1101 1139_06F9_x
1
© 1999, Cisco Systems, Inc.
CiscoAssure Update Session 1101
1101 1139_06F9_x
© 1999, Cisco Syste...
14 downloads
796 Views
2MB Size
Report
This content was uploaded by our users and we assume good faith they have the permission to share this book. If you own the copyright to this book and it is wrongfully on our website, we offer a simple DMCA procedure to remove your content from our site. Start by pressing the button below!
Report copyright / DMCA form
1101 1139_06F9_x
1
© 1999, Cisco Systems, Inc.
CiscoAssure Update Session 1101
1101 1139_06F9_x
© 1999, Cisco Systems, Inc.
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. 1139_06F9_x.scr
2
1
Agenda
• Why CiscoAssure? • CiscoAssure Update QPM (Incl. Roadmap and QoS Matrix) CSM
• QoS Technologies Update Incl. Catalyst 5000/6000/IOS Roadmaps 1101 1139_06F9_x
© 1999, Cisco Systems, Inc.
3
Traffic Consolidation • 4 traffic types used to often equate to 4 networks Voice, Video, Mission-Critical, Non-Mission-Critical
• Voice/Video migrated from CBR to VBR (i.e. packet based) • Permitted Statistical Multiplexing/Gain 1101 1139_06F9_x
© 1999, Cisco Systems, Inc.
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. 1139_06F9_x.scr
4
2
Consolidated Network Catalyst 8500/6000 Distribution
Catalyst 5000/6000
Catalyst 5000/6000
Wiring Closet
Voice
Server Farm
MissionCritical Application
Video Surveillance
MissionCritical Servers
Web Servers
Four Different Traffic Types: Voice, Video, Mission-Critical, Non Mission-Critical ALL treated as bursty PCs
1101 1139_06F9_x
5
© 1999, Cisco Systems, Inc.
Not All Traffic Is Created Equal Voice
FTP
ERP and Mission-Critical
Bandwidth
Low to Moderate
Moderate to High
Low
Random Drop Sensitive
Low
High
Moderate To High
Delay Sensitive
High
Low
Low to Moderate
Jitter Sensitive
High
Low
Moderate
Traffic Is Grouped into SLAs 1101 1139_06F9_x
© 1999, Cisco Systems, Inc.
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. 1139_06F9_x.scr
6
3
Business Drivers Service Level Agreement (SLA) Traffic Differentiation Metrics: Applications
User
Physical Ports
Others
Applied To:
Routing
1101 1139_06F9_x
Security
QoS
7
© 1999, Cisco Systems, Inc.
Need to First Recognize Traffic to Give Appropriate SLA Traffic Differentiation Metrics: Standard Classification Physical Ports Static Layer 3 Address Static Layer 4 Port
Router Phase 1
1101 1139_06F9_x
Switches Phase 2
NBAR Classification (Network Based Application Recognition) Dynamic Layer 4–Layer 7 H323, ERP, Multimedia URL Address Router Phase 2
© 1999, Cisco Systems, Inc.
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. 1139_06F9_x.scr
Switches Phase 3
8
4
Where Is QoS Important?
WAN
LAN No 16%
No 44%
Yes 56%
Yes 84% Source - Forrester, August 98, Fortune1000
1101 1139_06F9_x
© 1999, Cisco Systems, Inc.
9
WAN QoS Well Established • QoS enables high utilization of expensive resource WAN links expensive Bandwidth and Delay are premium Bandwidth*Delay product mandates large expensive buffers
1101 1139_06F9_x
© 1999, Cisco Systems, Inc.
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. 1139_06F9_x.scr
10
5
LAN QoS? • QoS required where there is congestion Points of substantial speed mismatch Points of aggregation Buffering reduces loss but incurs delay C5K Transmit Queue 164K @ 10Mbps --> 128ms delay QoS mechanisms for traffic differentiation 1101 1139_06F9_x
© 1999, Cisco Systems, Inc.
11
“Intelligent Networking” • Increasing network Intelligence • Intelligence expanding from WAN to Campus • Simplify management of increased complexity Manage End-to-End network through Business Policies CiscoAssure Policy Management 1101 1139_06F9_x
© 1999, Cisco Systems, Inc.
