AutoQoS
Problem
You want the router to automatically generate the Quality of Service policy map for either VoIP or general IP traffic.
Solution
There are two versions of AutoQoS. The first is specific to VoIP traffic:
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router1(config)#ip cef
Router1(config)#interface Serial0/0
Router1(config-if)#no ip address
Router1(config-if)#encapsulation frame-relay
Router1(config-if)#exit
Router1(config)#interface Serial0/0.1 point-to-point
Router1(config-subif)#ip address 192.168.55.9 255.255.255.252
Router1(config-subif)#frame-relay interface-dlci 904
Router1(config-fr-dlci)#auto qos voip
%Creating new map-class.
Router1(config-fr-dlci)#exit
Router1(config-subif)#exit
Router1(config)#end
Router1#
*Mar 1 01:32:55.031: %RMON-5-FALLINGTRAP: Falling trap is generated because the
value of cbQosCMDropBitRate.1169.1171 has fallen below the falling-threshold va
lue 0
Router1#
The other AutoQoS option is called AutoQoS for the Enterprise. This feature is useful for automatically generating policy maps for more general IP traffic. For this feature, the router must first monitor the traffic by using the interface to decide how best to set up the policy maps. To enable this data collection phase, you use the auto discovery qos command:
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router1(config)#ip cef
Router1(config)#interface Serial0/0
Router1(config-if)#no ip address
Router1(config-if)#encapsulation frame-relay
Router1(config-if)#exit
Router1(config)#interface Serial0/0.1 point-to-point
Router1(config-subif)#ip address 192.168.55.9 255.255.255.252
Router1(config-subif)#frame-relay interface-dlci 904
Router1(config-fr-dlci)#auto discovery qos
Router1(config-fr-dlci)#exit
Router1(config-subif)#exit
Router1(config)#end
Router1#
After the router has learned about the traffic patterns, you disable the discovery mode and enable auto qos instead:
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router1(config)#interface Serial0/0.1 point-to-point
Router1(config-subif)#frame-relay interface-dlci 904
Router1(config-fr-dlci)#auto qos
%Creating new map-class.
Router1(config-fr-dlci)#no auto discovery qos
Router1(config-fr-dlci)#exit
Router1(config-subif)#exit
Router1(config)#end
Router1#
Discussion
AutoQoS is an extremely useful feature that can take a lot of the mystery out of building a QoS policy. Unfortunately, there are several restrictions on this feature that you need to be aware of.
First, it is only available on point-to-point links between routers. This includes point-to-point subinterfaces on ATM and Frame Relay PVCs, as shown in the example. The feature is also available on PPP and HDLC Serial connections. It cannot be used on any multiple access media, including Ethernets, or multipoint subinterfaces.
Second, it can't be used with any virtual templates or frame map statements. It cannot be used with either Frame Relay or ATM SVCs.
Third, it must be enabled on both ends of each link or PVC. This doesn't necessarily mean that both routers must run the same IOS version, however, as long as the AutoQoS feature is available on both routers.
Fourth, you should disable any other service policies or access-groups on the router, even if they are associated with different interfaces.
And finally, you must ensure that CEF is enabled for this feature to work.
AutoQoS for VoIP was introduced in IOS Version 12.2(15)T. This command is actually a macro that adds a series of commands to your router's configuration. You can use the show auto qos command to see exactly what it has added:
Router1#show auto qos
!
policy-map AutoQoS-Policy-UnTrust
class AutoQoS-VoIP-RTP-UnTrust
priority percent 70
set dscp ef
class AutoQoS-VoIP-Control-UnTrust
bandwidth percent 5
set dscp af31
class AutoQoS-VoIP-Remark
set dscp default
class class-default
fair-queue
!
ip access-list extended AutoQoS-VoIP-RTCP
permit udp any any range 16384 32767
!
ip access-list extended AutoQoS-VoIP-Control
permit tcp any any eq 1720
permit tcp any any range 11000 11999
permit udp any any eq 2427
permit tcp any any eq 2428
permit tcp any any range 2000 2002
permit udp any any eq 1719
permit udp any any eq 5060
!
rmon event 33333 log trap AutoQoS description "AutoQoS SNMP traps for Voice Drops" owner AutoQoS
rmon alarm 33333 cbQosCMDropBitRate.1169.1171 30 absolute rising-threshold 1 33333 falling-threshold 0 owner AutoQoS
Serial0/0.1: DLCI 904 -
!
interface Serial0/0
frame-relay traffic-shaping
!
interface Serial0/0.1 point-to-point
frame-relay interface-dlci 904
class AutoQoS-FR-Se0/0-904
!
map-class frame-relay AutoQoS-FR-Se0/0-904
frame-relay cir 1544000
frame-relay bc 15440
frame-relay be 0
frame-relay mincir 1544000
service-policy output AutoQoS-Policy-UnTrust
Router1#
Clearly, this little macro has done a lot of work, and in fact this command output doesn't show the class-maps that were created at the same time! Let's examine what it did. First, it created a policy-map called AutoQoS-Policy-UnTrust, which allocates up to 70% of the bandwidth on this link to voice traffic and another 5% to VoIP control packets. It also sets the DSCP values for these traffic streams, overriding whatever values were previously in the packets. All other traffic is configured to use weighted fair-queuing (WFQ).
