acceso ethernet para metro de proxima generacion y redes de area amplia.pdf

8/16/2019 acceso Ethernet para metro de Proxima Generacion y Redes de Area Amplia.pdf

1/77

©2 008 Cisco Systems , Inc. All rights reserve d. Cisco Public

Cisco Networkers Argentina 2008. 1BRKRST-3042


2/77

© 2008 Cisco Syste ms, Inc. All rights reserv ed. Cisco ConfidentialPresentation_ID 2

BRKRST-3042Ethernet Access for N ext-G ene ration M etro and W ide -Area

N etw orks

Em erson M oura –em oura@ cisco.com


3/77



Recuerde siempre…

1. Apagar su teléfono celular mientras dure la sesión.

2. Completar su evaluación y entregarla a la asistente de sala.

3. Ser puntual en todas las actividades de entrenamiento,almuerzos y eventos sociales para lograr un desarrollo óptimode la agenda.

4. Completar la evaluación general incluida en su material y

entregarla el miércoles 12 de Noviembre durante la tarde.


4/77



Agenda

1. Metro Ethernet Services Overview

2. Design and Deployment Considerations

3. Customer Premises Equipment (CPE) Selection

4. Case Study

5. QoS CPE Configuration Examples

6. Summary


5/77



Agenda


Goals and Definitions

Deployments and Service Types



4. Case Study


6. Summary


6/77



Design Goals

1. Leverage Ethernet technology to reduce costs

2. Increase bandwidth in the WAN

3. Leverage existing designs and deployments

Minimize reengineering for main and remote sites

Protect current network investment

Increase scalability with full QoS and functional support

4. Application support

Support new applications effectively (Cisco TelePresence)

Consolidate existing applications (storage and serverconsolidation)


7/77



NG WAN Deployment Scenarios

Next-Generation WAN/MAN

Potential for 1000+ Locationsat T1 Rates—Migration of

Existing Frame Relay Branchto Ethernet Access to MPLS

or Ethernet Across MPLS Number of Sites Limited to< 100 Metropolitan Areas

However, Downstreamfrom 10M–100 Mbps

SJC

DEN

DFW

ORD

RDU

NYC

YOW

ATL̀

MPLS VPNEthernet over MPLSEthernet access to

MPLS

InternetLeased Line

Ethernet Handoff

Broadband

MetroEthernet

Potential for 5000+ Teleworker TeleAgent Deployments 3M–6M bps


8/77



Metro Ethernet Service Types

1. E-Line service usedto create:

Ethernet Private Line

Ethernet Virtual Private Line (EVPL)

Ethernet Internet access

Ethernet MPLS VPN access

2. E-LAN service usedto create:

Ethernet Private LAN(EP-LAN)

Multipoint L2 VPN (EVP-LAN)

Multicast network

CE

CE

Point-to-PointEVC

MENUNI

UNI

E-Line Service Type

CE

CE

CE

MEN

CE

Multipoint-to-MultipointEVC

UNI

UNI

UNI

UNI

E-LAN Service Type

From Metro Ethernet Forum public presentation:

http://metroethernetforum.org/pdfs/standards/overview_of_mef_6_and_10.ppt


9/77



Ethernet Services Model and Definitions

Customer

Edge

(CE)

User Network

Interface

(UNI)

User Network

Interface

(UNI)

Customer

Edge

(CE)

Service

Attributes

A Service Is What the CE Sees (UNI-to-UNI).The Technology Used Inside the Metro Ethernet Network Is Not Visible.

Metro EthernetNetwork (MEN)


10/77



Ethernet Virtual Connection (EVC)

1. Association of two or more UNIs

2. Frames can only be exchanged among the associated UNIs

3. A frame sent into the SP network via a particular UNI must notbe delivered out of the SP network via that UNI

Metro Ethernet Network

Customer

Edge

(CE)

User Network

Interface

(UNI)

User Network

Interface

(UNI)

Customer

Edge

(CE)

EVC

In a Point-to-Point EVC, Exactly Two UNIs Are Associated


11/77



Multipoint-to-Multipoint EVC

1. Two* or more UNIs are associated

2. A flooded, broadcast or multicast ingress frame is typicallyreplicated and delivered to all of the other UNIs

3. Can be used as a routing domain/area 0, but should it be?


Customer

Edge

(CE)

User Network

Interface

(UNI)User Network

Interface

(UNI)

Customer

Edge

(CE)

EVC EVC

EVC

*A MP2MP EVC with two UNIs is different than a P2P EVC since additionalUNIs can be added at any time


12/77



Service Attributes:

Service Multiplexing

1. Similar to Frame Relay/ATM hub location with multipleDLCIs/PVCs

2. Multiple EVCs at a UNI (EVC=VLAN)

3. Efficient use of CE port


Service Multiplexing

EVC1EVC2

EVC3

Hub

Spoke

Spoke

Spoke


13/77



Service Attributes:

Bandwidth Profile

1. CIR: Committed Information Rate

2. PIR: Peak Information Rate

1. MBS: Maximum Burst Size(Bc, Be)

Bc: Committed Burst

Be: Excess Burst

2. Tc: Time interval over whichMBS is transmitted

Customer Edge(CE) User Network

Interface (UNI)

Contract Enforced Here


EVC

Customer Edge(CE)

User NetworkInterface (UNI)

Contract Enforced Here

C I R

P I R MBS


14/77



Service:

Ethernet Private LAN (EP-LAN)

1. Multipoint service where all devices are direct peers

2. No service multiplexing, VLANs presented to all sites (“all-to-one”bundling)

3. Transparent to customer BPDUs

4. Has been called E-LAN and transparent LAN service

5. Routers and switches can safely connect

6. Often implemented via switched Ethernet or Ethernet over Wave DivisionMultiplexing (WDM), SONET, etc. (ITU-T G.709, ITU-T G.7040)

PECPE SP MetroNetwork

PE

CPE

Pseudowires

Nonservice

Multiplexed UNI

802.1Q Tunneling

All to One Bundling

PE

CPE


15/77



Service:

Ethernet Virtual Private Line (EVPL)

1. Defines a VLAN-based, point-to-point service(analogous to Frame Relay using VLAN tags as VC IDs)

2. A Layer 3 service: normally supports a router as CPE edge device

3. Service multiplexed UNI (e.g., 802.1Q trunk)

4. Opaque to customer PDUs (e.g., BPDUs)

5. Often implemented via switched Ethernet (Metro) or MPLS

CPEPE

802.1Q Trunk

Pseudowires

Service

Multiplexed UNI

VLANs

SP PacketNetwork

PE

PE

CPE

CPE

CPE


16/77



Metro Ethernet for the Enterprise WAN

Comparison of Some Services

*May be inefficient depending on implementation

**Scale considerations, requires per destination traffic classes and hierarchical QoS

***Each location has a per class SLA for its access into the MPLS network

LANExtension

DynamicMeshing

IPMulticast

PerDestination

QoS

PerDestination

SLA

CiscoTelePresence Applicable

CommonMethods

to Classify

CommonReach

EP-LAN

EVPL(Ethernet Virtual

Private Line)

Yes YesYes,

Limited*No No 802.1P

Metro Area

Yes,Limited**

No No Yes Yes YesDSCP or

802.1P

Metro

Area

Yes

EPL(Pt-Pt EthernetSONET/WDM)

EP-LAN(Multipt EthernetSONET/WDM)

Yes,Limited

No Yes Yes Yes 802.1P NationalYes

Yes YesYes,

Limited*No No 802.1P National

Yes,Limited**

VPLS(Virtual PrivateLAN Service)

EVPL as Access toMPLS VPN (orEthernet to Internet)

Yes YesYes,

Limited*No No

DSCP or802.1P

WorldwideYes,

Limited**

No Yes Yes Yes*** YesDSCP or802.1P

WorldwideYes,

Limited**


17/77



Agenda



Deployment Examples

Scalability

Quality of Service (QoS)


4. Case Study

5. QoS CPE Configuration Examples6. Summary


18/77



Enterprise, Small-Medium Business:

EP-LAN Regional Access, Full Mesh

1. Scenarios

Usually available in a Metro area

Full mesh or partial mesh

Can be used to extend LAN or

use as an L3 broadcast WAN

2. Characteristics

Passes 802.1Q trunks acrossSP network (called Q-in-Q)

Enterprise routing control

Any-to-any connectivity withinthe Metro area allows flexibility

May be implemented viaSONET/DWDM resilient packetring or switched Ethernet

Hub 2Branch 1

Branch 2

E-LAN

Hub 1


19/77



Hub 2Branch 1

Hub 1

E-LAN

EP-LAN with QoS:

IP Multiservice Solution

1. QoS characteristics

Any-to-any connectivity with QoSwithin the Metro area

No per destination SLA; QoS ispoint-to-cloud from SP

SLA bandwidth can be shared:voice, video, and data apps

Enterprise responsibility to ensurethat no site is “overrun”

Combination of network andapplication-based control (CAC)maps to provisioned “SLA”

Service level may be a target

2. Configuration samples inQoS CPE config examplessection

1000m Link/2m Real Time20m Priority



1000m Link/

20m Real Time100m Priority

Branch 2


20/77



Enterprise, Small-Medium Business:

EVPL Regional Access, Hub-Spoke

1. Scenarios

Point-to-point—Hub and spoke

Branch and Internet connectivity

2. Characteristics

Enterprise routing control

Supported as Layer 3 WAN

EVC/VLAN seen as subinterface

VLAN IDs supplied by SP, up to4094; doesn’t pass 802.1Q

Scalable for large hub/spoke

Built via switched network orSONET/DWDM point-point Metro

Branch 1

Metro HQ

Multiple EVCs at UNI

MetroBranch 2

MetroBranch 3

E-Line


21/77



MetroBranch 1

Metro HQ

MetroBranch 2

MetroBranch 3

E-Line

EVPL with QoS:

IP Multiservice Solution

1. QoS Characteristics

Per destination QoS and SLA

PVC-like SLA: CIR/PIR/burst, loss,similar to ATM, but SLA can be pertraffic class

HQ CPE to support per VLAN QoSfor many subinterfaces

May support untagged interface

Use 802.1Q trunk interface forremotes, even if only one EVC;config and PD ease

2. Configuration samples inQoS CPE config examplessection

1000m Link/10m Real Time

20m Priority

100m Link/5m Real Time

20m Priority



22/77



Enterprise EVPL:

Access to MPLS VPN or Internet

1. E-line used as access

2. Routing provided by SPEnterprise peers with PE

3. Provides MPLS accesssimilar to private line, FrameRelay DLCI, or ATM PVC

4. Direct access to all othersites in VPN with one EVC

5. Depending on SP, SLAsmay be aligned (E-Line and

MPLS), or may beseparate/different

Purchase matching SLAs

E V P

L

E V P L

UserNetworkInterface(UNI)