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. 1139_06F9_x.scr
12
6
End-to-End QoS Management
Layered Policy-Based QoS Networking
1101 1139_06F9_x
Application-Enabled QoS Policy-Based Abstracted QoS IP QoS Ubiquitous End-to-End Heterogeneous Link Layer QoS-Intelligent Mechanisms 13
© 1999, Cisco Systems, Inc.
Consistent Policy Enforcement Campus-A Campus-AQoS QoSPolicy PolicyBinding Binding Identifier
QoS
SAP
Accept/Deny
High
Accept
Identifier SAP
Accept
NetMeeting
Paul/NetMg
Accept
Paul/NetMg
SAP
Campus
QoS
Accept/Deny
High
NetMeeting Medium Low
Campus-B Campus-BQoS QoSPolicy PolicyBinding Binding
WAN WANQoS QoSPolicy PolicyBinding Binding
Low -
QoS
SAP
Accept Accept
SAPDeny
Accept/Deny
High
Accept
NetMeeting Medium
Accept
Paul/NetMg
Deny
-
SAP
Campus
WAN translate
translate
Identifier
Server
translate Multimedia Application(s)
Multimedia Application(s)
WinSock 2 (GQoS APIs) QoS Signaling
Discard Test
WinSock 2 (GQoS APIs) TransmitQueue
QoS Signaling
TCP, UDP, ….
Output Line Pass
TCP, UDP, …. Packet Classifier
Packet Classifier
Fail
IP, IPX, AT, IGMP, …. IP, IPX, AT, IGMP, ….
FIFOScheduling
NDIS, ODI, ….
NDIS, ODI, ….
GQoS
Discard Text Based On: • Buffer queue depth • IPprocedure • RSVP session
Interface Buffer Resources
WRED
WFQ
CAR
PFQ
GTS
GQoS
Network Network Devices Devices translate translate abstracted abstracted QoS QoS to to embedded embedded QoS QoS Mechanisms Mechanisms 1101 1139_06F9_x
© 1999, Cisco Systems, Inc.
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. 1139_06F9_x.scr
14
7
HP/Cisco Dynamic LocalDirector Architecture
Dynamic LocalDirector Server Farm I am busy!
•• Load Load balances balances the the server server farm farm dynamically dynamically •• Provides Provides predictable predictable and and controllable controllable platform platform •• Prevents Prevents overload overload of of Web Web servers servers •• Maximizes Maximizes the the number number of of completed completed Internet Internet transactions transactions •• Scales Scales the the transactions transactions and and keeps keeps the the server server farm farm highly highly available available
HP 9000 1101 1139_06F9_x
15
© 1999, Cisco Systems, Inc.
CiscoAssure Looking Forward CiscoAssure—Building Application Aware Networks Protect Mission-Critical Network Resources
QPM
Catalyst Switches
Routers
Application Aware
WAN-edge QoS
QoS for LAN-WAN
Enterprise-wide
• • • •
• • • •
• • • •
1101 1139_06F9_x
Introducing QPM 1.0 Proven IOS Software Application Profiles Traffic management
QPM 1.1 Catalyst QoS & Cisco IOS More App Partners QoS monitoring
© 1999, Cisco Systems, Inc.
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. 1139_06F9_x.scr
QPM 2.0 Enterprise Scalability Directory Integration Standards Based 16
8
QPM 1.1: QoS into the Campus Fall 1999 Campus QoS
QPM 1.1
• Classification Software and ASIC based
WRED Multiple Thresholds
• Scheduling
C5000 C4000
For For TOS TOS == 77
IP Precedence /Diff Serv, 802.1p & ISL priority
Threshold=4 Threshold=4 High High Priority Priority Queue Queue (70% (70% Transmit Transmit Ratio) Ratio)
Multiple Queues per port
For For TOS=2 TOS=2
C6000 0
Threshold=1 Threshold=1 Low Low Priority Priority Queue Queue (30% (30% Transmit Transmit Ratio) Ratio)
TOS<->COS mapping Traffic Policing per port 1101 1139_06F9_x
Si
Set Set SAP SAP == High High TOS=7 TOS=7 Set Set DOOM DOOM == Low Low TOS=2 TOS=2
• Congestion Avoidance
17
© 1999, Cisco Systems, Inc.
