QoS

QoS, or Quality of Service, is a networking concept that refers to the ability of a network to provide different levels of service to different types of traffic. It is a way to prioritize certain types of traffic over others based on their importance or the requirements of the applications using the network.

QoS allows administrators to manage network resources effectively by controlling the amount of bandwidth allocated to specific applications or devices, and by ensuring that critical applications receive the necessary bandwidth to function properly.

QoS can be implemented in different ways, such as by setting priorities for different types of traffic, limiting the bandwidth available for certain applications, or using queuing and scheduling algorithms to manage network traffic. The goal is to optimize network performance, reduce latency and packet loss, and ensure that critical applications and services operate smoothly.

QoS is particularly important in networks that carry real-time traffic such as voice or video, which require low latency and minimal packet loss to function properly. Without QoS, other types of traffic such as file transfers or software updates can cause congestion and negatively impact the performance of real-time applications.

Class Map

In QoS (Quality of Service), a class map is used to define a traffic class. It is a configuration construct used to classify traffic on the basis of various parameters like IP address, protocol, or port number. Class maps help to identify traffic that needs to be treated in a particular way. For example, traffic from a specific application can be marked as a high priority while traffic from other applications can be marked as a low priority.

Once traffic is classified using class maps, policies can be applied to each class to ensure that the traffic is handled according to its requirements.

Define Class Map

class-map match-all CNAME

The command is used to create a class map. The match-all keyword indicates that all of the specified match criteria must be met in order for traffic to be classified into the corresponding class.

  • CNAME: is the name of the class map, which is used to reference the class in other QoS configuration commands

class-map match-any CNAME

The command is used in QoS (Quality of Service) configuration on devices to create a class map that matches any one of the specified match criteria. It is used to group multiple match criteria with an OR logic.

  • CNAME: is the name you give to the class map.

no class-map CNAME

Removes a class map

Example :

soodar(config)# class-map match-all cmap1
soodar(config-cmap)#

Define matching criteria

you can use the match command to define the match criteria for a class map.

match any

Every packet is accpeted.

match access-list ACL

The command is used in the configuration of a class map to match packets based on an Access Control List (ACL). When a packet matches the criteria specified in the ACL, it is classified under the specified class map.

  • ACL: Specifies the name of the Access Control List that contains the matching criteria.

Example:

soodar(config)# ip access-list 101
soodar(config-nacl)# permit tcp any any eq 80
soodar(config-nacl)# permit tcp any any eq 443
soodar(config)# class-map match-any WEB_TRAFFIC
soodar(config-cmap)# match access-list 101

In the above example, the class map WEB_TRAFFIC is configured to match packets based on the Access Control List 101, which permits TCP traffic to ports 80 and 443.

match source-address A.B.C.D/M

The command is used to match packets based on their source IP address or IP address range.

  • A.B.C.D/M: is the source IP address or IP address range in CIDR notation.

This command is typically used in QoS (Quality of Service) configurations to match specific traffic flows based on their source IP address.

Example:

soodar(config)# class-map match-all LOCAL
soodar(config-cmap)# match source-address 192.168.1.0/24

This will create a class-map called LOCAL that matches all traffic with a source IP address in the range of 192.168.1.0 to 192.168.1.255

match destination-address A.B.C.D/M

The command is used to define the match criteria for a class-map in devices based on the destination IP address.

  • A.B.C.D/M: is the destination IP address or IP address range in CIDR notation.

Example:

soodar(config)# class-map VOIP
soodar(config-cmap)# match destination-address 10.1.1.0/24

In this example, a class-map named *VOIP* is created to match traffic with a destination IP address in the subnet 10.1.1.0/24.
match source-address X:X::X:X/M

This command specifies a match criterion for IPv6 source addresses within the class map.

  • X:X::X:X/M: specifies the IPv6 address prefix and mask to match against.

match destination-address X:X::X:X/M

This command specifies a match criterion for IPv6 destination addresses within the class map.

  • X:X::X:X/M: specifies the IPv6 address prefix and mask to match against.

match dscp (0-63)

The command is used to match packets based on the Differentiated Services Code Point (DSCP) value in their IP header.

