Feb
26

Catalyst QoS configuration for IP Telephony endpoints is one of the CCIE Voice labs topics. Many people have issues with that one, because of need to memorize a lot of SRND recommendations to do it right. The good news is that during the lab exam you have full access to the QoS SRND documents and UniverCD content. The bad news is that you won’t probably have enough time to navigate the UniverCD with comfort plus the reference configurations often have a lot of typos and mistakes in them.

Here are the three main goals you need to accomplish with the Catalyst QoS:

1) Remark voice signaling and bearer traffic on the server ports (CCMs & Unity) to ensure compliance with QoS SRND.

2) Classify & mark voice/signaling traffic on Cisco IP Phones switch-ports. Apply scavenger markdown if required.

3) If required, ensure proper class to interface queue mappings and WRR weight assignments. Provision expedite queue if needed.

4) Trust marking on uplinks to the routers (to retain the marking for traffic entering from the WAN). Apply DSCP mutations if needed.

The first thing you should always keep in mind – don’t do the things you are not asked to do. For example, if they require you to enforce traffic marking in the Catalyst switches, but don’t ask for PQ/WRR weights tuning – don’t even bother with the latter task.

The second point – never type your configs right into the switch CLI. Copy-paste them from DocCD and edit in notepad. Save you switch running config and then paste. Practice this long enough to have good speed and typing accuracy.

OK, to begin with, all the configuration examples you need (for every major switch model) could be found here:

UniverCD > Voice/Telephony > Cisco CallManager > 4.1 > SRND > IP Telephony Endpoints

We start with 6500 & IP Phones. Copy-paste the stuff they have on the documentation page and then remove all the leftovers (Press Ctrl-H to search & replace in notepad). This is what they have on the DocCD for CCM 4.x:

#
# CoS->DSCP map according to 4.x model
# (note that CoS 3 maps to CS3 not AF31 for signaling)
#
set qos cos-dscp-map 0 8 16 24 32 46 48 56

#
# DSCP markdown settings.
#
# Note that on DocCD they put spaces between the
# DCSP values and commas - remove those
#
set qos policed-dscp-map 0,24,26,46:8

#
# They have policers set up for everything.
# Depending on your task you may not need all of them 
#
set qos policer aggregate VVLAN-VOICE rate 128 burst 8000 drop

set qos policer aggregate VVLAN-CALL-SIGNALING rate 32 burst 8000 policed-dscp

set qos policer aggregate VVLAN-ANY rate 5000 burst 8000 policed-dscp

set qos policer aggregate PC-DATA rate 5000 burst 8000 policed-dscp

#
# Policers are applied using QoS ACLs on 6500.
#
# Don’t forget to replace
# "Voice_IP_Subnet/Subnet_Mask"
# with your actual voice VLAN subnet e.g. 177.1.101.0/24
#
set qos acl ip IPPHONE-PC dscp 46 aggregate VVLAN-VOICE udp 177.1.101.0 255.255.255.0 any range 16384 32767

set qos acl ip IPPHONE-PC dscp 24 aggregate VVLAN-CALL-SIGNALING tcp 177.1.101.0 255.255.255.0 any range 2000 2002

set qos acl ip IPPHONE-PC dscp 0 aggregate VVLAN-ANY 177.1.101.0 255.255.255.0 any

set qos acl ip IPPHONE-PC dscp 0 aggregate PC-DATA any

#
# Commit the ACL and apply it to respective voice-ports
#
commit qos acl IPPHONE-PC

set port qos mod/port trust-device ciscoipphone
set qos acl map IPPHONE-PC mod/port

Configure 3550 for policing and re-marking on Cisco IP Telephone ports. Use the same copy-paste trick. Watch for typos, tons of them in Cisco example (e.g. missing dashes, two DSCP on separate lines in the voice-signaling class-map etc).

!
! Replace vvlan_id and dvlan_id in
! text with your values e.g. 101 & 201
!

