You are previewing End-to-End QoS Network Design.
O'Reilly logo
End-to-End QoS Network Design

Book Description

Best-practice QoS designs for protecting voice, video, and critical data while mitigating network denial-of-service attacks

  • Understand the service-level requirements of voice, video, and data applications

  • Examine strategic QoS best practices, including Scavenger-class QoS tactics for DoS/worm mitigation

  • Learn about QoS tools and the various interdependencies and caveats of these tools that can impact design considerations

  • Learn how to protect voice, video, and data traffic using various QoS mechanisms

  • Evaluate design recommendations for protecting voice, video, and multiple classes of data while mitigating DoS/worm attacks for the following network infrastructure architectures: campus LAN, private WAN, MPLS VPN, and IPSec VPN

  • Quality of Service (QoS) has already proven itself as the enabling technology for the convergence of voice, video, and data networks. As business needs evolve, so do the demands for QoS. The need to protect critical applications via QoS mechanisms in business networks has escalated over the past few years, primarily due to the increased frequency and sophistication of denial-of-service (DoS) and worm attacks.

    End-to-End QoS Network Design is a detailed handbook for planning and deploying QoS solutions to address current business needs. This book goes beyond discussing available QoS technologies and considers detailed design examples that illustrate where, when, and how to deploy various QoS features to provide validated and tested solutions for voice, video, and critical data over the LAN, WAN, and VPN.

    The book starts with a brief background of network infrastructure evolution and the subsequent need for QoS. It then goes on to cover the various QoS features and tools currently available and comments on their evolution and direction. The QoS requirements of voice, interactive and streaming video, and multiple classes of data applications are presented, along with an overview of the nature and effects of various types of DoS and worm attacks. QoS best-practice design principles are introduced to show how QoS mechanisms can be strategically deployed end-to-end to address application requirements while mitigating network attacks. The next section focuses on how these strategic design principles are applied to campus LAN QoS design. Considerations and detailed design recommendations specific to the access, distribution, and core layers of an enterprise campus network are presented. Private WAN QoS design is discussed in the following section, where WAN-specific considerations and detailed QoS designs are presented for leased-lines, Frame Relay, ATM, ATM-to-FR Service Interworking, and ISDN networks. Branch-specific designs include Cisco® SAFE recommendations for using Network-Based Application Recognition (NBAR) for known-worm identification and policing. The final section covers Layer 3 VPN QoS design-for both MPLS and IPSec VPNs. As businesses are migrating to VPNs to meet their wide-area networking needs at lower costs, considerations specific to these topologies are required to be reflected in their customer-edge QoS designs. MPLS VPN QoS design is examined from both the enterprise and service provider's perspectives. Additionally, IPSec VPN QoS designs cover site-to-site and teleworker contexts.

    Whether you are looking for an introduction to QoS principles and practices or a QoS planning and deployment guide, this book provides you with the expert advice you need to design and implement comprehensive QoS solutions.

