Enterprise QoS Solution Reference Network Design Guide

QoS Design Overview
2-14
Enterprise QoS Solution Reference Network Design Guide
Chapter 2 Campus QoS Design
The standard (interface) configuration commands to enable AutoQoS are: auto qos voip. Depending on
the platform, AutoQoS VoIP can support the following additional keyword commands:
cisco-phone—When you enter the auto qos voip cisco-phone interface configuration command on
a port at the edge of a network that is connected to a Cisco IP Phone, the switch enables the
conditional-trusted boundary feature. The switch uses the Cisco Discovery Protocol (CDP) to detect
the presence or absence of a Cisco IP Phone. When a Cisco IP Phone is detected, the ingress
classification on the interface is set to trust the CoS marking of the received packet. When a Cisco
IP Phone is absent, the ingress classification is set to not trust the CoS (or DSCP) value of any
packet.
cisco-softphone—When you enter the auto qos voip cisco-softphone interface configuration
command on a port at the edge of the network that is connected to a device running the Cisco
SoftPhone, the switch uses policing to decide whether a packet is in or out of profile and to specify
the action on the packet. If the packet does not have a DSCP value of 24, 26, or 46 or is out of profile,
the switch changes the DSCP value to 0.
trust —When you enter the auto qos voip trust interface configuration command on a port
connected to the interior of the network, the switch trusts the CoS value in ingress packets (the
assumption is that traffic has already been classified by other edge devices).
The AutoQoS commands and optional keywords are shown on a per-platform basis in the
platform-specific design sections of this chapter.
Additionally, it should be pointed out that AutoQoS VoIP can also be viewed as a template which may
be modified and expanded on to support additional classes of applications. In this manner, the AutoQoS
VoIP feature can be used to quickly and accurately deploy 80% (or more) of the desired solution, which
then can be manually customized further to tailor to the specific customer requirements.
Conditionally-Trusted IP Phone + PC with Scavenger-Class QoS (Basic) Model
In this model, trust of CoS markings is extended to CDP-verified IP Phones. An additional layer of
protection can be offered by access edge policers. As stated previously, the tighter the policers the better,
provided that adequate bandwidth is permitted for legitimate applications. The most granular policing
can be achieved by the use of per-port/per-VLAN policers.
Note Currently, only the Catalyst 3550 family supports per-port/per-VLAN policing as a feature. Other
platforms have already committed to supporting this feature in the near future. For platforms that do not
yet support this feature, equivalent logic can be achieved by including subnet information within the
access lists being referenced by the class maps. Such examples are provided later in this chapter.
For example, the peak amounts of legitimate traffic originating from the voice VLAN (VVLAN) on a
per-port basis are:
128 kbps for Voice traffic, marked CoS 5/DSCP EF (320 kbps in the case of G.722 codecs)
32 kbps for call signaling traffic (marked CoS 3/DSCP AF31 or CS3)
32 kbps of Best Effort services traffic (marked CoS 0)
There should not be any other traffic originating from the VVLAN, so the policer can be configured to
remark anything else from the VVLAN because such traffic is considered illegitimate and indicative of
an attack.
These policers can then be combined with a policer to meter traffic from the data VLAN (DVLAN),
marking down traffic in excess of 5 percent (5 Mbps for FE ports) to Scavenger/CS1.
Version 3.3