windows (CW)
• due to the nature of wireless as a shared media, a Congestion Avoidance algorithm (CSMA/CA) must be utilised
• wireless senders have to wait a fixed amount of time (the AIFS)
• wireless senders also have to wait a random amount of time (the Contention Window)

Access Category AIFS CWmin CWmax

(Slot Times) Access Category (Slot Times) (Slot Times)
Voice 2 Voice 3 7

Video 2 Video 7 15

Best Effort 3 Best-Effort 15 1023

Background 7 Background 15 1023

Access Category AIFS CWmin CWmax

(Slot Times) Access Category (Slot Times) (Slot Times)
Voice 2 Voice 3 7

Video 2 Video 7 15

Best Effort 3 Best-Effort 15 1023

Background 7 Background 15 1023

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 122
EDCF Operation

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 123
EDCF Operation

Round 1
Voice

Video

Best Effort

Background

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 123
EDCF Operation

Round 1
Voice 2+1=3
Video 2+1=3
Best Effort 3+1=4
Background 7+1=8
Collision

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 123
EDCF Operation

Round 1
2+1=3
2+1=3

3+1=4

7+1=8
Collision

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 123
EDCF Operation

Round 1 Round 2
2+1=3 2+3=5

2+1=3 2+7=9

3+1=4 3+15=18

7+1=8 7+15=22

Collision Voice

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 123
EDCF Operation

Round 1 Round 2 Round 3

2+1=3 2+3=5 2+2=4

2+1=3 2+7=9 2+1=3

3+1=4 3+15=18 3+15=18

7+1=8 7+15=22 7+15=22

Collision Voice Video

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 123
Downstream DSCP-to-UP Default Mapping

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 124
Downstream DSCP-to-UP Default Mapping

IP Packet

DSCP

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 124
Downstream DSCP-to-UP Default Mapping

CAPWAP Packet IP Packet

DSCP DSCP DSCP

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 124
Downstream DSCP-to-UP Default Mapping

802.11 Frame CAPWAP Packet IP Packet

UP DSCP DSCP DSCP DSCP

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 124
Downstream DSCP-to-UP Default Mapping

6-Bit DSCP
802.11 Frame CAPWAP Packet IP Packet

UP DSCP DSCP DSCP DSCP

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 124
Downstream DSCP-to-UP Default Mapping

3-Bit UP 6-Bit DSCP

802.11 Frame CAPWAP Packet IP Packet

UP DSCP DSCP DSCP DSCP

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 124
Default DSCP-to-UP Mapping Table
DSCP 802.11 UP WLC QoS Profile
56-63 7 Platinum
(Voice)
48-55 6
40-47 5 Gold
(Video)
32-39 4
24-31 3 Silver
(Best Effort)
0-7 0
16-23 2 Bronze
(Background)
8-15 1

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 125
Default DSCP-to-UP Mapping Table
DSCP 802.11 UP WLC QoS Profile
56-63 7 Platinum
(Voice)
48-55 6
IETF PHB for VoIP: EF 40-47 46 5 Gold
(Video)
32-39 4
24-31 3 Silver
(Best Effort)
0-7 0
16-23 2 Bronze
(Background)
8-15 1

Per RFC 4594 & 3246

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 125
Downstream DSCP-to-UP Mapping Model
Ratified Cisco Consensus Model (June 2015)
RFC 4594-Based Model DSCP IEEE 802.11 Model
Network Control (CS7)
• Plugs potential security Voice
UP 7
vulnerabilities Internetwork Control CS6
Access
• Provides distinction Voice + DSCP-Admit EF + 44 UP 6 Category
between elastic and Broadcast Video CS5
inelastic video classes
Multimedia Conferencing AF4 UP 5 Video
• Aligns RFC 4594 Realtime Interactive CS4 Access
recommendations into the UP 4 Category
Multimedia Streaming AF3
IEEE 802.11 model
Signalling CS3
UP 3 Best Effort
• Requires several custom
DSCP-to-UP mappings
Transactional Data AF2 Access
OAM CS2 UP 0 Category
Bulk Data AF1

Scavenger CS1 UP 2 Background

Access
Best Effort DF UP 1 Category
BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 126
Downstream DSCP-to-UP Mapping Model
Ratified Cisco Consensus Model (June 2015)
RFC 4594-Based Model DSCP IEEE 802.11 Model
Remark /
Network Control (CS7) Drop
• Plugs potential security Voice
if not in UP 7
vulnerabilities Internetwork Control CS6 use Access
• Provides distinction Voice + DSCP-Admit EF + 44 UP 6 Category
between elastic and Broadcast Video CS5
inelastic video classes
Multimedia Conferencing AF4 UP 5 Video
• Aligns RFC 4594 Realtime Interactive CS4 Access
recommendations into the UP 4 Category
Multimedia Streaming AF3
IEEE 802.11 model
Signalling CS3
UP 3 Best Effort
• Requires several custom
DSCP-to-UP mappings
Transactional Data AF2 Access
OAM CS2 UP 0 Category
Bulk Data AF1

Scavenger CS1 UP 2 Background

Access
Best Effort DF UP 1 Category
BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 126
Upstream UP-to-DSCP Default Mapping

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 127
Upstream UP-to-DSCP Default Mapping

802.11 Frame

DSCP UP

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 127
Upstream UP-to-DSCP Default Mapping

802.11 Frame CAPWAP Packet

DSCP UP DSCP DSCP

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 127
Upstream UP-to-DSCP Default Mapping

802.11 Frame CAPWAP Packet

DSCP UP DSCP DSCP

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 127
Upstream UP-to-DSCP Default Mapping

802.11 Frame CAPWAP Packet

DSCP UP DSCP DSCP

3-Bit UP 6-Bit DSCP

First 3 Bits are copied
Last 3 Bits are zeroed-out
BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 127
Upstream UP-to-DSCP Default Mapping

802.11 Frame CAPWAP Packet IP Packet

DSCP UP DSCP DSCP DSCP

3-Bit UP 6-Bit DSCP

First 3 Bits are copied
Last 3 Bits are zeroed-out
BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 127
Upstream UP-to-DSCP Default Mapping

802.11 Frame CAPWAP Packet IP Packet

DSCP UP DSCP DSCP DSCP

3-Bit UP 6-Bit DSCP

First 3 Bits are copied
Last 3 Bits are zeroed-out
BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 127
Upstream DSCP Trust Model

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 128
Upstream DSCP Trust Model

802.11 Frame

DSCP UP

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 128
Upstream DSCP Trust Model

802.11 Frame CAPWAP Packet

DSCP UP DSCP DSCP

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 128
Upstream DSCP Trust Model

802.11 Frame CAPWAP Packet IP Packet

DSCP UP DSCP DSCP DSCP

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 128
Upstream DSCP Trust Model

802.11 Frame CAPWAP Packet IP Packet

DSCP UP DSCP DSCP DSCP

6-Bit DSCP

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 128
Upstream DSCP Trust Model

802.11 Frame CAPWAP Packet IP Packet

DSCP UP DSCP DSCP DSCP

6-Bit DSCP 6-Bit DSCP

All 6 Bits are copied
BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 128
Upstream DSCP Trust Model

802.11 Frame CAPWAP Packet IP Packet

DSCP UP DSCP DSCP DSCP

6-Bit DSCP 6-Bit DSCP

All 6 Bits are copied
BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 128
IETF Draft on  
DSCP"!UP Mapping

• Reconciles RFC 4594 with IEEE

802.11
• Summarises our internal
consensus on DSCP-to-UP Expected to be an RFC by CL Melbourne
Update Accordingly
mapping
• Advocates DSCP-trust in the
upstream direction (vs.
UP-to-DSCP mapping)

https://tools.ietf.org/html/draft-ietf-tsvwg-ieee-802-11-00

129
Cisco WLAN QoS Design At-A-Glance

https://cisco.box.com/v/QoS-AAGs
BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 130
AireOS QoS Design

131
AireOS QoS Policy Deployment 
List of Steps

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 132
AireOS QoS Policy Deployment 
List of Steps

1) Disable Radios and WLANs

2) Tune EDCA and CAC
3) Tune QoS Profile
4) Create AVC Profile
5) Attach QoS and AVC Profiles to WLAN and Enable AVC
6) Configure Downstream DSCP-to-UP Mapping and Enable
Upstream DSCP-Trust
7) Re-enable WLANs and radios

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 132
AireOS QoS Policy Deployment 
Step 1) Disable Radios and WLANs

(Cisco Controller) > config 802.11a disable network

(Cisco Controller) > config 802.11b disable network
! Must disable 802.11a/b networks to make changes to QoS

(Cisco Controller) > config wlan disable all

! Must disable all WLANs to make changes to QoS

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 133
AireOS QoS Policy Deployment 
Step 2) Tune EDCA and CAC
(Cisco Controller) > config 802.11a Qos Mode 7
(Cisco Controller) > config 802.11b Qos Mode 7
! Apply Fastlane EDCA profile (best of current EDCA profiles) for 802.11a/b

(Cisco Controller) > config 802.11a cac voice acm enable

(Cisco Controller) > config 802.11b cac voice acm enable
! Enable ACM for 802.11a/b

(Cisco Controller) > config 802.11a cac voice max-bandwidth 50

(Cisco Controller) > config 802.11b cac voice max-bandwidth 50
! Limit voice traffic to 50% of total bandwidth for 802.11a/b

(Cisco Controller) > config 802.11a cac voice roam-bandwidth 6

(Cisco Controller) > config 802.11b cac voice roam-bandwidth 6
! Keep 6% bandwidth for roaming users for 802.11a/b

(Cisco Controller) > config 802.11a exp-bwreq enable

(Cisco Controller) > config 802.11b exp-bwreq enable
! Enable Expedited Bandwidth for 802.11a/b

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 134
AireOS QoS Policy Deployment 
Step 3) Tune Platinum QoS Profile

(Cisco Controller) > config qos priority platinum voice besteffort besteffort
! Set QoS Profile to Platinum
! Set default marking to unmarked unicast and multicast traffic to best effort

(Cisco Controller) > config qos protocol-type platinum none

! Disables 802.1p marking (all wired marking is DSCP-based)

(Cisco Controller) > config qos burst-realtime-rate platinum per-ssid downstream 0

! Do not restrict profile bandwidth for UDP traffic

(Cisco Controller) > config qos average-realtime-rate platinum per-ssid downstream 0

! Do not restrict profile bandwidth for TCP traffic

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 135
AireOS QoS Policy Deployment 
Step 4) Create an AVC Profile—Example (Part 1 of 2)
(Cisco WLC) > config avc profile AVC-STATIC-PROFILE create
! Creates the AVC Profile

! This section configures AVC to mark Voice applications/sub-components to EF (DSCP 46)

(Cisco WLC) > config avc profile AVC-STATIC-PROFILE rule add application cisco-phone-audio mark 46
(Cisco WLC) > config avc profile AVC-STATIC-PROFILE rule add application cisco-jabber-audio mark 46
(Cisco WLC) > config avc profile AVC-STATIC-PROFILE rule add application ms-lync-audio mark 46
(Cisco WLC) > config avc profile AVC-STATIC-PROFILE rule add application citrix-audio mark 46

! This section configures AVC to mark Multimedia Conferencing applications to AF41 (DSCP 34)
(Cisco WLC) > config avc profile AVC-STATIC-PROFILE rule add application cisco-phone-video mark 34
(Cisco WLC) > config avc profile AVC-STATIC-PROFILE rule add application cisco-jabber-video mark 34
(Cisco WLC) > config avc profile AVC-STATIC-PROFILE rule add application ms-lync-video mark 34
(Cisco WLC) > config avc profile AVC-STATIC-PROFILE rule add application webex-media mark 34

! This section configures AVC to mark Multimedia Streaming applications to AF31 (DSCP 26)
(Cisco WLC) > config avc profile AVC-STATIC-PROFILE rule add application citrix mark 26
(Cisco WLC) > config avc profile AVC-STATIC-PROFILE rule add application pcoip mark 26
(Cisco WLC) > config avc profile AVC-STATIC-PROFILE rule add application vnc mark 26
(Cisco WLC) > config avc profile AVC-STATIC-PROFILE rule add application vnc-http mark 26

! This section configures AVC to mark Signaling protocols to CS3 (DSCP 24)
(Cisco WLC) > config avc profile AVC-STATIC-PROFILE rule add application skinny mark 24
(Cisco WLC) > config avc profile AVC-STATIC-PROFILE rule add application cisco-jabber-control mark 24
(Cisco WLC) > config avc profile AVC-STATIC-PROFILE rule add application sip mark 24
(Cisco WLC) > config avc profile AVC-STATIC-PROFILE rule add application sip-tls mark 24

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 136
AireOS QoS Policy Deployment 
Step 4) Create an AVC Profile—Example (Part 2 of 2)
! This section configures AVC to mark Transactional Data applications to AF21 (DSCP 18)
(Cisco WLC) > config avc profile AVC-STATIC-PROFILE rule add application cisco-jabber-im mark 18
(Cisco WLC) > config avc profile AVC-STATIC-PROFILE rule add application ms-office-web-apps mark 18
(Cisco WLC) > config avc profile AVC-STATIC-PROFILE rule add application salesforce mark 18
(Cisco WLC) > config avc profile AVC-STATIC-PROFILE rule add application sap mark 18

! This section configures AVC to mark OAM applications to CS2 (DSCP 16)
(Cisco WLC) > config avc profile AVC-STATIC-PROFILE rule add application dhcp mark 16
(Cisco WLC) > config avc profile AVC-STATIC-PROFILE rule add application dns mark 16
(Cisco WLC) > config avc profile AVC-STATIC-PROFILE rule add application ntp mark 16
(Cisco WLC) > config avc profile AVC-STATIC-PROFILE rule add application snmp mark 16

! This section configures AVC to mark Bulk Data applications marking to AF11 (DSCP 10)
(Cisco WLC) > config avc profile AVC-STATIC-PROFILE rule add application ftp mark 10
(Cisco WLC) > config avc profile AVC-STATIC-PROFILE rule add application ftp-data mark 10
(Cisco WLC) > config avc profile AVC-STATIC-PROFILE rule add application ftps-data mark 10
(Cisco WLC) > config avc profile AVC-STATIC-PROFILE rule add application cifs mark 10

! This section configures AVC to mark Scavenger applications to CS1 (DSCP 8)

(Cisco WLC) > config avc profile AVC-STATIC-PROFILE rule add application netflix mark 8
(Cisco WLC) > config avc profile AVC-STATIC-PROFILE rule add application youtube mark 8
(Cisco WLC) > config avc profile AVC-STATIC-PROFILE rule add application skype mark 8
(Cisco WLC) > config avc profile AVC-STATIC-PROFILE rule add application bittorrent mark 8

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 137
AireOS QoS Policy Deployment 
Step 5) Attach QoS and AVC Profiles to WLAN and Enable AVC 

(Cisco WLC) > config wlan qos 10 platinum

! Applies the Platinum QoS profile to the WLAN

(Cisco WLC) > config wlan avc 10 visibility enable

! Enables AVC Visibility on WLAN 10

(Cisco WLC) > config wlan avc 10 profile AVC-APPS enable

! This command applies the AVC profile AVC-APPS to WLAN ID 10

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 138
AireOS QoS Policy Deployment 
Step 6) Configure Downstream DSCP-to-UP Mapping and Enable Upstream DSCP-Trust 

RFC 4594-Based Model DSCP IEEE 802.11 Model

Network Control (CS7)
UP 7 Voice
Internetwork Control CS6
Access
Voice + Voice-ADMIT EF + 44 UP 6 Category
Broadcast Video CS5

Multimedia Conferencing AF4 UP 5 Video

Real-Time Interactive CS4 Access
UP 4 Category
Multimedia Streaming AF3

Signalling CS3
UP 3 Best Effort
Transactional Data AF2 Access
OAM CS2 UP 0 Category
Bulk Data AF1

Scavenger CS1 UP 2 Background

Access
Best Effort DF UP 1 Category
BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 139
AireOS QoS Policy Deployment 
Step 6) Configure Downstream DSCP-to-UP Mapping and Enable Upstream DSCP-Trust 

RFC 4594-Based Model DSCP IEEE 802.11 Model

Network Control (CS7)
UP 7 Voice
Internetwork Control CS6
Access
Voice + Voice-ADMIT EF + 44 UP 6 Category
Broadcast Video CS5

Multimedia Conferencing AF4 UP 5 Video

Real-Time Interactive CS4 Access
UP 4 Category
Multimedia Streaming AF3

Signalling CS3
UP 3 Best Effort
Transactional Data AF2 Access
OAM CS2 UP 0 Category
Bulk Data AF1

Scavenger CS1 UP 2 Background

Step 1: Disable the Current QoS Map

(Cisco WLC) > config qos qosmap disable

Step 2: Configure the UP-to-DSCP Maps

(Cisco WLC) > config qos qosmap up-to-dscp-map 0 0 0 7
(Cisco WLC) > config qos qosmap up-to-dscp-map 1 8 8 15
(Cisco WLC) > config qos qosmap up-to-dscp-map 2 16 16 23
(Cisco WLC) > config qos qosmap up-to-dscp-map 3 24 24 31
(Cisco WLC) > config qos qosmap up-to-dscp-map 4 32 32 39
(Cisco WLC) > config qos qosmap up-to-dscp-map 5 34 40 47
(Cisco WLC) > config qos qosmap up-to-dscp-map 6 46 48 62
(Cisco WLC) > config qos qosmap up-to-dscp-map 7 56 63 63

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 140
AireOS QoS Policy Deployment 
Step 6) Configure Downstream DSCP-to-UP Mapping and Enable Upstream DSCP-Trust—Configuration (Part 2 of 3) 

Step 3: Configure DSCP-to-UP Mapping Exceptions

(Cisco Controller) > config qos qosmap dscp-to-up-exception 56 0
(Cisco Controller) > config qos qosmap dscp-to-up-exception 48 0
(Cisco Controller) > config qos qosmap dscp-to-up-exception 46 6
(Cisco Controller) > config qos qosmap dscp-to-up-exception 44 6
(Cisco Controller) > config qos qosmap dscp-to-up-exception 40 5
(Cisco Controller) > config qos qosmap dscp-to-up-exception 38 4
(Cisco Controller) > config qos qosmap dscp-to-up-exception 36 4
(Cisco Controller) > config qos qosmap dscp-to-up-exception 34 4
(Cisco Controller) > config qos qosmap dscp-to-up-exception 32 5
(Cisco Controller) > config qos qosmap dscp-to-up-exception 30 4
(Cisco Controller) > config qos qosmap dscp-to-up-exception 28 4
(Cisco Controller) > config qos qosmap dscp-to-up-exception 26 4
(Cisco Controller) > config qos qosmap dscp-to-up-exception 24 4
(Cisco Controller) > config qos qosmap dscp-to-up-exception 22 3
(Cisco Controller) > config qos qosmap dscp-to-up-exception 20 3
(Cisco Controller) > config qos qosmap dscp-to-up-exception 18 3
(Cisco Controller) > config qos qosmap dscp-to-up-exception 16 0
(Cisco Controller) > config qos qosmap dscp-to-up-exception 14 2
(Cisco Controller) > config qos qosmap dscp-to-up-exception 12 2
(Cisco Controller) > config qos qosmap dscp-to-up-exception 10 2
(Cisco Controller) > config qos qosmap dscp-to-up-exception 8 1
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 141
AireOS QoS Policy Deployment 
Step 6) Configure Downstream DSCP-to-UP Mapping and Enable Upstream DSCP-Trust—Configuration (Part 3 of 3) 

Step 4: Enable DSCP-Trust, the New Qos Maps and the 802.11 Networks
(Cisco Controller) > config qos qosmap trust-dscp-upstream enable
(Cisco Controller) > config qos qosmap enable

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 142
AireOS Static QoS Policy Deployment 
Step 7) Re-Enable Radios and WLANs

(Cisco Controller) > config 802.11a enable network

(Cisco Controller) > config 802.11b enable network
(Cisco Controller) > config wlan enable all

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 143
WLAN QoS Design 
Key Takeaways
• Start by defining your QoS Strategy
• Design your RF for Voice Efficiency
• Small cells, lower rates disabled, 15% overlap, AP at client power level
• See BRKWEN 2000 for more details

• Restructure upstream and downstream marking and trust

• Use Platinum for your WLANs
• Apply efficient EDCA if possible, CAC if needed

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 144
Agenda
• Introduction to Strategic QoS Design
• WAN / IWAN QoS Design
• Campus QoS Design
• WLAN QoS Design
• Automating and Assuring QoS
• Summary and References
• Appendices

145
Automating and
Assuring QoS

146
AutoQoS 5.0

147
How Many Lines of CLI Does it take to Configure QoS for All
1400+ Apps in Our Common Library?

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 148
How Many Lines of CLI Does it take to Configure QoS for All
1400+ Apps in Our Common Library?

Pre-IOS 15.5(3) / IOS XE 3.15

1622+ Lines
BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 148
How Many Lines of CLI Does it take to Configure QoS for All
1400+ Apps in Our Common Library?