CE

UNI

(CE)Customer Edge

(PE)Provider Edge

(P)Provider

(PE)Provider Edge

S e r v i c e P r o v i d e r

M P L S V P N


23/77



P

P PE CPE

CPE

SiSi

CE

Campus

Gig EthernetFast Ethernet

Branch

Service Provider

Attachment Circuit Attachment Circuit

PE

Virtual Private LAN Service (VPLS)

Layer 2 Access over MPLS

1. Also called Pseudowire over MPLS, Ethernet over MPLS

2. Layer 2 point-to-point service

Customer need not hand off routing to service provider

3. Layer 2 multipoint service

Customer controls edge IP routing, core appears as a broadcast network,also called Virtual Private LAN Service (VPLS)

Ethernet

over MPLS(EoMPLS)


24/77



Ethernet over MPLS Comparison:

Layer 2 or Layer 3 VPN Services?

1. Enterprise network managers cautious about Layer 3services

2. With Layer 3 services, there is a dependency on the SP’srouting protocol for convergence following a path failure

Using Cisco Performance Routing (PfR) is one means to address

3. With Layer 2 services (pseudowire/Ethernet over MPLS)the enterprise controls both ends of the circuit at Layer 3

4. Analogous to Frame Relay or ATM in that:

Enterprise routing protocol (IGP)controls path determination

QoS can be applied withoutremapping to SP’s policies

Service may not be DSCP-aware

P

P PE

PEEthernet

over MPLS(EoMPLS)


25/77



Teleworker, Teleagent, Small Business:

EVPL Access to IPSec VPN or Internet

1. Broadband fiber to the premises can hand off Ethernet

2. Bandwidth is often asymmetrical

= 30 Mbps upstream = 50 Mbps downstream

3. Allows multiple IP voice and video channels

4. Benefits from CPE with high throughput when services(encryption, firewall, intrusion detection, QoS) are enabled

IPSec Router

Cisco 871

IPSec Headends

BGP AS 109

Firewall

Campus

Tier 2

ISP

Tier 3 ISP

Broadband

ServiceProvider

DS3

ISP

Small Office/Home Office

Campus/HQ

Tier 1

ISPs

Gigabit

Ethernet

EPL, EVPL

“Internet”

Sites


26/77



Class of Service Marking Methods

1. Multiple options to classify and mark for Metro Ethernet

Ask your SP how they classify, and mark accordingly

2. Classification can depend on:

Service type (e.g., E-LAN, E-Line)Service subtype (e.g., EVPL, EPL, EoMPLS)

For E-Line, if UNI is tagged or untagged

3. Classification can be based on:

EVC (VLAN ID), CoS (802.1P bits), ToS (IP DSCP bits)

Data

7 6 5 4 3 2 1 0

ID Offset TTLLen

Version

Length

ToS

Byte

DiffServ Code Point (DSCP) IP ECN

IP Precedence Unused802.1P C F I

VLAN ID

802.1QTAGCoS

SMACDMAC


27/77



Traffic Shaping: Mapping to SP SLAs

1. CPE shaping and SP policing may not count the sameoverhead bytes

May cause SP to police packets even with CPE shaping to the SLA

CPE may shape based only on Layer 3 bytes, or include Layer 2

overhead such as address/type fields (14B), 802.1Q (2B)

Some CPE has options for accounting for Layer 2

SP may count Layer 2 overhead as above or may also count framecheck sequence, FCS, start frame delimiter (SFD) preamble andinterframe gap

2. Test and tune shaping to SLA before going to production

Destination Address

Source Address

Type/Length

Data(e.g., IP Packet)

Pad FCSPreambleSFD

Inter-FrameGap

0x8100 VLANTag

7 1 6 6 2 2 2 0–1500 0–46 4N x 12

Ethernet Frame: 68 to 1522 Bytes


28/77



Metro Ethernet Service: Summary Guide

1. Choose an E-LAN service

With a real-time SLA if voice is the focus and cost is prioritized over SLAs

Where any-to-any communication is the focus

2. Choose an E-Line service

When prioritization of real-time and priority data are needed

Where specific bandwidth between sites (per circuit) is needed

3. Use IP routing protocols across both E-LAN and E-Line

Reduce typical broadcast-related issues, leverage Layer 3 controls/features

Service Selection and Design

E-LineE-LAN


29/77



Metro Ethernet QoS: Summary Guide

1. Leverage the sample QoS configurations as a starting point,based on Metro Ethernet service and scenario

In “QoS CPE Configuration Examples” section

2. Match CPE QoS definitions to the Metro Ethernet contract

Mark traffic so it is appropriately classified by Metro Ethernet edge

CPE traffic shaping and call admission control avoid key traffic drops

3. Verify CPE shaping and SP policing count the same overhead

E-LineE-LAN


30/77



Agenda




Single Tier: Integrated Device

Multi-Tier: Specialized Devices

4. Case Study


6. Summary


31/77



CPE, Which to Choose:

Single Tier

1. Single tier: switch

Layer 2/3 forwarding withreduced cost

Line rate performance

(QoS and routing)

2. Single tier: router

Layer 3 and advanced IP forwarding

Performance up to SLA

Advanced features(e.g., security, voice, PfR)

