Here's my notes from the MPLS QoS tutorial; wish I could have
been in two places at once to catch the ISPSec BOF as well.
I won't be taking notes at Eddie Deens, though, so it'll be up
to Ren's camera to capture the details for those following along
at home. < http://nanog.multiply.com/ >
Matt
2006.02.13
QoS in MPLS networks tutorial notes.
See notes for Agenda, outline, etc. at
http://www.nanog.org/mtg-0602/sathiamurthi.html
Traffic characterizations go beyond simple DiffServ
bit distinctions
Understand traffic types and sources and nature
of traffic before
Latency,
Jitter,
Loss
three traffic parameters to be tracked that influence
choices made when applying QoS
It's all about managing finite resources
rate control, queing, scheduling, etc.
congestion management, admission control
routing control traffic protection
The QoS Triangle (no, not bermuda triangle)
Identify Traffic Type
Determine QoS parameters
Apply QoS settings
2 approaches to QoS
fine-grained approach
or
combination of flows to same traffic type, to same
source. Needs to have same characteristics so you
can consider them as an aggregated flow.
Best Effort is simplest QoS
Integrated services (Hard QoS)
Differentiated Services (soft QoS)
Best Effort is simple, traditional internet
Integrated services model, RFC 1633, guarantees per
flow QoS
strict bandwidth reservations.
RSVP, RFC 2055, PATH/RESV messages
Admission controls
must be configured on every router along path
Works well on small scale. Scaling challenge with large
numbers of flows.
What about aggregating flows into integrated services?
DiffServ arch; RFC 2475
scales well with large flows through aggregation
creates a means for traffic conditioning (TC)
defines per-hop behaviour (PHB)
edge nodes perform TC
keeps core doing forwarding
tough to predict end to end behaviour
esp with multiple domains
how do you handle capacity planning?
Diff services arch slide with pictures of
traffic flow.
TCA prepares core for the traffic flow that
will be coming in; allows core to do per-hops
behaviour at the core.
IETF diffserv model
redefine ToS byte in IP header to differentiated services
code point (DSCP)
uses 6 bits to define behaviour into behaviour aggregates.
Class Selector (CS0 through CS 7)
classifier; selects packets based on headers.
Classification and Marking
flows have 5 parameters; IP src, dest, prececedence,
DSCP bits,
You can handle traffic metering via adjusting the
three flows.
3 parameters used by the token bucket;
committed information rate
conformed and extended burst size
Policing vs shaping.
policing drops excess traffic; it accomodates bursts;
anything beyond that gets dropped; or, can be re-marked.
Shaping smooths traffic but increases latency.
buffers packets.
policing
uses the token bucket scheme
tokens added to the bucket at the committed rate
depth of the bucket determines the burst size
packets arriving when there's enough tokens in the bucket
are conforming
packets arriving when the bucket is out of tokens are
non-conforming; either coloured, dropping, etc.
diagram of token bucket, very nice.
shaping--use the token bucket scheme as well
smooths through buffering
queued packets transmitted as tokens are available.
1 aspect is traffic conditioning at edge
2 aspect is per hop behaviour
PHB relates to resource allocation for a flow
resource allocation is typically bandwidth
queing / scheduling mechanisms
FIFO/WFQ/MWRR(weighted)/MDRR (deficit)
congestion avoidence
RED (random early detection / Weighted random early drop
Queing/scheduling
needs some data mining to decide how to prioritize certain
classes of traffic.
de-queues depends on weights assigned to different flows.
Congestion avoidance technique
when there is congestion what should happen?
tail drop (hit max queue length)
drop selectively but based on IP Prec/DSCP bit
Congestion control for TcP
adaptive
dominant transport protocol
Slide showing problem of congestion; without technique,
have uncontrolled congestion, big performance impact
due to retransmissions.
TCP traffic and congestion
congestion vs slow-start
sender/recieever negotiate on it.
source throttles back traffic.
(control leverages this behaviour)
Global synchroniztion happens when many flows pass through
a congested link; each flow going through starts following
the same backoff and ramp up, leads to sawtooth curves.
RED
a congestion avoidance mechanism
works with TCP
uses packet drop probability and avg queue size
avoids global synchronization of many flows.
minimizes packet delay jitter by managing queue size
RED has minimum and maximum threshold; average queue
size is used to avoid dealing with transient bursts.
WRED combines RED with IP precedence or DSCP to
implement multiple service classes
each service class has its own min and max threshold and
drop rate.
nice slides of lower and higher thresholds for different
traffic types.
When is WRED used? only when TCP is bulk of traffic.
Won't help UDP or other IP
MPLS and QoS, into DiffServ
avoid vendor CLI as much as possible for the talk.
stick with techniques only.
do classification and marking at edge, then do per
hop behaviour on when to queue or drop packets within
the core.
Within the MPLS domain, do you lose all the nice
classification information?
No, you tunnel information from IP DiffServ into MPLS
DiffServ.
MPLS DiffServ
doesn't introduce new QoS architecture
uses diffserv defined for IP QoS (RFC 2745)
MPLS DiffServ is defined in RFC3270
uses MPLS shim header
show slide of diffserv scalability via aggregation
traffic enters at PE router, goes through P core,
comes out PE at other side.
