As with most things in networking, queuing is a trade-off technology that can provide significant
benefit or detriment to the administrator. As a result, when coupled with the implementation and
management overhead involved, most networks forgo queuing and quality of service (QoS) in
favor of other techniques. The most common of these is bandwidth.
The reality is that bandwidth can be used as a QoS mechanism; however, it will not prioritize a
filled queue, which is the point where queuing takes over. This can greatly degrade voice services
(VoIP), but it can also be a factor when the link is presented with a significant amount of additional
data. This can occur under parallel link failure, wherein two paths are reduced to one, presumably
with a resulting 50 percent loss of total bandwidth.
QoS and queuing can provide a mechanism to protect traffic under this model, and might be a
good augmentation to bandwidth services in your network. The challenge is how to categorize
and prioritize traffic—identification of traffic flows, the amount of bandwidth required, the
amount available, the benefit to the firm, and the ability to categorize are all considerations for
the designer to evaluate. NetFlow, a Cisco IOS feature that can audit network traffic, and Network-
Based Application Recognition (NBAR) can help in this process, but NetFlow requires a good
amount of storage and manual evaluation, and NBAR is not recommended for high-capacity links
because of its processor demands.
In addition, you will likely find infighting as a result of your decisions; a group with its traffic
prioritized as bronze will commonly buck and question why an application was rated above
it at gold. Obtaining early sign-off can greatly reduce this contention.
Another queuing option available to the administrator is in-band prioritization. This does not
help user traffic, but can insulate the network from large-scale denial of service attacks. In this
model, queue priority is given to Telnet, Secure Shell (SSH), and TFTP (Trivial FTP) so that
these ports are available to the network administrator when the network is under heavy load.
This load might be due to user traffic or an attack such as Code Red or Nimda. The caution is
that processor load and other factors might be saturated to negate this protection, and, of
course, users will still lose their applications under attack.