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 149
How Many Lines of CLI Does it take to Configure QoS for All
1400+ Apps in Our Common Library?
class-map match-all VOICE-DSCP
policy-map LAN_EDGE-IN
class-map match-all VOICE-NBAR match dscp ef policy-map WAN_EDGE-OUT
class VOICE-NBAR
match protocol attribute traffic-class voip-telephony class-map match-all BROADCAST_VIDEO-DSCP class VOICE-DSCP
set dscp ef
match protocol attribute business-relevance business-relevant match dscp cs5 priority percent 10
class BROADCAST_VIDEO-NBAR
class-map match-all BROADCAST_VIDEO-NBAR class-map match-all REALTIME_INTERACTIVE-DSCP class BROADCAST_VIDEO-DSCP
set dscp cs5
match protocol attribute traffic-class broadcast-video match dscp cs4 priority percent 10
class REALTIME_INTERACTIVE-NBAR
match protocol attribute business-relevance business-relevant class-map match-all NETWORK_CONTROL-DSCP class REALTIME_INTERACTIVE-DSCP
set dscp cs4
class-map match-all REALTIME_INTERACTIVE-NBAR match dscp cs6 priority percent 13
class MULTIMEDIA_CONFERENCING-NBAR
match protocol attribute traffic-class real-time-interactive class-map match-all SIGNALING-DSCP class NETWORK_CONTROL-DSCP
set dscp af41
match protocol attribute business-relevance business-relevant match dscp cs3 bandwidth percent 2
class MULTIMEDIA_STREAMING-NBAR
class-map match-all MULTIMEDIA_CONFERENCING-NBAR class-map match-all NETWORK_MANAGEMENT-DSCP class SIGNALING-DSCP
set dscp af31
match protocol attribute traffic-class multimedia-conferencing match dscp cs2 bandwidth percent 2
class SIGNALING-NBAR
match protocol attribute business-relevance business-relevant class-map match-all MULTIMEDIA_CONFERENCING-DSCP class NETWORK_MANAGEMENT-DSCP
set dscp cs3
class-map match-all MULTIMEDIA_STREAMING-NBAR match dscp af41 bandwidth percent 3
class NETWORK_CONTROL-NBAR
match protocol attribute traffic-class multimedia-streaming class-map match-all MULTIMEDIA_STREAMING-DSCP class MULTIMEDIA_CONFERENCING-DSCP
set dscp cs6
match protocol attribute business-relevance business-relevant match dscp af31 bandwidth percent 10
class NETWORK_MANAGEMENT-NBAR
class-map match-all SIGNALING-NBAR class-map match-all TRANSACTIONAL_DATA-DSCP fair-queue
set dscp cs2
match protocol attribute traffic-class signaling match dscp af21 random-detect dscp-based
class TRANSACTIONAL_DATA-NBAR
match protocol attribute business-relevance business-relevant class-map match-all BULK_DATA-DSCP class MULTIMEDIA_STREAMING-DSCP
set dscp af21
class-map match-all NETWORK_CONTROL-NBAR match dscp af11 bandwidth percent 10
class BULK_DATA-NBAR
match protocol attribute traffic-class network-control class-map match-all SCAVENGER-DSCP fair-queue
set dscp af11
match protocol attribute business-relevance business-relevant match dscp cs1 random-detect dscp-based
class SCAVENGER-NBAR
class-map match-all NETWORK_MANAGEMENT-NBAR class TRANSACTIONAL_DATA-DSCP
set dscp cs1
match protocol attribute traffic-class ops-admin-mgmt bandwidth percent 10
class class-default
match protocol attribute business-relevance business-relevant fair-queue
set dscp default
class-map match-all TRANSACTIONAL_DATA-NBAR random-detect dscp-based
match protocol attribute traffic-class transactional-data class BULK_DATA-DSCP
match protocol attribute business-relevance business-relevant bandwidth percent 4

IOS XE 3.16+
class-map match-all BULK_DATA-NBAR fair-queue
match protocol attribute traffic-class bulk-data random-detect dscp-based
match protocol attribute business-relevance business-relevant class SCAVENGER-DSCP
class-map match-all SCAVENGER-NBAR bandwidth percent 1
match protocol attribute business-relevance business-irrelevant class class-default
bandwidth percent 25
fair-queue
random-detect dscp-based

114 Lines BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 149
Where Do We Want To Get To? (with AutoQoS 5.0)
class-map match-all VOICE-DSCP
policy-map LAN_EDGE-IN
class-map match-all VOICE-NBAR match dscp ef policy-map WAN_EDGE-OUT
class VOICE-NBAR
match protocol attribute traffic-class voip-telephony class-map match-all BROADCAST_VIDEO-DSCP class VOICE-DSCP
set dscp ef
match protocol attribute business-relevance business-relevant match dscp cs5 priority percent 10
class BROADCAST_VIDEO-NBAR
class-map match-all BROADCAST_VIDEO-NBAR class-map match-all REALTIME_INTERACTIVE-DSCP class BROADCAST_VIDEO-DSCP
set dscp cs5
match protocol attribute traffic-class broadcast-video match dscp cs4 priority percent 10
class REALTIME_INTERACTIVE-NBAR
match protocol attribute business-relevance business-relevant class-map match-all NETWORK_CONTROL-DSCP class REALTIME_INTERACTIVE-DSCP
set dscp cs4
class-map match-all REALTIME_INTERACTIVE-NBAR match dscp cs6 priority percent 13
class MULTIMEDIA_CONFERENCING-NBAR
match protocol attribute traffic-class real-time-interactive class-map match-all SIGNALING-DSCP class NETWORK_CONTROL-DSCP
set dscp af41
match protocol attribute business-relevance business-relevant match dscp cs3 bandwidth percent 2
class MULTIMEDIA_STREAMING-NBAR
class-map match-all MULTIMEDIA_CONFERENCING-NBAR class-map match-all NETWORK_MANAGEMENT-DSCP class SIGNALING-DSCP
set dscp af31
match protocol attribute traffic-class multimedia-conferencing match dscp cs2 bandwidth percent 2
class SIGNALING-NBAR
match protocol attribute business-relevance business-relevant class-map match-all MULTIMEDIA_CONFERENCING-DSCP class NETWORK_MANAGEMENT-DSCP
set dscp cs3
class-map match-all MULTIMEDIA_STREAMING-NBAR match dscp af41 bandwidth percent 3
class NETWORK_CONTROL-NBAR
match protocol attribute traffic-class multimedia-streaming class-map match-all MULTIMEDIA_STREAMING-DSCP class MULTIMEDIA_CONFERENCING-DSCP
auto qos srnd5 lan-edge
match protocol attribute business-relevance business-relevant
class-map match-all SIGNALING-NBAR
set dscp cs6
class NETWORK_MANAGEMENT-NBAR auto qos srnd5 wan-edge
match dscp af31
class-map match-all TRANSACTIONAL_DATA-DSCP
bandwidth percent 10
fair-queue
set dscp cs2
match protocol attribute traffic-class signaling match dscp af21 random-detect dscp-based
class TRANSACTIONAL_DATA-NBAR
match protocol attribute business-relevance business-relevant class-map match-all BULK_DATA-DSCP class MULTIMEDIA_STREAMING-DSCP
set dscp af21
class-map match-all NETWORK_CONTROL-NBAR match dscp af11 bandwidth percent 10
class BULK_DATA-NBAR
match protocol attribute traffic-class network-control class-map match-all SCAVENGER-DSCP fair-queue
set dscp af11
match protocol attribute business-relevance business-relevant match dscp cs1 random-detect dscp-based
class SCAVENGER-NBAR
class-map match-all NETWORK_MANAGEMENT-NBAR class TRANSACTIONAL_DATA-DSCP
set dscp cs1
match protocol attribute traffic-class ops-admin-mgmt bandwidth percent 10
class class-default
match protocol attribute business-relevance business-relevant fair-queue
set dscp default
class-map match-all TRANSACTIONAL_DATA-NBAR random-detect dscp-based
match protocol attribute traffic-class transactional-data class BULK_DATA-DSCP
match protocol attribute business-relevance business-relevant bandwidth percent 4

IOS XE 16.10
class-map match-all BULK_DATA-NBAR fair-queue
match protocol attribute traffic-class bulk-data random-detect dscp-based
match protocol attribute business-relevance business-relevant class SCAVENGER-DSCP
class-map match-all SCAVENGER-NBAR bandwidth percent 1
match protocol attribute business-relevance business-irrelevant class class-default
bandwidth percent 25
fair-queue
random-detect dscp-based

2 Lines BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 150
APIC-EM EasyQoS / 
DNA Centre Application Policy

151
Customer Challenges
• “It takes [us] 4 months and $1M to
push a QoS change…
• I view the administrator as being a
business analyst via a central
station without needing to have
any understanding of QoS models
and low level device attributes”
• —Wall Street Financial Customer

152
Customer Challenges

• “It took us 3 months to deploy a 2 line ACL

change across 10K devices, which slowed
down onboarding of our Jabber application.”
• —Cisco Network Architect

153
EasyQoS Solution

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 154
EasyQoS Solution

Network Operators express high-level

business-intent to APIC-EM EasyQoS

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 154
EasyQoS Solution
Applications can interact with APIC-EM via Northbound
APIs, informing the network of application-specific and
dynamic QoS requirements

Network Operators express high-level

business-intent to APIC-EM EasyQoS

Network Operators express high-level

business-intent to APIC-EM EasyQoS

EM Southbound APIs translate

business-intent to platform-
specific configurations

Wireless AP ASR/ISRs Wireless AP

Trust Boundary MQC Trust Boundary
PEP PEP
Catalyst 4500 Nexus 7700
4Q (WMM) 4Q (WMM)
1P7Q1T F3: 1P7Q1T

Catalyst 3650 Catalyst 6500 WLC Catalyst 2960-X

Trust Boundary 1P3Q4T PEP Trust Boundary
PEP 1P7Q4T PEP
2P6Q3T 2P6Q4T 1P3Q3T
…
BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 154
Deploy End-to-End DSCP-Based Queuing Policies

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 155
Deploy End-to-End DSCP-Based Queuing Policies
EasyQoS seamlessly interconnects all types of
hardware and software queuing models to achieve
consistent and compatible end-to-end treatments
aligned with the expressed business-intent
EM

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 155
EasyQoS Demo

156
“QoS rollouts were once 6-month
projects costing over $200K.
With Cisco APIC EM Easy QoS,
we will go from months to minutes
with nominal costs.”

Cisco Live Berlin Keynote Video (~21 min in)

https://www.ciscolive.com/online/connect/sessionDetail.ww?SESSION_ID=93610&backBtn=true

157
Your Choice:
Manual QoS Policy Intent-Based Application Policy
ip access-list extended APIC_EM-MM_STREAM-ACL
remark citrix - Citrix
permit tcp any any eq 1494
permit udp any any eq 1494
permit tcp any any eq 2598
permit udp any any eq 2598
remark citrix-static - Citrix-Static
permit tcp any any eq 1604
permit udp any any eq 1604
permit tcp any any range 2512 2513
permit udp any any range 2512 2513
remark pcoip - PCoIP
permit tcp any any eq 4172
permit udp any any eq 4172
permit tcp any any eq 5172
permit udp any any eq 5172
remark timbuktu - Timbuktu
permit tcp any any eq 407
permit udp any any eq 407
remark xwindows - XWindows
permit tcp any any range 6000 6003
remark vnc - VNC
permit tcp any any eq 5800
permit udp any any eq 5800
permit tcp any any range 5900 5901
permit udp any any range 5900 5901
exit
ip access-list extended APIC_EM-SIGNALING-ACL
remark h323 - H.323
permit tcp any any eq 1300 BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 158
permit udp any any eq 1300
match dscp cs4
match dscp af41
match dscp af42
match dscp af43
match dscp cs5
Your Choice:
exit

Manual QoS Policy

class-map match-any APIC_EM-CONTROL-QUEUE
match dscp cs2 Intent-Based Application Policy
match dscp cs3
match dscp cs6
match dscp cs7
exit
class-map match-any APIC_EM-MM_STREAM-QUEUE
match dscp af31
match dscp af32
match dscp af33
exit
class-map match-any APIC_EM-TRANS_DATA-QUEUE
match dscp af21
match dscp af22
match dscp af23
exit
class-map match-any APIC_EM-BULK_DATA-QUEUE
match dscp af11
match dscp af12
match dscp af13
exit
class-map match-any APIC_EM-SCAVENGER-QUEUE
match dscp cs1
exit
policy-map APIC_EM-QUEUING-2P6Q3T-OUT
class APIC_EM-VOICE-PQ1
priority level 1 percent 1
queue-buffers ratio 5
class APIC_EM-VIDEO-PQ2
priority level 2 percent 30
queue-buffers ratio 5
class APIC_EM-CONTROL-QUEUE
bandwidth remaining percent 10
queue-buffers ratio 5 BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 158
class APIC_EM-MM_STREAM-QUEUE
match dscp cs4
match dscp af41
match dscp af42
match dscp af43
match dscp cs5
Your Choice:
exit

Manual QoS Policy

https://cisco.box.com/v/QoS-AAGs
BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 159
DNA Application Assurance

Tim Szigeti

160
Cisco DNA Architecture

DNA Software Capabilities

Cloud Service Management

Automation Analytics

Virtualisation

DNA-Ready Physical and Virtual infrastructure

Security

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 161
Cisco DNA Architecture

DNA Software Capabilities

Cloud Service Management

Automation Analytics

Virtualisation

DNA-Ready Physical and Virtual infrastructure

Security

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 161
Cisco DNA Architecture

DNA Software Capabilities

Cloud Service Management

Automation Analytics

Virtualisation

DNA-Ready Physical and Virtual infrastructure

Security

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 161
Cisco DNA Architecture

DNA Software Capabilities

Cloud Service Management

Automation Analytics

Virtualisation

DNA-Ready Physical and Virtual infrastructure

Security

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 161
Cisco DNA Architecture—Automation and Analytics

Cloud Service Management

Automation Analytics

Virtualisation

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 162
Cisco DNA Architecture—Automation and Analytics

Cloud Service Management

Automation Analytics

Virtualisation
APIC-EM:
Application Policy
Infrastructure Controller—
Enterprise Module EM

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 162
Cisco DNA Architecture—Automation and Analytics

Cloud Service Management

Automation Analytics

Virtualisation
NCP
APIC-EM:
Application
Network Controller Policy
Platform NCP
Infrastructure Controller—
(Network Controller) EM
EM
Enterprise Module

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 162
Cisco DNA Architecture—Automation and Analytics

Cloud Service Management

Automation Analytics

Virtualisation
NCP
APIC-EM: NDP:
Application
Network Controller Policy
Platform Network Data Platform
NCP NDP
Infrastructure Controller—
(Network Controller) EM
EM EM
(Analytics Engine)
Enterprise Module

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 162
Cisco DNA Architecture—Automation and Analytics

Cloud Service Management

Automation Analytics

Virtualisation
NCP
NDP:
Network Controller Platform NCP NDP Network Data Platform
(Network Controller) EM EM (Analytics Engine)

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 163
Cisco DNA Architecture—Automation and Analytics

Cloud Service Management

Automation Analytics

Virtualisation
NCP
NDP:
Network Controller Platform NCP NDP Network Data Platform
(Network Controller) EM EM (Analytics Engine)

Abstraction layer

Delivering the Intent Intent

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 163
Cisco DNA Architecture—Automation and Analytics

Cloud Service Management

Automation Analytics

Virtualisation
NCP
NDP:
Network Controller Platform NCP NDP Network Data Platform
(Network Controller) EM EM (Analytics Engine)

Abstraction layer

Analysing the Outcome within

Delivering the Intent Intent Outcome the Context of the expressed
Intent

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 163
Cisco DNA Architecture—Automation and Analytics

Cloud Service Management

Automation Analytics

Virtualisation
NCP Assuring
the Intent NDP:
Network Controller Platform NCP NDP Network Data Platform
(Network Controller) EM EM (Analytics Engine)

Abstraction layer

Analysing the Outcome within

Delivering the Intent Intent Outcome the Context of the expressed
Intent

NCP NDP
EM EM

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 164
Cisco DNA Architecture—DNA Centre

NCP NDP
EM EM

DNA Centre Appliance

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 164
Cisco DNA Architecture—DNA Centre

DNA Centre User Interface

A single pane of glass for Design, Policy, Provisioning, and Assurance

NCP NDP
EM EM

DNA Centre Appliance

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 164
Cisco DNA Architecture—DNA Centre

DNA Centre User Interface

A single pane of glass for Design, Policy, Provisioning, and Assurance

NCP NDP
EM EM

DNA Centre Appliance

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 164
DNA Application Assurance

Source: PerfMon

Source: IP SLA

Source: ART

Source: Netflow

Source: PerfMon

Source: IP SLA

Source: ART

Source: Netflow

DNA Assurance uses multiple sources of data to generate a multi-dimensional Application Health Score,
including network metrics (like packet-loss, latency and jitter), as well as application-specific metrics.
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 166
Agenda
• Introduction to Strategic QoS Design
• WAN / IWAN QoS Design
• Campus QoS Design
• WLAN QoS Design
• Automating and Assuring QoS
• Summary and References
• Appendices

167
Summary and
References

168
Enterprise QoS Design Summary
Part 1: QoS in DNA

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 169
Enterprise QoS Design Summary
Part 1: QoS in DNA
• Cisco has adopted a new paradigm for QoS focusing on policy-abstraction
• Articulate business intent as a strategic end-to-end policy
• Device-specific tactical policies reflect strategic policy with maximum fidelity
• Cisco platform-specific features and controller-based applications all revolve around this
paradigm, including:
• NBAR QoS Attributes (LAN & WAN)
• IWAN & IWAN App
• FastLane for iOS for WLAN
• EasyQoS & DNA Centre Application Policy
• DNA Assurance
• Cisco’s DNA architecture combines hardware, software, automation and analytics to deliver
“powerful yet simple” solutions for application experience

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 169
Enterprise QoS Design Summary
Part 2: WAN & IWAN QoS Design

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 170
Enterprise QoS Design Summary
Part 2: WAN & IWAN QoS Design
• Use new NBAR2 QoS Attributes (traffic-class and business-relevance) to mark on LAN
edges
• Design WAN/IWAN edge policies to address:
• QoS Scheduling
• Aggregate priority load
• IPSec Anti-Replay
• Know and leverage WAN edge tools, including:
• Hierarchical QoS policies for sub-line-rate interfaces
• DMVPN Per-Tunnel QoS for IWAN
• Enterprise-to-SP Mapping Models
• Or … just click on the easy button with IWAN App

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 170
Enterprise QoS Design Summary
Part 3: Campus QoS Design

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 171
Enterprise QoS Design Summary
Part 3: Campus QoS Design
• Campus QoS is key to managing packet loss due to instantaneous buffer
overruns which are very common in oversubscribed campus networks
• Know your QoS toolset, as hardware features and software syntax vary from
platform-to-platform
• Cisco provides At-A-Glance Guides to get you up-and-running quickly, as well as
detailed Cisco Validated Design Guides

qos
BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 171
Enterprise QoS Design Summary
Part 4: WLAN QoS Design

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 172
Enterprise QoS Design Summary
Part 4: WLAN QoS Design
• Design your RF for Voice Efficiency

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 172
Enterprise QoS Design Summary
Part 4: WLAN QoS Design
• Design your RF for Voice Efficiency
• Restructure upstream and downstream marking and trust
• Use Platinum for your WLANs
• Apply efficient EDCA if possible; CAC if needed

qos
BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 172
Enterprise QoS Design Summary
Parts 5: Looking Ahead

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 173
Enterprise QoS Design Summary
Parts 5: Looking Ahead
• Cisco campus hardware will converge on UADP
• this will finally realise the long-held goal of a single hardware queuing model for access,
distribution/aggregation and core
• Cisco routing, switching and wireless software will converge on IOS XE
• All QoS policies will expressed via MQC
• Cisco will continue to simplify the automation of QoS features
• AutoQoS 5.0
• Cisco is complementing QoS automation with an analytics and assurance to correlate
disparate data-sources, identify anomalies and guide the troubleshooting of
application quality issues

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 173
IWAN Cisco Validated Design (CVD) Guide

https://www.cisco.com/c/dam/en/us/td/docs/solutions/CVD/Sep2017/CVD-IWANDeployment-SEP17.pdf
BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 174
EasyQoS Cisco Validated Design (CVD) Guide

https://www.cisco.com/c/en/us/td/docs/solutions/CVD/Dec2017/APIC-EM-EasyQoS-DesignGuide-Dec2017.html

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 175
Recommended Reading 
End-to-End QoS (v2)
• Release Date: Jan 2014
• Page Count: 1040
• Comprehensive QoS design
guidance for PINs and platforms:
• Campus Catalyst 3750/4500/6500
• WLAN WLC 5508 / Catalyst 3850 NGWC
• Data Centre Nexus 1000V/2000/5500/7000
• WAN & Branch Cisco ASR 1000 / ISR G2
• MPLS VPN Cisco ASR 9000 / CRS-3
• IPSec VPNs Cisco ISR G2
• ISBN: 1-58714-369-0
http://www.amazon.com/End---End-QoS-Network-Design/dp/1587143690/

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 176
Recommended Reading 
End-to-End QoS (v2)
• Release Date: Jan 2014
• Page Count: 1040
• Comprehensive QoS design
guidance for PINs and platforms:
• Campus Catalyst 3750/4500/6500
• WLAN WLC 5508 / Catalyst 3850 NGWC
• Data Centre Nexus 1000V/2000/5500/7000
• WAN & Branch Cisco ASR 1000 / ISR G2
• MPLS VPN Cisco ASR 9000 / CRS-3
• IPSec VPNs Cisco ISR G2
• ISBN: 1-58714-369-0
http://www.amazon.com/End---End-QoS-Network-Design/dp/1587143690/

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 177
Recommended Reading 
End-to-End QoS (v2)
• Release
Amazon.com Date:
Overall Jan
Rating: 2014
“The best ever book on QoS on the market. Bravo to the author.”
• Page Count: 1040
“AWESOME RESUME OF QoS TECHNOLOGIES”
• Comprehensive QoS design
“I strongly recommend this book to anyone working with Cisco infrastructure.”
guidance for PINs and platforms:
“This book is an all-encompassing presentation and tutorial on Cisco Quality of
Campus Catalyst 3750/4500/6500
• (QoS)”
Service
• WLAN WLC 5508 / Catalyst 3850 NGWC
“QoS is intimidating; however, this book is a tremendous resource that will ease your
• Data Centre Nexus 1000V/2000/5500/7000
anxiety.”
• WAN
“This book is kept& Branch
in my Cisco
cubicle and ASRfilled
is already 1000with/ highlights,
ISR G2 notes in the
margin, MPLS
• and VPN Cisco
many dog-eared pages.”
ASR 9000 / CRS-3
IPSec
“QOS •is often VPNs Cisco
misunderstood, and heISR G2 it very well. The explanations are
explains
thorough to help understand each case”
• ISBN: 1-58714-369-0
http://www.amazon.com/End---End-QoS-Network-Design/dp/1587143690/

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 177
WE NO LONGER Recommended Reading 
End-to-End QoS (v2) (USE EASYQOS INSTEAD)
Amazon.com Overall Rating:
Release Date: Jan 2014
• best ever book on QoS on the market. Bravo to the author.”
“The

“AWESOME RESUME OF QoS TECHNOLOGIES”

• Page Count: 1040
“I strongly recommend this book to anyone working with Cisco infrastructure.”
• Comprehensive QoS design
“This book is an all-encompassing presentation and tutorial on Cisco Quality of
guidance for PINs and platforms:
Service (QoS)”
• Campus Catalyst 3750/4500/6500
“QoS is intimidating; however, this book is a tremendous resource that will ease your
• WLAN WLC 5508 / Catalyst 3850 NGWC
anxiety.”