Then, skipping over the access-lists, whose purpose is fairly clear, the macro has created an RMON rule that will automatically send an SNMP trap every time the router is forced to drop a voice packet. You can then use these trap logs to determine if the queuing parameters are appropriate. If you find that you are dropping a lot of packets, then you may need to increase your bandwidth to reduce congestion.
And finally, it has implemented Frame Relay Traffic Shaping to ensure that the router doesn't attempt to overrun the CIR for the PVC. This is a critical consideration because, by default, the router will assume that it can transmit at wire speed on each PVC individually. So if you have several PVCs on a single physical circuit, it will allow any of them to burst to the full bandwidth capacity of the interface, possibly over-running the CIR of the PVC. As a result, even with the best queuing strategy on the router, you could find yourself dropping packets in the frame cloud. For more information on Frame Relay Traffic Shaping, please refer to Recipe 11.14 and Chapter 10.
The AutoQoS for the Enterprise feature was introduced in IOS Version 12.3(7)T. It classifies traffic into 10 categories, which are listed in Table 11-2. Note that if the discovery feature doesn't see any traffic of a particular type, then AutoQoS will not create a corresponding class on the router.
Class Name | DSCP | Description |
---|---|---|
IP Routing | CS6 | Routing protocol and ICMP traffic |
Interactive Voice | EF | RTP Voice traffic |
Interactive Video | AF41 | RTP Video traffic |
Streaming Video | CS4 | Various streaming audio and video protocols, such as CU-SeeMe, RealAudio, and Netshow |
Telephony Signaling | CS3 | RTP and H.323 |
Transactional/Interactive | AF21 | Database protocols, such as SAP, SQLNet, and SQLServer, as well as interactive protocols, including Citrix, Telnet, Notes, SSH, and X11 |
Network Management | CS2 | Primarily SNMP |
Bulk Data | AF11 | Batch file transfer protocols such as FTP, Exchange, POP3, SMTP, NNTP, and network printing |
Scavenger | CS1 | Various peer-to-peer and entertainment protocols, including Napster, Fasttrack, and Gnutella; this group is given a worse than best-efforts priority |
Best Effort | 0 | Various miscellaneous protocols, including HTTP, NFS, SunRPC, NTP, and gopher, as well as any unidentified traffic |
We enabled auto discovery QoS on both ends of a Frame-Relay PVC, ran some traffic through the link and then looked at the output of the show auto discovery qos command to see what the router suggested for a QoS policy:
Router1#show auto discovery qos
Serial0/0.1
AutoQoS Discovery enabled for applications
Discovery up time: 3 minutes, 41 seconds
AutoQoS Class information:
Class Voice:
No data found.
Class Interactive Video:
No data found.
Class Signaling:
No data found.
Class Streaming Video:
No data found.
Class Transactional:
Recommended Minimum Bandwidth: 1 Kbps/<1% (AverageRate)
Detected applications and data:
Application/ AverageRate PeakRate Total
Protocol (kbps/%) (kbps/%) (bytes)
----------- ----------- -------- ------------
telnet 1/<1 32/2 53404
Class Bulk:
No data found.
Class Scavenger:
No data found.
Class Management:
Recommended Minimum Bandwidth: 1 Kbps/<1% (AverageRate)
Detected applications and data:
Application/ AverageRate PeakRate Total
Protocol (kbps/%) (kbps/%) (bytes)
----------- ----------- -------- ------------
snmp 1/<1 11/<1 50245
Class Routing:
Recommended Minimum Bandwidth: 0 Kbps/0% (AverageRate)
Detected applications and data:
Application/ AverageRate PeakRate Total
Protocol (kbps/%) (kbps/%) (bytes)
----------- ----------- -------- ------------
icmp 0/0 8/<1 11432
eigrp 0/0 0/0 6016
Class Best Effort:
Current Bandwidth Estimation: 3 Kbps/<1% (AverageRate)
Detected applications and data:
Application/ AverageRate PeakRate Total
Protocol (kbps/%) (kbps/%) (bytes)
----------- ----------- -------- ------------
http 3/<1 33/2 84777
unknowns 0/0 0/0 184
Suggested AutoQoS Policy for the current uptime:
!