    Table of Contents

    1. Copyright
      1. Dedications
    2. About the Authors
      1. About the Technical Editors
    3. Acknowledgments
    4. Icons Used in This Book
    5. Command Syntax Conventions
    6. Introduction
      1. Who Should Read This Book?
      2. Goals and Methods
      3. How This Book Is Organized
    7. I. Introduction to QoS
      1. 1. Introduction to QoS
        1. A Brief Historical Perspective
        2. QoS Evolution
        3. User Network Expectations
          1. End User
          2. Information Technologies Management
        4. Understanding QoS
          1. End-to-End QoS
          2. All Packets Are (Not) Equal
          3. The Challenges of Converged Networks
        5. QoS Models
          1. IntServ Overview
          2. DiffServ Overview
        6. Introduction to the QoS Toolset
        7. Simplifying QoS
          1. Modular QoS Command-Line Interface
          2. QoS Baseline
          3. Default Behavior
          4. Cross-Platform Feature Consistency
          5. Automatic QoS
        8. If I Have AutoQoS, Why Should I Be Reading This Book?
        9. The Continuing Evolution of QoS
        10. Summary
        11. Further Reading
          1. General
          2. IntServ
          3. DiffServ
          4. AutoQoS
      2. 2. QoS Design Overview
        1. QoS Requirements of VoIP
          1. Voice (Bearer Traffic)
            1. Loss
            2. Latency
            3. Jitter
          2. Call-Signaling Traffic
        2. QoS Requirements of Video
          1. Interactive-Video
          2. Streaming-Video
        3. QoS Requirements of Data
          1. Best-Effort Data
          2. Bulk Data
          3. Transactional Data/Interactive Data
          4. Locally Defined Mission-Critical Data
          5. DLSw+ Considerations
        4. QoS Requirements of the Control Plane
          1. IP Routing
          2. Network-Management
        5. Scavenger Class
        6. DoS and Worm Mitigation Strategy Through Scavenger Class QoS
        7. Principles of QoS Design
          1. General QoS Design Principles
          2. Classification and Marking Principles
          3. Policing and Markdown Principles
          4. Queuing and Dropping Principles
          5. DoS and Worm Mitigation Principles
          6. Deployment Principles
        8. Summary
        9. Further Reading
    8. II. QoS Toolset
      1. 3. Classification and Marking Tools
        1. Classification Tools
          1. Modular QoS Command-Line Interface Class Maps
          2. Network-Based Application Recognition
            1. NBAR Protocol Classification
            2. NBAR RTP Payload Classification
        2. Marking Tools
          1. Class-Based Marking
          2. Class-Based Policing
          3. Committed Access Rate
          4. Policy-Based Routing
          5. Voice Gateway Packet Marking
          6. Layer 2 Marking Fields
            1. Ethernet 802.1Q/p
            2. Ethernet 802.1Q Tunnels
            3. Frame-Relay Discard Eligible Bit
            4. ATM Cell-Loss Priority Bit
            5. MPLS Experimental Bits
          7. Layer 3 Marking Fields
            1. IP Type of Service and IP Precedence
            2. Differentiated Services Code Points
            3. Layer 3 Tunnel Marking Tools
              1. QoS Preclassify
              2. ToS Reflection
              3. Independent Header-Packet Marking
          8. Translating Layer 2 and Layer 3 Packet Markings
            1. 802.1Q/p to and from DSCP
            2. DSCP to Frame Relay DE Bit
            3. DSCP to ATM CLP Bit
            4. DSCP to MPLS EXP Bits
            5. IP Precedence to ATM/Frame Relay PVCs (PVC Bundling)
            6. Table Map Feature
        3. Summary
        4. Further Reading
          1. General
          2. DiffServ
          3. L2 Protocol Tunneling
          4. VPN
          5. NBAR
          6. MPLS
          7. IP—ATM/Frame Relay Bundles
          8. Level 2 to Level 3 Packet-Marking Translation
