Layer-2 QoS HowTo

Introduction

This document describes how to configure switches to prioritise traffic in a switched LAN infrastructure. We refer to this as layer-2 QoS priority, or simply layer-2 priority. Other sources may refer to this as class of service (CoS).

Consider Figure 1 below. The cloud represents a set of LAN switches and cables, used to interconnect a set of hosts (end devices), here denoted as H1-H9. The cloud constitutes the LAN infrastructure, surrounded by hosts connecting at its edge.

                 H1   H2
                  |   |
                  .--.-.     H3
                 ( (    )__ /
             H5--(_,  \ ) ,_)--H4
                  '-'--`--'
                 / |   |  \
               H6  H7  H8 H9

Figure 1: Switched LAN Infrastructure (cloud represents LAN switches).

Then compare this with Figure 2 below, showing a sample physical representation of the same network. The LAN infrastructure consists of four switches (S1-S4), connected in a ring to achieve redundancy. Switches use a layer-2 redundancy protocol such as FRNT or RSTP to ensure proper connectivity within the ring.

         .-----------------.      .-----------------.
         |        S1       |      |        S2       |
    .----+1               2+------+1               2+----.
    |    |  3   4   5   6  |      |  3   4   5   6  |    |
    |    '--+---+---+---+--'      '--+---+---+---+--'    |
    |       |   |   |   |            |   |   |   |       |
    |      H1  H2                   H3  H4               |
    |  (VoIP) (SNMP             (VoIP)  (SNMP            | VLAN 1 &
    |          Mgr)                      Agent)          | VLAN 10
    |                                                    | on Trunk
    |                                                    | Links
    |    .-----------------.      .-----------------.    |
    |    |        S3       |      |        S4       |    |
    '----+1               2+------+1               2+----'
         |  3   4   5   6  |      |  3   4   5   6  |
         '--+---+---+---+--'      '--+---+---+---+--'
            |   |   |   |            |   |   |   |
           H5  H6  H7               H8  H9
       (VoIP) (FTP)              (SNMP (PC)
                                 Agent)

Figure 2: Switched LAN Infrastructure Example (Ring Topology).

The ports where hosts connect (ports 3-6 on each switch) are referred to as access ports, while ports interconnecting switches are referred to as VLAN trunk ports or trunk ports.

Now assume you have the following situation: - H1, H3 and H5 are located on a specific VLAN (VLAN 10) used for IP telephony traffic. Other hosts are located on VLAN 1. - H2 is an SNMP Manager station monitoring SNMP Agents H4 and H8 - H6 is a File Server (bulk data) - H7 is a device capable of sending priority tagged frames (IEEE 802.1p, VID 0). - H9 is a maintenance PC

To assign appropriate priority, you have the following tasks: - How can you configure your switches to give priority to the IP telephony traffic, aiming to achieve good voice quality? (H1, H3 and H5) - What priority should be given to the SNMP traffic? Perhaps SNMP traps from the agents should be given relatively high priority, while regular SNMP Get/Set and Response traffic can have lower priority? (H2, H4 and H8) - Bulk data downloads from the file server is assumed not to be time critical, thus should be given low priority. The same goes for all traffic from the maintenance PC. (H6 and H9). - The device H7 is sending both low priority data and high priority data, signalling the priority with a priority VLAN tag. How should the switch be configured to take advantage of this?

In addition to the traffic from the mentioned hosts, there is also high priority traffic for the layer-2 redundancy protocol (FRNT, etc.) on the trunk links. This signalling traffic is sent with highest priority to ensure the network is working properly.

General Approach

         .-----------------.
         |     Switch      |     <-- Trunk ports (1&2)
     ----+1               2+---      VLAN tag holds priority
         |  3   4   5   6  |
         '--+---+---+---+--'     <-- Access ports (3-6)
            |   |   |   |            Determine priority here
           H1      H2

The general recommendation for determining and conveying Layer-2 priority is summarized below:

  • Determine priority at the access ports, when the user traffic is entering the LAN infrastructure. In our example, ports 3-6 on the switches are access ports.
  • Use VLAN tagging on the trunk ports, letting the tag carry the priority (802.1p) determined at the access ports. In our example, ports 1 and 2 are trunk ports.
  • When configuring priority, avoid assigning the highest priority to any kind of user traffic, as that should be reserved for network signalling protocols (FRNT, etc.)

Capabilities

A packet’s priority is determined on ingress, i.e., when the packet enters the switch. Three priority modes are available for configuration per port.

  • Port Priority mode: If priority mode ‘port’ is configured on the port, then all ingress packets will be assigned the ingress port’s port priority.
  • VLAN tag mode: If priority mode ‘VLAN tag’ is configured on the port, then all ingress packets arriving with an 802.1Q tag will get priority specified in the priority field of the VLAN tag.

