DOCS-91 Initial draft #time 6h #56
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,375 @@ | ||
| # AT&T AVPN Configuration | ||
|
|
||
| This guide is for network engineers and architects using their 128T Session Smart router to connect to AT&T’s MPLS VPN (AVPN) service. It will cover: | ||
|
There was a problem hiding this comment. This is mainly valid for branch routers. For DC's this would not really kick in given the encyption performance There was a problem hiding this comment. Added a note in the Abstract section that it is most useful on narrower links that are more prone to congestion. |
||
| - Service class definitions for the various COS queues on the AT&T MPLS network | ||
| - Strategies for mapping `service` configuration to the COS queues using `service-policy` elements | ||
| - Guidelines for setting your `traffic-engineering` properties, to match the circuit profile of your AT&T MPLS link | ||
|
|
||
| This document is intended to be a companion guide to the *AT&T Network-Based Class of Service Customer Router Configuration Guide*. At the time of this writing, the latest version is Release 4.0, December 2016. | ||
|
|
||
| ## AT&T Service Classes | ||
|
|
||
| The AT&T AVPN MPLS network uses six distinct classes of service for carrying customer traffic, as well as a seventh “control” queue for communication between the CE and PE router. This section describes each of the classes of service and provides 128T configuration fragments to illustrate how to configure your 128T Session Smart router to interact with the AVPN network. | ||
|
|
||
| :::note | ||
| This document assumes the use of a 6COS circuit profile. The 4COS circuit does not use the COS2V nor COS5 classes of service. Otherwise, the recommendations made in this document apply. | ||
| ::: | ||
|
|
||
| :::caution | ||
| In each of the `service-class` configuration excerpts below, you will see it has been assigned a `traffic-class`. The 128T Session Smart router has four traffic classes, in order of priority: high, medium, low, best-effort. This is different from other network equipment, which may order the priorities as high, medium, best-effort, low. | ||
| ::: | ||
|
|
||
| All of the `service-class` elements in this section are provided as an appendix to this document, to facilitate their import (or copy/paste) into your existing 128T configuration. | ||
ptimmons marked this conversation as resolved.
Show resolved
Hide resolved
|
||
|
|
||
| ### COS1: Real-time | ||
|
|
||
| The COS1 class is treated differently than the other classes on AVPN; any packets received that are marked as COS1 exceed the configured bandwidth, they are explicitly dropped ("hard policed"). Packets are identified as COS1 through the use of the "EF" DSCP marking (decimal 46). | ||
|
|
||
| COS1 is typically reserved for Voice over IP (VoIP) traffic. | ||
|
|
||
| Configuration: | ||
|
|
||
| ``` | ||
| admin@AAPCDCVACON0A.AAPCONPOD0# show config run auth service-class ATT-COS1 | ||
|
|
||
| config | ||
|
|
||
| authority | ||
|
|
||
| service-class ATT-COS1 | ||
| name ATT-COS1 | ||
| description "Real-time applications (EF)" | ||
| dscp 46 | ||
| traffic-class high | ||
| exit | ||
| exit | ||
| exit | ||
| ``` | ||
|
|
||
| ### COS2V: Delay-sensitive applications | ||
|
|
||
| The COS2V queue, identified through the use of the DSCP value AF41 (decimal 34), is typically reserved for video conferencing traffic. | ||
|
|
||
| #### Configuration | ||
|
|
||
| ``` | ||
| admin@AAPCDCVACON0A.AAPCONPOD0# show config run auth service-class ATT-COS2V | ||
|
|
||
| config | ||
|
|
||
| authority | ||
|
|
||
| service-class ATT-COS2V | ||
| name ATT-COS2V | ||
| description "Delay-sensitive applications (AF41)" | ||
| dscp 34 | ||
| traffic-class medium | ||
| exit | ||
| exit | ||
| exit | ||
| ``` | ||
|
|
||
| ### COS2: Time-critical applications | ||
|
|
||
| The COS2 queue, identified through the use of DSCP AF31 (decimal 26), is to be used for time-sensitive, mission-critical, low bandwidth applications. This is the recommended class VoIP signaling (e.g., SIP, H.323, SCCP), as it is low-bandwidth (typically a small number of kilobits per second) but extremely time-sensitive. | ||
|
|
||
| #### Configuration | ||
|
|
||
| ``` | ||
| admin@AAPCDCVACON0A.AAPCONPOD0# show config run auth service-class ATT-COS2 | ||
|
|
||
| config | ||
|
|
||
| authority | ||
|
|
||
| service-class ATT-COS2 | ||
| name ATT-COS2 | ||
| description "Time-sensitive mission-critical low-bandwidth applications (AF31)" | ||
| dscp 26 | ||
| traffic-class medium | ||
| exit | ||
| exit | ||
| exit | ||
| ``` | ||
|
|
||
| ### COS3: Time-sensitive applications | ||
|
|
||
| This class of service should include all mission-critical applications that are *interactive* in nature; that is, they correspond to applications that are transactional in nature. In enterprises this may be a CRM system, an ERP system, or other important client/server applications. | ||
|
|
||
| COS3 is distinguishable by its DSCP value of AF21 (decimal 18). | ||
|
|
||
| #### Configuration | ||
|
|
||
| ``` | ||
| admin@AAPCDCVACON0A.AAPCONPOD0# show config run auth service-class ATT-COS3 | ||
|
|
||
| config | ||
|
|
||
| authority | ||
|
|
||
| service-class ATT-COS3 | ||
| name ATT-COS3 | ||
| description "Time-sensitive mission-critical applications (AF21)" | ||
| dscp 18 | ||
| traffic-class low | ||
ptimmons marked this conversation as resolved.