QPM 2.0: Network-Wide QoS Spring 2000 • • • • •
Standards-based Enterprise Scalability Application Registration User-based Policies Directory Integration
SNMP/ CLI
QoS Admin Console Policies
Directory
Distributed COPS Policy Servers
Application Servers
Policy Server COPS
Installed base of IOS Software 1101 1139_06F9_x
CNR 4.x
LDAP
© 1999, Cisco Systems, Inc.
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. 1139_06F9_x.scr
Application Registration
COPS enabled devices 18
9
CiscoAssure Application Aware Network CiscoAssure Integration with Applications Vendors
QoS Policy Manager 2.0 Database Server
Identifiers
PROFILE Guidelines Policy Templates Test Reports
Client Port 80
Port 1521
Web Server Download applets
Listener
Java Client
Port 7000
..
Port 7001-7004
Application Processor
Handler Handler
..
Browser
Dept A
Gate way
Browser
Dept B Java Client
Listener
User Desktops
Handler Handler
..
Port 9001-9004
QoS
Security
QoS Policy Server
DNS
DHCP
Application Servers
UT
Active Audit
Voice Services
Traffic Eng
Acctg
Net M’ting Video Services
QoS COPS
Dynamic Application Registration
Application Processor
Port 9000
..
QoS
Path Perf. User-id Profile Analysis Monitor’g Group-id pps SAP Appl. Application QoS Profile Time of Day Bandwidth kbps 1 0 0 Best Effort Location ms Delay m s 80 IP Source Addr Jitter p/s IP Dest. Addr Loss 60 H/M/L L4 port Priority 40 MAC Source Addr Proxy RSVP Y/N MAC Dest. Addr 20 Physical Port 0
Policy Administration GUI
Directory
DNS/ DHCP
Network Registry
COPS
Weighted Fair Queuing Weighted RED Random Early Detection Multiple Queues Committed Access Rate
ATM QoS Services Per VC Queuing
w Ne 1101 1139_06F9_x
19
© 1999, Cisco Systems, Inc.
Dynamic Application Registration QoS Policy Manager
Policies
Directory
Policy Servers
COPS
CiscoAssure increases application awareness by LDAP registering profile information about applications Signaling flows to network Application via standards-based Server mechanisms Directory provides common binding for application classes to Application network services Signaling (RSVP+/TOS)
1101 1139_06F9_x
© 1999, Cisco Systems, Inc.
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. 1139_06F9_x.scr
20
10
CiscoAssure Directory Integration CiscoAssure Phase III
Directory-Integrated (1999-2xxx)
Active Directory
QPM
CSM
CCM
CNR
QoS
Security
Voice
DNS/ DHCP
Policy and Control Servers
Router 1101 1139_06F9_x
LAN Switch
LDAP
Directory Integrated Services -- DEN
CNS Registration & Cisco Network Services
Multilayer Multiservice Switch Switch
Novell Directory
LDAP
Policy Administration
Netscape Directory Other Directory
Access Firewall Server
© 1999, Cisco Systems, Inc.
21
QoS Monitoring Solutions • CW2000 Applications SLA Management Traffic Management Device-level Management
• Network Instrumentation LAN and WAN Probes Network Analysis Module and Embedded RMON QoS MIBs for SNMP management
• Extensive 3rd party support for Cisco Management Connection 1101 1139_06F9_x
© 1999, Cisco Systems, Inc.
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. 1139_06F9_x.scr
22
11
Supported QoS Matrix
1101 1139_06F9_x
© 1999, Cisco Systems, Inc.
23
Supported QoS Matrix, (Cont.)
1101 1139_06F9_x
© 1999, Cisco Systems, Inc.
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. 1139_06F9_x.scr
24
12
QoS Technologies
1101 1139_06F9_x
25
© 1999, Cisco Systems, Inc.
QoS End-to-End
• QoS signaling across a network that spans multiple subnets mandates Layer 3 • QoS may or may not be extended to the client • Some clients (such as servers) can be trusted while other clients (such as some end users) cannot be trusted • It may be easier to manage and control the network devise rather than all the clients 1101 1139_06F9_x
© 1999, Cisco Systems, Inc.
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. 1139_06F9_x.scr
26
13
Where Are QoS Features Applied? T1 Access Congestion and Delay
Campus A
WAN
Campus B
QoS WAN Edge Admission Control Classification Congestion Management Congestion Avoidance Traffic Shaping Policing Link Efficiency 1101 1139_06F9_x
27
© 1999, Cisco Systems, Inc.