If no VLAN tag is present in the arriving packet, priority is based on the port priority of the ingress port, see above. - IP DSCP/ToS mode: If priority mode ‘ip’ is configured, then all ingress IPv4 packets will be assigned priority based on the DSCP value (formerly ToS) in the packets IP header.

If the incoming packet is not an IP packet (e.g., an ARP packet), priority is based on the port priority of the ingress port, see above.

  • prefer [tag|ip] mode: If priority mode ‘prefer tag’ is configured, then all ingressing VLAN tagged IP packets, and VLAN tagged non-IP packets, will be assigned priority based on the PCP value in the VLAN tag. Untagged IP packets will get priority based on the DSCP field in the IP header.

If priority mode ‘prefer ip’ is configured, then all ingressing VLAN tagged IP packets, and untagged IP packets, will be assigned priority based on the DSCP value in the IP header. For VLAN tagged non-IP packets use PCP priority in VLAN tag.

If none of the above matches, priority is based on the port priority of the ingress port, see above.

Considering the general recommendations for layer-2 priority, ‘VLAN tag’ priority should be used on trunk ports, while ‘port priority’ or ‘IP DSCP/ToS’ (or even ‘VLAN tag’) priority can be used on access ports.

By default, ports are configured with:

  • priority mode ‘VLAN tag’
  • port priority ‘0’ (zero)

Configuration

The following sections show configuration for each of the switches in Figure 2, focusing on layer-2 priority settings. IP network and layer-2 redundancy settings are also shown for completeness. In this example FRNT is used for layer-2 redundancy, with S1 as ‘focal point’.

The switches have factory configuration at start (all ports in VLAN 1). Each switch shall have two VLANs, VLAN 1 where most hosts reside and VLAN 10 for the IP telephony hosts. For management purposes, switches are assigned IP addresses each VLAN (subnets 192.168.1.0/24 and 192.168.10.0/24).

Switch 1 (S1)

         .-----------------.
         |        S1       |
     ----+1               2+---
         |  3   4   5   6  |
         '--+---+---+---+--'
            |   |   |   |
           H1   H2
        (VoIP) (SNMP Mgr)

General Configuration (S1)

In this section we show settings for VLANs, IP settings and Layer-2 redundancy. Although this is just an example of how it could be done, but shown for completeness. For layer-2 priority, the most important part here is that trunk ports are configured for VLAN tagging.

The VLAN configuration steps are as follows. Initially all ports are associated untagged with VLAN 1.

s1:/#> configure 
s1:/config/#> vlan 10
Creating new VLAN vid:10 with name: vlan10
s1:/config/vlan-10/#> untagged eth3
Moving untagged port eth3 from vid 1 to vid 10.
s1:/config/vlan-10/#> tagged eth1,eth2
s1:/config/vlan-10/#> end
s1:/config/#> vlan 1
s1:/config/vlan-1/#> tagged eth1,eth2
s1:/config/vlan-1/#> leave
Configuration activated.  Remember "copy run start" to save to flash (NVRAM).
s1:/#>

The IP address configuration steps are as follows. Initially interface vlan1 gets addresses via DHCP as well as a link-local address (we remove the DHCP method; the link-local is kept, but could also have been removed).

s1:/#> configure
s1:/config/#> iface vlan1
s1:/config/iface-vlan1/#> no inet dhcp
s1:/config/iface-vlan1/#> inet static 192.168.1.1/24
s1:/config/iface-vlan1/inet-static-192.168.1.1/#> end
s1:/config/iface-vlan1/#> end
s1:/config/#> iface vlan10
s1:/config/iface-vlan10/#> inet static 192.168.10.1/24
s1:/config/iface-vlan10/inet-static-192.168.10.1/#> leave
Configuration activated.  Remember "copy run start" to save to flash (NVRAM).
s1:/#>

FRNT operates on the ring ports (eth1 and eth2). S1 is selected as Focal Point (this is the default setting).

s1:/#> configure
s1:/config/#> frnt
Activating FRNT0 with default settings, remember to change the ring ports!
Invalid settings: No ring ports defined
s1:/config/frnt-1/#> ports eth1,eth2
s1:/config/frnt-1/#> leave
Configuration activated.  Remember "copy run start" to save to flash (NVRAM).
s1:/#>

Layer-2 Priority Configuration (S1)

By default, all ports are configured with priority mode tag, i.e., it primarily looks at the priority field carried as part of the VLAN tag.