Show resolved
Hide resolved
|
||
| exit | ||
| exit | ||
| exit | ||
| ``` | ||
|
|
||
| ### COS4: Best Effort | ||
|
|
||
| The "best effort" class is the one that should be used by the majority of network traffic. | ||
|
|
||
| There is no DSCP value associated with best effort traffic (decimal 0). | ||
|
|
||
| #### Configuration | ||
|
|
||
| ``` | ||
| admin@AAPCDCVACON0A.AAPCONPOD0# show config run auth service-class ATT-COS4 | ||
|
|
||
| config | ||
|
|
||
| authority | ||
|
|
||
| service-class ATT-COS4 | ||
| name ATT-COS4 | ||
| description "Best effort (default)" | ||
| dscp 0 | ||
| traffic-class best-effort | ||
| exit | ||
| exit | ||
| exit | ||
| ``` | ||
|
|
||
| ### COS5: Scavenger | ||
|
|
||
| The last class of service for customer traffic is COS5, or scavenger. This is for all non business-oriented traffic. This typically gets the lowest allocation when assigning traffic engineering percentages, and thus will experience congestion first. | ||
|
|
||
| Scavenger traffic is identified as COS5 through the use of the AF11 DSCP value (decimal 10). | ||
|
|
||
| #### Configuration | ||
|
|
||
| ``` | ||
| admin@AAPCDCVACON0A.AAPCONPOD0# show config run auth service-class ATT-COS5 | ||
|
|
||
| config | ||
|
|
||
| authority | ||
|
|
||
| service-class ATT-COS5 | ||
| name ATT-COS5 | ||
| description "Scavenger (AF11)" | ||
| dscp 10 | ||
| traffic-class best-effort | ||
| exit | ||
| exit | ||
| exit | ||
| ``` | ||
|
|
||
| ### Control Queue | ||
|
|
||
| The control queue is used for communicating between the CE and PE router, and should typically be limited to BGP and BFD only. This is an extremely low bandwidth queue. | ||
|
There was a problem hiding this comment. We should probably recommend a setting for our BFD packets on the adjacency. It could be medium/high. There was a problem hiding this comment. BFD is always treated as high for us, I thought There was a problem hiding this comment. I meant the dscp marking to be set on the adjacency. There was a problem hiding this comment. I had long talks with Adam B. about this topic... it's almost better to leave DSCP at 0 since that's (in principle) where the majority of the traffic will be placed. Once IP Flow Monitoring comes into the picture this can be revisited, since we'll have a whole new design language. |
||
|
|
||
| :::warning | ||
| In many deployments the 128T does not BGP peer with the PE router, and in no deployments will the 128T send BFD to the PE router. Do not mark BFD or BGP with DSCP CS6/decimal 48. This is only presented for completeness, or when BGP peering with the PE router. | ||
| ::: | ||
|
|
||
| #### Configuration | ||
|
|
||
| ``` | ||
| admin@AAPCDCVACON0A.AAPCONPOD0# show config run auth service-class ATT-control | ||
|
|
||
| config | ||
|
|
||
| authority | ||
|
|
||
| service-class ATT-control | ||
| name ATT-control | ||
| description "Control traffic only (CS6)" | ||
| dscp 48 | ||
| traffic-class high | ||
| exit | ||
| exit | ||
| exit | ||
| ``` | ||
|
|
||
| ## Service Policies | ||
|
|
||
| The 128T will use `service-policy` to indicate which sessions need to get marked and treated with the `session-type` configurations. Each `service` should have a corresponding `service-policy`, to ensure that the markings are applied and the correct `traffic-class` is used for traffic engineering. | ||
|
|
||
| The base class `service-policy` configurations presented here are derived from the [BCP on Service Policy](bcp_service-policy_defaults). | ||
