QoS Policy and its propagation via BGP (QPPB)

1. Packet Classification

Classification is the process of matching fields in the headers in order to identify packets that take a particular QoS action such as queuing, policing, shaping etc. The fields such as protocol type, source or destination IP address can be matched in an IP header. There is also a source or a destination port in a TCP header that is matchable for QoS classification. An extended IP access list with a permit action can be used to match any of these fields.

2. Packet Marking

Marking is the process of changing the IP packet headers so that such packets get marked and given a preferred treatment. Packets can be marked with either the IP Precedence or a DSCP value.

RFC 791 defines the legacy way of marking the IP header of packets with IP precedence.

2.1 Packet Marking with IP Precedence

There is an 8 bits value field inside of the IP header dedicated for QoS. The RFC 791 defines it as the Type of Service (TOS) byte (Picture 1). The bits T2, T1, T0 set delay, throughput and reliability, accordingly. For instance, the bit T2 = 0 means normal delay, while T2 =1 means low delay. The bits T2, T1 and T0 however, have not been used in practice, only the precedence bits were used. The bits CU1 and CU0 refer to Currently Unused and are reserved for the future use.

Picture 1: Bits inside the ToS Byte

The bits P2, P1 and P0 sets IP precedence to the packet. There are a total of 8 values with the higher value representing the higher preference. Packets with the lower precedence will be dropped by a router first in case of congestion. For instance, the lowest precedence of value 0 is set by a combination of bits 000 (Routine). The highest preference of value 7 is set by a combination of bits 111 (Network control).

2.2 Packet Marking with DSCP

Even though the IP precedence works well, it offers only 8 precedence values. RFC 2474 solves this drawback and replaces the TOS field inside of an IP header with a Differentiated Services (DS) field. The first 6 bits of a DS field are used to set the Differentiated Services Code Point (DSCP) values aka codepoints. The 6-bit DSCP field inside of a DS field gives us 64 DSCP values that are used for marking packets. (Picture 2).

Picture 2: Bits inside DS Byte

The two-bit Currently Unused (CU) field is reserved.

There are three sets of DSCP values used in DiffServ.

2.2.1 Expedited Forwarding (EF)

The Expedited Forwarding (EF) DSCP value is a single decimal value – 46 (binary pattern 101110) used for marking packets that need low delay, low jitter and low loss. By default, Cisco IP phones mark voice payload (RTP) with the EF value of 46 and the signalization packets (SIP or SCCP) with CS3.

2.2.2 Class Selector (CS)

The DSCP Class Selector (CS) is created for backward compatibility with the legacy IP precedence QoS model that is using a 3-bit IP precedence field. The CS set contains 8 DSCP values, each matching one IP precedence value. For instance, CS0 is matching the IP precedence 0 and so on. As DSCP values are 6-bits, the first three bits in CS are matching the 3-bit IP precedence while the other three CS bits are set to 0. Table 1 shows matching IP precedence and Class selector values.

Table 1: Matching Between CS and IPP

2.2.3 Assured Forwarding (AF)

Assured Forwarding (AF) is a set of 12 DSCP values that provide priority values to different data applications. RFC 2597 defines four AF classes and three levels of drop preference (probability) in each class. The AF name is presented in the Afxy format, where x refers to the class (1 through 4) and y refers to the drop probability (1- low, 2 – medium, 3 – high).

The packets marked with codepoints AF11, AF12 and AF12 would go into one queue of a router while packets marked with AF21, AF22 and AF33 would go to another.

Inside the queue 1, packets marked with AF13 would be dropped before the packets with AF11, since they are marked with a higher drop probability.

3. QoS Policy Propagation via BGP (QPPB)

QPPB allows marking of packets based on an IP precedence or QoS group value (internal to the router) associated with a Border Gateway Protocol (BGP) route. A local router in a given AS influences the IP precedence of traffic (or QoS group) that is sent to the router from a remote AS based on the BGP attributes such as AS path or BGP communities. The QoS Policy is therefore implicitly propagated to the remote AS via BGP. Once a packet is classified, QoS features such as Committed Access Rate (CAR) and Weighted Random Early Detection (WRED) can be used to specify and enforce policies.

Picture 3: Network Topology

Let’s look at the following scenario. A customer (AS64501) has an agreement with the ISP (AS64500) regarding the 172.15.0.0/16 prefix. Traffic to and from the 172.15.0.0/16 prefix between AS64501 and AS64502 is treated preferentially within AS64500.

3.1 Initial Configuration

CE1

interface Loopback0
 ip address 178.15.0.1 255.255.0.0

interface GigabitEthernet0/3
 ip address 192.168.1.2 255.255.255.252

router bgp 64501
 network 178.15.0.0
 neighbor 192.168.1.1 remote-as 64500

PE1

interface Loopback0
 ip address 1.1.1.1 255.255.255.255

interface GigabitEthernet0/1
 ip address 10.0.0.1 255.255.255.252

interface GigabitEthernet0/3
 ip address 192.168.1.1 255.255.255.252

AS64500 runs OSPF as IGP for internal reachability.

router ospf 1
 network 1.1.1.1 0.0.0.0 area 0
 network 10.0.0.0 0.0.0.3 area 0

router bgp 64500
 network 10.0.0.0 mask 255.255.255.0
 neighbor 1.1.1.3 remote-as 64500
 neighbor 1.1.1.3 update-source Loopback0
 neighbor 1.1.1.3 next-hop-self
 neighbor 192.168.1.2 remote-as 64501

