Tuesday, February 26, 2013

Catalyst 3560 QoS [2 of 2]: Nuts & Bolts

On most of my posts, I set out to prove some sort of point.  If you read part 1, you'll see the outcome from my order-of-operations research.  This particular post, however, is just going to be a laundry list of functions.  I'll take some time to explain the production use of the functions that weren't used, or were lightly used, in the first post.

We'll be reusing the diagram from the first post:



Quick disclaimer, as mentioned in part 1, all these examples are being done on real equipment - obviously, as GNS3 can't emulate a 3560 - even though I used GNS3 for the diagram.  GNS3 just lends itself to making easy diagrams.

R1, R2 and R3 are all running IPX and IP. No routing is taking place here, this is all one big VLAN (Vlan 705). All routers are using 192.168.0.X on Fa0/0.705, where X is their router number. We're using a subinterface in order to use COS values, as COS is only carried on trunk links. All routers also have an IPX address of 123.YYY.YYY.YYYY, where the Ys represent their MAC address. We'll look at the MACs of my physical gear more closely as we proceed. The switches have no IP addresses on them whatsoever.

These topics will be covered in this post:
- Setting COS, DSCP via "mls qos cos"
- DSCP Passthrough
- DSCP Mutations
- Per-port classification & remarking via service-policy
- Matching MAC Access Lists
- Trusting Cisco phones
- Ingress Policing
- Aggregate Ingress Policing
- VLAN-based Marking
- Per-Port, Per-VLAN Policing
- Shared Mode & Shaped Mode
- Weighted Tail Drop
- Queue Sets
- Priority Queuing

Let's get started!

Friday, February 22, 2013

Catalyst 3560 QoS [1 of 2]: Order of Operations

Thus far, 3560 QoS is probably at a tie with OER for subjects I've had to spend the most time on to get to the bottom of.  There are a lot of blogs, videos, and books available that discuss the nuts & bolts of hardware-enabled QoS on the 3560.  However, I couldn't find a single document that really delved into the order-of-operations.  For example, you could trust IP Precedence, use a PREC->DSCP Map, police the internal DSCP label down, but which of those values would be used for the ingress queuing?  This is not at all made clear from the documentation.  After an exhaustive labbing experience, I will answer these questions!

I created the network diagram using objects in GNS3 for simplicity of creating the diagram.  Obviously, I am using real routers and real 3560s in this scenario, as GNS3/dynamips has no way of emulating a 3560.


R1, R2 and R3 are all running IPX and IP.  No routing is taking place here, this is all one big VLAN (Vlan 705).  All routers are using 192.168.0.X on Fa0/0.705, where X is their router number.  We're using a subinterface in order to use COS values, as COS is only carried on trunk links.  All routers also have an IPX address of 123.YYY.YYY.YYYY, where the Ys represent their MAC address.  We'll look at the MACs of my physical gear more closely as we proceed.  The switches have no IP addresses on them whatsoever.
 
I'm going to start with the punchline, and work my way backwards.  This is the process, in order from left to right, that the values are interpreted:
 
 
Obviously this is very high-level; we'll look at the entire process step-by-step.