class-map match-any AutoQoS-Transactional-Se0/0.1
match protocol telnet
!
class-map match-any AutoQoS-Management-Se0/0.1
match protocol snmp
!
policy-map AutoQoS-Policy-Se0/0.1
class AutoQoS-Transactional-Se0/0.1
bandwidth remaining percent 1
random-detect dscp-based
set dscp af21
class AutoQoS-Management-Se0/0.1
bandwidth remaining percent 1
set dscp cs2
class class-default
fair-queue
Router1#
As you can see, we didn't let the discovery phase run for very long, and consequently did not discovery very many types of traffic. The router saw no traffic in the Voice, Interactive Video, Telephony Signaling, Streaming Video, Bulk, or Scavenger classes. But it did see some TELNET traffic in the Transactional class, some SNMP traffic in the Network Management class, as well as some Routing Protocol and Best Efforts traffic. Note that the command output includes average and peak rate traffic statistics, which the router will use to help determine queuing parameters:
Class Best Effort:
Current Bandwidth Estimation: 3 Kbps/<1% (AverageRate)
Detected applications and data:
Application/ AverageRate PeakRate Total
Protocol (kbps/%) (kbps/%) (bytes)
----------- ----------- -------- ------------
http 3/<1 33/2 84777
unknowns 0/0 0/0 184
The output then ends with a suggestion for a QoS policy-map to be applied to this interface. This output shows that the AutoQoS feature uses the NBAR match command to identify protocols. NBAR is the basis of AutoQoS. Please refer to Recipe 11.8 for more information about NBAR.
Once we are satisfied that this is a good QoS policy, we enable it by using the auto qos command:
Router1(config)#interface Serial0/0.1 point-to-point
Router1(config-subif)#frame-relay interface-dlci 904
Router1(config-fr-dlci)#auto qos
%Creating new map-class.
Router1(config-fr-dlci)#no auto discovery qos
Router1(config-fr-dlci)#exit
Router1(config-subif)#exit
|
If you want to see the new configuration commands that AutoQoS has added to your router, use the show auto qos command:
Router1#show auto qos
!
policy-map AutoQoS-Policy-Se0/0.1
class AutoQoS-Transactional-Se0/0.1
bandwidth remaining percent 1
random-detect dscp-based
set dscp af21
class AutoQoS-Routing-Se0/0.1
bandwidth remaining percent 1
set dscp cs6
class class-default
fair-queue
!
policy-map AutoQoS-Policy-Se0/0.1-Parent
class class-default
shape average 1544000
service-policy AutoQoS-Policy-Se0/0.1
!
class-map match-any AutoQoS-Transactional-Se0/0.1
match protocol telnet
!
class-map match-any AutoQoS-Routing-Se0/0.1
match protocol icmp
match protocol eigrp
match protocol rip
Serial0/0.1: DLCI 904 -
!
interface Serial0/0.1 point-to-point
frame-relay interface-dlci 904
class AutoQoS-FR-Se0/0-904
!
map-class frame-relay AutoQoS-FR-Se0/0-904
frame-relay cir 1544000
frame-relay bc 15440
frame-relay be 0
frame-relay mincir 1544000
service-policy output AutoQoS-Policy-Se0/0.1-Parent
Router1#
Note that the actual policy map does not exactly match the version that we saw earlier during the data collection phase. The biggest difference is that the router saw some additional RIP traffic in the meantime and added this protocol to the class called AutoQoS-Routing-Se0/0.1. It has also created a Frame Relay map class that includes traffic shaping parameters for the PVC.
Because AutoQoS adds so many different commands to the router configuration, if you want to disable AutoQoS, it is not sufficient to just remove the auto qos command. You will need to remove all of the other commands separately. In fact, you should be careful about removing this command because if you do so, the show auto qos command will no longer function, making it much more difficult to figure out what commands are actually related to this feature. To make matters worse, once you have removed the auto qos command, you can't even put it back because the router needs to repeat the discovery phase first!
If you want to remove this feature after you have enabled it, we recommend capturing the output of the show auto qos command and using a text editor to create a configuration script that selectively eliminates all of the associated commands.
AutoQoS for the Enterprise can be a useful way of generating a detailed queuing strategy for your network. We do urge some caution in using this feature, however. In our experience, the discovery option can be unreliable. In particular, if you are using NBAR or have access-groups enabled on the router, this can interfere with the data collection. Furthermore, we have seen questionable results in the output that went away after disabling and re-enabling the discovery option.
We strongly recommend looking very closely at the recommendations made by this command before implementing them.