      2. 4. Policing and Shaping Tools
        1. Token Bucket Algorithms
        2. Policers
          1. Policers as Markers
          2. Committed Access Rate
          3. Class-Based Policing
            1. Class-Based Policing Benefits
            2. Single-Rate Three-Color Marker/Policer
            3. Two-Rate Three-Color Marker/Policer
            4. Hierarchical Policing
            5. Multiaction Policing
            6. Color-Aware Policing
            7. Percentage-Based Policing
            8. Defaults
        3. Shapers
          1. Shaping Algorithms
          2. Shaping on ATM and Frame Relay Networks
            1. ATM Traffic Contracts
            2. Frame Relay Traffic Shaping
            3. Class-Based Frame Relay Traffic Shaping
            4. Frame Relay Voice-Adaptive Traffic Shaping
          3. Generic Traffic Shaping
          4. Class-Based Shaping
            1. Hierarchical Class-Based Shaping
            2. Percentage-Based Shaping
            3. Distributed Traffic Shaping
        4. Further Reading
          1. DiffServ Policing Standards
          2. Policing
          3. ATM PVC Traffic Parameters
          4. Frame Relay Traffic Shaping
          5. Traffic Shaping
      3. 5. Congestion-Management Tools
        1. Understanding Scheduling and Queuing
        2. Legacy Layer 3 Queuing Mechanisms
          1. Priority Queuing
          2. Custom Queuing
          3. Weighted Fair Queuing
          4. IP RTP Priority Queuing
        3. Currently Recommended Layer 3 Queuing Mechanisms
          1. Class-Based Weighted Fair Queuing
          2. Low-Latency Queuing
            1. LLQ Operation
            2. LLQ Policing
            3. Bandwidth Provisioning
            4. LLQ and IPSec
            5. LLQ and cRTP
            6. LLQ and LFI
            7. LLQ and ATM PVC Bundles
            8. LLQ and MLP/Frame Relay Bundles
            9. LLQ and VoFR
        4. Layer 2 Queuing Tools
          1. Frame Relay Dual-FIFO
          2. PVC Interface Priority Queuing
        5. Tx-ring
        6. PAK_priority
        7. Summary
        8. Further Reading
          1. Layer 3 Queuing
          2. Layer 2 Queuing
          3. Tx-ring
          4. PAK_priority
      4. 6. Congestion-Avoidance Tools
        1. Random Early Detection
        2. Weighted Random Early Detection
        3. DSCP-Based Weighted Random Early Detection
        4. Explicit Congestion Notification
        5. Summary
        6. Further Reading
          1. DiffServ Standards Relating to WRED
          2. Cisco IOS WRED Documentation
      5. 7. Link-Specific Tools
        1. Header-Compression Techniques
          1. Related Standards
          2. TCP Header Compression
          3. RTP Header Compression
          4. Compression Formats
            1. Cisco Proprietary Format
            2. IP Header Compression Format
            3. IETF Format
          5. Layer 2 Encapsulation Protocol Support
            1. HDLC
            2. PPP
            3. ATM
            4. Frame Relay
            5. Frame Relay and ATM Service Interworking
          6. Summary of cRTP Formats and Protocol Encapsulations
          7. Class-Based Header Compression
          8. Advanced Topics on cRTP
            1. Tunnels
            2. RSVP
            3. LLQ, Policing, and Shaping
            4. Hardware Compression
            5. Performance
        2. Link Fragmentation and Interleaving
          1. Fragment Sizes
          2. Multilink PPP LFI
            1. Multiclass Multilink PPP
          3. Frame-Relay Fragmentation
            1. Which PVCs to Fragment
            2. The Rate That Governs Fragmentation
            3. FRF.11.1 and FRF.12 Fragmentation
          4. LFI for Frame Relay/ATM Service Interworking
          5. IPSec Prefragmentation
        3. Summary
        4. Further Reading
          1. General
          2. IETF Standards
          3. Frame Relay Forum Standards
          4. Header Compression
          5. Link Fragmentation and Interleaving