Data
“This• book Centre
is kept Nexus
in my cubicle and1000V/2000/5500/7000
is already filled with highlights, notes in the
margin, and many dog-eared pages.”
• WAN & Branch Cisco ASR 1000 / ISR G2
“QOS• isMPLS VPN Cisco
often misunderstood, andASR 9000 it/ very
he explains CRS-3well. The explanations are
thorough to help understand each case”
• IPSec VPNs Cisco ISR G2

• ISBN: 1-58714-369-0
http://www.amazon.com/End---End-QoS-Network-Design/dp/1587143690/

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 178
Next Steps: Download APIC-EM (and EasyQOS App)
FREE Download at: cisco.com/go/apicem

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 179
Q&A

180
Complete Your Online  
Session Evaluation
• Give us your feedback and receive
a Cisco Live 2018 Cap by
completing the overall event
evaluation and 5 session
evaluations.
• All evaluations can be completed
via the Cisco Live Mobile App.

Don’t forget: Cisco Live sessions will be

available for viewing on demand after the
event at www.CiscoLive.com/Global.

182
Appendix A—IWAN
QoS Design

184
Aggregate Priority Load
Priority Propagation / Passing Lanes
Police Police Police
150K 4.5M 1M

priority data class-default priority data class-default

priority data class-default

P1 P1 P1

Priority traffic is always

serviced first at each level
of the QoS scheduling
hierarchy

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 185
Aggregate Priority Load
Priority Propagation / Passing Lanes
Police Police Police
150K 4.5M 1M

priority data class-default priority data class-default

priority data class-default

P1 P1 P1

Priority traffic is always

serviced first at each level
of the QoS scheduling
hierarchy

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 185
Aggregate Priority Load
Priority Propagation / Passing Lanes
Police Police Police
150K 4.5M 1M

priority data class-default priority data class-default

priority data class-default

P1 P1 P1

Priority traffic is always

serviced first at each level
of the QoS scheduling
hierarchy

To Physical
BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 185
Aggregate Priority Load
IWAN Conclusion
• For Voice, use an Always On policer, rather than a Conditional policer
class VOICE
priority level 1
police cir percent 10

Always On Police
Policer 10%

voice data class-default

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 186
Aggregate Priority Load
IWAN Conclusion
• For Voice, use an Always On policer, rather than a Conditional policer
class VOICE
priority level 1
police cir percent 10

• For Video, use a Bandwidth Remaining Percent (BWR) queue with DSCP-based WRED,
rather than a level 2 Priority queue
class INTERACTIVE-VIDEO
bandwidth remaining percent 30 Always On Police BWR Class-Based WFQ
random-detect dscp-based Policer 10% 30% DSCP-based WRED

voice data video class-default

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 186
IPsec Anti-Replay
Message Integrity

• Designed to identify packet capture/replay by 3rd party — Message Integrity

• Sender assigns sequence number per Security Association (SA) to encrypted
packets
• Receiver maintains 64 packet sliding window by default

Default 64 Packet Sliding Window

1 2 3 4 64

Packet Flow into Router

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 187
IPsec Anti-Replay
Message Integrity

• Designed to identify packet capture/replay by 3rd party — Message Integrity

• Sender assigns sequence number per Security Association (SA) to encrypted
packets
• Receiver maintains 64 packet sliding window by default

Default 64 Packet Sliding Window

1 2 3 4 64 65 66 67

Packet Flow into Router

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 187
IPsec Anti-Replay
Message Integrity

• Designed to identify packet capture/replay by 3rd party — Message Integrity

• Sender assigns sequence number per Security Association (SA) to encrypted
packets
• Receiver maintains 64 packet sliding window by default

Default 64 Packet Sliding Window

1 2 3 4 64 65 66 67

Packet Flow into Router

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 188
IPsec Anti-Replay
Message Integrity

• Designed to identify packet capture/replay by 3rd party — Message Integrity

• Sender assigns sequence number per Security Association (SA) to encrypted
packets
• Receiver maintains 64 packet sliding window by default

• Window moves right to Default 64 Packet Sliding Window

include higher sequence
numbers 1 2 3 4 64 65 66 67

• Window marks packets as Packet Flow into Router

received or not

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 188
IPsec Anti-Replay
Message Integrity

• Designed to identify packet capture/replay by 3rd party — Message Integrity

• Sender assigns sequence number per Security Association (SA) to encrypted
packets
• Receiver maintains 64 packet sliding window by default

• Window moves right to Default 64 Packet Sliding Window

include higher sequence
numbers 4 64 65 66 67

• Window marks packets as 1 2 3 Packet Flow into Router

received or not
Anti-Replay
• Packets to the left of the Drops
window are dropped

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 188
IPsec Anti-Replay and QoS
IWAN Conclusion

Crypto Engine 23 22 21
(Adds Sequence
Packets In Number)

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 189
IPsec Anti-Replay and QoS
IWAN Conclusion

Crypto Engine 23 22 21 Enqueue

(Adds Sequence
Packets In Number)
Police

25
• On a congested interface, a low-priority packet may be
delayed by queuing, and then, arrive at the next router after Dropped 28
the anti-replay window has been exceeded 26 23 27
By Policer
• Also, if an encrypted packet arrives out of sequence by the 24 22 21 Queue
window size (default is 64 packets), the packet is dropped Tail Drop
• Increasing the anti-replay window size has no impact on priority data class-default

throughput or security
• The impact on memory is insignificant because only an extra
128 bytes per incoming IPsec SA is needed P1

23 27 21 22 26 24

Packets Out
BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 189
IPsec Anti-Replay and QoS
IWAN Conclusion

Crypto Engine 23 22 21 Enqueue

(Adds Sequence
Packets In Number)
Police

throughput or security
• The impact on memory is insignificant because only an extra
128 bytes per incoming IPsec SA is needed P1

Use the maximum replay window-size of 1024 for each

supported platform

23 27 21 22 26 24
crypto ipsec security-association replay window-size 1024
Packets Out
BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 189
QoS Tools Review: Queuing & Dropping Tools 
Bandwidth Percent vs Bandwidth Remaining Percent

Bandwidth Percent specifies bandwidth allocation as a percentage of the value entered

in the bandwidth command on the interface
• Bandwidth percentages have to take into account priority percent values
• They have to be adjusted when priority bandwidth values are changed

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 190
QoS Tools Review: Queuing & Dropping Tools 
Bandwidth Percent vs Bandwidth Remaining Percent

Bandwidth Percent specifies bandwidth allocation as a percentage of the value entered

in the bandwidth command on the interface
• Bandwidth percentages have to take into account priority percent values
• They have to be adjusted when priority bandwidth values are changed

Bandwidth Remaining Percent specifies bandwidth allocation as a percentage of the

bandwidth value that has not been allocated to priority classes
• Bandwidth remaining percentages must equal 100%
• The bandwidth automatically adjusts when priority bandwidth values are changed

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 190
QoS Tools Review: Queuing & Dropping Tools 
Bandwidth Percent vs Bandwidth Remaining Percent

Bandwidth Percent specifies bandwidth allocation as a percentage of the value entered

in the bandwidth command on the interface
• Bandwidth percentages have to take into account priority percent values
• They have to be adjusted when priority bandwidth values are changed

Bandwidth Remaining Percent specifies bandwidth allocation as a percentage of the

bandwidth value that has not been allocated to priority classes
• Bandwidth remaining percentages must equal 100%
• The bandwidth automatically adjusts when priority bandwidth values are changed

The two features cannot be used in the same policy map

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 190
QoS Tools Review: Queuing & Dropping Tools 
Bandwidth Percent vs Bandwidth Remaining Percent

Bandwidth Percent specifies bandwidth allocation as a percentage of the value entered

in the bandwidth command on the interface
• Bandwidth percentages have to take into account priority percent values
• They have to be adjusted when priority bandwidth values are changed

Bandwidth Remaining Percent specifies bandwidth allocation as a percentage of the

bandwidth value that has not been allocated to priority classes
• Bandwidth remaining percentages must equal 100%
• The bandwidth automatically adjusts when priority bandwidth values are changed

The two features cannot be used in the same policy map

Examples:
Bandwidth Percent (BWP)

Service Rate Bandwidth = 10Mbps

Priority Queue 10% = 1 Mbps
BWP of 30% = 10 x .30 = 3.0 Mbps

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 190
QoS Tools Review: Queuing & Dropping Tools 
Bandwidth Percent vs Bandwidth Remaining Percent

Bandwidth Percent specifies bandwidth allocation as a percentage of the value entered

in the bandwidth command on the interface
• Bandwidth percentages have to take into account priority percent values
• They have to be adjusted when priority bandwidth values are changed

Bandwidth Remaining Percent specifies bandwidth allocation as a percentage of the

bandwidth value that has not been allocated to priority classes
• Bandwidth remaining percentages must equal 100%
• The bandwidth automatically adjusts when priority bandwidth values are changed

The two features cannot be used in the same policy map

Examples:
Bandwidth Percent (BWP) Bandwidth Remaining Percent (BWR)
Service Rate Bandwidth = 10Mbps Service Rate Bandwidth = 10Mbps
Priority Queue 10% = 1 Mbps Priority Queue 10% = 1 Mbps
BWP of 30% = 10 x .30 = 3.0 Mbps BWR of 30% = 10 – 1 = 9 x .30 = 2.7 Mbps

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 190
QoS Tools Review: Queuing & Dropping Tools 
Bandwidth Percent vs Bandwidth Remaining Percent

Bandwidth Percent specifies bandwidth allocation as a percentage of the value entered

in the bandwidth command on the interface
• Bandwidth percentages have to take into account priority percent values
• They have to be adjusted when priority bandwidth values are changed

Bandwidth Remaining Percent specifies bandwidth allocation as a percentage of the

bandwidth value that has not been allocated to priority classes
• Bandwidth remaining percentages must equal 100%
• The bandwidth automatically adjusts when priority bandwidth values are changed

The two features cannot be used in the same policy map

Examples:
Bandwidth Percent (BWP) Bandwidth Remaining Percent (BWR) PQ Change in Value

Service Rate Bandwidth = 10Mbps Service Rate Bandwidth = 10Mbps Service Rate Bandwidth = 10Mbps
Priority Queue 10% = 1 Mbps Priority Queue 10% = 1 Mbps Priority Queue 20% = 2 Mbps
BWP of 30% = 10 x .30 = 3.0 Mbps BWR of 30% = 10 – 1 = 9 x .30 = 2.7 Mbps BWR of 30% = 10 – 2 = 8 x .30 = 2.4 Mbps

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 190
Bandwidth Remaining Ratio 
IWAN Details

Bandwidth Remaining Ratio (BRR) provides proportional sharing to parent shapers during times of
congestion.
If you over-subscribe your hub BR outbound bandwidth with per-tunnel policies that exceed the
service rate, the BRR commands on each parent policy means they will get their “fair share” of the
remaining bandwidth as compared to the other branch sites.
• If all the per-tunnel BW amounts are 5 Mbps or greater, we use a BRR value of BW / 1 Mbps. (i.e. 10 Mbps is BRR of 10,
50 Mbps is BRR of 50, etc.)

• If any of the per-tunnel BW values are less than 5 Mbps, we use a BRR value of BW / 100 Kbps. (i.e. 3 Mbps is BRR of
30, 1.5 Mbps is BRR of 15, etc.)

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 191
Bandwidth Remaining Ratio 
IWAN Details

• If any of the per-tunnel BW values are less than 5 Mbps, we use a BRR value of BW / 100 Kbps. (i.e. 3 Mbps is BRR of
30, 1.5 Mbps is BRR of 15, etc.)

Per-Tunnel shapers When the total bandwidth exceeds 100 Mbps, each
50 Mbps BRR=50
Service rate of the per-tunnel shapers will get their fair share
shaper based on their BRR values.
50 Mbps BRR=50

20 Mbps BRR=20
Shape Example:
(100 Mbps) 50 Mbps site gets 50 / 160 or 31.25%
20 Mbps BRR=20

20 Mbps site gets 20 / 160 or 12.5%

10 Mbps BRR=10
10 Mbps site gets 10 / 160 or 6.25%
10 Mbps BRR=10

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 191
Multiple Sender QoS for Hub Routers
Bandwidth Sharing Between Multiple Senders

Hub BR1 (MNH/MDC) Hub BR2 (MNH/MDC)

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 192
Multiple Sender QoS for Hub Routers
Bandwidth Sharing Between Multiple Senders

Hub BR1 (MNH/MDC) Hub BR2 (MNH/MDC)

Remote Site
Inbound Service Rate

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 192
Multiple Sender QoS for Hub Routers
Bandwidth Sharing Between Multiple Senders
• Bandwidth can exceed 100% of the remote-site inbound
Service Rate using a calculated oversubscription of ~ 1.6:1
• Bandwidth has to be divided equally due to one NHRP group
• QoS child policies do not have to be the same per Sender but
DSCP markings must match for PfR TC channels to establish

Hub BR1 (MNH/MDC) Hub BR2 (MNH/MDC)

Remote Site
Inbound Service Rate

Hub BR1 (MNH/MDC) Hub BR2 (MNH/MDC)

To avoid unwanted SP drops of voice

traffic, priority traffic from all senders Remote Site
should not exceed the remote site Inbound Service Rate
inbound service rate

Hub BR1 (MNH/MDC) Hub BR2 (MNH/MDC)

80% BW 80% BW
• Total bandwidth should not
exceed 160% of remote-site
inbound Service Rate

To avoid unwanted SP drops of voice

traffic, priority traffic from all senders Remote Site
should not exceed the remote site Inbound Service Rate
inbound service rate

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 192
Multiple Sender QoS for Hub Routers
Bandwidth Sharing Between Multiple Senders
• Bandwidth can exceed 100% of the remote-site inbound • As the number of senders increase, the percentages need to
Service Rate using a calculated oversubscription of ~ 1.6:1 come down accordingly based on the network administrators
• Bandwidth has to be divided equally due to one NHRP group knowledge of their traffic patterns
• QoS child policies do not have to be the same per Sender but
DSCP markings must match for PfR TC channels to establish

Hub BR1 (MNH/MDC) Hub BR2 (MNH/MDC)

80% BW 80% BW
• Total bandwidth should not
exceed 160% of remote-site
inbound Service Rate

To avoid unwanted SP drops of voice

traffic, priority traffic from all senders Remote Site
should not exceed the remote site Inbound Service Rate
inbound service rate

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 192
Multiple Sender QoS for Hub Routers
Bandwidth Sharing Between Multiple Senders
• Bandwidth can exceed 100% of the remote-site inbound • As the number of senders increase, the percentages need to
Service Rate using a calculated oversubscription of ~ 1.6:1 come down accordingly based on the network administrators
• Bandwidth has to be divided equally due to one NHRP group knowledge of their traffic patterns
• QoS child policies do not have to be the same per Sender but
DSCP markings must match for PfR TC channels to establish

Hub BR1 (MNH/MDC) Hub BR2 (MNH/MDC) Remote Site Example:

50 Mb/s *.80 = 40 Mb/s per Hub BR

80% BW 80% BW
• Total bandwidth should not
exceed 160% of remote-site
inbound Service Rate

To avoid unwanted SP drops of voice

traffic, priority traffic from all senders Remote Site
should not exceed the remote site Inbound Service Rate
inbound service rate

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 192
Multiple Sender QoS for Hub Routers
Bandwidth Sharing Between Multiple Senders
• Bandwidth can exceed 100% of the remote-site inbound • As the number of senders increase, the percentages need to
Service Rate using a calculated oversubscription of ~ 1.6:1 come down accordingly based on the network administrators
• Bandwidth has to be divided equally due to one NHRP group knowledge of their traffic patterns
• QoS child policies do not have to be the same per Sender but
DSCP markings must match for PfR TC channels to establish

Hub BR1 (MNH/MDC) Hub BR2 (MNH/MDC) Remote Site Example:

50 Mb/s *.80 = 40 Mb/s per Hub BR

Branch Tunnel Interface

interface Tunnel10
bandwidth receive 50000
nhrp nhs 10.6.34.1 nbma 192.168.6.1 multicast
nhrp nhs 10.6.34.2 nbma 192.168.6.41 multicast
80% BW 80% BW nhrp group RS-GROUP-50MBPS-80

• Total bandwidth should not

exceed 160% of remote-site Hub Policy
inbound Service Rate policy-map RS-GROUP-50MBPS-80-POLICY
class class-default
description 80% of 50 Mbps
shape average 40 Mbps
bandwidth remaining ratio 40
service-policy WAN

To avoid unwanted SP drops of voice

traffic, priority traffic from all senders Remote Site
should not exceed the remote site Inbound Service Rate
inbound service rate

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 192
Multiple Sender QoS for Hub Routers
Bandwidth Sharing Between Multiple Senders
• Bandwidth can exceed 100% of the remote-site inbound • As the number of senders increase, the percentages need to
Service Rate using a calculated oversubscription of ~ 1.6:1 come down accordingly based on the network administrators
• Bandwidth has to be divided equally due to one NHRP group knowledge of their traffic patterns
• QoS child policies do not have to be the same per Sender but
DSCP markings must match for PfR TC channels to establish

Hub BR1 (MNH/MDC) Hub BR2 (MNH/MDC) Remote Site Example:

50 Mb/s *.80 = 40 Mb/s per Hub BR

Branch Tunnel Interface

interface Tunnel10
bandwidth receive 50000
nhrp nhs 10.6.34.1 nbma 192.168.6.1 multicast
nhrp nhs 10.6.34.2 nbma 192.168.6.41 multicast
80% BW 80% BW nhrp group RS-GROUP-50MBPS-80

• Total bandwidth should not

To avoid unwanted SP drops of voice

traffic, priority traffic from all senders Remote Site
should not exceed the remote site Inbound Service Rate
inbound service rate

Default VRF Contractor VRF Guest VRF IOT VRF

VRF = Virtual Routing and Forwarding

Default VRF Contractor VRF Guest VRF IOT VRF

Grandparent Shaping
Policy on Physical
Shape for Outbound
Service Rate

To Physical

VRF = Virtual Routing and Forwarding

Default VRF Contractor VRF Guest VRF IOT VRF

Aggregate Priority Load:

Priority traffic from all
VRFs cannot exceed the Grandparent Shaping
hub BR outbound service Policy on Physical
rate
Shape for Outbound
Service Rate

To Physical

VRF = Virtual Routing and Forwarding

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 193
Multiple VRF QoS for Hub Routers
Bandwidth Sharing Between Multiple VRF Tunnels
• Bandwidth can exceed 100% of the remote-site inbound Service
Rate using an oversubscription ratio of ~ 2:1
• Bandwidth does not have to be divided equally between VRFs
• QoS policies do not have to be the same per VRF

Default VRF Contractor VRF Guest VRF IOT VRF

Aggregate Priority Load:

Priority traffic from all
VRFs cannot exceed the Grandparent Shaping
hub BR outbound service Policy on Physical
rate
Shape for Outbound
Service Rate

To Physical

VRF = Virtual Routing and Forwarding

Default VRF Contractor VRF Guest VRF IOT VRF

75% BW 75% BW 40% BW 10% BW

• Total bandwidth for VRFs should

not exceed 200% of remote-site
inbound Service Rate as
oversubscription traffic will be Aggregate Priority Load:
dropped in the SP cloud Priority traffic from all
VRFs cannot exceed the Grandparent Shaping
• Bandwidth for Guest traffic is
hub BR outbound service Policy on Physical
normally less than non-Guest rate
• Bandwidth for low volume VRFs Shape for Outbound
like IOT and PCI should use a Service Rate
much smaller percentage
To Physical

VRF = Virtual Routing and Forwarding

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 193
Multiple VRF QoS for Hub Routers
Bandwidth Sharing Between Multiple VRF Tunnels
• Bandwidth can exceed 100% of the remote-site inbound Service • As the number of VRFs increase, the percentages need to come
Rate using an oversubscription ratio of ~ 2:1 down accordingly based on the network administrators knowledge
• Bandwidth does not have to be divided equally between VRFs of their traffic patterns
• QoS policies do not have to be the same per VRF

Default VRF Contractor VRF Guest VRF IOT VRF

75% BW 75% BW 40% BW 10% BW

• Total bandwidth for VRFs should

VRF = Virtual Routing and Forwarding

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 193
Multiple VRF QoS for Hub Routers
Bandwidth Sharing Between Multiple VRF Tunnels
• Bandwidth can exceed 100% of the remote-site inbound Service • As the number of VRFs increase, the percentages need to come
Rate using an oversubscription ratio of ~ 2:1 down accordingly based on the network administrators knowledge
• Bandwidth does not have to be divided equally between VRFs of their traffic patterns
• QoS policies do not have to be the same per VRF