Static null route is needed to advertise prefix 10.0.0.0/24 via BGP.

ip route 10.0.0.0 255.255.255.0 Null0

RR

interface Loopback0
 ip address 1.1.1.3 255.255.255.255

interface GigabitEthernet0/1
 ip address 10.0.0.2 255.255.255.252

interface GigabitEthernet0/2
 ip address 10.0.0.6 255.255.255.252

router ospf 1
 network 1.1.1.3 0.0.0.0 area 0
 network 10.0.0.0 0.0.0.3 area 0
 network 10.0.0.4 0.0.0.3 area 0

The RR router is configured as a route reflector for AS 64500 to avoid full-mesh.

router bgp 64500
 bgp log-neighbor-changes
 neighbor 1.1.1.1 remote-as 64500
 neighbor 1.1.1.1 update-source Loopback0
 neighbor 1.1.1.1 route-reflector-client
 neighbor 1.1.1.2 remote-as 64500
 neighbor 1.1.1.2 update-source Loopback0
 neighbor 1.1.1.2 route-reflector-client

PE2

interface Loopback0
 ip address 1.1.1.2 255.255.255.255

interface GigabitEthernet0/2
 ip address 10.0.0.5 255.255.255.252

interface GigabitEthernet0/3
 ip address 192.168.2.1 255.255.255.252

router ospf 1
 network 1.1.1.2 0.0.0.0 area 0
 network 10.0.0.4 0.0.0.3 area 0

router bgp 64500
 neighbor 1.1.1.3 remote-as 64500
 neighbor 1.1.1.3 update-source Loopback0
 neighbor 1.1.1.3 next-hop-self
 neighbor 192.168.2.2 remote-as 64502

CE2

interface Loopback0
 ip address 178.16.0.1 255.255.0.0

interface GigabitEthernet0/3
 ip address 192.168.2.2 255.255.255.252

router bgp 64502
 bgp log-neighbor-changes
 network 178.16.0.0
 neighbor 192.168.2.1 remote-as 64500

Picture 4: Testing Connectivity Between AS64501 and AS64502

Picture 5: Testing Connectivity Between AS64502 and AS64501

3.2 Identifying BGP prefixes Requiring Preferential Treatment

In the event that we used BGP communities to identify the BGP prefix 172.15.0.0/16 (the one requiring preferential treatment), we would need to configure the PE1 router to tag the prefix with a BGP community. However, as we use the AS-PATH attribute to classify packets on edge routers, no configuration is needed.

3.3 Setting FIB policy entries based on the AS-PATH Attribute

PE-2 Configuration

When the prefix with special treatment is received from CE1, it contains the AS_PATH attribute set to 64501 (Picture 6). The prefix is propagated via iBGP within AS64500 to PE2.

Picture 6: PE-1 BGP Table with Prefix 178.15.0.0/16 Received from eBGP Peer CE-1

The AS path access-list 10 is configured on PE2 to match 64501 in the AS_PATH attribute field. The regular expression is matching all routes originating in AS64501 (even when AS_PATH is prepended).

ip as-path access-list 10 permit  ^(64501_)+$

The route-map QPPB-AS-PATH-RM is matching 64501 in the AS-PATH attribute field and is applied to mark qos-group as 10.

route-map QPPB-AS-PATH-RM permit 10 
 match as-path 10 
 set ip qos-group 10

We will apply the policy in BGP using a table-map command in order to reflect it in the FIB of PE2.

 router bgp 64500
  table-map QPPB-AS-PATH-RM

The command show ip cef 178.15.0.0 shows that prefix is marked with the qos-group ID 10 (Picture 7).

Picture 7: Prefix 178.15.0.0/16 Marked with QoS group 10

3.4 Configuring Traffic lookup on Interface and Setting QoS policies

Packets have been marked in the FIB of PE2 but no packets will be marked until we configure PE2 to apply the policy to incoming traffic on an interface. This is done using bgp-policy interface command.

The policy will be applied for the incoming interface of the traffic (Gi0/3) to apply the policy for destination address of the traffic (178.15.0.0/16).

PE-2 Configuration

interface GigabitEthernet0/3
 bgp-policy destination ip-qos-map

3.5 Enabling Rate limit on Interface as Traffic is Received and Transmitted

Packets are now marked and we can set rate-limiting on the ingress port Gi0/3 using qos-group 10 which is applied at this port. The traffic rate will be limited to 5 Mbps (Picture 8).

interface GigabitEthernet0/3
 ip address 192.168.2.1 255.255.255.252
 rate-limit input qos-group 10 5000000 2500 2500 conform-action transmit exceed-action drop
 bgp-policy destination ip-qos-map

Picture 8: Rate-limit Set for GigabitEthernet0/3

The following output shows that when CE2 sends ICMP packets to 178.15.0.0/16 prefix, PE2 classifies this traffic based on the qos-group ID 10 and applies the rate-limit on traffic (Picture 9).

CE2# ping 178.15.0.1 source lo0 repeat 11999 timeout 0 size 1500

Picture 9: Traffic rate limited on Ingress Interface Gi0/3

Conclusion:

QPPB offers convenient classification and marking when BGP is already in use, overcoming the scalability issue of classifying based on ACLs, and the administrative problems of listing the networks that need premium services.