  • We keep the priority mode setting for the trunk ports (eth1 and eth2).
  • Port 3 (eth3) should be used for IP telephony. We select priority-mode port, and then set port priority to 5 to give it reasonably high priority without affecting FRNT signalling.
  • Other access ports are also set to priority mode port, but the default port priority 0 (zero) is kept.
s1:/#> configure
s1:/config/#> port eth3
s1:/config/port-eth3/#> priority-mode port
s1:/config/port-eth3/#> priority 5
s1:/config/port-eth3/#> end
s1:/config/#> port eth4..eth6
s1:/config/port-eth4..eth6/#> priority-mode port
s1:/config/port-eth4..eth6/#> leave
Configuration activated.  Remember "copy run start" to save to flash (NVRAM).
s1:/#>

Switch 2 (S2)

         .-----------------.
         |        S2       |
     ----+1               2+---
         |  3   4   5   6  |
         '--+---+---+---+--'
            |   |   |   |
           H3  H4
       (VoIP) (SNMP Agent)

General Configuration (S2)

The configuration is very similar to S1. The major differences are:

  • S2 is assigned IP address 192.168.1.2/24 and 192.168.10.2/24 on interface vlan1 and vlan10 respectively
  • S2 is an FRNT Member switch, not a Focal-Point

The VLAN configuration steps are the same as for S1.

s2:/#> configure 
s2:/config/#> vlan 10
Creating new VLAN vid:10 with name: vlan10
s2:/config/vlan-10/#> untagged eth3
Moving untagged port eth3 from vid 1 to vid 10.
s2:/config/vlan-10/#> tagged eth1,eth2
s2:/config/vlan-10/#> end
s2:/config/#> vlan 1
s2:/config/vlan-1/#> tagged eth1,eth2
s2:/config/vlan-1/#> leave
Configuration activated.  Remember "copy run start" to save to flash (NVRAM).
s2:/#>

The IP address configuration steps are similar to the steps of S1, only the host part of the IP address differs.

s2:/#> configure
s2:/config/#> iface vlan1
s2:/config/iface-vlan1/#> no inet dhcp
s2:/config/iface-vlan1/#> inet static 192.168.1.2/24
s2:/config/iface-vlan1/inet-static-192.168.1.2/#> end
s2:/config/iface-vlan1/#> end
s2:/config/#> iface vlan10
s2:/config/iface-vlan10/#> inet static 192.168.10.2/24
s2:/config/iface-vlan10/inet-static-192.168.10.2/#> leave
Configuration activated.  Remember "copy run start" to save to flash (NVRAM).
s2:/#>

Switch S2 is configured as FRNT member (no focal-point).

s2:/#> configure
s2:/config/#> frnt
Activating FRNT0 with default settings, remember to change the ring ports!
Invalid settings: No ring ports defined
s2:/config/frnt-1/#> ports eth1,eth2
s2:/config/frnt-1/#> no focal-point
s2:/config/frnt-1/#> leave
Configuration activated.  Remember "copy run start" to save to flash (NVRAM).
s2:/#>

Layer-2 Priority Configuration (S2)

The layer-2 priority configuration on Switch 2 is very similar to the settings on Switch 1, e.g., port 3 is also used for IP telephony. The major difference here is that we have an SNMP agent device on port 4, assumed to send SNMP traps with a higher DSCP value than other data. We want to give higher priority to the SNMP traps, so we configure port 4 with priority mode ip.

s2:/#> configure
s2:/config/#> port eth3
s2:/config/port-eth3/#> priority-mode port
s2:/config/port-eth3/#> priority 5
s2:/config/port-eth3/#> end
s2:/config/#> port eth4
s2:/config/port-eth4/#> priority-mode ip
s2:/config/port-eth4/#> end
s2:/config/#> port eth5..eth6
s2:/config/port-eth5..eth6/#> priority-mode port
s2:/config/port-eth5..eth6/#> leave
Configuration activated.  Remember "copy run start" to save to flash (NVRAM).
s2:/#>

Switch 3 (S3)

         .--------------------.
         |         S3         |
     ----+1                  2+---
         |  3    4    5    6  |
         '--+----+----+----+--'
            |    |    |   |
           H5   H6   H7
       (VoIP) (FTP) (Prio Tag)

General Configuration (S3)

The configuration of S3 has much in common with S1 and S2. The only difference, compared to S2, is IP assignment; S3 is assigned IP address 192.168.1.3/24 and 192.168.10.3/24 on interface vlan1 and vlan10 respectively.

The VLAN and FRNT configuration steps are exactly the same as for S2, see above.