  • (0-63): is the decimal value of the DSCP field in the IP header. The DSCP value is a 6-bit value, which means it can range from 0 to 63.

match protocol <(0-255)|PROTOCOLNAME>

The command is used in a class-map to match packets based on the Layer 4 protocol.

  • (0-255): Specifies the protocol number, which is an integer between 0 and 255.

  • PROTOCOLS: Specifies the name of the protocol.

Note

Note that the match protocol command matches only the Layer 4 protocol and does not look at the content of the packets. It is typically used in combination with other match criteria, such as source and destination IP address, to create a more specific match.

Policy Map

In QoS (Quality of Service), a policy-map is used to apply specific QoS features to specific traffic classes in a class-map. It defines the specific actions that should be taken on the classified traffic.

A policy-map consists of one or more class-maps, and each class-map specifies a particular type of traffic. The policy-map is then applied to an interface to enforce the QoS policies.

Within a policy-map, you can configure various QoS features, such as traffic shaping, bandwidth allocation, queuing, and marking. These features can be tailored to meet specific network requirements and can be used to ensure that critical traffic is prioritized over less important traffic, leading to a more efficient use of network resources.

Note

Currently, only the traffic policing feature is supported.

Define Policy Map

policy-map NAME

The command is used to define a policy map that contains one or more class maps and a set of actions to be taken on the matching traffic. The command takes the user to the policy-map configuration mode, where the actions that should be taken on the matching traffic can be configured.

  • NAME: is the name of the policy map that the user wants to create.

Define a new policy

Traffic policing

Traffic policing is a mechanism used in Quality of Service (QoS) to regulate and control the amount of network traffic that is allowed to pass through a network interface or a specific port. It can be used to ensure that certain types of traffic or specific users do not consume too much bandwidth and negatively impact other users or applications.

Traffic policing works by examining the incoming traffic, comparing it to a configured traffic rate, and either allowing or dropping packets based on the configured rate. If the incoming traffic rate exceeds the allowed rate, the traffic is either dropped or marked with a lower priority. This helps to prevent network congestion and ensures that high-priority traffic is given priority over lower-priority traffic.

Policing can be implemented in different ways, depending on the network topology and requirements. SoodarOS uses token bucket algorithm.

Token bucket algorithm

A token bucket is a traffic management mechanism used to control the rate of data transmission. It is based on the idea of having a token bucket that holds a finite number of tokens. Each token represents a unit of data that can be transmitted, usually measured in bytes. The token bucket is refilled at a certain rate, which is called the committed information rate (CIR). If a device wants to transmit data, it must first obtain a token from the bucket. If there are no tokens available, the device cannot transmit data until more tokens become available.

The implementation of a token bucket involves two key parameters: the bucket size and the token refill rate. The bucket size determines the maximum amount of data that can be transmitted in a given time interval, while the token refill rate determines the rate at which new tokens are added to the bucket.

Single-rate policing and dual-rate policing are two different implementations of the token bucket. Single-rate policing uses a single token bucket to control both the CIR and the excess information rate (EIR), while dual-rate policing uses separate token buckets to control the CIR and EIR.

In single-rate policing, the token bucket is filled at the CIR. Any excess data beyond the CIR is considered to be part of the EIR. The size of the token bucket is set to the committed burst (CB), which is the maximum amount of data that can be transmitted at the CIR. If there are no tokens available in the bucket, excess data is dropped.

In dual-rate policing, there are two token buckets: one for the CIR and one for the EIR. The size of the CIR bucket is set to the committed burst (CB), while the size of the EIR bucket is set to the excess burst (EB). The refill rate for the CIR bucket is set to the CIR, while the refill rate for the EIR bucket is set to the excess information rate (EIR).

The CIR and EIR values are used to define the bandwidth allocation for the traffic being policed. The CB and EB values are used to limit the amount of data that can be transmitted during a given time interval. The token bucket mechanism ensures that the rate of data transmission never exceeds the CIR or EIR, and that the amount of data transmitted does not exceed the CB or EB.

