You are here
Cisco Wireless LAN Controller QoS, 802.1p, WMM and AVC
Submitted by admin on Thu, 05/02/2013 - 00:00
Quality of Service (QoS), in general, is probably one of the most difficult topics to digest. Combing QoS with wireless makes it even more confusing. Without good documentations, ones can easily find themselves lost in translation.
In this article, we will look at QoS settings on Cisco Wireless LAN Controller (WLC), specifically regarding packet marking in central switching mode, and try to understand relationships among 802.1p, 802.11e, WMM, and AVC, through lab experiments. Wireshark will be heavily used in this lab to provide insight to packet headers.
Background
When it comes to QoS on WLC, the WLC needs to make sure that all packets receive end-to-end QoS treatment. This is achieved by translating 802.1p, if originated from wired, or 802.11e, if originated from wireless, COS value to corresponding DSCP value on the LWAPP/CAPWAP IP header as the packets get encapsulated and sent between an access-point and controller. Obviously, the wired network also needs to be configured to support and trust marking coming from the access-point and controller with appropriate queuing policies along the path for QoS to be effective.
Traditionally, WLC only deals with QoS marking on the outer IP header as the LWAPP/CAPWAP encapsulation is imposed, and never change DSCP value on the original IP header. With introduction of Application Visibility and Control (AVC) in version 7.4, you are able to drop or mark (or re-mark) packets original DSCP value based on type of protocol/application as the packets pass through the WLC.
Here is a list of equipment used in our testing.
- Cisco WLC2504 version 7.4.100
- Cisco Catalyst 3750 Switch
- Apple iPhone (for Non-WMM Client)
- Cisco 7921 Wireless Phone (for WMM Client)
- Cisco 7961 Wired Phone
- Windows 7 Laptop (Wired Device)
- Wireshark Installed on a Laptop
- Access to Internet
Note: Non-WMM client in this article refers to a wireless device, or application on a wireless device that is not capable of natively tagging packets with 802.11e value.
Preparation
The WLC is configured with an Open SSID and the following QoS and AVC Profiles.
|
Figure 1. Wireless > QoS > Profiles > Platinum
 |
Figure 2. Wireless > QoS > Profiles > Silver
 |
Figure 3. Wireless > Application Visibility and Control > AVC Profiles > CORP_APP
We will analyze packets in two separate directions: Upstream (from wireless device to wired) and Downstream (from wired to wireless device). All packets are captured at a switchport connected to the WLC to observe both CAPWAP encapsulated and decapsulated packets for comparison. WLAN settings described in each scenario refers specifically to configuration under WLAN > SSID > QoS.
Below is the QoS mapping table that we will use as a reference throughout this article.
Table 1.QoS Mapping Table
Scenario 1 - WMM Client with Platinum QoS
Here we use the Cisco 7921 wireless phone (WMM Client) to call the Cisco 7961 phone. These should be common settings for Voice over Wireless.
WLAN Settings
- QoS = Platinum
- AVC Profile = None
- WMM = Allowed
Figure 4. Upstream CAPWAP Encapsulated Skinny Packet (entering WLC)
Figure 5. Upstream CAPWAP Decapsulated Skinny Packet (leaving WLC)
Figure 6. Upstream CAPWAP Encapsulated RTP Packet (entering WLC)
Figure 7. Upstream CAPWAP Decapsulated RTP Packet (leaving WLC)
Observations
- 802.11e values (4 for Skinny, 6 for RTP) are translated to the corresponding DSCP values (AF31 for Skinny, EF for RTP) on the CAPWAP IP header (refer to Table 1). Note that the original IP header from the wireless phones also contains DSCP marking (CS3 for Skinny, EF for RTP) (see Figure 4 and 6).
- The DSCP value on the original IP header is preserved as the packet is decapsulated by the WLC (see Figure 6 and 7).
Fact #1 WLC translates 802.11e to DSCP value on CAPWAP header as long as it does not exceed the QoS level of the SSID, while leaving the DSCP on original IP header intact.
Scenario 2 - WMM Client with Platinum QoS, and AVC Profile
Here we use the Cisco 7921 wireless phone (WMM Client) to call the Cisco 7961 phone. We will attempt to use AVC to re-mark DSCP value on Skinny packets to EF.
WLAN Settings
- QoS = Platinum
- AVC Profile = CORP_APP (see Figure 3)
- WMM = Allowed
Figure 8. Upstream CAPWAP Encapsulated Skinny Packet (entering WLC)
Figure 9. Upstream CAPWAP Decapsulated Skinny Packet (leaving WLC)
Figure 10. Upstream AVC Statistics
Figure 11. Downstream CAPWAP Encapsulated Skinny Packet (entering WLC)
Figure 12. Downstream CAPWAP Decapsulated Skinny Packet (leaving WLC)
Figure 13. Downstream AVC Statistics
Observations
- Upstream packet enters WLC with DSCP of CS3 on the original IP header (Figure 8), and leaves with DSCP of EF as it is re-marked by our AVC profile (Figure 9).
- Downstream packet enters WLC with DSCP of 0 (Figure 11), and leaves with DSCP of EF on both CAPWAP and original IP headers (Figure 12).
- Client AVC statistics confirm Skinny packets being marked for both upstream and downstream (Figure 10 and 13)
Fact #2 AVC profile is applied to packets in both directions. For downstream packet, the new DSCP value is also translated to CAPWAP header.
Scenario 3 - WMM Client with Silver QoS
Here we use the Cisco 7921 wireless phone (WMM Client) to call the Cisco 7961 phone. We will observe the ramification of setting QoS level on the SSID to be lower than those on packets.