3. Single tier: security appliance

Firewall, IPS, VPN, basic QoS,IP routing

Ex: All SP-Managed

or All Self-Managed

Single-Tier

Demarc

Ex: All SP-Managed

or All Self-Managed

Single-Tier

Demarc


32/77



CPE, Which to Choose:

Multi-Tier

1. Multi-Tier: switch + router

Demarcation (managed WAN)

Line rate performance +advanced features

Front-end existing CPE

2. Multi-Tier: securityappliance + switch

Demarcation (managedsecurity)

Upgrade existing CPE with

advanced security

Enhance QoS and routing withrobust security

Ex: SP-Managed

for WAN Access

Ex: SP-Managed

for Security

Multi-Tier

Demarc

Ex: SP-Managed

for WAN Access

Ex: SP-Managed

for Security

Multi-Tier

Demarc


33/77



Multi-Tier CPE Deployment1. Considerations

Provides demarcation for service provider management

Price/performance via hardware implemented QoS

Enterprise retains IP routing control (first tier can be L2 or L3)

High availability design considerations

Separate chassis to purchase/install/manage

QoS postcrypto increases antireplay drop likelihood

Demarc

IngressMarking

Metro Ethernet

EgressMark,Shape

Prioritization,Remarking,

WRED

Police/RemarkRT/Priority Traffic

Above SLA

Best EffortTraffic MayBe Dropped

Firewall, IPS,VPN, NBAR,Voice, NATEIGRP, PfR

DSL, Cable,3G Wireless,ISDN Backup

Backup,HSRP

Application-LevelCall Admission

Control for Real-Time Traffic

Demarc


34/77



Single Tier Platform Scalability

Bandwidth

N u m b e r o f P e e r s

5000

256K/1.4M 10 Gbps

Enterprise MAN/WAN and Crypto AggregationCisco 7600 Series

2

Midrange RoutingCisco 7200 VXR NPE-G2

Access/EdgeRouting

Cisco 800, 1800,2800, 3800

ASR 1000 Series


35/77



Small/Medium Branch

For more recent capabilities, please see www.cisco.com/go/srnd for the document titled

“Ethernet Access for Next-Generation Metro and Wide-Area Networks”


36/77



Cisco Catalyst 3750

Metro Ethernet Switch

Two SFP EnhancedServices GE Ports

*

*CPU busy not a reliable indicator of system capacity

For advanced security, voice, NBAR, NAT, GRE, use in a multitier deployment

www.cisco.com/en/US/products/hw/switches/ps5532/products_

installation_and_configuration_guides.list.html


37/77


38/77



Agenda




4. Case Study

Small/Medium Branch

Large Branch

Campus Headend


6. Summary


39/77



Case Study:Small/MediumCurrent Network

1. Large commercial bank

2. Locations 4000–6000

3. Cash machines at DS0 Frame Relay with dual PVC

4. Branch offices on dual T1s

Frame Relay

P VCBranch

CampusUnusedFast/Gig Ethernet

Existing ISR


40/77



Case Study—Small/MediumPost Deployment

1. Metro Ethernet EVPL (crypto optional)

2. EoMPLS (crypto optional)

3. Internet access (crypto required)

E t h e r n e t V i r t u a l C i r c u i t s

Frame Relay

P VCBranch

Campus

Crypto On-Board


41/77



Design Guide: Test Topology andConfiguration for QoS Policy

Per Class Shaper for Data

Cisco 2851

c2800nm-adventerprisek9-mz.124-9.T2

Branch

!

interface GigabitEthernet0/0.2200description Primary WAN

encapsulation dot1Q 2200

ip address 192.168.0.2 255.255.255.252

service-policy output PER_CLASS_10mb

!

interface GigabitEthernet0/0.3300

description Secondary WAN


ip address 192.168.0.146 255.255.255.252

service-policy output PER_CLASS_10mb

!

! policy-map PER_CLASS_10mbclass REAL_TIME police 3584000 conform-action transmit

exceed-action transmitviolate-action transmit

set cos 5class GOLDshape average 1536000set cos 3

class SILVER shape average 2560000set cos 2

class class-defaultshape average 2560000set cos 0

!

GigabitEthernet 0/0


42/77



Design Guide:DMVPN Dual Hub/Dual Cloud

!interface Tunnel1description Tunnel1

bandwidth 5120ip address 10.56.5.0 255.255.252.0ip hold-time eigrp 1 35ip nhrp authentication testip nhrp map 10.56.4.1 192.168.31.254ip nhrp map multicast 192.168.31.254ip nhrp network-id 105640ip nhrp holdtime 600ip nhrp nhs 10.56.4.1ip nhrp cache non-authoritativeip route-cache flowip summary-address eigrp 1 10.192.0.0 255.255.255.0 5load-interval 30tunnel source 192.168.0.146tunnel destination 192.168.31.254tunnel key 105640tunnel protection ipsec profile vpn-dmvpn!

interface Tunnel0description Tunnel0 bandwidth 5120ip address 10.56.1.0 255.255.252.0ip hold-time eigrp 1 35ip nhrp authentication testip nhrp map multicast 192.168.31.253

ip nhrp map 10.56.0.1 192.168.31.253ip nhrp network-id 105600ip nhrp holdtime 600ip nhrp nhs 10.56.0.1ip nhrp cache non-authoritativeip route-cache flowip summary-address eigrp 1 10.192.0.0 255.255.255.0 5load-interval 30tunnel source 192.168.0.2tunnel destination 192.168.31.253tunnel protection ipsec profile vpn-dmvpn

!