      6. 8. Bandwidth Reservation
        1. RSVP Overview
          1. RSVP Service Types
            1. Controlled Load
            2. Guaranteed Load
          2. Admission Control
          3. RSVP and LLQ
        2. MPLS Traffic Engineering
        3. Scalability
        4. RSVP-DiffServ Integration
        5. Endpoints and Proxies
        6. Summary
        7. Further Reading
          1. Standards
          2. Cisco IOS Documentation
      7. 9. Call Admission Control (CAC)
        1. CAC Overview
        2. CAC Defined
        3. CAC Tool Categories
          1. Local CAC Tools
          2. Measurement-Based CAC Tools
          3. Resource-Based CAC Tools
        4. CallManager Locations CAC
        5. Gatekeeper CAC
        6. RSVP
          1. Example of VoIP CAC Through RSVP
        7. Summary
        8. Further Reading
          1. General
          2. Cisco IOS Documentation
      8. 10. Catalyst QoS Tools
        1. Generic Catalyst QoS Models
          1. Classification, Marking, and Mapping
          2. Policing and Markdown
          3. Queuing and Dropping
        2. Catalyst 2950
          1. Catalyst 2950 Classification, Marking, and Mapping
          2. Catalyst 2950 Policing and Markdown
          3. Catalyst 2950 Queuing
        3. Catalyst 3550
          1. Catalyst 3550 Classification, Marking, and Mapping
          2. Catalyst 3550 Policing and Markdown
          3. Catalyst 3550 Queuing and Dropping
        4. Catalyst 2970, 3650, and 3750
          1. Catalyst 2970/3560/3750 Classification, Marking, and Mapping
          2. Catalyst 2970/3560/3750 Policing and Markdown
          3. Catalyst 2970/3560/3750 Queuing and Dropping
        5. Catalyst 4500
          1. Catalyst 4500 Classification, Marking, and Mapping
          2. Catalyst 4500 Policing and Markdown
          3. Catalyst 4500 Queuing and Dropping
        6. Catalyst 6500
          1. Catalyst 6500 Classification, Marking, and Mapping
          2. Catalyst 6500 Policing and Markdown
          3. Catalyst 6500 Queuing and Dropping
        7. Summary
        8. Further Reading
      9. 11. WLAN QoS Tools
        1. QoS for Wireless LANs Versus QoS on Wired LANs
        2. Upstream Versus Downstream QoS
        3. IEEE 802.11 DCF
          1. Interframe Spaces
            1. SIFS
            2. PIFS
            3. DIFS
          2. Random Backoffs/Contention Windows
            1. CWmin, CWmax, and Retries
        4. IEEE 802.11e EDCF
          1. QoS Basic Service Set Information Element
        5. IEEE 802.1D Classes of Service
        6. QoS Operation on Cisco APs
        7. Configuring QoS on Cisco APs
        8. Summary
        9. Further Reading
    9. III. LAN QoS Design
      1. 12. Campus QoS Design
        1. DoS/Worm-Mitigation Strategies
          1. Scavenger-Class QoS Operation
        2. Call-Signaling TCP/UDP Ports in Use
        3. Access-Edge Trust Models
          1. Trusted Endpoint Models
          2. Untrusted Endpoint Models
            1. Untrusted PC with SoftPhone Model
            2. Untrusted Server Model
          3. Conditionally Trusted Endpoint(s) Models
            1. Conditionally Trusted IP Phone + PC: Basic Model
            2. Conditionally Trusted IP Phone + PC: Advanced Model
        4. Catalyst 2950 QoS Considerations and Design
          1. Catalyst 2950: Trusted Endpoint Model
            1. Catalyst MLS QoS Verification Command: show mls qos interface
          2. Catalyst 2950: Untrusted PC with SoftPhone Model
          3. Catalyst 2950: Untrusted Server Model
            1. Catalyst MLS QoS Verification Command: show mls qos interface policers
            2. Catalyst MLS QoS Verification Commands: show class-map and show policy-map
            3. Catalyst MLS QoS Verification Command: show mls masks qos
          4. Catalyst 2950: Conditionally Trusted IP Phone + PC: Basic Model
            1. Catalyst MLS QoS Verification Command: show mls qos map [cos-dscp | dscp-cos]