For example, a token bucket policing policy might be defined as follows:

  • CIR = 1 Mbps

  • EIR = 512 Kbps

  • CB = 500 KB

  • EB = 250 KB

In this policy, the token bucket would be refilled at a rate of 1 Mbps, and would have a maximum capacity of 500 KB. If the bucket ever contained more than 500 KB of tokens, excess tokens would be dropped. The CIR would be enforced by limiting the rate at which tokens are refilled, while the EIR would be enforced by allowing the token bucket to accumulate additional tokens beyond the maximum capacity. The CB and EB would limit the amount of data that could be sent during a burst, and the amount of excess data that could be sent during a burst, respectively.

class CNAME

The class command is used inside a policy map to create a class for which specific actions will be defined. Once the class has been defined, you can specify the actions to be taken for traffic matching the class criteria using QoS command police.

  • CNAME: Creates a class within the policy map and specifies the name of the class.

police CB [CIR [EIR]] conform-action ACTION exceed-action ACTION [violate-action ACTION]

The police command is used within a policy-map in to define the policing action to be taken for a specific class.

  • CB: The size of the committed burst in bits.

  • CIR: Committed Information Rate in bits per second (bps). This is the rate at which the device commits to forwarding traffic.

  • EIR: The Excess Information Rate in bits per second (bps). This is the rate at which the device allows traffic to exceed the committed rate for a specified amount of time.

  • conform-action ACTION: Specifies the action to be taken for traffic that conforms to the rate limit. The available actions are:

    • transmit: Allow the traffic to be transmitted normally.

    • set-dscp-transmit n: Set the packet’s DSCP value to n and then transmit the packet.

  • exceed-action ACTION: Specifies the action to be taken for traffic that exceeds the rate limit but falls within the normal burst size. The available actions are the same as for conform-action.

  • violate-action ACTION: Specifies the action to be taken for traffic that exceeds the rate limit and the normal burst size. The available actions are the same as for conform-action.

The “police” command can be used for both single-rate and dual-rate policing. In single-rate policing, only the CIR and CB values are used, while in dual-rate policing, both the CIR and EIR values are used.

In the context of the “police” command, the token bucket algorithm is used to enforce the configured CIR, EIR, and CB values. The bucket size is set to CB, and tokens are added to the bucket at a rate of CIR. If the bucket is full, any additional tokens are discarded. When traffic arrives, the bucket is checked to see if it contains enough tokens to accommodate the traffic. If there are enough tokens, the traffic is transmitted, and tokens are subtracted from the bucket. If there are not enough tokens, the traffic is dropped.

In dual-rate policing, two token buckets are used - one for the CIR and another for the EIR. The CIR bucket is filled at a rate of CIR, while the EIR bucket is filled at a rate of EIR. Traffic is transmitted if there are enough tokens in either the CIR or EIR bucket.

Example :

soodar(config)# policy-map pmap1
soodar(config-pmap)# class cmap1
soodar(config-pmap-c)# police 1000000 8000 16000 conform-action transmit exceed-action set-dscp-transmit 26 violate-action drop

This command sets the committed burst size to 8000 bytes, the CIR to 1000000 bits per second, and the EIR to 16000 bits per second. Conforming traffic is transmitted, exceeding traffic has its DSCP value set to CS3 and is transmitted, and violating traffic is dropped.

Apply to interface

service-policy PMAP <input|output> [track (1-1000)]

This command applies a QoS (Quality of Service) policy map to an incoming or outgoing router interface. The PMAP parameter specifies the name of the policy map to be applied. The input or output keyword specifies the direction of the interface to which the policy is applied.

The command also supports an optional track parameter with a value between 1 and 1000 to associate a track object with the policy map. A track object can be used to track the status of an interface or a specific IP route, and if the tracked object fails, the policy map can be removed.

Example :

n1(config-if)# service-policy pmap1 in

Show commands

show policy-map [NAME]

Example :

n1(config)# do sh policy-map pmap1

Policy Map pmap1
   Class cmap
      Police CIR 102400 (bps) CB 25600 (byte) EB 35840 (byte)
      Conform Action : Transmit
      Exceed Action : Drop

Logging

Debugging logs can be set in case of need.

debug qos event

log data plane installation processes and results