QoS-Capable Devices

This section describes the internals of QoS-capable devices. One of the difficulties of describing QoS implementations is the number of different perspectives that can be used to describe all the features. The scope of this section is limited to the priority-based model and the related functional components to implement this model. The priority-based model is the most common implementation approach because of its scalability advantage.

Implementation Approaches

There are two completely different approaches to implementing a QoS-capable IP switch or server:

The Reservation Model, also known as Integrated Services/RSVP or ATM, is the original approach, requiring applications to signal their traffic handling requirements. After signaling, each switch that is in the path from source to destination reserves resources, such as bandwidth and buffer space, that either guarantee the desired QoS service or ensure that the desired service is provided. This model is not widely deployed because of scalability limitations. Each switch has to keep track of all this information for each flow. As the number of flows increases, the amount of memory and processing increases, hence limiting scalability.

The Precedence Priority Model, also known as Differentiated Services, IP Precedence TOS, or IEEE 802.1pQ, takes aggregated traffic, segregates the traffic flows into classes, and provides preferential treatment of classes. It is only during episodes of congestion that noticeable differentiated services effects are realized. Packets are marked or tagged according to priority. Switches then read these markings and treat the packets according to their priority. The interpretation of the markings must be consistent within the autonomous domain.

Functional Components High-Level Overview

"Implementation Functions" on page 95 describes the three high-level QoS components: traffic shaping, packet classification, and packet scheduling. This section describes these QoS components in further detail.

A QoS-capable device consists of the following functions:

• Admission Control accepts or rejects access to a shared resource. This is a key component for Integrated Services and ATM networks. Admission control ensures that resources are not oversubscribed. Due to this, admission control is more expensive and less scalable than other components.

• Congestion Management prioritizes and queues traffic access to a shared resource during congestion periods.

• Congestion Avoidance prevents congestion early, using preventive measures. Algorithms such as Weighted Random Early Detection (WRED) exploit TCP's congestion avoidance algorithms to reduce traffic injected into the network, preventing congestion.

• Traffic Shaping reduces the burstiness of egress network traffic by smoothing the traffic and then forwarding it out to the egress link.

• Traffic Rate Limiting controls the ingress traffic by dropping packets that exceed burst thresholds, thereby reducing device resource consumption such as buffer memory.

• Packet Scheduling schedules packets out the egress port so that differentiated services are effectively achieved.

The next section describes the modules that implement these high-level functions in more detail.

QoS Profile

The QoS Profile contains information put in by the network or systems administrator on the definition of classes of traffic flows and how these flows should be treated in terms of QoS. For example, a QoS profile might have a definition that Web traffic from the CEO should be given EF DiffServ Marking, Committed Information Rate (CIR) 1 Mbit/sec, Peak Information Rate (PIR) 5 Mbit/sec, Excess Burst Size (EBS) 100 Kbyte, and Committed Burst Size (CBS) 50 Kbyte. This profile defines the flow and level of QoS the Web traffic from the CEO should receive. This profile is compared against the actual measured traffic flow. Depending on how the actual traffic flow compares against this profile, the type of service (TOS) field of the IP header is re-marked or an internal tag is attached to the packet header, which controls how the packet is handled inside this device.

FIGURE 4-12 shows the main functional components involved in delivering prioritized differentiated services that apply to a switch or a server. These include the packet classification engine, the metering, the marker function, policing/shaping, I/P forwarding module, queuing, congestion control management, and the packet scheduling function.

Deployment of Data and Control Planes

Typically, if the example in FIGURE 4-12 were deployed on a network switch, there would be an ingress board and an egress board connected together through a backplane. It would be deployed on a server. These functions would be implemented in the network protocol stack, either in the IP module, adjacent to the IP module, or possibly on the network interface card, offering superior performance due to the ASIC/FPGA implementation.

There are two planes:

• The Data Plane operates the functional components that actually read and write the IP header.

• The Control Plane operates the functional components that control how the functional units read information from the Network Administrator, directly or indirectly.

Packet Classifier

The Packet Classifier is a functional component responsible for identifying a flow and matching it with a filter. The filter is composed of source and destination, IP address, port, protocol, and the type of service field all in the IP Header. The filter is also associated with information that describes the treatment of this packet. Aggregate ingress traffic flows are compared against these filters. Once a packet header is matched with a filter, the QoS profile is used by the meter, marker, policing, and shaping functions.

