Introductions to Class of Service(CoS) - Part 1

-

 What is Class of Service(CoS) and why do we need it ?

     Class of Service (CoS) refers to a mechanism used to prioritize and manage network traffic based on its importance or quality requirements. It allows network administrators to define different levels of service for various types of traffic, ensuring that critical applications receive the necessary bandwidth, latency, and reliability. By assigning appropriate priority and handling to different types of traffic, CoS helps maintain consistent and efficient network operation, especially in environments with diverse traffic demands and limited resources. IP routers normally will forward traffic as best effort(BE), which is to say independently without controlling the throughput or delay. normally, packets that arrive on a device are then placed in output queues in the order they arrive. CoS must be implemented consistently end to end throughout a network in order for it to function effectively.

 Cos features include traffic classifying, policing, queuing, scheduling, shaping, and marker rewriting.

  • Classification: This step refers to examining incoming packets and associating them with a particular forwarding class. There are three ways JunOS devices classify traffic.
    • Multi-Field Classifiers(MF): A MF Classifier is more complex and requires more configuration. The MF classifier uses a firewall filter(ACL) to match traffic criteria, such as port, protocol, and source addressing, then applies a forwarding class and loss priority(more on this later) to the packets.
    • Behavioral Aggregate(BA) Classifiers: A BA Classifier is a little less complex and less flexible than MF classifiers. BA classifiers rely on markings placed in the headers of incoming packets, either IPv4, IPv6, or MPLS.
    • Default IP Precedence Classifier: The Default IP Precedence Classifier is a classification mechanism used to assign IP precedence values to incoming packets based on their IP headers. IP precedence is a 3-bit field within the IP header that indicates the relative priority of the packet. The Default IP Precedence Classifier allows network administrators to apply a default classification to all unclassified IP traffic.
  • Policing
    • Traffic policing refers to the process of enforcing bandwidth limitations on network traffic. This involves monitoring the rate of incoming traffic and taking an action if it is exceeded.
  • Queuing
    • Traffic queuing refers to the process of organizing packets into different queues based on their assigned CoS classification and priority.
  • Scheduling
    • Scheduling determines how packets are prioritized and processed during periods of congestion, ensuring fair allocation of network resources.
  • Shaping
    • Shaping regulates the outgoing traffic rate, smoothing the flow and conforming it to predefined bandwidth limits.
  • Marker Rewriting
    • Marker rewriting involves modifying packet markings, such as Differentiated Services Code Point (DSCP) values, to ensure consistent and appropriate treatment throughout the network, allowing for effective CoS-based prioritization

 CoS processing on incoming packets

Classifiers and Policers perform the following operations on incoming packets:

  1. The classifier examines incoming packets and assigns a forwarding class and loss priority to it.
  2. Based on the forwarding class, the packets are assigned to an outbound transmission queue.
  3. Input policers meter traffic to see if traffic flow exceeds its service level.

CoS processing on outgoing packets

The scheduler map and rewrite rules perofrm the following operations on outgoing packets:

  1. The scheduler maps are applied to interfaces and associate the outgoing packets with a scheduler and a forwarding class(fowarding class = output queue). 
  2. The scheduler defines how the packet is treated in the output transmission queue based on configured transmit rate, buffer size, priority, and drop profile. 
  3. Output policers meter traffic and might change the forwarding class and loss priority of a packet if the traffic flow exceeds its service level. 
  4. The rewrite rules writes information to the packet according to the forwarding class and loss priority of the packet.

 Re-call that packet classification involved examining the incoming packet and associating it with a forwarding class, which essentially is an output queue, and giving it a packet loss priority(PLP). The packet loss priority allows you to set a priority for dropping packets(low priority = low probability of being dropped and high priority = high probability of being dropped). 

Here is two ways to configure FC's:

set class-of-service forwarding-classes queue 0 best-effort
set class-of-service forwarding-classes queue 1 bronze-class
set class-of-service forwarding-classes queue 2 silver-class
set class-of-service forwarding-classes queue 3 network-class
set class-of-service forwarding-classes queue 4 gold-class
set class-of-service forwarding-classes queue 5 platinum-class
--or--
set class-of-service forwarding-classes class best-effort queue-num 0
set class-of-service forwarding-classes class bronze-class queue-num 1
set class-of-service forwarding-classes class silver-class queue-num 2
set class-of-service forwarding-classes class network-class queue-num 3
set class-of-service forwarding-classes class gold-class queue-num 4
set class-of-service forwarding-classes class platinum-class queue-num 5

 

part two coming soon..

 

 

Comments

Post a Comment

Popular posts from this blog

AWS Identity and Access Management(IAM)

-
Image
 IAM   With the cloud becoming more and more prevalent, how do we secure who can access cloud resources and which resources can speak to each other. This very important problem is solved with AWS Identity and Access Management(IAM) resource.  IAM enables you to control who can access your AWS environment, what actions they can perform, and which resources they can interact with. It allows you to set fine-grained permissions and policies to meet your security and compliance requirements. So what are the parts that make up Identity and Access Management(IAM) ? - User groups - Users - Roles - Policies - Identity Provider Lets go into more detail about each resource that makes up IAM. User groups are groups you can define to logically group users together that perform similar functions in job. This is kind of like having different groups for different job roles. Users are just the manually configured users created for use on the management console. This is where you define all the diffe
Read more

AWS Virtual Private Clouds(VPCs)

-
Image
   In the spirit of my last blog on cloud computing, we will discuss VPC's in this blog.  What are VPC's ? Before I answer this question I need to explain this picture and the terms used. In AWS(and other cloud providers) we have several things that make up the global cloud infrastructure. Those things are Regions, Availability Zones, and Edge Locations(not pictured). A region is a geographical area around the world that consist of multiple availability zones. An availability zone can be thought of as multiple discrete data centers that have separate power, cooling, networking, and housed in separate buildings. Edge locations are places where CloudFront caches your content to provide ultra-low latency delivery of your content. According to AWS they currently have 32 regions, 102 availability zones, and more than 550 PoP's(points of presence). These things together make it possible to create global resources in minutes that serve millions of customers.  A VPC or Virtual Pri
Read more

IPSec VPN - Fundamentals

-
A VPN, or Virtual Private Network, is a way to establish a tunnel between two endpoints, like two routers or two endpoints. VPN’s are used to provide a way of secure communication over an unsecure medium. A simple example would be secure communication between two branch offices over the unsecure internet. This is important because we need secure communication so that people can’t eavesdrop and steal important company information. Oftentimes, people misunderstand VPN's and think just because "private" is in the name that it's secure. This is not always the case, especially in the service provider world where there are different types of VPN's that do not provide any sort of encryption. IPSec VPN's do however provide encryption and other features. There are several different types of VPN’s that can be deployed. The most common ones are Site-To-Site and Remote Access, although there are many more and depending on the use case, the most common could be differe
Read more