!
! CoS->DSCP map per CS3 usage for signaling
!
mls qos map cos-dscp 0 8 16 24 34 46 48 56

!
! Markdown everything to CS1 (scavenger)
!
mls qos map policed-dscp 0 24 26 46 to 8

!
! ACL to match any IP traffic - misses dash in the
! keyword "access-list"
!
ip access-list standard ACL_ANY
 permit any

!
! Voice bearer
!
class-map match-all VOICE
 match ip dscp 46

!
! VoIP signaling
!
class-map match-any CALL-SIGNALING
match ip dscp 24 26

!
! Per-VLAN: Voice Bearer & Signaling
!
class-map match-all VVLAN-VOICE
 match vlan 101
 match class-map VOICE

class-map match-all VVLAN-CALL-SIGNALING
 match vlan 101
 match class-map CALL-SIGNALING

!
! DocCD has incorrect acl name "ACL_Name" here, 
! replace with ACL_ANY
!
class-map match-all ANY
 match access-group name ACL_ANY

!
! Anything else on Voice and Data VLAN
!
class-map match-all VVLAN-ANY
match vlan 101
match class-map ANY

!
! Anything on Data VLAN
!
class-map match-all DVLAN-ANY
 match vlan 201
 match class-map ANY

!
! The actual Per-Port Per-VLAN policy map
!

!
! Voice Traffic policed hard to 128Kps
!
policy-map IPPHONE-PC
 class VVLAN-VOICE
 set ip dscp 46
 police 128000 8000 exceed-action drop

!
! Sinaling traffic is remarked on exceed
!
class VVLAN-CALL-SIGNALING
 set ip dscp 24
 police 32000 8000 exceed-action policed-dscp-transmit

!
! Anything else on Voice VLAN
!
class VVLAN-ANY
 set ip dscp 0
 police 32000 8000 exceed-action policed-dscp-transmit

!
! They use the name DVLAN-VOICE on DocCD should be
! DVLAN-ANY
!

!
! Data traffic is remarked to CS1 when exceeds 5Mbsp
!
class DVLAN-ANY
 set ip dscp 0
 police 5000000 8000 exceed-action policed-dscp-transmit

!
! Apply the policy
!
interface FastEthernet 0/1
 switchport voice vlan 101
 switchport access vlan 201
 mls qos trust device cisco-phone
 service-policy input IPPHONE-PC

Next we need to enforce marking on servers traffic. For this one, you’d better memorize all the voice signaling ports. Use the following link as your reference

TCP and UDP Ports Used by Cisco CallManager 3.3

However, if you suddenly find you forgot some of the ports, dont panic. Use the command show ip nbar port-map to find the port numbers assigned to the protocol in questions (e.g. MGCP or H.323).

Mostly likely you will have servers connected to 6500. In addition to that, CatOS ACL syntax is a bit more unfamiliar to most of us, so we are going to come with an example of QoS ACL for CatOS.

clear qos acl SERVERS
commit qos acl SERVERS

#
# SCCP/Skinny
#
set qos acl ip SERVERS dscp 24 tcp any any range 2000 2002
set qos acl ip SERVERS dscp 24 tcp any range 2000 2002 any

#
# SIP
#
set qos acl ip SERVERS dscp 24 tcp any any eq 5060
set qos acl ip SERVERS dscp 24 udp any any eq 5060

#
# H.323 RAS (discovery & response/reply)
#
set qos acl ip SERVERS dscp 24 udp any any range 1718 1719

#
# H.323 Signaling
#
set qos acl ip SERVERS dscp 24 tcp any any eq 1720

#
# H.245 Media Negotiation
#
set qos acl ip SERVERS dscp 24 tcp any any range 11000 65535

#
# MGCP PRI backhaul/signaling
#
set qos acl ip SERVERS dscp 24 tcp any any eq 2428
set qos acl ip SERVERS dscp 24 tcp any eq 2428 any
set qos acl ip SERVERS dscp 24 udp any any eq 2427
set qos acl ip SERVERS dscp 24 udp any eq 2427 any
#
# Voice bearer
#
set qos acl udp SERVERS dscp 46 udp any any range 16384 32767