          5. Catalyst 2950: Conditionally Trusted IP Phone + PC: Advanced Model
          6. Catalyst 2950: Queuing
            1. Catalyst MLS QoS Verification Command: show wrr-queue bandwidth
            2. Catalyst MLS QoS Verification Command: show wrr-queue cos-map
        5. Catalyst 3550 QoS Considerations and Design
          1. Catalyst 3550: Trusted Endpoint Model
          2. Catalyst 3550: Untrusted PC with SoftPhone Model
            1. Catalyst MLS QoS Verification Command: show mls qos interface statistics
            2. Catalyst MLS QoS Verification Command: show policy interface
          3. Catalyst 3550: Untrusted Server Model
          4. Catalyst 3550: Conditionally Trusted IP Phone + PC: Basic Model
          5. Catalyst 3550: Conditionally Trusted IP Phone + PC: Advanced Model
          6. Catalyst 3550: Queuing and Dropping
            1. Catalyst MLS QoS Verification Command: show mls qos interface buffers
            2. Catalyst MLS QoS Verification Command: show mls qos interface queueing
        6. Catalyst 2970/3560/3750 QoS Considerations and Design
          1. Catalyst 2970/3560/3750: Trusted Endpoint Model
          2. Catalyst 2970/3560/3750: Untrusted PC with SoftPhone Model
          3. Catalyst 2970/3560/3750: Untrusted Server Model
          4. Catalyst 2970/3560/3750: Conditionally Trusted IP Phone + PC: Basic Model
          5. Catalyst 2970/3560/3750: Conditionally Trusted IP Phone + PC: Advanced Model
          6. Catalyst 2970/3560/3750: Queuing and Dropping
            1. Catalyst MLS QoS Verification Command: show mls qos queue-set
            2. Catalyst MLS QoS Verification Command: show mls qos maps cos-output-q
            3. Catalyst MLS QoS Verification Command: show mls qos maps dscp-output-q
        7. Catalyst 4500-SupII+/III/IV/V QoS Considerations and Design
          1. Catalyst 4500: Trusted Endpoint Model
          2. Catalyst 4500: Untrusted PC with SoftPhone Model
          3. Catalyst 4500: Untrusted Server Model
          4. Catalyst 4500: Conditionally Trusted IP Phone + PC: Basic Model
          5. Catalyst 4500: Conditionally Trusted IP Phone + PC: Advanced Model
          6. Catalyst 4500: Queuing
            1. Catalyst 4500 QoS Verification Command: show qos dbl
            2. Catalyst 4500 QoS Verification Command: show qos maps dscp tx-queue
            3. Catalyst 4500 QoS Verification Command: show qos interface
        8. Catalyst 6500 QoS Considerations and Design
          1. Catalyst 6500: CatOS Defaults and Recommendations
          2. Catalyst 6500: Trusted Endpoint Model
            1. Catalyst 6500 CatOS QoS Verification Command: show port qos
          3. Catalyst 6500: Untrusted PC with SoftPhone Model
            1. Catalyst 6500 CatOS QoS Verification Command: show qos maps
            2. Catalyst 6500 CatOS QoS Verification Command: show qos acl
            3. Catalyst 6500 CatOS QoS Verification Command: show qos policer
            4. Catalyst 6500 CatOS QoS Verification Command: show qos statistics
          4. Catalyst 6500: Untrusted Server Model
          5. Catalyst 6500: Conditionally Trusted IP Phone + PC: Basic Model
          6. Catalyst 6500: Conditionally Trusted IP Phone + PC: Advanced Model
          7. Catalyst 6500: Queuing and Dropping
            1. Catalyst 6500: 2Q2T Queuing and Dropping
            2. Catalyst 6500 CatOS QoS Verification Command: show qos info config 2q2t tx
            3. Catalyst 6500 CatOS QoS Verification Command: show qos info runtime
            4. Catalyst 6500 IOS QoS Verification Command: show queueing interface
            5. Catalyst 6500: 1P2Q1T Queuing and Dropping
            6. Catalyst 6500: 1P2Q2T Queuing and Dropping
            7. Catalyst 6500: 1P3Q1T Queuing and Dropping
            8. Catalyst 6500: 1P3Q8T Queuing and Dropping
            9. Catalyst 6500: 1P7Q8T Queuing and Dropping
          8. Catalyst 6500: PFC3 Distribution-Layer (Cisco IOS) Per-User Microflow Policing
        9. WAN Aggregator/Branch Router Handoff Considerations