The IP address configuration steps are similar to the steps of S1 and S2, only the host part of the IP address differs.

s3:/#> configure
s3:/config/#> iface vlan1
s3:/config/iface-vlan1/#> no inet dhcp
s3:/config/iface-vlan1/#> inet static 192.168.1.3/24
s3:/config/iface-vlan1/inet-static-192.168.1.3/#> end
s3:/config/iface-vlan1/#> end
s3:/config/#> iface vlan10
s3:/config/iface-vlan10/#> inet static 192.168.10.3/24
s3:/config/iface-vlan10/inet-static-192.168.10.3/#> leave
Configuration activated.  Remember "copy run start" to save to flash (NVRAM).
s3:/#>

Layer-2 Priority Configuration (S3)

Layer-2 priority configuration on S3 intends to achieve the following:

  • Trunk ports 1 and 2 use priority mode tag (as in S1 and S2)
  • Give high priority to IP telephony on port 3 (as on S1 and S2)
  • The File Server H6 on port 4 should be given low priority, avoiding that bulk data affects more important traffic
  • H7 attached to port 5 sends priority tagged packets (VLAN tagged packets with VID 0). If we wish to base priority on the VLAN tag, the port needs to be configured with priority-mode tag. This is the default, i.e., no configuration is needed
s3:/#> configure
s3:/config/#> port eth3
s3:/config/port-eth3/#> priority-mode port
s3:/config/port-eth3/#> priority 5
s3:/config/port-eth3/#> end
s3:/config/#> port eth4,eth6
s3:/config/port-eth4,eth6/#> priority-mode port
s3:/config/port-eth4,eth6/#> leave
Configuration activated.  Remember "copy run start" to save to flash (NVRAM).
s3:/#> cp running-config startup-config 
s3:/#> 

Switch 4 (S4)

         .-----------------.
         |        S4       |
     ----+1               2+---
         |  3   4   5   6  |
         '--+---+---+---+--'
            |   |   |   |
           H8   H9
   (SNMP Agent) (PC)

General configuration (S4)

The configuration of S4 has much in common with S1-S3. The differences are:

  • VLAN 10 has no access port on switch S4
  • S4 is assigned IP address 192.168.1.4/24 and 192.168.10.4/24 on interface vlan1 and vlan10 respectively.

The VLAN configuration on S4 is as follows:

s4:/#> configure 
s4:/config/#> vlan 10
Creating new VLAN vid:10 with name: vlan10
s4:/config/vlan-10/#> tagged eth1,eth2
s4:/config/vlan-10/#> end
s4:/config/#> vlan 1
s4:/config/vlan-1/#> tagged eth1,eth2
s4:/config/vlan-1/#> leave
Configuration activated.  Remember "copy run start" to save to flash (NVRAM).
s4:/#>

The IP address configuration steps are similar to the steps of S1-S3, only the host part of the IP address differs.

s4:/#> configure
s4:/config/#> iface vlan1
s4:/config/iface-vlan1/#> no inet dhcp
s4:/config/iface-vlan1/#> inet static 192.168.1.4/24
s4:/config/iface-vlan1/inet-static-192.168.1.4/#> end
s4:/config/iface-vlan1/#> end
s4:/config/#> iface vlan10<
s4:/config/iface-vlan10/#> inet static 192.168.10.4/24
s4:/config/iface-vlan10/inet-static-192.168.10.4/#> leave
Configuration activated.  Remember "copy run start" to save to flash (NVRAM).
s4:/#>

The FRNT configuration steps are exactly the same as for the other member switches, S2 and S3:

s4:/#> configure
s4:/config/#> frnt
Activating FRNT0 with default settings, remember to change the ring ports!
Invalid settings: No ring ports defined
s4:/config/frnt-1/#> ports eth1,eth2
s4:/config/frnt-1/#> no focal-point
s4:/config/frnt-1/#> leave
Configuration activated.  Remember "copy run start" to save to flash (NVRAM).
s4:/#>

Layer-2 Priority Configuration (S4)

Layer-2 priority configuration on S4 intends to achieve the following:

  • Trunk ports 1 and 2 use priority mode tag (as in S1 and S2)
  • The SNMP Agent (H8) port 3 should have priority based on IP DSCP, as in S2, enabling higher priority for SNMP traps than other traffic from H8
  • The Maintenance PC (H9) on port 4 should be given low priority, avoiding that maintenance data affects more important traffic. Ports 4-6 use priority mode ‘port’, with the (default) port priority ‘0’
s4:/#> configure
s4:/config/#> port eth3
s4:/config/port-eth3/#> priority-mode ip
s4:/config/port-eth3/#> end
s4:/config/#> port eth4..eth6
s4:/config/port-eth4..eth6/#> priority-mode port
s4:/config/port-eth4..eth6/#> leave
Configuration activated.  Remember "copy run start" to save to flash (NVRAM).
s4:/#>