GigabitEthernet 0/0.2200

GigabitEthernet 0/0.3300

Tunnel Affinity to Distinct Subinterface


43/77



Design Guide:Crypto Configuration

!crypto isakmp policy 10encr aes 256authentication pre-sharegroup 2crypto isakmp key bigsecret address 192.168.31.254crypto isakmp key bigsecret address 192.168.31.253crypto isakmp keepalive 10!!crypto ipsec transform-set AES_SHA_TUNNEL esp-aes 256 esp-sha-hmac!crypto ipsec profile vpn-dmvpnset transform-set AES_SHA_TUNNEL!

AES 256 Used in All Testing


44/77



Case Study:Large Branch Topology Model

1. May have:

Redundant CPE or redundantlinks on same CPE

Dedicated Internet connection,TDM voice trunks

Gigabit Ethernet connection

Hubs/Campus

Branch

E t h e

r n e t

v i r t u

a l

C

i r c u i t s

PSTN

CiscoCallManager

VoiceGateway

7200VXR

ISR


45/77



Case Study: Campus Head-EndDeployment Requirements

SJC

DEN

DFW

ORD

RDU

NYC

YOW

ATL`

Branch Frame-RelayMigration, T1 Rates

Teleworker Deployments Asymmetrical 3–6 Mbps

Limited Number of Sites in Metro Area

10M–100 Mbps

Next-Generation WAN/MAN

MPLS VPNL3 VPNEoMPLS

Psuedowire

InternetLeased Line

Ethernet HandoffBroadband

MetroEthernet


46/77


47/77



Case Study:Campus Head-End - Large Scale

1. SP can offer Ethernet hand-off when no fiber to the prem

Using Ethernet over TDM technology

P

P PE

PE

CPE

CPE

Si

Si

Si

SiSiSi

CE

CE

CPE

Frame Relay

P VC

Campus

PE

BranchLocations Ethernet over PDH (T1/E1/T3/E3)

PPP/MLPPP/BCP (RFC 1990/3518)

Gigabit Ethernet

Ethernet Over

MPLS (EoMPLS)


48/77



Design Guide Configuration: 7600Head-End with Encryption

! policy-map Branch

class REAL_TIME police 3072000

conform-action transmitexceed-action dropviolate-action drop

priorityset cos 5class GOLD

shape average 460800set cos 3class SILVER

shape average 768000set cos 2class class-default

shape average 2480000set cos 0

!

!interface Tunnel0 bandwidth 100000ip address 10.56.0.1 255.255.248.0no ip redirectsip nhrp authentication testip nhrp map multicast dynamicip nhrp network-id 105600ip nhrp holdtime 1800ip nhrp registration timeout 120load-interval 30tunnel source Loopback0tunnel mode gre multipointtunnel protection ipsec profile vpn-dmvpncrypto engine slot 2/0 inside!

!interface GigabitEthernet4/0/0.2850description r22-21

encapsulation dot1Q 2850ip address 192.168.20.85 255.255.255.252crypto engine slot 2/0 outsideservice-policy output Branch

!


49/77



Case Study:QoS Best Practices

1. Leverage the service provider when possible

2. Provision SP-enabled QoS on the access circuit

Provides greater scalability

3. QoS from headend to branch needed when:

Buying guaranteed bandwidth by traffic class

No SP QoS, and/or congestion of access link likely

4. QoS from branch to head-end needed when:

There is potential to overload the headend

CPE has the potential of exceeding guaranteed bandwidthrate

5. Ensure CPE rate and SP rate mean the same thing


50/77


51/77



E-Line or E-LAN:Ingress DSCP Marking

!

