Here's my notes from the MPLS QoS tutorial; wish I could have been in two places at once to catch the ISPSec BOF as well. I won't be taking notes at Eddie Deens, though, so it'll be up to Ren's camera to capture the details for those following along at home. < http://nanog.multiply.com/ > Matt 2006.02.13 QoS in MPLS networks tutorial notes. See notes for Agenda, outline, etc. at http://www.nanog.org/mtg-0602/sathiamurthi.html Traffic characterizations go beyond simple DiffServ bit distinctions Understand traffic types and sources and nature of traffic before Latency, Jitter, Loss three traffic parameters to be tracked that influence choices made when applying QoS It's all about managing finite resources rate control, queing, scheduling, etc. congestion management, admission control routing control traffic protection The QoS Triangle (no, not bermuda triangle) Identify Traffic Type Determine QoS parameters Apply QoS settings 2 approaches to QoS fine-grained approach or combination of flows to same traffic type, to same source. Needs to have same characteristics so you can consider them as an aggregated flow. Best Effort is simplest QoS Integrated services (Hard QoS) Differentiated Services (soft QoS) Best Effort is simple, traditional internet Integrated services model, RFC 1633, guarantees per flow QoS strict bandwidth reservations. RSVP, RFC 2055, PATH/RESV messages Admission controls must be configured on every router along path Works well on small scale. Scaling challenge with large numbers of flows. What about aggregating flows into integrated services? DiffServ arch; RFC 2475 scales well with large flows through aggregation creates a means for traffic conditioning (TC) defines per-hop behaviour (PHB) edge nodes perform TC keeps core doing forwarding tough to predict end to end behaviour esp with multiple domains how do you handle capacity planning? Diff services arch slide with pictures of traffic flow. TCA prepares core for the traffic flow that will be coming in; allows core to do per-hops behaviour at the core. IETF diffserv model redefine ToS byte in IP header to differentiated services code point (DSCP) uses 6 bits to define behaviour into behaviour aggregates. Class Selector (CS0 through CS 7) classifier; selects packets based on headers. Classification and Marking flows have 5 parameters; IP src, dest, prececedence, DSCP bits, You can handle traffic metering via adjusting the three flows. 3 parameters used by the token bucket; committed information rate conformed and extended burst size Policing vs shaping. policing drops excess traffic; it accomodates bursts; anything beyond that gets dropped; or, can be re-marked. Shaping smooths traffic but increases latency. buffers packets. policing uses the token bucket scheme tokens added to the bucket at the committed rate depth of the bucket determines the burst size packets arriving when there's enough tokens in the bucket are conforming packets arriving when the bucket is out of tokens are non-conforming; either coloured, dropping, etc. diagram of token bucket, very nice. shaping--use the token bucket scheme as well smooths through buffering queued packets transmitted as tokens are available. 1 aspect is traffic conditioning at edge 2 aspect is per hop behaviour PHB relates to resource allocation for a flow resource allocation is typically bandwidth queing / scheduling mechanisms FIFO/WFQ/MWRR(weighted)/MDRR (deficit) congestion avoidence RED (random early detection / Weighted random early drop Queing/scheduling needs some data mining to decide how to prioritize certain classes of traffic. de-queues depends on weights assigned to different flows. Congestion avoidance technique when there is congestion what should happen? tail drop (hit max queue length) drop selectively but based on IP Prec/DSCP bit Congestion control for TcP adaptive dominant transport protocol Slide showing problem of congestion; without technique, have uncontrolled congestion, big performance impact due to retransmissions. TCP traffic and congestion congestion vs slow-start sender/recieever negotiate on it. source throttles back traffic. (control leverages this behaviour) Global synchroniztion happens when many flows pass through a congested link; each flow going through starts following the same backoff and ramp up, leads to sawtooth curves. RED a congestion avoidance mechanism works with TCP uses packet drop probability and avg queue size avoids global synchronization of many flows. minimizes packet delay jitter by managing queue size RED has minimum and maximum threshold; average queue size is used to avoid dealing with transient bursts. WRED combines RED with IP precedence or DSCP to implement multiple service classes each service class has its own min and max threshold and drop rate. nice slides of lower and higher thresholds for different traffic types. When is WRED used? only when TCP is bulk of traffic. Won't help UDP or other IP MPLS and QoS, into DiffServ avoid vendor CLI as much as possible for the talk. stick with techniques only. do classification and marking at edge, then do per hop behaviour on when to queue or drop packets within the core. Within the MPLS domain, do you lose all the nice classification information? No, you tunnel information from IP DiffServ into MPLS DiffServ. MPLS DiffServ doesn't introduce new QoS architecture uses diffserv defined for IP QoS (RFC 2745) MPLS DiffServ is defined in RFC3270 uses MPLS shim header show slide of