Where Are QoS Features Applied? Campus Congestion
Campus A
QoS Ingress Admission Control Classification Congestion Avoidance Congestion Management 1101 1139_06F9_x
T1 Access Congestion and Delay
WAN
QoS Core
Campus B
QoS WAN Edge
Congestion Avoidance
Admission Control
Congestion Management
Congestion Avoidance Congestion Management Policing/Shaping Link Efficiency
© 1999, Cisco Systems, Inc.
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. 1139_06F9_x.scr
28
14
Generic QoS Mechanisms • Once the classifier marks the packets, what QoS mechanisms are required and where are these mechanisms applied? Mechanisms: Buffering with multiple queues Multiple drop thresholds Policing Scheduling 1101 1139_06F9_x
29
© 1999, Cisco Systems, Inc.
Multiple Queues and Drop Thresholds—Two Queues with Two Drop Thresholds
Delay Insensitive
Delay Sensitive
Minimum Bandwidth
80%
20%
High Drop Threshold
3, 4
7, 8
Low Drop Threshold
1, 2
5, 6
Service
Drop Threshold/Priority
1101 1139_06F9_x
Delay Priority
© 1999, Cisco Systems, Inc.
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. 1139_06F9_x.scr
30
15
Catalyst 6000 Wiring Queuing and Scheduling • Two queues: Queue-1 voice, queue-2 missioncritical and Non MissionCritical
Catalyst 5000/6000 Wiring Closet
• Multiple drop thresholds Mission-critical control system high drop threshold Non Mission-Critical low threshold Note video may or may not go in queue-1 1101 1139_06F9_x
MissionCritical Application
Voice
Video Surveillance
Non Mission-Critical
31
© 1999, Cisco Systems, Inc.
Catalyst 6000 Server Farm Policing • Mission-critical not policed • Policing could be considered for Non Mission-Critical traffic and Web servers to protect network • Policing performed by flow or aggregate 1101 1139_06F9_x
© 1999, Cisco Systems, Inc.
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. 1139_06F9_x.scr
Server Farm
MissionCritical Servers
Web Servers
32
16
Token Bucket for Policing and Shaping Average Rate
• Start with a bucket full of tokens. Tokens can be removed at a bursty rate. Tokens are replaced at a specified constant rate.
1101 1139_06F9_x
Maximum Burst
Bursts
33
© 1999, Cisco Systems, Inc.
Catalyst 8500 or Catalyst 6000 at Distribution • Queuing and scheduling Separate queues for voice, video, Non Mission-Critical, Mission-Critical
Catalyst 8500/6000 Distribution
Each queue assigned a minimum bandwidth WRR between queues
• Classification and policing Not required at distribution 1101 1139_06F9_x
© 1999, Cisco Systems, Inc.
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. 1139_06F9_x.scr
34
17
COPS Policy Server Service Mapping DSCP Mapping to Service Types
1101 1139_06F9_x
1
Network
8
Mission Critical
16
Premium Service
24
Standard Service
32
Best Effort
40
Drop
48
Voice
55
Video 35
© 1999, Cisco Systems, Inc.
COPS Policy Server Service Mapping DSCP to Queues and Thresholds Mapping DSCP 1q1t
...
1q4t
...
3q2t . . .
Q=1 T=1 Q=1 T=1
Q=1 T=1 Q=1 T=2
Q=1 T=1 Q=1 T=2
3
Q=1 T=1
Q=1 T=3
Q=2 T=1
4
Q=1 T=1
Q=1 T=4
Q=2 T=2
5
Q=1 T=1
Q=1 T=4
Q=3 T=1
6
Q=1 T=1
Q=1 T=3
Q=3 T=2
Q=1 T=1
Q=1 T=2
Q=2 T=2
1 2
nqnt
... 64 1101 1139_06F9_x
© 1999, Cisco Systems, Inc.
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. 1139_06F9_x.scr
36
18
COPS Policy Server Roles Schedular Example On Policy Server Role WAN Edge—Low Speed
Preference 1st CBWFQ
2nd
3rd
4th
WFQ
WAN Edge—High Speed WRR
1101 1139_06F9_x
Backbone
WRR
User Defined
CBWFQ
WRR
37
© 1999, Cisco Systems, Inc.