        10. Case Study: Campus QoS Design
        11. Summary
        12. Further Reading
    10. IV. WAN QoS Design
      1. 13. WAN Aggregator QoS Design
        1. Where Is QoS Needed over the WAN?
        2. WAN Edge QoS Design Considerations
          1. Software QoS
          2. Bandwidth Provisioning for Best-Effort Traffic
          3. Bandwidth Provisioning for Real-Time Traffic
          4. Serialization
          5. IP RTP Header Compression
          6. Tx-ring Tuning
          7. PAK_priority
          8. Link Speeds
          9. Distributed Platform QoS and Consistent QoS Behavior
        3. WAN Edge Classification and Provisioning Models
          1. Slow/Medium Link-Speed QoS Class Models
            1. Three-Class (Voice and Data) Model
              1. Verification Command: show policy
          2. High Link Speed QoS Class Models
            1. Eight-Class Model
            2. QoS Baseline (11-Class) Model
            3. Distributed-Platform/Consistent QoS Behavior—QoS Baseline Model
        4. WAN Edge Link-Specific QoS Design
          1. Leased Lines
            1. Slow-Speed (≤ 768 kbps) Leased Lines
              1. Verification Command: show interface
              2. Verification Command: show policy interface (Three-Class Policy)
            2. Medium-Speed (≤ T1/E1) Leased Lines
            3. High-Speed (Multiple T1/E1 or Greater) Leased Lines
              1. Verification Command: show policy interface (QoS Baseline Policy)
              2. Verification Command: show ppp multilink
          2. Frame Relay
            1. Committed Information Rate
            2. Committed Burst Rate
            3. Excess Burst Rate
            4. Minimum Committed Information Rate
            5. Slow-Speed (≤ 768 kbps) Frame Relay Links
              1. Verification Command: show frame-relay fragment
            6. Medium-Speed (≤ T1/E1) Frame Relay Links
            7. High-Speed (Multiple T1/E1 and Greater) Frame Relay Links
            8. Distributed Platform Frame Relay Links
          3. ATM
            1. Slow-Speed (≤ 768 kbps) ATM Links: MLPoATM
              1. Verification Command: show atm pvc
            2. Slow-Speed (≤ 768 kbps) ATM Links: ATM PVC Bundles
              1. Verification Command: show atm vc
              2. Verification Command: show atm bundle
            3. Medium-Speed (≤ T1/E1) ATM Links
            4. High-Speed (Multiple T1/E1) ATM Links
              1. Verification Command: show ima interface atm
            5. Very-High-Speed (DS3-OC3+) ATM Links
          4. ATM-to-Frame Relay Service Interworking
            1. Slow-Speed (≤ 768 kbps) ATM-FR SIW Links
          5. ISDN
            1. Variable Bandwidth
            2. MLP Packet Reordering Considerations
            3. CallManager CAC Limitations
            4. Voice and Data on Multiple ISDN B Channels
        5. Case Study: WAN Aggregation Router QoS Design
        6. Summary
        7. Further Reading
      2. 14. Branch Router QoS Design
        1. Branch WAN Edge QoS Design
          1. Unidirectional Applications
            1. Branch Router WAN Edge (10-Class) QoS Baseline Model
        2. Branch Router LAN Edge QoS Design
          1. DSCP-to-CoS Remapping
          2. Branch-to-Campus Classification and Marking
            1. Source or Destination IP Address Classification
            2. Verification Command: show ip access-list
            3. Well-Known TCP/UDP Port Classification
            4. NBAR Application Classification
            5. Verification Command: show ip nbar port-map
          3. NBAR Known-Worm Classification and Policing
            1. NBAR Versus Code Red
            2. NBAR Versus NIMDA
            3. NBAR Versus SQL Slammer
            4. NBAR Versus RPC DCOM/W32/MS Blaster
            5. NBAR Versus Sasser
            6. NBAR Versus Future Worms
            7. Policing Known Worms
        3. Case Study: Branch Router QoS Design
        4. Summary
        5. Further Reading