class-map match-any In-business

match protocol ftp

match protocol telnet

class-map match-any In-voice

match protocol rtp audio

match protocol rtcp

Class-map match-any in-signalingmatch protocol sip

match protocol skinny

policy-map Markit

class In-voice

set ip dscp ef

class In-business

set ip dscp cs2class In-signaling

set ip dscp cs3

class class-default

set ip dscp default


description LAN side 1

ip address 10.2.1.1 255.255.255.0


service-policy input Markit

interface GigabitEthernet0/0.30description LAN side 2

ip address 10.3.1.1 255.255.255.0


service-policy input Markit

§ Traffic classified by protocol

§ Incoming packets haveDSCP remarked


52/77



EP-LAN QoS

1. Similar to campus LAN or broadcast network, any-to-anywithout the need to traverse a hub site

2. Can run as Layer 2 (802.1Q trunks), or can use as aLayer 3 broadcast network

3. Best used with call admission control for voice,Cisco TelePresence, and video conferencing

4. QoS for the physical interface is more scalable, candefine per destination QoS via a traffic class perdestination

5. Unless specified, ISR samples follow6. Please see Enterprise QoS Solution Reference Design

Guide www.cisco.com/go/srnd for recommended trafficclass implementation


53/77



EP-LAN Example:Shaping by Traffic Class

class-map match-all Gold

match dscp ef cs5

class-map match-all Silver

mach dscp cs4 cs3 af31

class-map match-all Bronze

match dscp cs2 af21 cs1

policy-map CPE

class Gold

priority 5120

class Silver

shape average 2048000

set ip dscp cs3

class Bronze


set ip dscp cs2

class class-default


set ip dscp0

fair-queue

interface GigabitEthernet0/1

description WAN side

ip address 10.2.1.1 255.255.255.0

duplex auto

speed auto

media-type rj45

service-policy output CPE

§ Example: SP classifies by IP precedence,four classes

5 Mbps CS5, 2 Mbps CS3, 5 Mbps CS2, 10 Mbps CS0

§ Remarks DSCP to match SP class

§ Uses untagged interface, so E-LAN not used

as trunked core, but as single broadcastnetwork

§ No CPE guaranteed bandwidth definitionneeded

§ Other DSCP values remarked as DSCP 0


54/77



EP-LAN: Hierarchical Shaping

class-map match-all Realtime

match dscp ef cs5 cs3 af31

class-map match-all Business

match dscp cs6 cs4 cs2 af21 cs1

!

policy-map CPE

class Realtime

priority 1024class Business

bandwidth 2048

police rate 2048000 bps

conform-action set-dscp-transmit cs4

exceed-action set-dscp-transmit 0

violate-action set-dscp-transmit 0

class class-default

fair-queue

!

policy-map Shaper

class class-default





ip address 10.2.1.1 255.255.255.0

service-policy output Shaper

§ Example: SP provides one class

(5 Mbps)CPE prioritizes based onthree classes with SP rate

§ Assumes a branch in ahub/spoke design

Traffic shaped to 5 Mbpsto not overrun hub

§ Within 5m, 1m priority forvoice/signaling, = 2 MB guaranteedto business, = 2 MB default

§ Business traffic > 2 m remarkedto default class


55/77



EVPL QoS

1. Similar to PVCs, per VLAN shaping required at sites withmultiple EVCs (VLANs)

2. Even with a single EVC, define a subinterface; providesconsistent configs

3. If a single traffic class, use hierarchical QoS4. SP may provide a peak information rate (PIR) greater than the

committed information rate (CIR)

Shaping to CIR ensures no drops, but does not use the full potential

Shaping to PIR maximizes bandwidth, but may result in policed packets

5. Unless specified, ISR samples follow

6. Please see Enterprise QoS Solution Reference Design Guidewww.cisco.com/go/srnd for recommended traffic classimplementation


56/77



EVPL: Per VLAN, per Class Shaping


match dscp ef cs5





!

policy-map CPE

class Gold

priority 5000

class Silver


set cos 3

class Bronze


set cos 2

class class-default


set cos 0

fair-queue


duplex auto

speed auto

media-type rj45



ip address 10.2.1.1 255.255.255.0



§ Example: SP classifies by CoS, four classes

CoS 5: 5 Mbps, CoS 3 15 Mbps: CoS 2: 10 Mbps,CoS 0: 10 Mbps

§ Remarks CoS 4 to match SP class CoS 3

§ Assumes traffic per class is policed if exceeded

§ Voice class does not need CoS set,done by default

§ Sample shows one subinterface,may be multiple


57/77



EVPL: Per VLAN Hierarchical QoS


match dscp ef cs5





!

policy-map CPE

class Gold

priority 1000

class Silver

bandwidth 1536

police rate 1536000 bps

conform-action transmit

exceed-action set-dscp-transmit 0

violate-action set-dscp-transmit 0

set cos 2

class Bronze

bandwidth 1024

set cos 2

class class-default

set cos 0


no ip address

duplex auto

speed auto

media-type rj45


description WAN site 1

ip address 10.2.1.1 255.255.255.0

encapsulation dot1Q 20service-policy output Shaper


description WAN site 2

ip address 10.3.1.1 255.255.255.0


service-policy output Shaper

§ Example: SP classifies entire EVC (single class)

Enterprise determines how to allocate with the SLA

§ Remarks business above guarantee to DSCP/CoS 0

§ Shapes to 5 Mbps per EVC

§ Values can be based on % versus bps

policy-map Shaper

class class-default




58/77



class-map match-all Goldmatch dscp ef cs5

class-map match-all Silver mach dscp cs4 cs3 af31

class-map match-all Bronzematch dscp cs2 af21 cs1

!!

policy-map Branch

class Goldset cos 5priority

police 1024000 conform-action transmitexceed-action transmit violate action drop

class Silver set cos 3

bandwidth remaining ratio 30class Bronzeset cos 2bandwidth remaining ratio 20

class class-defaultset cos 0

!policy-map Shaper class class-defaultshape average 5120000service-policy Branch

interface GigabitEthernet0/2/0

description GigabitEthernet0/2/0no ip addressno ip proxy-arpload-interval 30

negotiation autoplim qos input map ip dscp-basedplim qos input map ip dscp 34 40 queue strict-priorityno cdp enable

hold-queue 4096 inhold-queue 4096 out!interface GigabitEthernet0/2/0.2200

description r1-1encapsulation dot1Q 2200ip address 192.168.0.1 255.255.255.252no cdp enable

service-policy output Shaper !interface GigabitEthernet0/2/0.2201description r1-2

encapsulation dot1Q 2201ip address 192.168.1.1 255.255.255.252no cdp enableservice-policy output Shaper

!!... and so on

EVPL: Per VLAN Hierarchical QoS, ASR


59/77



EVPL: Per VLAN Hierarchical QoS, ME3750

class-map match-all R1-2200

match vlan 2200

class-map match-all R2-2201

match vlan 2201

!...and so on ...


match ip dscp ef cs5 af41class-map match-all Silver

match ip dscp cs4 cs3 af31


match ip dscp cs2 af21 cs1

interface GigabitEthernet1/1/1

switchport mode trunk

switchport nonegotiate

service-policy output Hqos-policy

load-interval 30

mls qos trust dscp

end

policy-map Branch-traffic

class Gold

set cos 5

priority

class Silver

bandwidth percent 30

set cos 3

class Bronze

bandwidth percent 20set cos 2

class class-default

bandwidth percent 10

set cos 0

!

policy-map Hqos-policy

class R1-2200


service-policy Branch-traffic

class R2-2201


service-policy Branch-traffic

! ..... and so on ...