Default VRF Contractor VRF Guest VRF IOT VRF

75% BW 75% BW 40% BW 10% BW

Remote Site Example:

40 Mb/s *.75 = 30 Mb/s per VRF
• Total bandwidth for VRFs should 40 Mb/s *.40 = 16 Mb/s per VRF
not exceed 200% of remote-site 40 Mb/s *.10 = 4 Mb/s per VRF
inbound Service Rate as
oversubscription traffic will be Aggregate Priority Load:
dropped in the SP cloud Priority traffic from all
VRFs cannot exceed the Grandparent Shaping
• Bandwidth for Guest traffic is
hub BR outbound service Policy on Physical
normally less than non-Guest rate
• Bandwidth for low volume VRFs Shape for Outbound
like IOT and PCI should use a Service Rate
much smaller percentage
To Physical

VRF = Virtual Routing and Forwarding

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 193
Multiple VRF QoS for Hub Routers
Bandwidth Sharing Between Multiple VRF Tunnels
• Bandwidth can exceed 100% of the remote-site inbound Service • As the number of VRFs increase, the percentages need to come
Rate using an oversubscription ratio of ~ 2:1 down accordingly based on the network administrators knowledge
• Bandwidth does not have to be divided equally between VRFs of their traffic patterns
• QoS policies do not have to be the same per VRF

Default VRF Contractor VRF Guest VRF IOT VRF

75% BW 75% BW 40% BW 10% BW

Remote Site Example:

40 Mb/s *.75 = 30 Mb/s per VRF
• Total bandwidth for VRFs should 40 Mb/s *.40 = 16 Mb/s per VRF
not exceed 200% of remote-site 40 Mb/s *.10 = 4 Mb/s per VRF
inbound Service Rate as
Default VRF / Contractor VRF
oversubscription traffic will be Aggregate Priority Load:
interface Tunnel101
dropped in the SP cloud Priority traffic from all
VRFs cannot exceed the Grandparent Shaping bandwidth receive 40000
• Bandwidth for Guest traffic is nhrp group RS-GROUP-40MBPS-75
hub BR outbound service Policy on Physical
normally less than non-Guest rate Guest VRF
• Bandwidth for low volume VRFs Shape for Outbound
interface Tunnel103
like IOT and PCI should use a Service Rate bandwidth receive 40000
nhrp group RS-GROUP-40MBPS-40
much smaller percentage
To Physical IOT VRF
interface Tunnel104
bandwidth receive 40000
nhrp group RS-GROUP-40MBPS-10

VRF = Virtual Routing and Forwarding

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 194
Multiple VRF QoS for Branch
• Using normal IWAN recommendations, QoS policy is applied to the physical interface at an IWAN
remote site which means all VRFs share the same QoS policy by default
• If you want to use different QoS policies for each VRF, you can deploy per-tunnel QoS in the spoke to
hub direction using the same tools and limitations described on the previous slide

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 194
Enterprise to SP Mapping 
ToS Byte Preservation
The 12-class view is preserved across the enterprise even though we treat it differently at the egress
of the router and send it to different channels within the SP network
The twelve classes remain intact on the inner header and the outer tunnel header is remarked as
the traffic leaves the tunnel interface
The remarked outer header is discarded after arriving at the tunnel interface on the receiving router,
thus leaving the inner header marking unchanged

IP Packet

ToS
IP HDR IP Payload

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 195
Enterprise to SP Mapping 
ToS Byte Preservation
The 12-class view is preserved across the enterprise even though we treat it differently at the egress
of the router and send it to different channels within the SP network
The twelve classes remain intact on the inner header and the outer tunnel header is remarked as
the traffic leaves the tunnel interface
The remarked outer header is discarded after arriving at the tunnel interface on the receiving router,
thus leaving the inner header marking unchanged

IP Packet

ToS
IP HDR IP Payload

GRE Tunnel

GRE

ToS
IP HDR IP HDR IP Payload
HDR

IP Packet

ToS
IP HDR IP Payload

GRE Tunnel

GRE

ToS
IP HDR IP HDR IP Payload
HDR

IPSec Tunnel mode

ESP ESP
ToS

IP HDR ESP HDR IP HDR IP Payload Trailer Auth

IP Packet

ToS
By default, ToS byte IP HDR IP Payload
is copied to the new
IP Header
GRE Tunnel

GRE
ToS

ToS
IP HDR IP HDR IP Payload
HDR

IPSec Tunnel mode

ESP ESP
ToS

ToS

IP HDR ESP HDR IP HDR IP Payload Trailer Auth

10.1.0.1

Gig0/0/0
10.1.0.2

Gig0/0/1
192.168.0.1

SP
Tunnel Network

192.168.0.2

Tun10
172.16.0.2
10.3.0.2

10.3.0.1

Term-B

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 196
Enterprise to SP Mapping  Video Flow from
Set dscp tunnel outbound on tunnel (Hub) Term-A
Term-A To Term-B
Packet View 1

class-map match-all MULTIMEDIA_CONFERENCING-NBAR 10.1.0.1 User IP

L2 Dest L2 Src Type User Data
match protocol attribute traffic-class multimedia-conferencing Header
Gig0/0/0
match protocol attribute business-relevance business-relevant 10.1.0.2 Src IP: 10.1.0.1
Dst IP: 10.3.0.1
DSCP: 0
policy-map INGRESS-MARKING
class MULTIMEDIA_CONFERENCING-NBAR
set dscp af41

interface GigabitEthernet0/0/0
service-policy input INGRESS-MARKING
Gig0/0/1
192.168.0.1

SP
Tunnel Network

192.168.0.2

Tun10
172.16.0.2
10.3.0.2

10.3.0.1

Term-B

class-map match-all MULTIMEDIA_CONFERENCING-NBAR 10.1.0.1 User IP

interface GigabitEthernet0/0/0 Src IP: 10.1.0.1

service-policy input INGRESS-MARKING Dst IP: 10.3.0.1
DSCP: af41
Gig0/0/1
192.168.0.1

SP
Tunnel Network

192.168.0.2

Tun10
172.16.0.2
10.3.0.2

10.3.0.1

Term-B

class-map match-all MULTIMEDIA_CONFERENCING-NBAR 10.1.0.1 User IP

interface GigabitEthernet0/0/0 Tun10 Src IP: 10.1.0.1

172.16.0.1 Dst IP: 10.3.0.1
service-policy input INGRESS-MARKING DSCP: af41
Gig0/0/1
192.168.0.1

SP
class-map INTERACTIVE-VIDEO Tunnel Network
match dscp af41

policy-map RS-GROUP-10MBPS-POLICY
class INTERACTIVE-VIDEO 192.168.0.2
set dscp tunnel af31 Tun10
172.16.0.2
interface Tunnel10 10.3.0.2
nhrp map group RS-GROUP-10MBPS service-policy
output RS-GROUP-10MBPS-POLICY

10.3.0.1

Term-B

class-map match-all MULTIMEDIA_CONFERENCING-NBAR 10.1.0.1 User IP

interface GigabitEthernet0/0/0 Tun10 Src IP: 10.1.0.1

172.16.0.1 Dst IP: 10.3.0.1
service-policy input INGRESS-MARKING DSCP: af41
Gig0/0/1 Packet View 3
192.168.0.1
Tunnel IP User IP
L2 Dest L2 Src Type User Data
Header Header
SP
class-map INTERACTIVE-VIDEO Tunnel Network Src IP: 10.1.0.1
Dst IP: 10.3.0.1
match dscp af41 DSCP: af41

10.3.0.1

Term-B

class-map match-all MULTIMEDIA_CONFERENCING-NBAR 10.1.0.1 User IP

interface GigabitEthernet0/0/0 Tun10 Src IP: 10.1.0.1

172.16.0.1 Dst IP: 10.3.0.1
service-policy input INGRESS-MARKING DSCP: af41
Gig0/0/1 Packet View 3
192.168.0.1
Tunnel IP User IP
L2 Dest L2 Src Type User Data
Header Header
SP
class-map INTERACTIVE-VIDEO Tunnel Network Src IP: 172.16.0.1
Dst IP: 172.16.0.2
Src IP: 10.1.0.1
Dst IP: 10.3.0.1
match dscp af41 DSCP: af31 DSCP: af41

policy-map RS-GROUP-10MBPS-POLICY
class INTERACTIVE-VIDEO
Marking the
192.168.0.2
‘Set dscp tunnel’ means don’t copy
set dscp tunnel af31
Tunnel IP header Tun10
172.16.0.2 but instead remember and mark this
interface Tunnel10 10.3.0.2 value once tunnel header is imposed
nhrp map group RS-GROUP-10MBPS service-policy
output RS-GROUP-10MBPS-POLICY

10.3.0.1

Term-B

class-map match-all MULTIMEDIA_CONFERENCING-NBAR 10.1.0.1 User IP

interface GigabitEthernet0/0/0 Tun10 Src IP: 10.1.0.1

172.16.0.1 Dst IP: 10.3.0.1
service-policy input INGRESS-MARKING DSCP: af41
Gig0/0/1 Packet View 3
192.168.0.1
Tunnel IP User IP
L2 Dest L2 Src Type User Data
Header Header
SP
class-map INTERACTIVE-VIDEO Tunnel Network Src IP: 172.16.0.1
Dst IP: 172.16.0.2
Src IP: 10.1.0.1
Dst IP: 10.3.0.1
match dscp af41 DSCP: af31 DSCP: af41

User IP
L2 Dest L2 Src Type User Data
Header
10.3.0.1
Src IP: 10.1.0.1
Dst IP: 10.3.0.1
DSCP: af41
Term-B

10.3.0.1

Gig0/0/0
10.3.0.2

Tun10
172.16.0.2

SP
Tunnel Network

192.168.0.1

Tun10
172.16.0.1
10.1.0.2

10.1.0.1

Term-A

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 197
Enterprise to SP Mapping  Video Flow from
Set dscp outbound on physical (Branch) Term-B
Term-B To Term-A
Packet View 1

class-map match-all MULTIMEDIA_CONFERENCING-NBAR 10.3.0.1 User IP

L2 Dest L2 Src Type User Data
match protocol attribute traffic-class multimedia-conferencing Header
Gig0/0/0
match protocol attribute business-relevance business-relevant 10.3.0.2 Src IP: 10.3.0.1
Dst IP: 10.1.0.1
DSCP: 0
policy-map INGRESS-MARKING
class MULTIMEDIA_CONFERENCING-NBAR
set dscp af41

interface GigabitEthernet0/0/0 Tun10

172.16.0.2
service-policy input INGRESS-MARKING

SP
Tunnel Network

192.168.0.1

Tun10
172.16.0.1
10.1.0.2

10.1.0.1

Term-A

class-map match-all MULTIMEDIA_CONFERENCING-NBAR 10.3.0.1 User IP

L2 Dest L2 Src Type User Data
match protocol attribute traffic-class multimedia-conferencing Header
Gig0/0/0
match protocol attribute business-relevance business-relevant 10.3.0.2 Src IP: 10.3.0.1
Dst IP: 10.1.0.1
DSCP: 0
policy-map INGRESS-MARKING Packet View 2
class MULTIMEDIA_CONFERENCING-NBAR Marking the User
set dscp af41 IP header Type User IP User Data
Header

interface GigabitEthernet0/0/0 Tun10 Src IP: 10.3.0.1

172.16.0.2 Dst IP: 10.1.0.1
service-policy input INGRESS-MARKING DSCP: af41

SP
Tunnel Network

192.168.0.1

Tun10
172.16.0.1
10.1.0.2

10.1.0.1

Term-A

class-map match-all MULTIMEDIA_CONFERENCING-NBAR 10.3.0.1 User IP

L2 Dest L2 Src Type User Data
match protocol attribute traffic-class multimedia-conferencing Header
Gig0/0/0
match protocol attribute business-relevance business-relevant 10.3.0.2 Src IP: 10.3.0.1
Dst IP: 10.1.0.1
DSCP: 0
policy-map INGRESS-MARKING Packet View 2
class MULTIMEDIA_CONFERENCING-NBAR Marking the User
set dscp af41 IP header Type User IP User Data
Header

interface GigabitEthernet0/0/0 Tun10 Src IP: 10.3.0.1

172.16.0.2 Dst IP: 10.1.0.1
service-policy input INGRESS-MARKING DSCP: af41
Gig0/0/1
192.168.0.2

SP
class-map INTERACTIVE-VIDEO Tunnel Network
match dscp af41

policy-map POLICY-TRANSPORT-1
192.168.0.1
class INTERACTIVE-VIDEO
set dscp af31 Tun10
172.16.0.1

interface GigabitEthernet0/0/1 10.1.0.2

service-policy output POLICY-TRANSPORT-1

10.1.0.1

Term-A

class-map match-all MULTIMEDIA_CONFERENCING-NBAR 10.3.0.1 User IP

L2 Dest L2 Src Type User Data
match protocol attribute traffic-class multimedia-conferencing Header
Gig0/0/0
match protocol attribute business-relevance business-relevant 10.3.0.2 Src IP: 10.3.0.1
Dst IP: 10.1.0.1
DSCP: 0
policy-map INGRESS-MARKING Packet View 2
class MULTIMEDIA_CONFERENCING-NBAR Marking the User
set dscp af41 IP header Type User IP User Data
Header

interface GigabitEthernet0/0/0 Tun10 Src IP: 10.3.0.1

172.16.0.2 Dst IP: 10.1.0.1
service-policy input INGRESS-MARKING DSCP: af41
Gig0/0/1 Packet View 3
192.168.0.2
Tunnel IP User IP
L2 Dest L2 Src Type User Data
Header Header
SP
class-map INTERACTIVE-VIDEO Tunnel Network Src IP: 10.3.0.1
Dst IP: 10.1.0.1
match dscp af41 DSCP: af41

policy-map POLICY-TRANSPORT-1
192.168.0.1
class INTERACTIVE-VIDEO
set dscp af31 Tun10
172.16.0.1

interface GigabitEthernet0/0/1 10.1.0.2

service-policy output POLICY-TRANSPORT-1

10.1.0.1

Term-A

class-map match-all MULTIMEDIA_CONFERENCING-NBAR 10.3.0.1 User IP

L2 Dest L2 Src Type User Data
match protocol attribute traffic-class multimedia-conferencing Header
Gig0/0/0
match protocol attribute business-relevance business-relevant 10.3.0.2 Src IP: 10.3.0.1
Dst IP: 10.1.0.1
DSCP: 0
policy-map INGRESS-MARKING Packet View 2
class MULTIMEDIA_CONFERENCING-NBAR Marking the User
set dscp af41 IP header Type User IP User Data
Header

interface GigabitEthernet0/0/0 Tun10 Src IP: 10.3.0.1

172.16.0.2 Dst IP: 10.1.0.1
service-policy input INGRESS-MARKING DSCP: af41
Gig0/0/1 Packet View 3
192.168.0.2
Tunnel IP User IP
L2 Dest L2 Src Type User Data
Header Header
SP
class-map INTERACTIVE-VIDEO Tunnel Network Src IP: 172.16.0.2
Dst IP: 172.16.0.1
Src IP: 10.3.0.1
Dst IP: 10.1.0.1
match dscp af41 DSCP: af31 DSCP: af41

10.1.0.1

Term-A

class-map match-all MULTIMEDIA_CONFERENCING-NBAR 10.3.0.1 User IP

L2 Dest L2 Src Type User Data
match protocol attribute traffic-class multimedia-conferencing Header
Gig0/0/0
match protocol attribute business-relevance business-relevant 10.3.0.2 Src IP: 10.3.0.1
Dst IP: 10.1.0.1
DSCP: 0
policy-map INGRESS-MARKING Packet View 2
class MULTIMEDIA_CONFERENCING-NBAR Marking the User
set dscp af41 IP header Type User IP User Data
Header

interface GigabitEthernet0/0/0 Tun10 Src IP: 10.3.0.1

172.16.0.2 Dst IP: 10.1.0.1
service-policy input INGRESS-MARKING DSCP: af41
Gig0/0/1 Packet View 3
192.168.0.2
Tunnel IP User IP
L2 Dest L2 Src Type User Data
Header Header
SP
class-map INTERACTIVE-VIDEO Tunnel Network Src IP: 172.16.0.2
Dst IP: 172.16.0.1
Src IP: 10.3.0.1
Dst IP: 10.1.0.1
match dscp af41 DSCP: af31 DSCP: af41

policy-map POLICY-TRANSPORT-1
class INTERACTIVE-VIDEO Marking the Tunnel
192.168.0.1
DSCP copied Inner-to-Outer *BUT*
set dscp af31 IP header Tun10
172.16.0.1 we over-write Outer after the copy
interface GigabitEthernet0/0/1 10.1.0.2
Packet View 4
service-policy output POLICY-TRANSPORT-1
User IP
L2 Dest L2 Src Type User Data
Header
10.1.0.1
Src IP: 10.3.0.1
Dst IP: 10.1.0.1
DSCP: af41
Term-A

Internetwork Control CS6 EF SP-VOICE

VoIP EF

Broadcast Video CS5 ! AF31

Multimedia Conferencing AF41 ! AF31

AF31 SP-CLASS1DATA
Real-Time Interactive CS4 ! AF31 (UDP)

Multimedia Streaming AF31

Signalling CS3 ! AF21

Transactional Data AF21 SP-CLASS2DATA

AF21
(TCP)
Network Management CS2 ! AF21

Bulk Data AF11 ! AF21

Scavenger CS1 DF
SP-DEFAULT
Best Effort DF

Internetwork Control CS6 EF SP-VOICE

VoIP EF

Broadcast Video CS5 ! AF31

Multimedia Conferencing AF41 ! AF31

AF31 SP-CLASS1DATA
Real-Time Interactive CS4 ! AF31 (UDP)

Multimedia Streaming AF31

Signalling CS3 ! AF21

Transactional Data AF21 SP-CLASS2DATA

AF21
(TCP)
Network Management CS2 ! AF21

Bulk Data AF11 ! AF21

Scavenger CS1 DF
SP-DEFAULT
Best Effort DF

Internetwork Control CS6 EF SP-VOICE

VoIP EF

Broadcast Video CS5 ! AF31

Multimedia Conferencing AF41 ! AF31

AF31 SP-CLASS1DATA
Real-Time Interactive CS4 ! AF31 (UDP)

Multimedia Streaming AF31

Signalling CS3 ! AF21

Transactional Data AF21 SP-CLASS2DATA

AF21
(TCP)
Network Management CS2 ! AF21

Bulk Data AF11 ! AF21

Scavenger CS1 DF
SP-DEFAULT
Best Effort DF

Internetwork Control CS6 EF SP-VOICE

VoIP EF

Broadcast Video CS5 ! AF31

Multimedia Conferencing AF41 ! AF31

AF31 SP-CLASS1DATA
Real-Time Interactive CS4 ! AF31 (UDP)

Multimedia Streaming AF31

Signalling CS3 ! AF21

Transactional Data AF21 SP-CLASS2DATA

AF21
(TCP)
Network Management CS2 ! AF21

Bulk Data AF11 ! AF21

Scavenger CS1 DF
SP-DEFAULT
Best Effort DF

Internetwork Control CS6 EF SP-VOICE

VoIP EF

Broadcast Video CS5 ! AF31

Multimedia Conferencing AF41 ! AF31

AF31 SP-CLASS1DATA
Real-Time Interactive CS4 ! AF31 (UDP)

Multimedia Streaming AF31

Signalling CS3 ! AF21

Transactional Data AF21 SP-CLASS2DATA

AF21
(TCP)
Network Management CS2 ! AF21

Bulk Data AF11 ! AF21

Scavenger CS1 DF
SP-DEFAULT
Best Effort DF

Internetwork Control CS6 EF SP-VOICE

VoIP EF

Broadcast Video CS5 ! AF31

Multimedia Conferencing AF41 ! AF31

AF31 SP-CLASS1DATA
Real-Time Interactive CS4 ! AF31 (UDP)

Multimedia Streaming AF31

Signalling CS3 ! AF21

Transactional Data AF21 SP-CLASS2DATA

AF21
(TCP)
Network Management CS2 ! AF21

Bulk Data AF11 ! AF21

Scavenger CS1 DF
SP-DEFAULT
Best Effort DF

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 199
4-Class SP QoS Model Configuration 
Tunnel Interface  
IWAN Hub BR policy-map WAN
class INTERACTIVE-VIDEO
bandwidth remaining percent 30
random-detect dscp-based
random-detect exponential-weighting-constant 9
set dscp tunnel af31
class STREAMING-VIDEO Hub Router:
bandwidth remaining percent 10 policy-map RS-GROUP-10MBPS-POLICY
random-detect dscp-based class class-default
random-detect exponential-weighting-constant 9
set dscp tunnel af31 shape average 10 Mbps
class NET-CTRL-MGMT bandwidth remaining ratio 10
bandwidth remaining percent 5 service-policy WAN
set dscp tunnel cs6
class CALL-SIGNALING
bandwidth remaining percent 4
set dscp tunnel af21
class CRITICAL-DATA
bandwidth remaining percent 25
random-detect dscp-based
random-detect exponential-weighting-constant 9
set dscp tunnel af21
class SCAVENGER
bandwidth remaining percent 1
set dscp tunnel default
class VOICE
priority level 1
police cir percent 10
set dscp tunnel ef
class class-default
bandwidth remaining percent 25
random-detect
random-detect exponential-weighting-constant 9
set dscp tunnel default