    11. V. VPN QoS Design
      1. 15. MPLS VPN QoS Design
        1. Where Is QoS Needed over an MPLS VPN?
        2. Customer Edge QoS Design Considerations
          1. Layer 2 Access (Link-Specific) QoS Design
          2. Service-Provider Service-Level Agreements
          3. Enterprise-to-Service Provider Mapping Models
            1. Voice and Video
            2. Call-Signaling
            3. Mixing TCP with UDP
            4. Marking and Re-Marking
            5. Three-Class Provider-Edge Model: CE Design
            6. Four-Class Provider-Edge Model: CE Design
            7. Five-Class Provider-Edge Model: CE Design
        3. Provider-Edge QoS Considerations
          1. Service Provider-to-Enterprise Models
            1. Three-Class Provider-Edge Model: PE Design
            2. Four-Class Provider-Edge Model: PE Design
            3. Five-Class Provider-Edge Model: PE Design
          2. MPLS DiffServ Tunneling Modes
            1. Uniform Mode
            2. Short Pipe Mode
            3. Pipe Mode
              1. Pipe Mode with an Explicit Null LSP
        4. Core QoS Considerations
          1. Aggregate Bandwidth Overprovisioning
          2. DiffServ in the Backbone
            1. Three-Class Provider-Core Model: PE-to-P or P-to-P Design
            2. Platform-Specific Considerations—Cisco 12000 GSR MDRR Example
          3. MPLS Traffic Engineering
            1. Basic MPLS TE
            2. MPLS Per-VPN TE
              1. Verification Command: show ip rsvp interface
              2. Verification Command: show ip rsvp neighbor
              3. Verification Command: show mpls interface
              4. Verification Command: show mpls traffic-eng tunnels summary
              5. Verification Command: show mpls traffic-eng tunnels
              6. Verification Command: ping vrf with show interface tunnel
            3. MPLS DS-TE
              1. Verification Command: show mpls traffic-eng topology
              2. Verification Command: show ip bgp vpnv4 all
        5. Case Study: MPLS VPN QoS Design (CE/PE/P Routers)
        6. Summary
        7. Further Reading
      2. 16. IPSec VPN QoS Design
        1. Site-to-Site V3PN QoS Considerations
          1. IPSec VPN Modes of Operation
            1. IPSec Tunnel Mode (No IP GRE Tunnel)
            2. IPSec Transport Mode (Encrypting an IP GRE Tunnel)
            3. IPSec Tunnel Mode (Encrypting an IP GRE Tunnel)
          2. Packet Overhead Increases
          3. cRTP and IPSec Incompatibility
          4. Prefragmentation
          5. Bandwidth Provisioning
          6. Logical Topologies
          7. Delay Budget Increases
          8. ToS Byte Preservation
          9. QoS Pre-Classify
          10. Pre-Encryption Queuing
          11. Anti-Replay Implications
          12. Control Plane Provisioning
        2. Site-to-Site V3PN QoS Designs
          1. Six-Class Site-to-Site V3PN Model
          2. Eight-Class Site-to-Site V3PN Model
          3. QoS Baseline (11-Class) Site-to-Site V3PN Model
        3. Headend VPN Edge QoS Options for Site-to-Site V3PNs
        4. Teleworker V3PN QoS Considerations
          1. Teleworker Deployment Models
            1. Integrated Unit Model
            2. Dual-Unit Model
            3. Integrated Unit + Access Model
          2. Broadband-Access Technologies
            1. Digital Subscriber Line
            2. Cable
          3. Bandwidth Provisioning
            1. NAT Transparency Feature Overhead
            2. DSL (AAL5 + PPPoE) Overhead
            3. Cable Overhead
          4. Asymmetric Links and Unidirectional QoS
          5. Broadband Serialization Mitigation Through TCP Maximum Segment Size Tuning
          6. Split Tunneling
        5. Teleworker V3PN QoS Designs
          1. Integrated Unit/Dual-Unit Models—DSL Design
          2. Integrated Unit + Access Model—DSL/Cable Designs
        6. Case Study: IPSec VPN QoS Design
        7. Summary
        8. Further Reading
      3. QoS “At-A-Glance” Summaries