|
|
||
| | Base `service-policy` | AVPN `service-class` | | ||
| | --- | :-: | | ||
| | `voip-audio` | ATT-COS1 | | ||
| | `voip-video` | ATT-COS2V | | ||
| | `video-streaming` | ATT-COS2V | | ||
| | `voip-signaling` | ATT-COS2 | | ||
| | `data-mission-critical` | ATT-COS2 | | ||
| | `remote-desktop` | ATT-COS2 | | ||
| | `management-interactive` | ATT-COS3 | | ||
| | `management-m2m` | ATT-COS3 | | ||
| | `data-interactive` | ATT-COS3 | | ||
| | `data-best-effort` | ATT-COS4 | | ||
| | `data-scavenger` | ATT-COS5 | | ||
| | `video-streaming-scavenger` | ATT-COS5 | | ||
|
|
||
| ## Traffic Engineering Strategies | ||
|
|
||
| The 128T router uses four traffic engineering queues for prioritizing egress traffic during times of congestion or link contention. The general practice of mapping the `traffic-class` assignments (high, medium, low, best-effort) into the various 6COS queues is shown below. | ||
|
|
||
| ```mermaid | ||
| graph LR | ||
| voip-audio --> ATT-COS1 | ||
| id1(BFD, BGP) -.-> ATT-control | ||
| voip-video --> ATT-COS2V | ||
| voip-streaming --> ATT-COS2V | ||
| voip-signaling --> ATT-COS2 | ||
| data-mission-critical --> ATT-COS2 | ||
| remote-desktop --> ATT-COS2 | ||
| management-interactive --> ATT-COS3 | ||
| management-m2m --> ATT-COS3 | ||
| data-interactive --> ATT-COS3 | ||
| data-best-effort --> ATT-COS4 | ||
| data-scavenger --> ATT-COS5 | ||
| video-streaming-scavenger --> ATT-COS5 | ||
| subgraph best-effort | ||
| ATT-COS5 | ||
| end | ||
| subgraph low | ||
| ATT-COS4 | ||
| end | ||
| subgraph medium | ||
| ATT-COS2V | ||
| ATT-COS2 | ||
| ATT-COS3 | ||
| end | ||
| subgraph high | ||
| ATT-COS1 | ||
| ATT-control | ||
| end | ||
| ``` | ||
|
There was a problem hiding this comment. Now that mermaid is part of this Docusaurus package, please update this so that it renders correctly. |
||
|
|
||
| Each AT&T AVPN circuit has a *profile* associated with it (referred to as a "COS Package"), that maps to bandwidth allocations for the various COS queues. These in turn need to be mapped to the four egress traffic engineering queues on the 128T. The COS Package from AT&T is expressed as a set of six numbers (corresponding to the queues), where the first number is the percentage of the circuit bandwidth allocated for COS1, and the remaining five numbers (which sum to 100%) represent the amount of *bandwidth remaining* from the bandwidth not used by COS1. | ||
|
|
||
| :::warning | ||
| Math involved. | ||
| ::: | ||
|
|
||
| ### Sizing the Traffic Engineering Policy | ||
|
|
||
| | Traffic Class | Value | | ||
| | :-----------: | -------------------------------- | | ||
| | high | COS1 percentage from COS Profile | | ||
| | medium | (sum of COS2V + COS2 + COS3) * (100% - COS1 bandwidth) | | ||
| | low | COS4 * (100% - COS1 bandwidth) | | ||
| | best-effort | COS5 * (100% - COS1 bandwidth) | | ||
|
|
||
| Example (simple COS profile for a 6COS model): | ||
|
|
||
| | COS1 | COS2V | COS2 | COS3 | COS4 | COS5 | | ||
| | :--: | :---: | :--: | :--: | :--: | :--: | | ||
| | 5% | 20% | 20% | 20% | 20% | 20% | | ||
|
|
||
| In this case, the `high` percentage is `5`. The `medium` class gets 60% (20% + 20% + 20%) of the remaining 95%, which is `57`. The `low` class gets 20% of the remaining 95%, which is `19`. And `best-effort` also gets 20%, which is `19`. | ||
ptimmons marked this conversation as resolved.