#
# Apply the ACL to all server ports
#
commit qos acl SERVERS
set port qos 2/1 port-based
set qos acl map SERVERS 2/1

Note that in the above configuration we match application ports for flows to/from the servers. This is not needed in all cases, but usually it’s safe to leave the configuration like this, just to save some time thinking on the optimal access-list structure :)

The last thing needed to be done – trusting DSCP on the uplinks to routers. This is just a one-line configuration on 3550. However, not all 6500 linecards support DSCP trust feature on switch port. You may need to use the QoS ACL trick for that:

clear qos acl TRUNK
commit qos acl TRUNK

#
set qos acl ip TRUNK trust-dscp any
#
commit qos acl TRUNK

set port qos 2/5 port-based
set qos acl map TRUNK 2/5

This is an example of applying a fairly complicated configuration without having memorizing a lot of crazy stuff. Just keep in mind that you still need to practice this quite enough not to get lost in the lab. Note that we did not discuss the CoS to Queue-Id mappings, WRR weights and things like that – because you can quickly get a working example by applying the auto-qos macro to any switchport.

About Petr Lapukhov, 4xCCIE/CCDE:

Petr Lapukhov's career in IT begain in 1988 with a focus on computer programming, and progressed into networking with his first exposure to Novell NetWare in 1991. Initially involved with Kazan State University's campus network support and UNIX system administration, he went through the path of becoming a networking consultant, taking part in many network deployment projects. Petr currently has over 12 years of experience working in the Cisco networking field, and is the only person in the world to have obtained four CCIEs in under two years, passing each on his first attempt. Petr is an exceptional case in that he has been working with all of the technologies covered in his four CCIE tracks (R&S, Security, SP, and Voice) on a daily basis for many years. When not actively teaching classes, developing self-paced products, studying for the CCDE Practical & the CCIE Storage Lab Exam, and completing his PhD in Applied Mathematics.

Find all posts by Petr Lapukhov, 4xCCIE/CCDE | Visit Website


You can leave a response, or trackback from your own site.

8 Responses to “Catalyst QoS: IP Telephony Endpoints”

 
  1. Pete says:

    Hi,
    Just wondering, can I do the marking on the uplink port to router?

    Thanks.

  2. To: Pete

    Sure, using the same techniques as on any switchport. However, an uplink to a router is usually a link towards the network core. Packets that arrive on that link should have been already classified and marked. Therefore, on the uplink ports, QoS marking is usually simply trusted.

  3. Pete says:

    Hi Petr,
    Just for the “sake” of CCIE lab, can I just apply the marking acl policy on the switch’s uplink port to save some valuable time, instead of applying on each ipphone’s port and CallManager’s port?

  4. Ray Cuadro says:

    Thanks for the post. Here’s the PDF with the 4.1 ports: http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/port/4_1/41plrev2.pdf

    Regrettably, I have not found a working link from the UniverCD to it. Cisco has been moving stuff off the UniverCD so it is becoming increasingly unreliable.

    I’m hoping they’ll be more specific than “all control traffic” because if you consult ten different web sites, you’ll get eleven different answers as to what represents a comprehensive list.

  5. Pushkar Bhatkoti says:

    Good point pete.
    Peter can you please comment on above?

    Thanks
    BTW, a good short and nice recap of the QoS!
    thanks for contribution…

    Pushkar Bhatkoti

  6. Pushkar Bhatkoti says:

    Modification:

    Petr can you please comment on if we can use uplink port for marking as Pete said!

    Thanks

  7. James Wu says:

    Just wanted to say thanks for the great post ! Found your blog on Google and I’m happy I did. I’ll be reading you on a regular basis ! Thanks again :)
    Thanks,
    Donna

  8. sell high end programs says:

    Keep working ,great job! Helpful Informational.

 

Leave a Reply

Categories

CCIE Bloggers