MPLS scalability comes from
aggregation of traffic on the edge
processing of aggregate only in the core
deal with buckets only, thus can scale well.
the PE router has to put 2 labels on; next router
What's unchanged in MPLS diffserv?
traffic conditioning agreements
same classification, marking, shaping, policing still
happen at the edge
buffer management adn packet scheduling mechanisms
used to implement PHB
PHB definitions
EF: low delay/jitter/loss
AF: low loss
BE: no guarantees (best effort)
what's NEW in MPLS diffserv?
Prec/DSCP field not visible to MPLS LSRs
info on diffserv must be made visible to LSR in
MPLS header using EXP field/label
how is DSCP mapped into EXP--some interation between them.
EXP is 3 bits, S is 1 bit.
Typical mapping
Expedidted forwarding: EF DSCP 6 bits to 3 bits of EXP bits.
101000 maps to 101
but then you lose bits of informatin.
IP DSCP 6 bits whle MPLS EXP = 3bits (RFC 3270)
if 8 or less PHBs are used, map DSCP to EXP directly,
with E-LSPs with preconfigured mappings
If more than 8 PHBs, needed to be mapped in label
and EXP; L-LSPs are needed
Both E-LSP and L-LSP can use LDP or RSVP for label
distribution.
MPLS: flows associated with FEC mapped to one label
DS: flows associated with class, mappable to EXP
MPLS diffserv tunneling modes
Based on RFC 3270
Modes
uniform
short-pipe
pipe
how do you implement the modes? depends on your
engineering decisions.
uniform mode
assume the entire admin domain of the SP is under single
diffserv domain
then like a requirement to keep colouring info the same
(uniform) when going from IP to IP, to MPLS, back again,
etc.
in both MPLS to MPLS and to IP cases, tehe PHB of the
topmost popped label is copied into the new top label
or the IP DSCP if no label remains.
Short pipe mode
assume an ISP network implmementing a diffserv model
assumes customers implement a different policy.
note that the policy applied outbound on egress
interface is basd on DSCP of the customer, hence the
short-pipe naming.
Pipe-mode
same as short-pipe
however, SP wants to drive the outbound
PHBs of the topmost popped label is copied to the new
top label
classification is based on mpls-exp field (EXP=0) of the
topmost received MPLS frame
MPLS TE and DiffServ
is diffserv good enough to determine end to end quality
of service? nope.
what happens if there's no congestion, but a link
fails?
when link fails, and reroute happens across a new
link; the new link gets congested due to combined
traffic.
You may need to engineer your traffic on non-optimal
path to assure enough bandwidth will be ready for it.
So you have BW optimization and congestion management
in parallel
TE + DiffSErve
spread traffic around with more flexibility than IGP
supports.
MPLS labels can be used to engineer explicit paths
tunnels are uni-directional
How does MPLS TE work?
Explicit routing
constraint-based routing
admission control
protection capabilities
RSVP-TE to establish LSPs
ISIS and OSPF extensions to advertise link attributes
Diffserv aware TE
per-class constraint based routing
per class admission control
so best effort can go on one link, while low-latency
can be shifted along a different link.
Link BW distributed in pools of BW constraints (BC)
up to 8 BW pools
different BW pool models
Maximum Allocation Model (MAM)
Maximum Reservable Bandwidth (MRB)
BC0: 20% Best Effort (admission class 1)
BC1: 50% Premium (admission class 2)
BC2: 30% Voice (admission class 3)
Per class traffic engineering concept; all 3 sum to MRB
If for any reason the part of traffic hard reserved isn't
being used, it's wasted; nobody gets to burst into it.
No sharing of unused capacity. But simple, independent.
DS-TE BW Pools--Russian Dolls Model (RDM)
BW pool applies to one or more classes
Global BW pool (BC0) equals MRB
BC0...BCn used for computing unreserved BW for
class n
so BC0: MRB (best effort + premium + voice)
BC1: 50% premium + voice
BC2: 30% Voice
Downside is higher bandwidth class may push out some
lower traffic that was flowing already.
Aggregate TE in diffserv network
DS TE and QoS
Diffserve-TE doesn't preclude the necessity of configuring
PHB QoS in the TE path; DiffServ TE operates in conjunction
with QoS mechanisms.
Traffic engineering is a huge field; so it's hard to cover
in a short period of time.
Summary:
QoS techniques
effective allocation of network resources
IP DiffServ
Service Differentiation
good starting point, bu doesn't scale that well
MPLS and DiffServ
Builds scalable networks for service providers
DiffServ Tunnelling modes
Scalable and flexible QoS options
Supports Draft Tunneling Mode RFC
DiffServ TE
provides strict point-to-point guarantees
pipe models are your choice, how do you want to
architect your network? What are _your_ traffic
needs?
When you need to drop traffic, determine how you'll
drop traffic based on DSCP bits so you can set
watermarks on the traffic; some traffic more
lenient about drops, other traffic not so lenient
about drops.
Question: Fred W. from Bechtel.
With IPv6, there's a 20 byte flow label, rather than
the 8 bit agony of mapping the v4 DSCP bits; does that
give more flexibility, more choices, are there fewer
headaches associated with v6 QoS handling?
Short answer--the presenters aren't as focused on v6
development, so they don't have a concrete answer to
give there, sorry.
That wraps up the presentation/tutorial at 1715 hours
pacific time.