Show resolved
Hide resolved
|
||
|
|
||
| The `traffic-profile` would therefore look like this: | ||
|
|
||
| ``` | ||
| *admin@labsystem1.fiedler# show config candidate authority traffic-profile 6COS-simple | ||
|
|
||
| config | ||
|
|
||
| authority | ||
|
|
||
| traffic-profile 6COS-simple | ||
| name 6COS-simple | ||
|
|
||
| high | ||
| distribution 5 | ||
| exit | ||
|
|
||
| medium | ||
| distribution 57 | ||
| exit | ||
|
|
||
| low | ||
| distribution 19 | ||
| exit | ||
|
|
||
| best-effort | ||
| distribution 19 | ||
| exit | ||
| exit | ||
| exit | ||
| exit | ||
| ``` | ||
|
|
||
| This `traffic-profile` is applied to a `device-interface`: | ||
|
|
||
| ``` | ||
| *admin@labsystem1.fiedler# show config candidate authority router newton node labsystem2 device eno4 traffic-engineering | ||
|
|
||
| config | ||
|
|
||
| authority | ||
|
|
||
| router newton | ||
| name newton | ||
|
|
||
| node labsystem2 | ||
| name labsystem2 | ||
|
|
||
| device-interface eno4 | ||
| name eno4 | ||
|
|
||
| traffic-engineering | ||
| transmit-cap 100000000 | ||
| traffic-profile 6COS-simple | ||
| exit | ||
| exit | ||
| exit | ||
| exit | ||
| exit | ||
| exit | ||
| ``` | ||
|
|
||
| ## Appendix: Service Class Configuration | ||
|
|
||
| The following configuration output is presented here to facilitate copy/paste into your 128T conductor. | ||
|
|
||
| :::note | ||
| Because the `dscp` value is a key field for the `service-class` object, no two `service-class` configurations can share the same value. This will likely require you to delete existing `service-class` configuration, as the 128T ships with *factory default* `service-class` elements that will conflict with the ones presented below. | ||
| ::: | ||
|
|
||
| ``` | ||
| config authority service-class ATT-COS1 name ATT-COS1 | ||
| config authority service-class ATT-COS1 description "Real-time applications (EF)" | ||
| config authority service-class ATT-COS1 dscp 46 | ||
| config authority service-class ATT-COS1 traffic-class high | ||
| config authority service-class ATT-COS2V name ATT-COS2V | ||
| config authority service-class ATT-COS2V description "Delay-sensitive applications (AF41)" | ||
| config authority service-class ATT-COS2V dscp 34 | ||
| config authority service-class ATT-COS2V traffic-class medium | ||
| config authority service-class ATT-COS2 name ATT-COS2 | ||
| config authority service-class ATT-COS2 description "Time-sensitive mission-critical low-bandwidth applications (AF31)" | ||
| config authority service-class ATT-COS2 dscp 26 | ||
| config authority service-class ATT-COS2 traffic-class medium | ||
| config authority service-class ATT-COS3 name ATT-COS3 | ||
| config authority service-class ATT-COS3 description "Time-sensitive mission-critical applications (AF21)" | ||
| config authority service-class ATT-COS3 dscp 18 | ||
| config authority service-class ATT-COS3 traffic-class low | ||
| config authority service-class ATT-COS4 name ATT-COS4 | ||
| config authority service-class ATT-COS4 description "Best effort (default)" | ||
| config authority service-class ATT-COS4 dscp 0 | ||
| config authority service-class ATT-COS4 traffic-class best-effort | ||
| config authority service-class ATT-COS5 name ATT-COS5 | ||
| config authority service-class ATT-COS5 description "Scavenger (AF11)" | ||
| config authority service-class ATT-COS5 dscp 10 | ||
| config authority service-class ATT-COS5 traffic-class best-effort | ||
| config authority service-class ATT-control name ATT-control | ||
| config authority service-class ATT-control description "Control traffic only (CS6)" | ||
| config authority service-class ATT-control dscp 48 | ||
| config authority service-class ATT-control traffic-class high | ||
| ``` | ||
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please define the title using the FrontMatter formatting.