§ Example: SP classifies entire

EVC (single class)

§ Shapes to 50 Mbps per EVC

§ Within 50 Mbps, guaranteesbandwidth per traffic class


60/77



Agenda




4. Case Study


6. Summary

Ethernet Access forNext Generation Metro and

Wide Area Networks


61/77



Summary and Companion Sessions

Summary

1. Rapid migration from Frame Relay WAN to MPLS-based WAN

2. Ethernet handoff to enterprise increasingly popular—lowercosts

3. Data rates increasing—broadband, fiber in metro areas

4. QoS—shapers per port, or per class of service—not clock rateof physical interface

5. Ensure that CPE shaped rate maps to actual SP policed rate

Recommended Links

1. www.cisco.com/en/US/netsol/ns577/networking_solutions_ white_papers_list.html

2. http://metroethernetforum.org/Presentations


62/77



Design Guidewww.cisco.com/go/srnd

Also available at http://www.cisco.com/go/cvd


63/77


64/77



Q and A


65/77



Recommended Reading

1. Continue your Cisco Livelearning experience withfurther reading from CiscoPress

2. Check the RecommendedReading flyer for suggestedbooks

Available Onsite at the Cisco Company Store


66/77



Complete Your OnlineSession Evaluation

1. Give us your feedback

2. Complete your session evaluation now


67/77




68/77



Session Abstract

Abstract for Networkers 2008 BRKRST-3042

Title: Ethernet Access for Next Generation Metro and Wide Area Networks

This session presents design recommendations, configuration examples,and scalability test results for implementing a QoS enabled WAN to supportVoice, Video and Data where the service provider WAN interface is Ethernet.

Service providers are commonly offering Ethernet hand-off at the branch andheadend campus locations via Metro Ethernet services or Ethernet overMPLS. The enterprise network manager is faced with enabling QoS on anEthernet user-network interface (UNI) that has a higher data rate than thesubscribed service.

This session provides guidance on implementing the QoS techniques ofshaping and policing on Cisco routers and switches to provide similar

functionality for Ethernet access as per-VC queuing provided for ATM andtraffic shaping provided for Frame Relay. This session is especially relevantfor customers migrating from legacy frame or cell switched providers topacket and label switched next generation WANs.


69/77



UNI Definition

1. General

Demarcation point betweenservice provider and subscriberresponsibilities

Dedicated to a single subscriber

2. Data planeEthernet frame flow(IEEE 802.3)

Tagging (802.1Q)

Traffic management

3. Control Plane

Static service discovery

Dynamic connection setup

4. Management plane

QoS management

OAM

Protection and restoration

Customer Edge(CE)

User NetworkInterface

(UNI)

User NetworkInterface

(UNI)

Customer Edge(CE)

Service Attributes

MetroEthernetNetwork


70/77



CPE QoS Quick Guide (1 of 4)

1. Cisco Catalyst® 2950, 2960, 3550, 3560, 3750 (non-Metro), 6000Series Switches

Traffic shaping is not available

Replace or front end with a Cisco Catalyst ME3400, ME3750, 4900, 6500/SIP, etc.

If enhanced function required, replace with an ISR 3845, etc.

If starting with 100 Mbps but going to gigabit Metro Ethernet, consider multitier model

2. Cisco Catalyst 4948 Switch, ME3750, ME3400

Traffic shaping is available

Cisco Catalyst 3750 Metro shapes on its two ES ports(which support only gigabit speed)

Cisco 3400 Series shapes on its two NNI ports; they are 10/100/1000

Cisco Catalyst 4900 Series has no fiber gigabit port(10/100/1000 rj45, 10 Gbps fiber-only)

www.cisco.com/en/US/products/ps6021/products_data_sheet0900aecd80246552.html

www.cisco.com/en/US/products/hw/switches/ps5532/products_data_sheet09186a00801eb820.html

www.cisco.com/en/US/products/ps6580/products_data_sheet0900aecd8034fef3.html


71/77




1. Cisco Catalyst 6500 Series Switch

Traffic shaping is available with configurations listed below

Can shape if switch contains one of these modules withEthernet interface

SIP/SPA (PXF-based port adapter)

OSM (optical service module)

FlexWAN module

Without one of the aforementioned modules

Add one of the these modules

Front end with a Cisco Catalyst ME3750 or ME3400switches

www.cisco.com/en/US/products/hw/switches/ps700/products_ tech_note09186a00801c8c4b.shtml


72/77




1. Cisco Catalyst 4500 Series Switch

Traffic shaping is available with configurations listed below

If not, upgrade to the one of the modules shown below, or front end using a Cisco Catalyst 3750 Metro or3400 Metro switch