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 199
4-Class SP QoS Model Configuration 
Tunnel Interface  
IWAN Hub BR policy-map WAN
class INTERACTIVE-VIDEO
bandwidth remaining percent 30
random-detect dscp-based
random-detect exponential-weighting-constant 9
set dscp tunnel af31
class STREAMING-VIDEO Hub Router:
bandwidth remaining percent 10 policy-map RS-GROUP-10MBPS-POLICY
random-detect dscp-based class class-default
random-detect exponential-weighting-constant 9
set dscp tunnel af31 shape average 10 Mbps
class NET-CTRL-MGMT bandwidth remaining ratio 10
bandwidth remaining percent 5 service-policy WAN
set dscp tunnel cs6
class CALL-SIGNALING
bandwidth remaining percent 4 interface Tunnel10
set dscp tunnel af21 bandwidth <service-rate>
class CRITICAL-DATA nhrp map group RS-GROUP-10MBPS service-policy
bandwidth remaining percent 25
random-detect dscp-based output RS-GROUP-10MBPS-POLICY
random-detect exponential-weighting-constant 9
set dscp tunnel af21
class SCAVENGER
bandwidth remaining percent 1
set dscp tunnel default
class VOICE
priority level 1
police cir percent 10
set dscp tunnel ef
class class-default
bandwidth remaining percent 25
random-detect
random-detect exponential-weighting-constant 9
set dscp tunnel default

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 199
4-Class SP QoS Model Configuration 
Tunnel Interface  
IWAN Hub BR policy-map WAN
class INTERACTIVE-VIDEO
bandwidth remaining percent 30
random-detect dscp-based
random-detect exponential-weighting-constant 9
set dscp tunnel af31
class STREAMING-VIDEO Hub Router:
bandwidth remaining percent 10 policy-map RS-GROUP-10MBPS-POLICY
random-detect dscp-based class class-default
random-detect exponential-weighting-constant 9
set dscp tunnel af31 shape average 10 Mbps
class NET-CTRL-MGMT bandwidth remaining ratio 10
bandwidth remaining percent 5 service-policy WAN
set dscp tunnel cs6
class CALL-SIGNALING
bandwidth remaining percent 4 interface Tunnel10
set dscp tunnel af21 bandwidth <service-rate>
class CRITICAL-DATA nhrp map group RS-GROUP-10MBPS service-policy
bandwidth remaining percent 25
random-detect dscp-based output RS-GROUP-10MBPS-POLICY
random-detect exponential-weighting-constant 9
set dscp tunnel af21
class SCAVENGER
bandwidth remaining percent 1
set dscp tunnel default Branch Router:
class VOICE
priority level 1 interface GigabitEthernet0/0
police cir percent 10 bandwidth 10000
set dscp tunnel ef service-policy output POLICY-TRANSPORT-1
class class-default !
bandwidth remaining percent 25 interface Tunnel10
random-detect bandwidth 10000
random-detect exponential-weighting-constant 9 nhrp group RS-GROUP-10MBPS
set dscp tunnel default tunnel source GigabitEthernet0/0
tunnel vrf IWAN-TRANSPORT-1

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 200
4-Class SP QoS Model Configuration 
Physical Interface  
IWAN Branch policy-map WAN
class INTERACTIVE-VIDEO
bandwidth remaining percent 30
random-detect dscp-based
random-detect exponential-weighting-constant 9
set dscp af31
class STREAMING-VIDEO
bandwidth remaining percent 10
random-detect dscp-based
random-detect exponential-weighting-constant 9
set dscp af31
class NET-CTRL-MGMT
bandwidth remaining percent 5
set dscp cs6
class CALL-SIGNALING
bandwidth remaining percent 4
set dscp af21
class CRITICAL-DATA
bandwidth remaining percent 25
random-detect dscp-based
random-detect exponential-weighting-constant 9
set dscp af21
class SCAVENGER
bandwidth remaining percent 1
set dscp default
class VOICE
priority level 1
police cir percent 10
set dscp ef
class class-default
bandwidth remaining percent 25
random-detect
random-detect exponential-weighting-constant 9
set dscp default

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 200
4-Class SP QoS Model Configuration 
Physical Interface  
IWAN Branch policy-map WAN
class INTERACTIVE-VIDEO
bandwidth remaining percent 30
random-detect dscp-based
random-detect exponential-weighting-constant 9
set dscp af31
class STREAMING-VIDEO
bandwidth remaining percent 10
random-detect dscp-based
random-detect exponential-weighting-constant 9
set dscp af31 Branch Router:
class NET-CTRL-MGMT policy-map POLICY-TRANSPORT-1
bandwidth remaining percent 5 class class-default
set dscp cs6 shape average 10 Mbps
class CALL-SIGNALING
bandwidth remaining percent 4 service-policy WAN
set dscp af21
class CRITICAL-DATA
bandwidth remaining percent 25
random-detect dscp-based
random-detect exponential-weighting-constant 9
set dscp af21
class SCAVENGER
bandwidth remaining percent 1
set dscp default
class VOICE
priority level 1
police cir percent 10
set dscp ef
class class-default
bandwidth remaining percent 25
random-detect
random-detect exponential-weighting-constant 9
set dscp default

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 200
4-Class SP QoS Model Configuration 
Physical Interface  
IWAN Branch policy-map WAN
class INTERACTIVE-VIDEO
bandwidth remaining percent 30
random-detect dscp-based
random-detect exponential-weighting-constant 9
set dscp af31
class STREAMING-VIDEO
bandwidth remaining percent 10
random-detect dscp-based
random-detect exponential-weighting-constant 9
set dscp af31 Branch Router:
class NET-CTRL-MGMT policy-map POLICY-TRANSPORT-1
bandwidth remaining percent 5 class class-default
set dscp cs6 shape average 10 Mbps
class CALL-SIGNALING
bandwidth remaining percent 4 service-policy WAN
set dscp af21
class CRITICAL-DATA
bandwidth remaining percent 25 interface GigabitEthernet0/0
random-detect dscp-based bandwidth 10000
random-detect exponential-weighting-constant 9
set dscp af21 service-policy output POLICY-TRANSPORT-1
class SCAVENGER
bandwidth remaining percent 1
set dscp default
class VOICE
priority level 1
police cir percent 10
set dscp ef
class class-default
bandwidth remaining percent 25
random-detect
random-detect exponential-weighting-constant 9
set dscp default

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 200
4-Class SP QoS Model Configuration 
Physical Interface  
IWAN Branch policy-map WAN
class INTERACTIVE-VIDEO
bandwidth remaining percent 30
random-detect dscp-based
random-detect exponential-weighting-constant 9
set dscp af31
class STREAMING-VIDEO
bandwidth remaining percent 10
random-detect dscp-based
random-detect exponential-weighting-constant 9
set dscp af31 Branch Router:
class NET-CTRL-MGMT policy-map POLICY-TRANSPORT-1
bandwidth remaining percent 5 class class-default
set dscp cs6 shape average 10 Mbps
class CALL-SIGNALING
bandwidth remaining percent 4 service-policy WAN
set dscp af21
class CRITICAL-DATA
bandwidth remaining percent 25 interface GigabitEthernet0/0
random-detect dscp-based bandwidth 10000
random-detect exponential-weighting-constant 9
set dscp af21 service-policy output POLICY-TRANSPORT-1
class SCAVENGER
bandwidth remaining percent 1
set dscp default
class VOICE
priority level 1
police cir percent 10
set dscp ef
class class-default
bandwidth remaining percent 25
random-detect
random-detect exponential-weighting-constant 9 The PfR Traffic Class channels will not
set dscp default establish if the DSCP values from the
hub and branch routers do not match

Internetwork Control CS6 EF SP-VOICE

VoIP EF

Broadcast Video CS5 ! AF31

Multimedia Conferencing AF41 ! AF31

AF31 SP-CLASS1DATA
Real-Time Interactive CS4 ! AF31 (UDP)

Multimedia Streaming AF31

Signalling CS3 ! AF21

Transactional Data AF21 SP-CLASS2DATA

AF21
(TCP)
Network Management CS2 ! AF21

Bulk Data AF11 ! AF21 AF11 SP-CLASS3DATA

*
Scavenger CS1 ! AF11
DF SP-DEFAULT
Best Effort DF

* - Specified by ISP

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 201
Reference
5-Class QoS Model Configuration 
Tunnel Interface  
IWAN Hub BR policy-map WAN
class INTERACTIVE-VIDEO
bandwidth remaining percent 30
random-detect dscp-based
random-detect exponential-weighting-constant 9
set dscp tunnel af31
class STREAMING-VIDEO Hub Router:
bandwidth remaining percent 10 policy-map RS-GROUP-10MBPS-POLICY
random-detect dscp-based class class-default
random-detect exponential-weighting-constant 9
set dscp tunnel af31 shape average 10 Mbps
class NET-CTRL-MGMT bandwidth remaining ratio 10
bandwidth remaining percent 5 service-policy WAN
set dscp tunnel cs6
class CALL-SIGNALING
bandwidth remaining percent 4 interface Tunnel10
set dscp tunnel af21 bandwidth <service-rate>
class CRITICAL-DATA nhrp map group RS-GROUP-10MBPS service-policy
bandwidth remaining percent 25
random-detect dscp-based output RS-GROUP-10MBPS-POLICY
random-detect exponential-weighting-constant 9
set dscp tunnel af21
class SCAVENGER
bandwidth remaining percent 1
set dscp tunnel af11 Branch Router:
class VOICE
priority level 1 interface GigabitEthernet0/0
police cir percent 10 bandwidth 10000
set dscp tunnel ef service-policy output POLICY-TRANSPORT-1
class class-default !
bandwidth remaining percent 25 interface Tunnel10
random-detect bandwidth 10000
random-detect exponential-weighting-constant 9 nhrp group RS-GROUP-10MBPS
set dscp tunnel default tunnel source GigabitEthernet0/0
tunnel vrf IWAN-TRANSPORT-1

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 202
Reference
5-Class QoS Model Configuration 
Physical Interface 
IWAN Branch policy-map WAN
class INTERACTIVE-VIDEO
bandwidth remaining percent 30
random-detect dscp-based
random-detect exponential-weighting-constant 9
set dscp af31
class STREAMING-VIDEO
bandwidth remaining percent 10
random-detect dscp-based
random-detect exponential-weighting-constant 9
set dscp af31 Branch Router:
class NET-CTRL-MGMT policy-map POLICY-TRANSPORT-1
bandwidth remaining percent 5 class class-default
set dscp cs6 shape average 10 Mbps
class CALL-SIGNALING
bandwidth remaining percent 4 service-policy WAN
set dscp af21
class CRITICAL-DATA
bandwidth remaining percent 25 interface GigabitEthernet0/0
random-detect dscp-based bandwidth 10000
random-detect exponential-weighting-constant 9
set dscp af21 service-policy output POLICY-TRANSPORT-1
class SCAVENGER
bandwidth remaining percent 1
set dscp af11
class VOICE
priority level 1
police cir percent 10
set dscp ef
class class-default
bandwidth remaining percent 25
random-detect
random-detect exponential-weighting-constant 9
set dscp default

Internetwork Control CS6 EF SP-VOICE

VoIP EF

Broadcast Video CS5 ! AF1

AF41 SP-VIDEO
Multimedia Conferencing AF41

Real-Time Interactive CS4 ! AF41

SP-CLASS1DATA
Multimedia Streaming AF31 AF31
(UDP)
Signalling CS3 ! AF21

Transactional Data AF21 SP-CLASS2DATA

AF21 (TCP)
Network Management CS2 ! AF21

Bulk Data AF11 ! AF21 AF11 SP-CLASS3DATA

*
Scavenger CS1 ! AF11
DF SP-DEFAULT
Best Effort DF

* - Specified by ISP

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 204
Reference
6-Class QoS Model Configuration 
Tunnel Interface  
IWAN Hub BR policy-map WAN
class INTERACTIVE-VIDEO
bandwidth remaining percent 30
random-detect dscp-based
random-detect exponential-weighting-constant 9
set dscp tunnel af41
class STREAMING-VIDEO Hub Router:
bandwidth remaining percent 10 policy-map RS-GROUP-10MBPS-POLICY
random-detect dscp-based class class-default
random-detect exponential-weighting-constant 9
set dscp tunnel af31 shape average 10 Mbps
class NET-CTRL-MGMT bandwidth remaining ratio 10
bandwidth remaining percent 5 service-policy WAN
set dscp tunnel cs6
class CALL-SIGNALING
bandwidth remaining percent 4 interface Tunnel10
set dscp tunnel af21 bandwidth <service-rate>
class CRITICAL-DATA nhrp map group RS-GROUP-10MBPS service-policy
bandwidth remaining percent 25
random-detect dscp-based output RS-GROUP-10MBPS-POLICY
random-detect exponential-weighting-constant 9
set dscp tunnel af21
class SCAVENGER
bandwidth remaining percent 1
set dscp tunnel af11 Branch Router:
class VOICE
priority level 1 interface GigabitEthernet0/0
police cir percent 10 bandwidth 10000
set dscp tunnel ef service-policy output POLICY-TRANSPORT-1
class class-default !
bandwidth remaining percent 25 interface Tunnel10
random-detect bandwidth 10000
random-detect exponential-weighting-constant 9 nhrp group RS-GROUP-10MBPS
set dscp tunnel default tunnel source GigabitEthernet0/0
tunnel vrf IWAN-TRANSPORT-1

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 205
Reference
6-Class QoS Model Configuration 
Physical Interface 
IWAN Branch policy-map WAN
class INTERACTIVE-VIDEO
bandwidth remaining percent 30
random-detect dscp-based
random-detect exponential-weighting-constant 9
set dscp af41
class STREAMING-VIDEO
bandwidth remaining percent 10
random-detect dscp-based
random-detect exponential-weighting-constant 9
set dscp af31 Branch Router:
class NET-CTRL-MGMT policy-map POLICY-TRANSPORT-1
bandwidth remaining percent 5 class class-default
set dscp cs6 shape average 10 Mbps
class CALL-SIGNALING
bandwidth remaining percent 4 service-policy WAN
set dscp af21
class CRITICAL-DATA
bandwidth remaining percent 25 interface GigabitEthernet0/0
random-detect dscp-based bandwidth 10000
random-detect exponential-weighting-constant 9
set dscp af21 service-policy output POLICY-TRANSPORT-1
class SCAVENGER
bandwidth remaining percent 1
set dscp af11
class VOICE
priority level 1
police cir percent 10
set dscp ef
class class-default
bandwidth remaining percent 25
random-detect
random-detect exponential-weighting-constant 9
set dscp default

207
Cisco Catalyst 2960-X 
QoS Design

208
Catalyst 2960-X
QoS Roles in the Campus Access

No Trust +
Ingress Queuing +
Egress Queuing

Trust DSCP +
Ingress Queuing +
Egress Queuing

Conditional Trust +
Ingress Queuing +
Egress Queuing
C2960-X
Access Classification/Marking +
Switch [Optional Policing] +
Ingress Queuing +
Distribution Egress Queuing
Switches

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 209
Catalyst 2960-X
Note: Catalyst 2960-X is QoS compatible with
QoS Design Steps the Catalyst 3560-X & 3750-X, with the
following exceptions:
1. Enable QoS • The Catalyst 3560-X & 3750-X support
ingress queuing policies, but the 2960-X
2. Configure Ingress QoS Model(s): does not.
❑ Trust Models • Similarly, the Catalyst 3560-X & 3750-X
❑ Conditional Trust Model support VLAN-based QoS policies, but the
2960-X does not.
❑ Service Policy Models
Note: Catalyst 2960-X must be running a LAN
3. Configure Egress Queuing Base image to support the following QoS
features
• Policy maps
• Policing & marking
• Mapping tables
• Weighted Tail Drop (WTD)

Trust-CoS Model Example:

mls qos map cos-dscp 0 8 16 24 32 46 48 56 Key commands/parameters in RED
mls qos trust cos Highlighted commands are interface specific

Trust-CoS Model Example:

mls qos map cos-dscp 0 8 16 24 32 46 48 56 Key commands/parameters in RED
mls qos trust cos Highlighted commands are interface specific

Note: CoS 5 which is explicitly mapped to DSCP 46

Trust-CoS Model Example:

mls qos map cos-dscp 0 8 16 24 32 46 48 56 Key commands/parameters in RED
mls qos trust cos Highlighted commands are interface specific

Trust-DSCP Model Example:

mls qos trust dscp Note: CoS 5 which is explicitly mapped to DSCP 46

Trust-CoS Model Example:

mls qos map cos-dscp 0 8 16 24 32 46 48 56 Key commands/parameters in RED
mls qos trust cos Highlighted commands are interface specific

Trust-DSCP Model Example:

mls qos trust dscp Note: CoS 5 which is explicitly mapped to DSCP 46

Conditional-Trust Model Example:

mls qos trust device cisco-phone [or]
mls qos trust device cts [or]
mls qos trust device ip-camera [or]
mls qos trust device media-player

Trust-CoS Model Example:

mls qos map cos-dscp 0 8 16 24 32 46 48 56 Key commands/parameters in RED
mls qos trust cos Highlighted commands are interface specific

Trust-DSCP Model Example:

mls qos trust dscp Note: CoS 5 which is explicitly mapped to DSCP 46

Conditional-Trust Model Example:

mls qos trust device cisco-phone [or]
Note: Only one type of device may be configured at a time
mls qos trust device cts [or]
mls qos trust device ip-camera [or]
mls qos trust device media-player

Conditional Trust Policy to a Cisco IP Phone:

mls qos map cos-dscp 0 8 16 24 32 46 48 56
mls qos trust device cisco-phone
mls qos trust cos

CoS must be
matched as Cisco IP
Phones only remark
at Layer 2

Conditional Trust Policy to a Cisco IP Phone:

mls qos map cos-dscp 0 8 16 24 32 46 48 56
mls qos trust device cisco-phone
mls qos trust cos Note: All CoS-to-DSCP values are left at default
(DSCP = CoS * 8)

Except for CoS 5 which is explicitly mapped to DSCP 46

(Expedite Forwarding/EF, per RFC 3246 & 4594).
CoS must be
matched as Cisco IP
Phones only remark
at Layer 2

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 212
Catalyst 2960-X
Marking Policy Model Example – Policy-Map & Class-Maps
class-map match-all VOIP policy-map MARKING-POLICY
match access-group name VOIP class VOIP
class-map match-all MULTIMEDIA-CONFERENCING set dscp ef
match access-group name MULTIMEDIA-CONFERENCING class MULTIMEDIA-CONFERENCING
class-map match-all SIGNALING set dscp af41
match access-group name SIGNALING class SIGNALING
class-map match-all TRANSACTIONAL-DATA set dscp cs3
match access-group name TRANSACTIONAL-DATA class TRANSACTIONAL-DATA
class-map match-all BULK-DATA set dscp af21
match access-group name BULK-DATA class BULK-DATA
class-map match-all SCAVENGER set dscp af11
match access-group name SCAVENGER class SCAVENGER
set dscp cs1
class class-default
set dscp default

service-policy input MARKING-POLICY

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 213
Catalyst 2960-X
Marking Policy Model Example – Access Control List
ip access-list extended SIGNALING
remark sccp
permit tcp any any eq 2000
permit tcp any any eq 2001
permit tcp any any eq 2002
remark rtsp
permit tcp any any eq 554
permit tcp any any eq 8554
remark sip
permit tcp any any eq 5060
permit udp any any eq 5060
remark sip-tls
permit tcp any any eq 5061
permit udp any any eq 5061
!