Summary Classification
1101 1139_06F9_x
PBR
Routers 11.2
ACL—L2/L3/L4
Routers 12.0
ACL—L2/L3/L4
Cat6k 5.3(1) CSX, 12.1E
ACL—L2/L3/L4
Cat5k 5.1 CatOS
Physical Interface
2900XL Mid ’99
dCAR
Routers 11.1CC
NBAR Dynamic Port Numbers
7200/7100—12.1(1)T
URLs
7200/7100—12.1(1)T
© 1999, Cisco Systems, Inc.
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. 1139_06F9_x.scr
38
19
Summary Marking
1101 1139_06F9_x
IP Precedence Marking
Routers
IP Precedence Marking
Catalyst 5000 5.1
IP Precedence Marking
Catalyst 6000 5.3(1)
DiffServ Marking
7200 12.0(6)T
DiffServ
Catalyst 6000 5.3(1)
802.1p
Catalyst 5000 5.1
802.1p
Catalyst 6000 5.3(1)
802.1p
2900XL Mid ’99
39
© 1999, Cisco Systems, Inc.
Summary Congestion Management
Strict Queuing Strict Queuing WRR WRR WFQ dWFQ CBWFQ dCBWFQ dRR
1101 1139_06F9_x
Routers (PQ)—10.3 2900XL—2 Queues Catalyst 6000—2 Queues Catalyst 8500 8 Queues Routers—11.0 VIP—11.1CC Routers—12.0(5)T VIP—11.1CC 12000
© 1999, Cisco Systems, Inc.
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. 1139_06F9_x.scr
40
20
Summary Congestion Avoidance
WRED dWRED WRED WRED FRED
1101 1139_06F9_x
Routers—11.2 VIP 11.1CC Catalyst 5000 5.1 Catalyst 6000 5.3(1) 12.1E Routers 12.0(3)T
41
© 1999, Cisco Systems, Inc.
Summary Policing and Shaping
GTS FRTS dTS Policing dCAR Policing
1101 1139_06F9_x
Routers 11.2 Routers 11.2 Routers 12.0(5)XE Routers (CAR)—12.0/12.0(4)T VIP 11.1CC Catalyst 6000 5.3(1) 12.1E
© 1999, Cisco Systems, Inc.
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. 1139_06F9_x.scr
42
21
Summary Link Efficiency
LFI cRTP FRF12
1101 1139_06F9_x
Routers 11.3 Routers 11.2 Routers 12.0(4)T
43
© 1999, Cisco Systems, Inc.
Summary Signaling
RSVP dRSVP SBM RSVP
1101 1139_06F9_x
Routers 11.2 VIP Planned Routers—12.0(5)T Catalyst 6000 12.1E
© 1999, Cisco Systems, Inc.
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. 1139_06F9_x.scr
44
22
Summary ATM
Per VC WRED VC Bundling Per VC WFQ Per VC dWFQ Precedence to VCC RSVP to ATM VCC
1101 1139_06F9_x
VIP 11.1CC 7X00—12.0(3)T 7200—12.0(5)T VIP—12.1(1)T Routers 12.0(3)T Routers 12.0(3)T
© 1999, Cisco Systems, Inc.
45
Where to Get More Information
1101 1139_06F9_x
© 1999, Cisco Systems, Inc.
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. 1139_06F9_x.scr
46
23
CiscoAssure
http://www.cisco.com/ciscoassure 1101 1139_06F9_x
© 1999, Cisco Systems, Inc.
47
Cisco Security Manager
• Information on CCO Security Manager: http://www.cisco.com/warp/customer/778/security/csm/
PIX Firewall: http://www.cisco.com/warp/customer/778/security/pix/
• Related Networkers Sessions Policy and Policy Management Technologies and Protocols (#802) Introduction to Cisco QoS Policy Manager (#807) Update on Firewall Technologies (#1303)
1101 1139_06F9_x
© 1999, Cisco Systems, Inc.
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. 1139_06F9_x.scr
48
24
Please Complete Your Evaluation Form Session 1101
1104 1101 0975_05F9_c3 1139_06F9_x
© 1999, Cisco Systems, Inc.
49
1101 1139_06F9_x
© 1999, Cisco Systems, Inc.
50
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. 1139_06F9_x.scr
25