Can shape if switch contains one of these modules with Ethernet interface

Supervisor 2+, 3, 4, 5 traffic shape on on-board supervisor Ethernet ports

Supervisor 2+, 2+TS, 3, 4, bandwidth can be configured on these portsUplink ports on supervisor engines

Ports on the WS-X4306-GB GBIC module

Ports on the WS-X4506-GB-T CSFP module

The two 1000BASE-X ports on the WS-X4232-GB-RJ module

The first two ports on the WS-X4418-GB module

The two 1000BASE-X ports on the WS-X4412-2GB-TX module

Supervisor Engine 5, bandwidth can be configured on all ports(10/100 Fast Ethernet, 10/100/1000BASE-T, and 1000BASE-X)

SW-X4604-GWY can also shape, but performs as a router versus a switch

www.cisco.com/en/US/docs/switches/lan/catalyst4500/12.2/25sg/configuration/guide/qos.html#wp1229822

www.cisco.com/en/US/partner/products/hw/switches/ps663/products_tech_note09186a00800946e9.shtml

www.cisco.com/en/US/partner/products/hw/switches/ps663/products_tech_note09186a00800e6708.shtml


73/77


74/77



Metro Ethernet QoS Quick Guide

1. Function and performance are just as important with Metro Ethernet as they are withtraditional WAN; provisioning access layer switches will reduce abilities for enhancedQoS, voice, security, and application acceleration

2. CPE abilities to consider include: support of VLAN IDs up to 4094, throughput ability tomatch desired speed with desired functions, traffic shaping (by class and bysubinterface), traffic prioritization (queuing, policing, random early discard) directly orwithin a shaped rate, ability to provide enhanced functions, traffic remarking (ToS andCoS bits)

3. Consider multitier with existing CPE who require a combination of features andperformance can front-end the existing CPE with another CPE; QoS is an easy functionto separate; Layer 3–7 QoS can be accomplished in switches forwarding at Layer 2

4. QoS is an umbrella term; specific Metro Ethernet service and customer needs dictateCPE requirements; example: most deployed Cisco Catalyst 3750/6500 SeriesSwitches cannot traffic shape, there are modules for Cisco Catalyst 6500 Series Switchand a model of the Cisco Catalyst 3750 (Metro) Series Switch that can meet QoSrequirements for most designs and Metro Ethernet services, ISRs support robust QoS

5. Ensure that the CPE supports the Ethernet media and speeds required now and in thenear future; for example, the Cisco Catalyst 3750 Metro Switch only supports gigabit forstrong upstream QoS, the Cisco Catalyst 3400 Metro Switch only supports 100 Mbpsupstream; the Cisco Catalyst 6500 Series Switch supports strong QoS on specificmodules; 2821s and up support 10/100/1000 but won’t provide gigabit line rateperformance with features

CPE Selection


75/77



Metro Ethernet Connectivity

CPE Recommendations

1. E-LAN QoS

Packet marking (802.1P/ToS)

Per destination QoS(mark, prioritize, shape)

Physical interface QoSwith call admission control

2. E-Line QoS

Per VLAN queuing

VLAN IDs up to 4094

Mark VLAN ID/CoS

by traffic classSame VLAN IDs on twointerfaces if campus VLAN IDis same as EVPL VLAN ID

Recommended Support


76/77



Cisco E-OAM implementationShipping Platforms and Features (Cont.)

Cisco1800

Cisco2800

Cisco3800

CiscoME-3400

CiscoCatalyst3750-ME

CiscoCatalyst6500*,

ME-6524

Cisco 7600

CFM(IEEE802.1ag)

12.4(11)T 12.4(11)T 12.4(11)T 12.2(25)SEG 12.2(25)SEG 12.2(33)SXH 12.2(33)SRA

Link OAM(IEEE

802.3ah)

12.4(15)T 12.4(15)T 12.4(15)T 12.2(35)SE1 12.2(35)SE1 12.2(33)SXH 12.2(33)SRA

EthernetLMI PE

n/a n/a n/a 12.2(25)SEG 12.2(25)SEG 12.2(33)SRB

EthernetLMI CE

12.4(9)T 12.4(9)T 12.4(9)T 12.2(37)SE 12.2(37)SE

Link OAMto CFMIW

n/a n/a n/a 12.2(35)SE1 12.2(35)SE1 12.2(33)SRB

CFM toE-LMI IW n/a n/a n/a 12.2(25)SEG 12.2(25)SEG 12.2(33)SRB

IP SLA forMetroEthernet

12.2(40)SE 12.2(40)SE 12.2(33)SRB

Platform

Feature

X = shipping; n/a = not applicable; (*) Cisco Catalyst OS 8.6 also supported


77/77



Cisco E-OAM implementationShipping Platforms and Features (Cont.)

Cisco 7200 7200-NPE-G2 Cisco 7201 Cisco 7301

CFM(IEEE802.1ag)

12.4(15)T3 12.4(15)T3 12.4(15)T3

Link OAM(IEEE

802.3ah)

12.4(15)T3 12.4(15)T3 12.4(15)T3

EthernetLMI PE

n/a n/a n/a

EthernetLMI CE

12.4(15)T3 12.4(15)T3 12.4(15)T3

Link OAMto CFMIW

n/a n/a n/a

CFM to

E-LMI IW n/a n/a n/a

IP SLA forMetroEthernet

Platform

Feature

X = shipping; n/a = not applicable

acceso ethernet para metro de proxima generacion y redes de area amplia.pdf

Documents