[class-maps omitted for brevity]

policy-map MARKING&POLICING
class VVLAN-VOIP
set dscp ef
police 128k 8000 exceed-action drop [continued]
class VVLAN-SIGNALING class BULK-DATA
set dscp cs3 set dscp af11
police 32k 8000 exceed-action drop police 10m 8000 exceed-action policed-dscp-transmit
class MULTIMEDIA-CONFERENCING class SCAVENGER
set dscp af41 set dscp cs1
police 5m 8000 exceed-action drop police 10m 8000 exceed-action drop
class SIGNALING class DEFAULT
set dscp cs3 set dscp default
police 32k 8000 exceed-action drop police 10m 8000 exceed-action policed-dscp-transmit
class TRANSACTIONAL-DATA
service-policy input MARKING&POLICING
set dscp af21
police 10m 8000 exceed-action policed-dscp-transmit
…

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 215
Note: Remarking is performed by configuring a
Catalyst 2960-X policed-DSCP map with the global configuration
command mls qos map policed-dscp, which
specifies which DSCP values are subject to
Marking & Policing Policy Example remarking if out-of-profile and what value these
should be remarked as.
mls qos map policed-dscp 0 10 18 to 8 In this example exceeding:
• Best Effort (DSCP 0)
[class-maps omitted for brevity] • Bulk (AF11 / DSCP 10)
policy-map MARKING&POLICING • Transactional Data (AF21 / DSCP 18)
are remarked to Scavenger (CS1 / DSCP 8).
class VVLAN-VOIP
set dscp ef
police 128k 8000 exceed-action drop [continued]
class VVLAN-SIGNALING class BULK-DATA
set dscp cs3 set dscp af11
police 32k 8000 exceed-action drop police 10m 8000 exceed-action policed-dscp-transmit
class MULTIMEDIA-CONFERENCING class SCAVENGER
set dscp af41 set dscp cs1
police 5m 8000 exceed-action drop police 10m 8000 exceed-action drop
class SIGNALING class DEFAULT
set dscp cs3 set dscp default
police 32k 8000 exceed-action drop police 10m 8000 exceed-action policed-dscp-transmit
class TRANSACTIONAL-DATA
service-policy input MARKING&POLICING
set dscp af21
police 10m 8000 exceed-action policed-dscp-transmit
…

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 215
Catalyst 2960-X
1P3Q3T Egress Queuing Model
Application DSCP 1P3Q3T
AF1 Q4T2
Network Control (CS7) Queue 4
CS1 (5%) Q4T1
Internetwork Control CS6

VoIP EF Default Queue

DF
Queue 3 (35%)
Broadcast Video CS5

Multimedia Conferencing AF4 CS7 Q2T3

Realtime Interactive CS4 CS6

Multimedia Streaming AF3 CS3 Q2T2

Queue 2
Signalling CS3 AF4 (30%) Q2T1
Transactional Data AF2 AF3
AF2
Network Management CS2
CS2
Bulk Data AF1
EF
Scavenger CS1 Q1
CS5 Priority Queue
Best Effort DF CS4

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 216
Catalyst 2960-X
1P3Q3T Egress Queuing Model
Application DSCP 1P3Q3T
AF1 Q4T2
Network Control (CS7) Queue 4
CS1 (5%) Q4T1
Internetwork Control CS6

VoIP EF Default Queue

DF
Queue 3 (35%)
Broadcast Video CS5

Multimedia Conferencing AF4 CS7 Q2T3

Realtime Interactive CS4 CS6

Multimedia Streaming AF3 CS3 Q2T2

Queue 2
Signalling CS3 AF4 (30%) Q2T1
Transactional Data AF2 AF3
AF2
Network Management CS2
CS2
Bulk Data AF1
EF
Scavenger CS1 Q1
CS5 Priority Queue
Best Effort DF CS4

VoIP EF Default Queue

DF
Queue 3 (35%)
Broadcast Video CS5

Multimedia Conferencing AF4 CS7 Q2T3

Realtime Interactive CS4 CS6

Multimedia Streaming AF3 CS3 Q2T2

Queue 2
Signalling CS3 AF4 (30%) Q2T1
Transactional Data AF2 AF3
AF2
Network Management CS2
CS2
Bulk Data AF1
EF
Scavenger CS1 Q1
CS5 Priority Queue
Best Effort DF CS4

VoIP EF Default Queue

DF
Queue 3 (35%)
Broadcast Video CS5

Multimedia Conferencing AF4 CS7 Q2T3

Realtime Interactive CS4 CS6

Multimedia Streaming AF3 CS3 Q2T2

Queue 2
Signalling CS3 AF4 (30%) Q2T1
Transactional Data AF2 AF3
AF2
Network Management CS2
CS2
Bulk Data AF1
EF
Scavenger CS1 Q1
CS5 Priority Queue
Best Effort DF CS4

VoIP EF Default Queue

DF
Queue 3 (35%)
Broadcast Video CS5

Multimedia Conferencing AF4 CS7 Q2T3

Realtime Interactive CS4 CS6

Multimedia Streaming AF3 CS3 Q2T2

Queue 2
Signalling CS3 AF4 (30%) Q2T1
Transactional Data AF2 AF3
AF2
Network Management CS2
CS2
Bulk Data AF1
EF
Scavenger CS1 Q1
CS5 Priority Queue
Best Effort DF CS4

VoIP EF Default Queue

DF
Queue 3 (35%)
Broadcast Video CS5

Multimedia Conferencing AF4 CS7 Q2T3

Realtime Interactive CS4 CS6

Multimedia Streaming AF3 CS3 Q2T2

Queue 2
Signalling CS3 AF4 (30%) Q2T1
Transactional Data AF2 AF3
AF2
Network Management CS2
CS2
Bulk Data AF1
EF
Scavenger CS1 Q1
CS5 Priority Queue
Best Effort DF CS4

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 217
Catalyst 2960-X
Note: The Catalyst 2960-X can also be
1P3Q3T Egress Queuing Model Config—Part 1 of 2 configured to use an 8-queue model; however
this model is NOT supported in a stack, nor is it
supported if AutoQoS is enabled.

! This section configures egress buffers and thresholds

mls qos queue-set output 1 buffers 15 30 35 20
mls qos queue-set output 1 threshold 1 100 100 100 100
mls qos queue-set output 1 threshold 2 80 90 100 3200
mls qos queue-set output 1 threshold 3 100 100 100 3200
mls qos queue-set output 1 threshold 4 60 100 100 3200

! This section configures egress CoS-to-Queue mappings

mls qos srr-queue output cos-map queue 1 threshold 3 4 5
mls qos srr-queue output cos-map queue 2 threshold 1 2
mls qos srr-queue output cos-map queue 2 threshold 2 3
mls qos srr-queue output cos-map queue 2 threshold 3 6 7
mls qos srr-queue output cos-map queue 3 threshold 3 0
mls qos srr-queue output cos-map queue 4 threshold 3 1

! This section configures egress buffers and thresholds

! This section configures egress CoS-to-Queue mappings

! This section configures egress buffers and thresholds

mls qos queue-set output 1 buffers 15 30 35 20 Allocates buffers to Q1, Q2, Q3 and Q4
(respectively)
mls qos queue-set output 1 threshold 1 100 100 100 100
mls qos queue-set output 1 threshold 2 80 90 100 3200
mls qos queue-set output 1 threshold 3 100 100 100 3200
mls qos queue-set output 1 threshold 4 60 100 100 3200
Each queue has 4 thresholds:
• WTD Threshold 1
! This section configures egress CoS-to-Queue mappings • WTD Threshold 2
mls qos srr-queue output cos-map queue 1 threshold 3 4 5 • Reserved Threshold—buffers that may NOT
mls qos srr-queue output cos-map queue 2 threshold 1 2 be shared with adjacent port-queues
• Maximum Threshold—maximum amount of
mls qos srr-queue output cos-map queue 2 threshold 2 3 buffers may be borrowed from common buffer
mls qos srr-queue output cos-map queue 2 threshold 3 6 7 pools (if available)
mls qos srr-queue output cos-map queue 3 threshold 3 0
mls qos srr-queue output cos-map queue 4 threshold 3 1

! This section configures egress buffers and thresholds

! This section configures egress DSCP-to-Queue mappings

mls qos srr-queue output dscp-map queue 1 threshold 3 32 40 46
mls qos srr-queue output dscp-map queue 2 threshold 1 16 18 20 22
mls qos srr-queue output dscp-map queue 2 threshold 1 26 28 30 34 36 38
mls qos srr-queue output dscp-map queue 2 threshold 2 24
mls qos srr-queue output dscp-map queue 2 threshold 3 48 56
mls qos srr-queue output dscp-map queue 3 threshold 3 0
mls qos srr-queue output dscp-map queue 4 threshold 1 8
mls qos srr-queue output dscp-map queue 4 threshold 2 10 12 14

! This section configures interface egress queuing parameters

queue-set 1
srr-queue bandwidth share 1 30 35 5
priority-queue out

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 218
Catalyst 2960-X
1P3Q3T Egress Queuing Model Config—Part 2 of 2
If the packet enters the switch on a port that
is set to trust dscp then these DSCP-to-
! This section configures egress DSCP-to-Queue mappings Queue mappings will be used to determine
mls qos srr-queue output dscp-map queue 1 threshold 3 32 40 46 how the packet is queued on egress
mls qos srr-queue output dscp-map queue 2 threshold 1 16 18 20 22
mls qos srr-queue output dscp-map queue 2 threshold 1 26 28 30 34 36 38
mls qos srr-queue output dscp-map queue 2 threshold 2 24
mls qos srr-queue output dscp-map queue 2 threshold 3 48 56
mls qos srr-queue output dscp-map queue 3 threshold 3 0
mls qos srr-queue output dscp-map queue 4 threshold 1 8
mls qos srr-queue output dscp-map queue 4 threshold 2 10 12 14

! This section configures interface egress queuing parameters

queue-set 1
srr-queue bandwidth share 1 30 35 5
priority-queue out

! This section configures interface egress queuing parameters

queue-set 1
srr-queue bandwidth share 1 30 35 5
priority-queue out

Enables the PQ

! This section configures interface egress queuing parameters

queue-set 1
srr-queue bandwidth share 1 30 35 5
priority-queue out

Enables the PQ Allocates bandwidth to each queue by means of a WRR weight.

Q1 weight is ignored, as it’s operating as a PQ

All QoS policies are configured on the physical port-member interfaces only

Platform QoS Policies Applied to the QoS Policies Applied to the

(Logical) Port-Channel Interface (Physical) Port-Member Interfaces
Catalyst 2960/3560/3750 • Classification & Marking (Ingress)
and Queuing (Egress)

222
Catalyst 65xx-E / 6807-XL with Sup2T/6T
Ingress & Egress Queueing Models
• Ingress Queue Structures
• 1Q8T CoS to Queue Mapping CoS-based Tail-Drop
• 2Q4T CoS to Queue Mapping CoS-based Tail-Drop
• 2Q8T CoS to Queue Mapping CoS-based Tail-Drop
• 8Q4T DSCP to Queue Mapping DSCP-based WRED
• 8Q8T CoS to Queue Mapping CoS-based WRED
• 1P7Q2T DSCP to Queue Mapping DSCP-based WRED

• Ingress & Egress Queue Structures

• 2P6Q4T DSCP to Queue Mapping DSCP-based WRED

• Egress Queue Structures

• 1P3Q8T CoS to Queue Mapping Cos-based WRED
• 1P3Q4T CoS to Queue Mapping CoS-based WRED
• 1P7Q4T DSCP to Queue Mapping DSCP-based WRED*
• 1P7Q8T CoS to Queue Mapping CoS-based WRED
* 1P7Q4T can be implementing as an alternate ingress queueing structure to 2P6Q4T

224
1Q8T Ingress Queueing Linecards
• WS-X6704-10GE with CFC
• WS-X6724-SFP with CFC
• WS-X6748-SFP and WS-X6748-GE-TX with CFC

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 225
Catalyst 65xx-E/6807-XL with Sup2T/6T
1Q8T Ingress Queuing Models—CoS-to-Queue Mapping w/ COS-based Tail-Drop
Application-Class DSCP CoS 1Q8T

CoS 7 Q1T8—100%
Network Control (CS7) CoS 7
Internetwork Control CS6 CoS 6
Q1T7—95%
VoIP EF CoS 6
CoS 5
Broadcast Video CS5
Q1T6—90%
CoS 5
Multimedia Conferencing AF4
CoS 4
Q1T5—85%
Realtime Interactive CS4
CoS 4
Multimedia Streaming AF3
CoS 3 Q1T4—80%
Signalling CS3 CoS 3
Transactional Data AF2
CoS 2 Q1T3—75% All noted thresholds are
CoS 2
Network Management CS2 tail-drop thresholds

Bulk Data AF1 Q1T2—70%

CoS 1 CoS 0
Scavenger CS1
Q1T1—65%
Best Effort DF CoS 0 CoS 1

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 226
Catalyst 65xx-E/6807-XL—1Q8T Ingress Model
policy-map type lan-queuing APIC_EM-QUEUING-1Q8T-IN
class class-default
Un-configured CoS values default to
queue-limit cos 7 percent 100
threshold 8 which is 100%. May not
queue-limit cos 6 percent 95
queue-limit cos 5 percent 90 need to configure the CoS 7 value, as
queue-limit cos 4 percent 85 this should default to 100%. However,
queue-limit cos 3 percent 80 it is shown here for completeness.
queue-limit cos 2 percent 75 Recommend to explicitly configure it.
queue-limit cos 0 percent 70
queue-limit cos 1 percent 65

Interface GigabitEthernet1/1
service-policy type lan-queuing input APIC_EM-QUEUING-1Q8T-IN

228
2Q4T Ingress Queueing Linecards
• VS-S2T-10G and VS-S2T-10G-XL with Gigabit Ethernet ports enabled
• Applies to all ports on the Supervisor 2T

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 229
Catalyst 65xx-E/6807-XL with Sup2T
2Q4T Ingress Queuing Models—CoS-to-Queue Mapping
Application-Class DSCP CoS 2Q4T

Network Control (CS7) CoS 7 CoS 7 Q2! 40% BW

Internetwork Control CS6 CoS 6

VoIP EF CoS 6
CoS 5
Broadcast Video CS5
CoS 5
Multimedia Conferencing AF4
CoS 4
Realtime Interactive CS4
CoS 4
Multimedia Streaming AF3
CoS 3
Signalling CS3 CoS 3 Q1! 60% BW
Transactional Data AF2
CoS 2 CoS 2
Network Management CS2

Bulk Data AF1

CoS 1 CoS 0
Scavenger CS1

Best Effort DF CoS 0 CoS 1

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 230
Catalyst 65xx-E/6807-XL with Sup2T
2Q4T Ingress Queuing Models—CoS-to-Queue Mapping w/ CoS-based Tail-Drop
Application-Class DSCP CoS 2Q4T

CoS 7 Q2T4—100%
Network Control (CS7) CoS 7
Internetwork Control CS6 CoS 6
Q2T3—95%
VoIP EF CoS 6
CoS 5
Broadcast Video CS5 Q2T2—90%
CoS 5
Multimedia Conferencing AF4
CoS 4 Q2! 40% BW
Q2T1—85%
Realtime Interactive CS4
CoS 4
Multimedia Streaming AF3
CoS 3 Q1T4—100%
Signalling CS3 CoS 3 Q1! 60% BW
Transactional Data AF2
CoS 2 Q1T3—95%
CoS 2 All noted thresholds are
Network Management CS2
tail-drop thresholds
Q1T2—90%
Bulk Data AF1
CoS 1 Cos 0
Scavenger CS1
Q1T1—85%
Best Effort DF CoS 0 CoS1

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 231
Catalyst 65xx-E/6807-XL—2Q4T Ingress Model
class-map type lan-queuing match-all APIC_EM-Q2-2Q4T-QUEUE
match cos 7 6 5 4

policy-map type lan-queuing APIC_EM-QUEUING-2Q4T-IN Un-configured CoS values

class APIC_EM-Q2-2Q4T-QUEUE default to threshold 8 which is
bandwidth percent 40 100%. May not need to
configure the CoS 7 or CoS 3
queue-limit cos 7 percent 100 values, as this should default to
queue-limit cos 6 percent 95 100%, but is shown here for
queue-limit cos 5 percent 90 completeness.
queue-limit cos 4 percent 85
Recommend explicitly
class class-default
configuring thresholds however.
queue-limit cos 3 percent 100
queue-limit cos 2 percent 95
queue-limit cos 0 percent 90
queue-limit cos 1 percent 85

interface GigabitEthernet1/3/1
service-policy type lan-queuing input APIC_EM-QUEUING-2Q4T-IN
interface TenGigabitEthernet1/3/4
service-policy type lan-queuing input APIC_EM-QUEUING-2Q4T-IN

233
2Q8T Ingress Queueing Linecards
• WS-X6724-SFP with DFC4/DFC4XL upgrade (WS-F6k-DFC4-A, WS-F6k-DFC4-AXL)
• WS-X6748-SFP and WS-X6748-GE-TX with DFC4/DFC4XL upgrade (WS-F6k-DFC4-A,
WS-F6k-DFC4-AXL)
• WS-X6824-SFP-2T and WS-X6824-SFP-2TXL
• WS-X6848-SFP-2T, WS-X6848-SFP-2TXL, WS-X6848-TX-2T and WS-X6848-TX-2TXL

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 234
Cisco Catalyst 65xx-E/6807-XL with Sup2T
2Q8T Ingress Queuing Models—CoS-to-Queue Mapping
Application-Class DSCP CoS 2Q8T

Network Control (CS7) CoS 7 CoS 7 Q2! 40% BW

Internetwork Control CS6 CoS 6

Bulk Data AF1

CoS 1 CoS 0
Scavenger CS1

Best Effort DF CoS 0 CoS 1

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 235
Cisco Catalyst 65xx-E/6807-XL with Sup2T
2Q8T Ingress Queuing Models—CoS-to-Queue Mapping w/ CoS-based Tail-Drop
Application-Class DSCP CoS 2Q8T

CoS 7 Q2T4—100%
Network Control (CS7) CoS 7
Internetwork Control CS6 CoS 6
Q2T3—95%
VoIP EF CoS 6
CoS 5
Broadcast Video CS5 Q2T2—90%
CoS 5
Multimedia Conferencing AF4
CoS 4 Q2! 40% BW
Q2T1—85%
Realtime Interactive CS4
CoS 4
Multimedia Streaming AF3
CoS 3 Q1T4—100%
Signalling CS3 CoS 3 Q1! 60% BW
Transactional Data AF2
CoS 2 Q1T3—95%
CoS 2
Network Management CS2 All noted thresholds are
Q1T2—90% tail-drop thresholds
Bulk Data AF1
CoS 1 Cos 0
Scavenger CS1
Q1T1—85%
Best Effort DF CoS 0 CoS1

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 236
Catalyst 65xx-E/6807-XL—2Q8T Ingress Model
class-map type lan-queuing match-all APIC_EM-Q2-2Q8T-QUEUE
match cos 7 6 5 4

policy-map type lan-queuing APIC_EM-QUEUING-2Q8T-IN

class APIC_EM-Q2-2Q8T-QUEUE
bandwidth percent 40 Un-configured CoS values
queue-limit cos 7 percent 100 default to threshold 8 which is
queue-limit cos 6 percent 95 100%. May not need to
queue-limit cos 5 percent 90 configure the CoS 7 or CoS 3
queue-limit cos 4 percent 85 values, as this should default
class class-default
to 100%.
queue-limit cos 3 percent 100
queue-limit cos 2 percent 95 Recommend explicitly
queue-limit cos 0 percent 90 configuring thresholds
queue-limit cos 1 percent 85

interface GigabitEthernet1/3/2
service-policy type lan-queuing input APIC_EM-QUEUING-2Q8T-IN

238
8Q4T Ingress Queueing Linecards
• VS-S2T-10G, VS-S2T-10G-XL with Gigabit Ethernet ports disabled
• WS-X6908-10G-2T, WS-X6908-10G-2TXL
• WS-X6816-10T-2T, WS-X6816-10T-2TXL, WS-X6816-10G-2T, WS-
X6816-10G-2TXL in performance mode
• WS-X6716-10G-3C, WS-X6716-10G-3CXL, WS-X6716-10T-3C, WS-
X6716-10T-3CXL with a DFC4 or DFC4XL upgrade (WS-F6k-DFC4-E, WS-F6k-
DFC4-EXL) in performance mode)

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 239
How to Disable or Display the State of GigabitEthernet
Interfaces on the Sup2T
o23-6500-1(config)#platform qos 10g-only Global command disables GigabitEthernet interfaces on the
Sup2T.

o23-6500-1#show platform qos module 3

QoS is enabled globally
Port QoS is enabled globally
QoS serial policing mode enabled globally Global command to show whether the
Distributed Policing is Disabled GigabitEthernet interfaces on the Sup2T
Secondary PUPs are enabled
QoS Trust state is DSCP on the following interface: are enabled or disabled
EO0/2 Gi1/1 Gi1/2 Gi1/3 Gi1/4 Gi1/5 Gi1/6 Gi1/7 Gi1/8 Gi1/9
Gi1/10 Gi1/11 Gi1/12 Gi1/13 Gi1/14 Gi1/15 Gi1/16 Gi1/17 Gi1/18 Gi1/19
Gi1/20 Gi1/21 Gi1/22 Gi1/23 Gi1/24 Gi1/25 Gi1/26 Gi1/27 Gi1/28 Gi1/29
Gi1/30 Gi1/31 Gi1/32 Gi1/33 Gi1/34 Gi1/35 Gi1/36 Gi1/37 Gi1/38 Gi1/39
Gi1/40 Gi1/41 Gi1/42 Gi1/43 Gi1/44 Gi1/45 Gi1/46 Gi1/47 Gi1/48 Te2/1
Te2/2 Te2/3 Te2/4 Te2/5 Te2/6 Te2/7 Te2/8 Gi3/1 Gi3/2 Gi3/3
Te3/4 Te3/5 Te5/1 Te5/2 Te5/3 Te5/4 Te5/5 Te5/6 Te5/7 Te5/8
Te5/9 Te5/10 Te5/11 Te5/12 Te5/13 Te5/14 Te5/15 Te5/16 Te6/1 Te6/2
Te6/3 Te6/4 CPP CPP.1 Vl1
QoS 10g-only mode supported: Yes [Current mode: Off]
Global Policy-map: ingress[] GigabitEthernet interfaces on the
… Sup2T are currently enabled

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 240
How to Enable or Display Performance Mode on Linecards
Global command enables
performance mode on a port
o23-6500-1(config)#no hw-module slot 5 oversubscription port-group 4 group of a linecard

o23-6500-1#show hw-module slot 5 oversubscription

port-group oversubscription-mode
1 enabled
2 enabled
3 enabled
4 disabled

Global command to show whether the

oversubscription is enabled or disabled
(performance mode) per port group of a
linecard

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 241
Cisco Catalyst 65xx-E/6807-XL with Sup2T
8Q4T Ingress Queuing Models—DSCP-to-Queue Mapping
8Q4T
Application-Class DSCP
EF Realtime Queue
Network Control (CS7) CS5 (10% BW)
CS4
Internetwork Control CS6
CS7
VoIP EF
CS6 Control Queue
Broadcast Video CS5 CS3 (10% BW)
CS2
Multimedia Conferencing AF4
AF4
Realtime Interactive CS4 Multimedia-Conferencing Queue
(20% BW + DSCP-WRED)
Multimedia Streaming AF3
AF3Multimedia-Streaming Queue (20%
Signalling CS3 BW + DSCP-WRED)

Transactional Data AF2 AF2 Transactional Data Queue

(10% BW + DSCP-WRED)
Network Management CS2
AF1 Bulk Data Queue (4%
Bulk Data AF1 BW + DSCP-WRED)

Scavenger CS1 CS1 Scavenger Queue (1% BW)

Best Effort DF Default Queue (25%

DF
BW + DSCP-WRED)

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 242
Cisco Catalyst 65xx-E/6807-XL with Sup2T
8Q4T Ingress Queuing Models—DSCP-to-Queue with 8Q4T
DSCP-WRED EF
CS5 Realtime Queue All noted thresholds are
(10% BW)
CS4 Min WRED thresholds
Application-Class DSCP
CS7
Network Control (CS7) All max WRED thresholds
CS6 Control-Plane Queue Are set to 100%
Internetwork Control CS6 CS3 (10% BW)
CS2
VoIP EF
AF41 Q6T3—80%
Broadcast Video CS5 AF42 Multimedia-Conferencing Queue
Q6T2—70%
AF43 (20% BW + DSCP-WRED)
Multimedia Conferencing AF4 Q6T1—60%