Metering

The metering function compares the actual traffic flow against the QoS profile definition. FIGURE 4-13 illustrates the different measurement points. On average, the input traffic arrives at 100 Kbyte/sec. However, for a short period of time, the switch or server allows the input flow rate to reach 200 Kbyte/sec for one second, which computes to a buffer of 200 Kbyte. For the time period of t=3 to t=5, the buffer drains at a rate of 50 Kbyte/sec as long as the input packets arrive at 50 Kbyte/sec, keeping the output constant. Another more aggressive burst arrives at the rate of 400 Kbyte/sec for 5.5 sec, filling up the 200 Kbyte buffer. From t=5.0 to 5.5, however, 50 Kbyte are drained, leaving 150 Kbyte at t=5.5 sec. This buffer drains for 1.5 sec at a rate of 100 Kbyte/sec. This example is simplified, so the real figures need to be adjusted to account for the fact that the buffer is not completely filled at t=5.5 sec because of the concurrent draining. Notice that the area under the graph, or the integral, represents the approximate number of bytes in the buffer, and bursts represent the high sloped lines above the dotted line, representing the average rate or the CIR.

Marking

Marking is tied in with metering so that when the metering function compares the actual measured traffic against the agreed QoS profile the traffic is handled appropriately. The measured traffic measures the actual burst rate and amount of packets in the buffer against the CIR, PIR, CBS, and EBS. The Two Rate Three Color (TrTCM) algorithm is a common algorithm that marks the packets green if the actual traffic is within the agreed-upon CIR. If the actual traffic is between CIR and PIR, the packets are marked yellow. Finally, if the actual metered traffic is at PIR or above, the packets are marked red. The device then uses these markings on the packet in the policing and shaping functions to determine how the packets are treated (for example, whether the packets should be dropped, shaped, or queued in a lower priority queue).

Policing and Shaping

The policing functional component uses the metering information to determine if the ingress traffic should be buffered or dropped. Shaping pumps out the packets at a constant rate, buffering packets to achieve a constant output rate. The common algorithm used here is the Token Bucket algorithm to shape the egress traffic and to police ingress traffic.

IP Forwarding Module

The IP forwarding module inspects the destination IP address and determines the next hop using the forwarding information base. The forwarding information base is a set of tables populated by routing protocols and/or static routes. The packet is then forwarded internally to the egress board, which places the packet in the appropriate queue.

Queuing

Queuing encompasses two dimensions, or functions. The first function is congestion control that controls the number of packets queued up in a particular queue (see the following section). The second function is differential services. Differential services queues are serviced by the packet scheduler in a certain manner (providing preferential treatment to preselected flows) by servicing packets in certain queues more often than others.

Congestion Control

There is a finite amount of buffer space or memory, so the number of packets that can be buffered within a queue must be controlled. The switch or server forwards packets at line rate. However, when a burst occurs, or if the switch is oversubscribed and congestion occurs, packets are buffered. There are several packet discard algorithms. The simplest is Tail Drop: Once the queue fills up, any new packets are dropped. This works well for UDP packets, but causes severe disadvantages for TCP traffic. Tail Drop causes TCP traffic in already-established flows to quickly go into congestion avoidance mode, and it exponentially drops the rate at which packets are sent. This problem is called global synchronization. It occurs when all TCP traffic simultaneously increases and decreases flow rates. What is needed is to have some of the flows slow down so that the other flows can take advantage of the freed-up buffer space. Random Early Detection (RED) is an active queue management algorithm that drops packets before buffers fill up and randomly reduces global synchronization.

FIGURE 4-14 describes the RED algorithm. Looking at line C on the far right, when the average queue occupancy goes from empty up to 75 percent full, no packets are dropped. However, as the queue grows past 75 percent, the probability that random packets are discarded quickly increases until the queue is full, where the probability reaches certainty. Weighted Random Early Detection (WRED) takes RED one step further by giving some of the packets different thresholds at which packet probabilities of discard start. As illustrated in FIGURE 4-14, Line A starts to get random packets dropped at only 25 percent average queue occupancy, making room for higher-priority flows B and C.

Packet Scheduler

The packet scheduler is one of the most important QoS functional components. The packet scheduler pulls packets from the queues and sends them out the egress port or forwards them to the adjacent STREAMS module, depending on implementation. There are several packet scheduling algorithms that service the queues in a different manner. Weighted Round-Robin (WRR) scans each queue, and depending on the weight assigned a certain queue, allows a certain number of packets to be pulled from the queue and sent out. The weights represent a certain percentage of the bandwidth. In actual practice, unpredictable delays are still experienced because a large packet at the front of the queue can hold up smaller-sized packets behind it. Weight Fair Queuing (WFQ) is a more sophisticated packet scheduling algorithm that computes the time the packet arrives and the time to actually send out the entire packet. WFQ is then able to handle varying-sized packets and optimally select packets for scheduling. WFQ conserves work, meaning that no packets wait idly when the scheduler is free. WFQ can also put a bound on the delay, as long as the input flows are policed and the lengths of the queues are bound. In Class-Based Queuing (CBQ), used in many commercial products, each queue is associated with a class, where higher classes are assigned a higher weight translating to relatively more service time from the scheduler than the lower-priority queues.

Competitive product offerings by Packeteer and Allot offer hardware solutions that sit between the clients and servers. These products offer pure QoS solutions, but they use the term policy as a specific QoS rule. These products are limited in their flexibility and integration with policy servers.