diffserv scalability via aggregation traffic enters at PE router, goes through P core, comes out PE at other side. MPLS scalability comes from aggregation of traffic on the edge processing of aggregate only in the core deal with buckets only, thus can scale well. the PE router has to put 2 labels on; next router What's unchanged in MPLS diffserv? traffic conditioning agreements same classification, marking, shaping, policing still happen at the edge buffer management adn packet scheduling mechanisms used to implement PHB PHB definitions EF: low delay/jitter/loss AF: low loss BE: no guarantees (best effort) what's NEW in MPLS diffserv? Prec/DSCP field not visible to MPLS LSRs info on diffserv must be made visible to LSR in MPLS header using EXP field/label how is DSCP mapped into EXP--some interation between them. EXP is 3 bits, S is 1 bit. Typical mapping Expedidted forwarding: EF DSCP 6 bits to 3 bits of EXP bits. 101000 maps to 101 but then you lose bits of informatin. IP DSCP 6 bits whle MPLS EXP = 3bits (RFC 3270) if 8 or less PHBs are used, map DSCP to EXP directly, with E-LSPs with preconfigured mappings If more than 8 PHBs, needed to be mapped in label and EXP; L-LSPs are needed Both E-LSP and L-LSP can use LDP or RSVP for label distribution. MPLS: flows associated with FEC mapped to one label DS: flows associated with class, mappable to EXP MPLS diffserv tunneling modes Based on RFC 3270 Modes uniform short-pipe pipe how do you implement the modes? depends on your engineering decisions. uniform mode assume the entire admin domain of the SP is under single diffserv domain then like a requirement to keep colouring info the same (uniform) when going from IP to IP, to MPLS, back again, etc. in both MPLS to MPLS and to IP cases, tehe PHB of the topmost popped label is copied into the new top label or the IP DSCP if no label remains. Short pipe mode assume an ISP network implmementing a diffserv model assumes customers implement a different policy. note that the policy applied outbound on egress interface is basd on DSCP of the customer, hence the short-pipe naming. Pipe-mode same as short-pipe however, SP wants to drive the outbound PHBs of the topmost popped label is copied to the new top label classification is based on mpls-exp field (EXP=0) of the topmost received MPLS frame MPLS TE and DiffServ is diffserv good enough to determine end to end quality of service? nope. what happens if there's no congestion, but a link fails? when link fails, and reroute happens across a new link; the new link gets congested due to combined traffic. You may need to engineer your traffic on non-optimal path to assure enough bandwidth will be ready for it. So you have BW optimization and congestion management in parallel TE + DiffSErve spread traffic around with more flexibility than IGP supports. MPLS labels can be used to engineer explicit paths tunnels are uni-directional How does MPLS TE work? Explicit routing constraint-based routing admission control protection capabilities RSVP-TE to establish LSPs ISIS and OSPF extensions to advertise link attributes Diffserv aware TE per-class constraint based routing per class admission control so best effort can go on one link, while low-latency can be shifted along a different link. Link BW distributed in pools of BW constraints (BC) up to 8 BW pools different BW pool models Maximum Allocation Model (MAM) Maximum Reservable Bandwidth (MRB) BC0: 20% Best Effort (admission class 1) BC1: 50% Premium (admission class 2) BC2: 30% Voice (admission class 3) Per class traffic engineering concept; all 3 sum to MRB If for any reason the part of traffic hard reserved isn't being used, it's wasted; nobody gets to burst into it. No sharing of unused capacity. But simple, independent. DS-TE BW Pools--Russian Dolls Model (RDM) BW pool applies to one or more classes Global BW pool (BC0) equals MRB BC0...BCn used for computing unreserved BW for class n so BC0: MRB (best effort + premium + voice) BC1: 50% premium + voice BC2: 30% Voice Downside is higher bandwidth class may push out some lower traffic that was flowing already. Aggregate TE in diffserv network DS TE and QoS Diffserve-TE doesn't preclude the necessity of configuring PHB QoS in the TE path; DiffServ TE operates in conjunction with QoS mechanisms. Traffic engineering is a huge field; so it's hard to cover in a short period of time. Summary: QoS techniques effective allocation of network resources IP DiffServ Service Differentiation good starting point, bu doesn't scale that well MPLS and DiffServ Builds scalable networks for service providers DiffServ Tunnelling modes Scalable and flexible QoS options Supports Draft Tunneling Mode RFC DiffServ TE provides strict point-to-point guarantees pipe models are your choice, how do you want to architect your network? What are _your_ traffic needs? When you need to drop traffic, determine how you'll drop traffic based on DSCP bits so you can set watermarks on the traffic; some traffic more lenient about drops, other traffic not so lenient about drops. Question: Fred W. from Bechtel. With IPv6, there's a 20 byte flow label, rather than the 8 bit agony of mapping the v4 DSCP bits; does that give more flexibility, more choices, are there fewer headaches associated with v6 QoS handling? Short answer--the presenters aren't as focused on v6 development, so they don't have a concrete answer to give there, sorry. That wraps up the presentation/tutorial at 1715 hours pacific time.