Q5T3—80%
Realtime Interactive CS4 AF31
AF32 Q5T2—70% Multimedia-Streaming Queue (20%
Multimedia Streaming AF3 AF33 BW + DSCP-WRED)
Q5T1—60%
Signalling CS3 AF21 Q4T3—80%
AF22 Q4T2—70%
Transactional Data AF2 AF23 Q4T1—60% Transactional Data Queue
(10% BW + DSCP-WRED)
Network Management CS2 AF11 Q3T3—80%
AF12 Q3T2—70%
Bulk Data AF1
AF13 Q3T1—60% Bulk Data Queue (4%
Scavenger CS1 BW + DSCP-WRED)
CS1 Scavenger Queue (1% BW)
Best Effort DF DF Default Queue (25%
BW + DSCP-WRED)

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 243
Catalyst 65xx-E/6807-XL —8Q4T Ingress Model
class-map type lan-queuing match-all APIC_EM-REALTIME-8Q4T-QUEUE
match dscp cs4 cs5 ef
class-map type lan-queuing match-all APIC_EM-CONTROL-8Q4T-QUEUE
match dscp cs2 cs3 cs6 cs7
class-map type lan-queuing match-all APIC_EM-MM_CONF-8Q4T-QUEUE
match dscp af41 af42 af43
class-map type lan-queuing match-all APIC_EM-MM_STREAM-8Q4T-QUEUE
match dscp af31 af32 af33
class-map type lan-queuing match-all APIC_EM-TRANS_DATA-8Q4T-QUEUE
match dscp af21 af22 af23
class-map type lan-queuing match-all APIC_EM-BULK_DATA-8Q4T-QUEUE
match dscp af11 af12 af13
class-map type lan-queuing match-all APIC_EM-SCAVENGER-8Q4T-QUEUE
match dscp cs1

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 244
Catalyst 65xx-E/6807-XL —8Q4T Ingress Model
policy-map type lan-queuing APIC_EM-QUEUEING-8Q4T-IN
class APIC_EM-REALTIME-8Q4T-QUEUE
bandwidth percent 10
class APIC_EM-CONTROL-8Q4T-QUEUE
bandwidth percent 10
class APIC_EM-MM_CONF-8Q4T-QUEUE
bandwidth percent 20
random-detect dscp-based
random-detect dscp af41 percent 80 100
random-detect dscp af42 percent 70 100
random-detect dscp af43 percent 60 100
class APIC_EM-MM_STREAM-8Q4T-QUEUE
bandwidth percent 20
random-detect dscp-based
random-detect dscp af31 percent 80 100
random-detect dscp af32 percent 70 100
random-detect dscp af33 percent 60 100

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 245
Catalyst 65xx-E/6807-XL —8Q4T Ingress Model
[continued]
class APIC_EM-TRANS_DATA-8Q4T-QUEUE
bandwidth percent 10
random-detect dscp-based
random-detect dscp af21 percent 80 100
random-detect dscp af22 percent 70 100
random-detect dscp af23 percent 60 100
class APIC_EM-BULK_DATA-8Q4T-QUEUE
bandwidth percent 4
random-detect dscp-based
random-detect dscp af11 percent 80 100
random-detect dscp af12 percent 70 100
random-detect dscp af13 percent 60 100
class APIC_EM-SCAVENGER-8Q4T-QUEUE
bandwidth percent 1
class class-default
random-detect dscp-based
random-detect dscp default percent 80 100

interface TenGigabitEthernet1/3/4
service-policy type lan-queuing input APIC_EM-QUEUEING-8Q4T-IN
BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 246
8Q8T – Ingress Queueing 
CoS to Queue Mapping 
CoS-based Tail-Drop

247
8Q8T Ingress Queueing Linecards
WS-X6704-10GE supported with a DFC4/DFC4XL upgrade (WS-F6k-DFC4-A, WS-F6k-DFC4-AXL)

o23-6500-1#show module
Mod Ports Card Type Model Serial No.
--- ----- -------------------------------------- ------------------ -----------
1 48 CEF720 48 port 10/100/1000mb Ethernet WS-X6748-GE-TX SAL10478SWP
2 8 DCEF2T 8 port 10GE WS-X6908-10G SAL172682AK
3 5 Supervisor Engine 2T 10GE w/ CTS (Acti VS-SUP2T-10G SAL1702WNR0
5 16 CEF720 16 port 10GE WS-X6716-10GE SAL1228WYB7
6 4 CEF720 4 port 10-Gigabit Ethernet WS-X6704-10GE SAL15013XBH

Mod Sub-Module Model Serial Hw Status

---- --------------------------- ------------------ ----------- ------- -------
1 Centralized Forwarding Card WS-F6700-CFC SAD074308C9 1.1 Ok
2 Distributed Forwarding Card WS-F6K-DFC4-E SAL17152T2R 1.2 Ok
3 Policy Feature Card 4 VS-F6K-PFC4 SAL1638N3R3 1.2 Ok
3 CPU Daughterboard VS-F6K-MSFC5 SAL1702WNG1 1.5 Ok
5 Distributed Forwarding Card WS-F6K-DFC4-E SAL1541SQHX 1.1 Ok
6 Centralized Forwarding Card WS-F6700-CFC SAL1518CRZ3 4.1 PwrDown

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 248
8Q8T Ingress Queueing Linecards
WS-X6704-10GE supported with a DFC4/DFC4XL upgrade (WS-F6k-DFC4-A, WS-F6k-DFC4-AXL)

Mod Sub-Module Model Serial Hw Status

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 248
Cisco Catalyst 65xx-E/6807-XL with Sup2T
8Q8T Ingress Queuing Models—CoS-to-Queue Mapping with COS-based WRED
8Q8T
Application-Class DSCP CoS

Bulk Data AF1

CoS 1 Q2-Bulk-Scavenger Queue (5%
Scavenger CS1 CoS 1 BW)

Best Effort DF CoS 0 CoS 0 Q1-Default Queue

(25% BW)

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 249
Catalyst 65xx-E/6807-XL —8Q8T Ingress Model
class-map type lan-queuing match-all APIC_EM-Q8-8Q8T-QUEUE
match cos 7
Class-map type lan-queuing match-all APIC_EM-Q7-8Q8T-QUEUE
match cos 6
class-map type lan-queuing match-all APIC_EM-Q6-8Q8T-QUEUE
match cos 5
class-map type lan-queuing match-all APIC_EM-Q5-8Q8T-QUEUE
match cos 4
class-map type lan-queuing match-all APIC_EM-Q4-8Q8T-QUEUE
match cos 3
class-map type lan-queuing match-all APIC_EM-Q3-8Q8T-QUEUE
match cos 2
class-map type lan-queuing match-all APIC_EM-Q2-8Q8T-QUEUE
match cos 1

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 250
Catalyst 65xx-E/6807-XL —8Q8T Ingress Model
policy-map type lan-queuing APIC_EM-QUEUEING-8Q8T-IN
class APIC_EM-Q8-8Q8T-QUEUE
bandwidth percent 10
class APIC_EM-Q7-8Q8T-QUEUE
bandwidth percent 5
class APIC_EM-Q6-8Q8T-QUEUE
bandwidth percent 5
class APIC_EM-Q5-8Q8T-QUEUE
bandwidth percent 20
class APIC_EM-Q4-8Q8T-QUEUE
bandwidth percent 20
class APIC_EM-Q3-8Q8T-QUEUE
bandwidth percent 10
class APIC_EM-Q2-8Q8T-QUEUE
bandwidth percent 5
class class-default

interface TenGigabitEthernet1/3/4
service-policy type lan-queuing input APIC_EM-QUEUEING-8Q8T-IN

252
1P7Q2T Ingress Queueing Linecards
• WS-X6716-10G-3C, WS-X6716-10G-3CXL, WS-X6716-10T-3C, WS-
X6716-10T-3CXL with a DFC4 or DFC4XL upgrade (WS-F6k-DFC4-E, WS-F6k-
DFC4-EXL) in oversubscription mode
• WS-X6816-10T-2T, WS-X6816-10T-2TXL, WS-X6816-10G-2T, WS-
X6816-10G-2TXL in oversubscription mode

Application-Class DSCP EF
CS5 Realtime Queue
Network Control (CS7) (Priority)
CS4
Internetwork Control CS6
CS7
VoIP EF CS6 Control Plane Queue
CS3 (10% BWR)
Broadcast Video CS5 CS2
Multimedia Conferencing AF4
AF4
Realtime Interactive CS4 Multimedia-Conferencing Queue
(20% BWR + DSCP-WRED)
Multimedia Streaming AF3
AF3Multimedia-Streaming Queue (15%
BWR + DSCP-WRED)
Signalling CS3

Transactional Data AF2 AF2 Transactional Data Queue

(15% BWR + DSCP-WRED)
Network Management CS2
AF1 Bulk Data Queue (9%
Bulk Data AF1 BWR + DSCP-WRED)

Scavenger CS1 Scavenger Queue (1% BW)

CS1
Best Effort DF Default Queue (30%
DF BWR + DSCP-WRED)
BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 254
Cisco Catalyst 65xx-E/6807-XL with Sup2T
1P7Q2T Ingress Queuing Models—DSCP-to-Queue Mapping 1P7Q2T
(DSCP-WRED)
EF All noted thresholds are
CS5 Realtime Queue
(Priority) Min WRED thresholds
Application-Class DSCP CS4 All max WRED thresholds
CS7
Network Control (CS7) Are set to 100%
CS6 Control Plane Queue
Internetwork Control CS6 CS3 (10% BWR)
CS2
VoIP EF
AF41 Q6T2—80%
Broadcast Video CS5 AF42 Multimedia-Conferencing Queue
AF43 Q6T1—70% (20% BWR + DSCP-WRED)
Multimedia Conferencing AF4

Realtime Interactive CS4 AF31 Q5T2—80%

AF32 Multimedia-Streaming Queue (15%
Multimedia Streaming AF3 BWR + DSCP-WRED)
AF33 Q5T1—70%

Signalling CS3
AF21 Q4T2—80%
Transactional Data AF2 AF22
Q4T1—70% Transactional Data Queue
AF23
(15% BWR + DSCP-WRED)
Network Management CS2
AF11 Q3T2—80%
Bulk Data AF1 AF12
Q3T1—70%
AF13 Bulk Data Queue (9%
Scavenger CS1 BWR + DSCP-WRED)
CS1 Scavenger Queue (1% BW)
Best Effort DF Default Queue (30%
DF
BWR + DSCP-WRED)
BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 255
Cisco Catalyst 65xx-E/6807-XL - 1P7Q2T Ingress Model
class-map type lan-queuing match-all APIC_EM-REALTIME-1P7Q2T-QUEUE
match dscp cs4 cs5 ef
class-map type lan-queuing match-all APIC_EM-CONTROL-1P7Q2T-QUEUE
match dscp cs2 cs3 cs6 cs7
class-map type lan-queuing match-all APIC_EM-MM_CONF-1P7Q2T-QUEUE
match dscp af41 af42 af43
class-map type lan-queuing match-all APIC_EM-MM_STREAM-1P7Q2T-QUEUE
match dscp af31 af32 af33
class-map type lan-queuing match-all APIC_EM-TRANS_DATA-1P7Q2T-QUEU
match dscp af21 af22 af23
class-map type lan-queuing match-all APIC_EM-BULK_DATA-1P7Q2T-QUEUE
match dscp af11 af12 af13
class-map type lan-queuing match-all APIC_EM-SCAVENGER-1P7Q2T-QUEUE
match dscp cs1

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 256
Catalyst 65xx-E/6807-XL —1P7Q2T Ingress Model
policy-map type lan-queuing APIC_EM-QUEUEING-1P7Q2T-IN
class APIC_EM-REALTIME-1P7Q2T-QUEUE
priority
class APIC_EM-CONTROL-1P7Q2T-QUEUE
bandwidth remaining percent 10
class APIC_EM-MM_CONF-1P7Q2T-QUEUE
bandwidth remaining percent 20
class APIC_EM-MM_STREAM-1P7Q2T-QUEUE
bandwidth remaining percent 15

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 257
Catalyst 65xx-E/6807-XL - 1P7Q2T Ingress Model
[continued]
class APIC_EM-TRANS_DATA-1P7Q2T-QUEU
bandwidth remaining percent 15
class APIC_EM-BULK_DATA-1P7Q2T-QUEUE
bandwidth remaining percent 9
class APIC_EM-SCAVENGER-1P7Q2T-QUEUE
bandwidth remaining percent 1
class class-default

interface TenGigabitEthernet1/3/4
service-policy type lan-queuing input APIC_EM-QUEUEING-1P7Q2T-IN

259
2P6Q4T Ingress Queueing Linecards
• WS-X6904-40G-2T and WS-X6904-40G-2TXL
• C6800-8P10G, C6800-8P10G-XL
• C6800-16P10G, C6800-16P10G-XL
• C6800-32P10G, C6800-32P10G-XL

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 260
Cisco Catalyst 65xx-E/6807-XL with Sup2T
2P6Q4T (Ingress & Egress Queuing Models—DSCP-to-Queue)
Application-Class DSCP 2P6Q4T
Network Control (CS7) Voice-PQ1
EF (Priority Level 1)
Internetwork Control CS6
CS4
VoIP EF CS5 Video-PQ2
(Priority Level 2)
Broadcast Video CS5 AF4

Multimedia Conferencing AF4 CS7 & CS6 Control Plane Queue

CS3 & CS2 (10% BWR)
Realtime Interactive CS4

Multimedia Streaming AF3 Multimedia-Streaming Queue

AF3 (20% BWR + DSCP-WRED)
Signalling CS3
Transactional Data Queue
AF2 (20% BWR + DSCP-WRED)
Transactional Data AF2

Network Management CS2 Bulk Data Queue

AF1 (14% BWR + DSCP-WRED)
Bulk Data AF1
Scavenger Queue
CS1 (1% BWR + DSCP-WRED)
Scavenger CS1
DF Default Queue
Best Effort DF (35% BWR + WRED)

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 261
Cisco Catalyst 65xx-E/6807-XL with Sup2T
2P6Q4T (Ingress & Egress Queuing Models—DSCP-to-Queue with
DSCP WRED 2P6Q4T
Voice-PQ1
EF (Priority Level 1)
Application-Class DSCP
CS4
Network Control (CS7) Video-PQ2
CS5
(Priority Level 2)
Internetwork Control CS6 AF4
VoIP EF
CS7 & CS6 Control Plane Queue
Broadcast Video CS5 CS3 & CS2 (10% BWR)

Multimedia Conferencing AF4 Q4T3—80%

AF31 Multimedia-Streaming Queue (20%
Realtime Interactive CS4 AF32 Q4T2—70% BWR + DSCP-WRED)
AF33
Q4T1—60%
Multimedia Streaming AF3
AF21 Q3T3—80% Transactional Data Queue
Signalling CS3 AF22 Q3T2—70% (20% BWR + DSCP-WRED)
AF23
Transactional Data AF2 Q3T1—60%

AF11 Q2T3—80%
Network Management CS2
AF12 Bulk Data Queue (14%
Q2T2—70% BWR + DSCP-WRED)
Bulk Data AF1 AF13
CS1 Q2T1—60%

Scavenger CS1 Scavenger Queue

CS1 (1% BWR )
Best Effort DF
DF Default Queue
(35% BWR + WRED)
BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 262
Cisco Catalyst 65xx-E/6807-XL—2P6Q4T Model
Part 1 of 3—Common Ingress & Egress Queuing Class-Maps
class-map type lan-queuing match-all APIC_EM-VOICE-2P6Q4T-PQ1
match dscp ef
class-map type lan-queuing match-all APIC_EM-VIDEO-2P6Q4T-PQ2
match dscp cs4 cs5 af41 af42 af43
class-map type lan-queuing match-all APIC_EM-CONTROL-2P6Q4T-QUEUE
match dscp cs2 cs3 cs6 cs7
class-map type lan-queuing match-all APIC_EM-MM_STREAM-2P6Q4T-QUEUE
match dscp af31 af32 af33
class-map type lan-queuing match-all APIC_EM-TRANS_DATA-2P6Q4T-QUEUE
match dscp af21 af22 af23
class-map type lan-queuing match-all APIC_EM-BULK_DATA-2P6Q4T-QUEUE
match dscp af11 af12 af13
class-map type lan-queuing match-all APIC_EM-SCAVENGER-2P6Q4T-QUEUE
match dscp cs1

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 263
Cisco Catalyst 65xx-E/6807-XL—2P6Q4T Model
Part 2 of 3—2P6Q4T Queuing Policy-Map
policy-map type lan-queuing APIC_EM-QUEUING-2P6Q4T
class APIC_EM-VOICE-2P6Q4T-PQ1
priority level 1
class APIC_EM-VIDEO-2P6Q4T-PQ2
priority level 2
class APIC_EM-CONTROL-2P6Q4T-QUEUE
bandwidth remaining percent 10
class APIC_EM-MM_STREAM-2P6Q4T-QUEUE
bandwidth remaining percent 20
random-detect dscp-based
random-detect dscp af31 percent 80 100
random-detect dscp af32 percent 70 100
random-detect dscp af33 percent 60 100
class APIC_EM-TRANS_DATA-2P6Q4T-QUEUE
bandwidth remaining percent 20
random-detect dscp-based
random-detect dscp af21 percent 80 100
random-detect dscp af22 percent 70 100
random-detect dscp af23 percent 60 100

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 264
Cisco Catalyst 65xx-E/6807-XL—2P6Q4T Model
Part 3 of 3—2P6Q4T Queuing Policy-Map (continued)
[continued]
class APIC_EM-BULK_DATA-2P6Q4T-QUEUE
bandwidth remaining percent 14
random-detect dscp-based
random-detect dscp af11 percent 80 100
random-detect dscp af12 percent 70 100
random-detect dscp af13 percent 60 100
class APIC_EM-SCAVENGER-2P6Q4T-QUEUE
bandwidth remaining percent 1
class class-default
random-detect dscp-based
random-detect dscp default percent 80 100

interface TenGigabitEthernet1/1/13
service-policy type lan-queuing input APIC_EM-QUEUEING-2P6Q4T
service-policy type lan-queuing output APIC_EM-QUEUEING-2P6Q4T

266
1P3Q8T Egress Queueing Linecards
• WS-X6724-SFP, WS-X6748-SFP and WS-X6748-GE-TX with CFC
• WS-X6724-SFP, WS-X6748-SFP, and WS-X6748-GE-TX with a DFC4 or
DFC4XL upgrade (WS-F6k-DFC4-A, WS-F6k-DFC4-AXL)
• WS-X6824-SFP-2T and WS-X6824-SFP-2TXL
• WS-X6848-SFP-2T, WS-X6848-SFP-2TXL, WS-X6848-TX-2T and WS-X6848-
TX-2TXL

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 267
Cisco Catalyst 65xx-E/6807-XL with Sup2T
1P3Q8T Egress Queuing Models—CoS-to-Queue Mapping
1P3Q8T
Application-Class DSCP CoS

Bulk Data AF1 CoS 0

CoS 1
Scavenger CS1 Default Queue
(45% BWR + COS WRED)
Best Effort DF CoS 0 CoS 1

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 268
Cisco Catalyst 65xx-E/6807-XL with Sup2T
1P3Q8T Egress Queuing Models—CoS-to-Queue Mapping with CoS-WRED
1P3Q8T
Application-Class DSCP CoS

Q2T2—80%
Bulk Data AF1 CoS 0
CoS 1 All max WRED thresholds
Scavenger CS1 Default Queue Are set to 100%
(45% BWR + COS WRED)
Best Effort DF CoS 0 CoS 1
Q2T1—70%

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 269
Catalyst 65xx-E/6807-XL—1P3Q8T Egress Model
class-map type lan-queuing match-all APIC_EM-REALTIME-1P3Q8T-QUEUE
match cos 4 5
class-map type lan-queuing match-all APIC_EM-CONTROL-1P3Q8T-QUEUE
match cos 6 7
class-map type lan-queuing match-all APIC_EM-TRANS_DATA-1P3Q8T-QUEUE
match cos 2 3

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 270
Cisco Catalyst 65xx-E/6807-XL —1P3Q8T Egress Model
policy-map type lan-queuing APIC_EM-QUEUING-1P3Q8T-OUT
class APIC_EM-REALTIME-1P3Q8T-QUEUE
priority
class APIC_EM-CONTROL-1P3Q8T-QUEUE
bandwidth remaining percent 5
class APIC_EM-TRANS_DATA-1P3Q8T-QUEUE
bandwidth remaining percent 45
random-detect cos-based
random-detect cos 3 percent 80 100
random-detect cos 2 percent 70 100
class class-default
random-detect cos-based
random-detect cos 0 percent 80 100
random-detect cos 1 percent 70 100

interface GigabitEthernet1/3/2
service-policy type lan-queuing output APIC_EM-QUEUING-1P3Q8T-OUT

272
1P3Q4T Egress Queueing Linecards
• VS-S2T-10G and VS-S2T-10G-XL with Gigabit Ethernet ports enabled

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 273
Cisco Catalyst 65xx-E/6807-XL with Sup2T
1P3Q4T Egress Queuing Models—CoS-to-Queue Mapping
1P3Q4T
Application-Class DSCP CoS

Network Control (CS7) CoS 7 CoS 5

Bulk Data AF1 CoS 0

CoS 1
Scavenger CS1 Default Queue
(45% BWR + COS WRED)
Best Effort DF CoS 0 CoS 1

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 274
Cisco Catalyst 65xx-E/6807-XL with Sup2T
1P3Q4T Egress Queuing Models—CoS-to-Queue Mapping with CoS WRED
1P3Q4T
Application-Class DSCP CoS

Q2T2—80%
Bulk Data AF1 CoS 0
CoS 1 All max WRED thresholds
Scavenger CS1 Default Queue Are set to 100%
(45% BWR + COS WRED)
Best Effort DF CoS 0 CoS 1
Q2T1—70%

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 275
Catalyst 65xx-E/6807-XL —1P3Q4T Egress Model
class-map type lan-queuing match-all APIC_EM-REALTIME-1P3Q4T-QUEUE
match cos 4 5
class-map type lan-queuing match-all APIC_EM-CONTROL-1P3Q4T-QUEUE
match cos 6 7
class-map type lan-queuing match-all APIC_EM-TRANS_DATA-1P3Q4T-QUEUE
match cos 2 3

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 276
Catalyst 65xx-E/6807-XL —1P3Q4T Egress Model
policy-map type lan-queuing APIC_EM-QUEUING-1P3Q4T-OUT
class APIC_EM-REALTIME-1P3Q4T-QUEUE
priority
class APIC_EM-CONTROL-1P3Q4T-QUEUE
bandwidth remaining percent 5
class APIC_EM-TRANS_DATA-1P3Q4T-QUEUE
bandwidth remaining percent 45
random-detect cos-based
random-detect cos 3 percent 80 100
random-detect cos 2 percent 70 100
class class-default
random-detect cos-based
random-detect cos 0 percent 80 100
random-detect cos 1 percent 70 100

interface GigabitEthernet1/3/1
service-policy type lan-queuing output APIC_EM-QUEUING-1P3Q4T-OUT
interface TenGigabitEthernet1/3/4
service-policy type lan-queuing output APIC_EM-QUEUING-1P3Q4T-OUT

278
1P7Q4T Egress Queueing Linecards
• WS-X6716-10G-3C, WS-X6716-10G-3CXL, WS-X6716-10T-3C, WS-
X6716-10T-3CXL with a DFC4 or DFC4XL upgrade (WS-F6k-DFC4-E, WS-F6k-
DFC4-EXL) in performance or oversubscription mode
• WS-X6816-10T-2T, WS-X6816-10T-2TXL, WS-X6816-10G-2T, WS-
X6816-10G-2TXL in performance or oversubscription mode
• WS-X6908-10G-2T and WS-X6908-10G-2TXL

Transactional Data AF2 AF2 Transactional Data Queue

(15% BWR + DSCP-WRED)
Network Management CS2
AF1 Bulk Data Queue (9%
Bulk Data AF1 BWR + DSCP-WRED)

Scavenger CS1 Scavenger Queue (1% BW)

CS1
Best Effort DF Default Queue (30%
DF BWR + DSCP-WRED)
BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 280
Cisco Catalyst 65xx-E/6807-XL with Sup2T
1P7Q4T
1P7Q4T Egress Queuing Models—DSCP-to-Queue with
DSCP-WRED EF
CS5 Realtime Queue
(Priority)
CS4 All noted thresholds are
Application-Class DSCP Min WRED thresholds
CS7
Network Control (CS7) All max WRED thresholds
CS6 Control Queue (10%
Are set to 100%
Internetwork Control CS6 CS3 BWR)
CS2
VoIP EF
AF41 Q6T3—80%
Broadcast Video CS5 AF42 Multimedia-Conferencing Queue
Q6T2—70%
AF43 (20% BWR + DSCP-WRED)
Multimedia Conferencing AF4 Q6T1—60%

Realtime Interactive CS4 AF31 Q5T3—80%

AF32 Q5T2—70% Multimedia-Streaming Queue (15%
Multimedia Streaming AF3 AF33 BWR + DSCP-WRED)
Q5T1—60%
Signalling CS3 AF21 Q4T3—80%
AF22 Q4T2—70%
Transactional Data AF2 AF23 Q4T1—60% Transactional Data Queue
(15% BWR + DSCP-WRED)
Network Management CS2 AF11 Q3T3—80%
AF12 Q3T2—70%
Bulk Data AF1
AF13 Q3T1—60% Bulk Data Queue (9%
Scavenger CS1 BWR + DSCP-WRED)
CS1 Scavenger Queue (1% BWR)
Best Effort DF DF Default Queue (30%
BWR + DSCP-WRED)

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 281
Catalyst 65xx-E/6807-XL —1P7Q4T Egress Model
class-map type lan-queuing match-all APIC_EM-REALTIME-1P7Q4T-QUEUE
match dscp cs4 cs5 ef
class-map type lan-queuing match-all APIC_EM-CONTROL-1P7Q4T-QUEUE
match dscp cs2 cs3 cs6 cs7
class-map type lan-queuing match-all APIC_EM-MM_CONF-1P7Q4T-QUEUE
match dscp af41 af42 af43
class-map type lan-queuing match-all APIC_EM-MM_STREAM-1P7Q4T-QUEUE
match dscp af31 af32 af33
class-map type lan-queuing match-all APIC_EM_TRANS_DATA-1P7Q4T-QUEUE
match dscp af21 af22 af23
class-map type lan-queuing match-all APIC_EM_BULK_DATA-1P7Q4T-QUEUE
match dscp af11 af12 af13
class-map type lan-queuing match-all APIC_EM_SCAVENGER-1P7Q4T-QUEUE
match dscp cs1

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 282
Cisco Catalyst 65xx-E/6807-XL —1P7Q4T Egress Model
policy-map type lan-queuing APIC_EM-QUEUING-1P7Q4T-OUT
class APIC_EM-REALTIME-1P7Q4T-QUEUE
priority
class APIC_EM-CONTROL-1P7Q4T-QUEUE
bandwidth remaining percent 10
class APIC_EM-MM_CONF-1P7Q4T-QUEUE
bandwidth remaining percent 20
random-detect dscp-based
random-detect dscp af41 percent 80 100
random-detect dscp af42 percent 70 100
random-detect dscp af42 percent 60 100
class APIC_EM-MM_STREAM-1P7Q4T-QUEUE
bandwidth remaining percent 15
random-detect dscp-based
random-detect dscp af31 percent 80 100
random-detect dscp af32 percent 70 100
random-detect dscp af33 percent 60 100

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 283
Cisco Catalyst 65xx-E/6807-XL —1P7Q4T Egress Model
[continued]
class APIC_EM_TRANS_DATA-1P7Q4T-QUEUE
bandwidth remaining percent 15
random-detect dscp-based
random-detect dscp af21 percent 80 100
random-detect dscp af22 percent 70 100
random-detect dscp af23 percent 60 100
class APIC_EM_BULK_DATA-1P7Q4T-QUEUE
bandwidth remaining percent 9
random-detect dscp-based
random-detect dscp af11 percent 80 100
random-detect dscp af12 percent 70 100
random-detect dscp af13 percent 60 100
class APIC_EM_SCAVENGER-1P7Q4T-QUEUE
bandwidth remaining percent 1
class class-default
random-detect dscp-based
random-detect dscp default percent 80 100

interface TenGigabitEthernet1/3/4
service-policy type lan-queuing output APIC_EM-QUEUING-1P7Q4T-OUT

285
1P7Q8T Egress Queueing Linecards
• WS-X6704-10GE with CFC
• WS-X6704-10GE with a DFC4 or DFC4XL upgrade (WS-F6k-DFC4-A, WS-F6k-
DFC4-AXL)

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 286
Cisco Catalyst 65xx-E/6807-XL with Sup2T
1P7Q8T Egress Queuing Models—CoS-to-Queue Mapping w/ CoS-based WRED
1P7Q8T
Application-Class DSCP CoS

Bulk Data AF1

CoS 1 Q2 - Bulk-Scavenger Queue (10%
Scavenger CS1 CoS 1 BWR)

Best Effort DF CoS 0 CoS 0 Default Queue (30%

BWR)

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 287
Catalyst 65xx-E/6807-XL —1P7Q8T Egress Model
class-map type lan-queuing match-all APIC_EM-Q8-1P7Q8T-QUEUE
match cos 7
class-map type lan-queuing match-all APIC_EM-Q7-1P7Q8T-QUEUE
match cos 6
class-map type lan-queuing match-all APIC_EM-Q6-1P7Q8T-QUEUE
match cos 5
class-map type lan-queuing match-all APIC_EM-Q5-1P7Q8T-QUEUE
match cos 4
class-map type lan-queuing match-all APIC_EM-Q4-1P7Q8T-QUEUE
match cos 3
class-map type lan-queuing match-all APIC_EM-Q3-1P7Q8T-QUEUE
match cos 2
class-map type lan-queuing match-all APIC_EM-Q2-1P7Q8T-QUEUE
match cos 1

BRKCRS-2501 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 288
Catalyst 65xx-E/6807-XL —1P7Q8T Egress Model
policy-map type lan-queuing APIC_EM-QUEUING-1P7Q8T-OUT
class APIC_EM-Q8-1P7Q8T-QUEUE
priority
class APIC_EM-Q7-1P7Q8T-QUEUE
bandwidth remaining percent 5
class APIC_EM-Q6-1P7Q8T-QUEUE
bandwidth remaining percent 5
class APIC_EM-Q5-1P7Q8T-QUEUE
bandwidth remaining percent 20
class APIC_EM-Q4-1P7Q8T-QUEUE
bandwidth remaining percent 20
class APIC_EM-Q3-1P7Q8T-QUEUE
bandwidth remaining percent 10
class APIC_EM-Q2-1P7Q8T-QUEUE
bandwidth remaining percent 10
class class-default

interface TenGigabitEthernet1/3/4
service-policy type lan-queuing output APIC_EM-QUEUING-1P7Q8T-OUT

VG 224 Configuration
No ratings yet
VG 224 Configuration
66 pages
QoS Implementation Methods
No ratings yet
QoS Implementation Methods
16 pages
NVG468MQ Ethernet Voice Gateway Data Sheet
No ratings yet
NVG468MQ Ethernet Voice Gateway Data Sheet
3 pages
SL370 - Programming Distributed Services With Jini - SG - 1099
No ratings yet
SL370 - Programming Distributed Services With Jini - SG - 1099
308 pages
IPT T4 Trading Datasheet Linx Networks
No ratings yet
IPT T4 Trading Datasheet Linx Networks
4 pages
05 BGP BCP PDF
No ratings yet
05 BGP BCP PDF
93 pages
Fiber Optic Cables Assemblies, Connectors and Accessories: The Quality Connection
100% (1)
Fiber Optic Cables Assemblies, Connectors and Accessories: The Quality Connection
56 pages
BRKDCN 3346
No ratings yet
BRKDCN 3346
161 pages
Plastic Optical Fibers in Access Networks: Procedia Technology December 2014
No ratings yet
Plastic Optical Fibers in Access Networks: Procedia Technology December 2014
8 pages
Ip Multicast Bes Practices For Enterprise Coustomers - c11-474791
No ratings yet
Ip Multicast Bes Practices For Enterprise Coustomers - c11-474791
15 pages
IPsec VPN Topologies and Design Considerations With Use Cases-5
No ratings yet
IPsec VPN Topologies and Design Considerations With Use Cases-5
267 pages
Universal Middleware: Peter Kriens
No ratings yet
Universal Middleware: Peter Kriens
20 pages
H.323 Call Flow
No ratings yet
H.323 Call Flow
4 pages
CVD City Wifi-Cisco
No ratings yet
CVD City Wifi-Cisco
49 pages
Brkopt 2003
No ratings yet
Brkopt 2003
97 pages
QoS Hierarchical Queueing Framework Configuration Guide, CiscoIOS Release 15M&T
No ratings yet
QoS Hierarchical Queueing Framework Configuration Guide, CiscoIOS Release 15M&T
32 pages
QoS Campus Design Cisco
No ratings yet
QoS Campus Design Cisco
107 pages
BSCI30S08 IPv6
No ratings yet
BSCI30S08 IPv6
73 pages
DO IPsec VPNs 2018 PDF
100% (1)
DO IPsec VPNs 2018 PDF
390 pages
1
No ratings yet
1
187 pages
ISR Router Family PDF
No ratings yet
ISR Router Family PDF
26 pages
Innovations in Ethernet Encryption (802.1ae - Macsec) For Securing High Speed (1-100ge) Wan Deployments
No ratings yet
Innovations in Ethernet Encryption (802.1ae - Macsec) For Securing High Speed (1-100ge) Wan Deployments
22 pages
Troubleshooting When BGP Routes Are Not Advertised
No ratings yet
Troubleshooting When BGP Routes Are Not Advertised
9 pages
17.mobile Intelligent Network
No ratings yet
17.mobile Intelligent Network
14 pages
Evolution and Features of ISDN
No ratings yet
Evolution and Features of ISDN
70 pages
2016 Brkspg-2061 Cableipv6
No ratings yet
2016 Brkspg-2061 Cableipv6
107 pages
Qfx5200 Deepdive TDM Presentation
No ratings yet
Qfx5200 Deepdive TDM Presentation
51 pages
Network Planning PDF
No ratings yet
Network Planning PDF
5 pages
Devnet 2367
No ratings yet
Devnet 2367
24 pages
NCS5500/5700 Network Design Guide
100% (1)
NCS5500/5700 Network Design Guide
54 pages
Cisco Campus Fabric Introduction
No ratings yet
Cisco Campus Fabric Introduction
65 pages
Implementing and Administering Cisco Solutions (CCNA) v2.0: What You'll Learn
No ratings yet
Implementing and Administering Cisco Solutions (CCNA) v2.0: What You'll Learn
5 pages
Metaswitch Perimeta SBC Product Brochure PDF
No ratings yet
Metaswitch Perimeta SBC Product Brochure PDF
4 pages
BRKRST-2041-WAN Architectures and Design Principles
100% (1)
BRKRST-2041-WAN Architectures and Design Principles
99 pages
Lisp Mobile
No ratings yet
Lisp Mobile
86 pages
Deploying Ipv6 in Branch Networks: Last Updated: April 8, 2011
No ratings yet
Deploying Ipv6 in Branch Networks: Last Updated: April 8, 2011
40 pages
Cisco IPv6 Security Slide
No ratings yet
Cisco IPv6 Security Slide
125 pages
Cisco 7600 Router IEEE 802.1ad Setup
No ratings yet
Cisco 7600 Router IEEE 802.1ad Setup
36 pages
Network Functions Virtualization
No ratings yet
Network Functions Virtualization
2 pages
Segment Routing For Service Provider and Enterprise Networks Stamped
No ratings yet
Segment Routing For Service Provider and Enterprise Networks Stamped
3,105 pages
DEVNET-1200-There and Back-A Network Automation Journey
No ratings yet
DEVNET-1200-There and Back-A Network Automation Journey
26 pages
Teccrs 2001
No ratings yet
Teccrs 2001
465 pages
BRKCOM-1005 UCS Architecture
No ratings yet
BRKCOM-1005 UCS Architecture
73 pages
Chapter 10: Application Layer: Instructor Materials
No ratings yet
Chapter 10: Application Layer: Instructor Materials
39 pages
Cisco 4500 Config Guide
No ratings yet
Cisco 4500 Config Guide
1,120 pages
BRKSPG 2720
No ratings yet
BRKSPG 2720
80 pages
BRKOPT-2204 - Building Carrier Ethernet Services Using Cisco Ethernet Virtual Circuit (EVC) Framework PDF
No ratings yet
BRKOPT-2204 - Building Carrier Ethernet Services Using Cisco Ethernet Virtual Circuit (EVC) Framework PDF
109 pages
Cisco IOS Regular Expressions Guide
No ratings yet
Cisco IOS Regular Expressions Guide
8 pages
Large Scale DMVPN
No ratings yet
Large Scale DMVPN
35 pages
Vxlan - MPBGP Evpn Guide-C07-734107 PDF
No ratings yet
Vxlan - MPBGP Evpn Guide-C07-734107 PDF
44 pages
Brkiot 2555
No ratings yet
Brkiot 2555
92 pages
Tecarc 2900 PDF
No ratings yet
Tecarc 2900 PDF
402 pages
BRKCRS 2501 PDF
No ratings yet
BRKCRS 2501 PDF
112 pages
BRKRST 2046
No ratings yet
BRKRST 2046
276 pages
Cisco's QoS Strategy Guide
No ratings yet
Cisco's QoS Strategy Guide
148 pages
BRKCRS 2501
100% (1)
BRKCRS 2501
372 pages
BRKCRS 2031
No ratings yet
BRKCRS 2031
100 pages
QOS Simplified BRKCRS-2501
No ratings yet
QOS Simplified BRKCRS-2501
242 pages
CLV Sessions 2009 2012
No ratings yet
CLV Sessions 2009 2012
16 pages
VPN Site 2 Site
No ratings yet
VPN Site 2 Site
2 pages
VPN Site 2 Site
No ratings yet
VPN Site 2 Site
2 pages
Building and Using Policies With Cisco SD-WAN - BRKRST-2791
100% (1)
Building and Using Policies With Cisco SD-WAN - BRKRST-2791
129 pages
Cisco Firepower Next-Generation Firewall 6.5 Features Lab v1.0
No ratings yet
Cisco Firepower Next-Generation Firewall 6.5 Features Lab v1.0
23 pages
Indoor Mesh Deployment Guide
No ratings yet
Indoor Mesh Deployment Guide
33 pages
Exercise 1: Cisco DNA Center Assurance Use Case (Demo Starts Here)
No ratings yet
Exercise 1: Cisco DNA Center Assurance Use Case (Demo Starts Here)
30 pages
Brkarc 2350
No ratings yet
Brkarc 2350
106 pages
Cisco SD-WAN Application BRKRST-2514
No ratings yet
Cisco SD-WAN Application BRKRST-2514
47 pages
BRKCRS-2810 Cisco Software-Defined Access
No ratings yet
BRKCRS-2810 Cisco Software-Defined Access
83 pages
Cisco ASA Second Generation's OS 9.x
100% (1)
Cisco ASA Second Generation's OS 9.x
846 pages
CDP Commands
No ratings yet
CDP Commands
24 pages
Spanning Tree Vlan
No ratings yet
Spanning Tree Vlan
16 pages
KXF500
No ratings yet
KXF500
68 pages
Cucm System Configuration Guide 11.0
No ratings yet
Cucm System Configuration Guide 11.0
664 pages
Avaya AAEP Admin Guide
No ratings yet
Avaya AAEP Admin Guide
566 pages
IMS Registration Flow Analysis ISSUE 1 0
No ratings yet
IMS Registration Flow Analysis ISSUE 1 0
81 pages
Office 365 Best Practices - Skype For Business-Lync
No ratings yet
Office 365 Best Practices - Skype For Business-Lync
12 pages
Atos Unify Openscape Business
No ratings yet
Atos Unify Openscape Business
16 pages
SARVAM Technical Specifications
No ratings yet
SARVAM Technical Specifications
12 pages
TrixBox Commands Cheat Sheet
100% (1)
TrixBox Commands Cheat Sheet
2 pages
A0016 - How To Config P2P Between FXO and FXS
No ratings yet
A0016 - How To Config P2P Between FXO and FXS
11 pages
CLCOR+v1.1+ (350 801) +Practice+Exam
No ratings yet
CLCOR+v1.1+ (350 801) +Practice+Exam
44 pages
Release Notes Call Server CS16.2 EN
No ratings yet
Release Notes Call Server CS16.2 EN
15 pages
Cisco Unified Communications Manager Express System Administrator Guide
No ratings yet
Cisco Unified Communications Manager Express System Administrator Guide
1,664 pages
Nec Sl1100 and Sv8100 Sip Trunk Configuration Guide
No ratings yet
Nec Sl1100 and Sv8100 Sip Trunk Configuration Guide
8 pages
CISCO IM&P Jabber Clusters
No ratings yet
CISCO IM&P Jabber Clusters
91 pages
Thesis Tfo - Trfo
No ratings yet
Thesis Tfo - Trfo
84 pages
Discovery 15: Configure Voip Dial Peers: Command Description Bind All Source-Interface Interface-Id
No ratings yet
Discovery 15: Configure Voip Dial Peers: Command Description Bind All Source-Interface Interface-Id
18 pages
VT07-B23A - Datasheet - 20220824
No ratings yet
VT07-B23A - Datasheet - 20220824
2 pages
Hix 56xx
100% (1)
Hix 56xx
10 pages
Avaya Aura Session Manager - Fact Sheet
No ratings yet
Avaya Aura Session Manager - Fact Sheet
8 pages
Infrastructure: Zoom Video Communications, Inc
No ratings yet
Infrastructure: Zoom Video Communications, Inc
9 pages
Akuvox R29S (Edge) - Zenitel Wiki
No ratings yet
Akuvox R29S (Edge) - Zenitel Wiki
10 pages
Datasheet GRP2670 English
No ratings yet
Datasheet GRP2670 English
2 pages
Architecture Patterns and Integrations WA PoX L4 Quiz PDF
No ratings yet
Architecture Patterns and Integrations WA PoX L4 Quiz PDF
5 pages
TELES IGATE 16.2 ReferenceManual 001
No ratings yet
TELES IGATE 16.2 ReferenceManual 001
265 pages
ThousandEyes - Tests
No ratings yet
ThousandEyes - Tests
12 pages
List of TCP and UDP Port Numbers
No ratings yet
List of TCP and UDP Port Numbers
100 pages
Asterisk Call Issue
No ratings yet
Asterisk Call Issue
239 pages
IP Phone & Axis Device Setup Guide
No ratings yet
IP Phone & Axis Device Setup Guide
4 pages
The Evolution of Voip: A Look Into How Voip Has Proliferated Into The Global Dominant Platform It Is Today
No ratings yet
The Evolution of Voip: A Look Into How Voip Has Proliferated Into The Global Dominant Platform It Is Today
48 pages
SIP.js WebSocket Connection Logs
No ratings yet
SIP.js WebSocket Connection Logs
18 pages
Yealink VC800 Video Conferencing System Datasheet
No ratings yet
Yealink VC800 Video Conferencing System Datasheet
4 pages