WLAN Settings
- QoS = Silver
- AVC Profile = None
- WMM = Allowed
Figure 14. CAPWAP Encapsulated Skinny Packet (entering WLC)
Figure 15. CAPWAP Decapsulated Skinny Packet (leaving WLC)
Figure 16. CAPWAP Encapsulated RTP Packet (entering WLC)
Figure 17. CAPWAP Decapsulated RTP Packet (leaving WLC)
Observations
- Both Skinny and RTP packets carry 802.11e value that exceed the QoS setting on the SSID (Silver = 3). This caused them to be marked down to AF21 (Figure 14 and 16).
- DSCP value on the original IP header is left intact (Figure 15 and 17).
Fact #3 WLC still does not modify DSCP value on the original IP header even though DSCP value on the CAPWAP header is marked down due to lower QoS setting on the SSID
Scenario 4 - Non-WMM Client with Platinum QoS, and AVC Profile
Here we use a web browser on the iPhone (Non-WMM) to access internet. We use the web browser as an example of an application that is incapable to marking packet with 802.11e.
WLAN Settings
- QoS = Platinum
- AVC Profile = CORP_APP (see Figure 3)
- WMM = Allowed
Figure 18. Upstream CAPWAP Encapsulated HTTP Packet (entering WLC)
Figure 19. Upstream CAPWAP Decapsulated HTTP Packet (leaving WLC)
Figure 20. Upstream AVC Statistics
Figure 21. Downstream CAPWAP Encapsulated HTTP Packet (entering WLC)
Figure 22. Downstream CAPWAP Decapsulated HTTP Packet (leaving WLC)
Figure 23. Downstream AVC Statistics
Observation
- Packet from the iPhone is not marked with DSCP value on neither CAPWAP nor original IP headers (Figure 18).
- Once the packet passes through the WLC for both upstream and downstream, AVC marks the packet with DSCP of AF11 as defined in the AVC profile (Figure 19 and 22).
- Client AVC statistics confirm HTTP packets being marked for both upstream and downstream (Figure 20 and 23)
Fact #4 When packets are not natively marked, AVC can be used to mark packets with an appropriate DSCP value so the packets leaving the WLC can receive proper QoS treatment.
Scenario 5 - Non-WMM Client with Platinum QoS, AVC Profile, and WMM Disabled
Here we use a web browser on the iPhone (Non-WMM) to access internet. In the previous scenario, CAPWAP header from AP to WLC did not carry DSCP value (Figure 18). In this scenario, we will attempt to fix that.
WLAN Settings
- QoS = Platinum
- AVC Profile = CORP_APP (see Figure 3)
- WMM = Disabled
Figure 24. Upstream CAPWAP Encapsulated HTTP Packet (entering WLC)
Figure 25. Upstream CAPWAP Decapsulated HTTP Packet (leaving WLC)
Figure 26. Downstream CAPWAP Encapsulated HTTP Packet (entering WLC)
Figure 27. Downstream CAPWAP Decapsulated HTTP Packet (leaving WLC)
Observations
- Upstream packet CAPWAP header is now marked with DSCP of EF, while DSCP value on the original IP header remains 0 (Figure 24).
- Once the packet passes through the WLC for both upstream and downstream, the packet is no longer marked, and the DSCP value on both CAPWAP and original IP header remain 0 (Figure 25 and 27).
Fact #5 Disabling WMM on an SSID allows packets from AP to WLC to be marked with a DSCP value on CAPWAP header according to the QoS setting on the SSID. This, however, also disables packet marking performed by AVC.
Scenario 6 - Wired 802.1p with Platinum QoS
Here we use the wired test laptop to ping the iPhone. The switch has been configured to mark all packets from the laptop with DSCP of EF. We will observe how 802.1p setting in the QoS profile effect downstream packets.
WLAN Settings
- QoS = Platinum with 802.1p (see Figure 1)
- AVC Profile = None
- WMM = Allowed
Figure 28. Downstream ICMP Request Packet from Laptop (entering WLC)
Figure 29. Downstream CAPWAP Encapsulated ICMP Request Packet (leaving WLC)
Observations
- Packet from the laptop contains DSCP of EF as it was marked by the switch (Figure 28).
- 802.1p value of 5, as placed on the 802.1q header by the switch, is translated to the corresponding DSCP of EF (refer Table 1) and inserted into CAPWAP header by the WLC (Figure 29).
Fact #6 WLC translates incoming 802.1p value on a packet to the corresponding DSCP value for the CAPWAP header as long as it does not exceed 802.1p value defined under the QoS profile of the SSID.
Scenario 7 - Wired 802.1p with Silver QoS
Here we continue our testing from scenario 6. We will lower the QoS to Silver, and observe ramification of setting the QoS level to be lower than the 802.1p value on incoming packets.
WLAN Settings
- QoS = Silver
- AVC Profile = None
- WMM = Allowed
Figure 30. Downstream ICMP Request Packet from Laptop (entering WLC)
Figure 31. Downstream CAPWAP Encapsulated ICMP Request Packet (leaving WLC)
Observations
- Packet from the laptop contains DSCP of EF as it was marked by the switch (Figure 30).
- The translated DSCP value in CAPWAP header has been marked down from 802.1p value of 5 to 3 as defined under the Silver QoS profile, and hence DSCP of AF31 (refer Table 1).
Fact #7 When the 802.1p value of a packet entering WLC exceeds 802.1p value defined under the QoS profile, the WLC uses the value on the profile to translate to DSCP for CAPWAP header.
Here are some quick recaps of what we have learnt from our testings.
- DSCP value on the original IP header is always left intact unless being re-marked by AVC
- QoS setting on a SSID defines the highest QoS level from 802.1p (wired) and 802.11e (wireless) that will be honored and translated to CAPWAP header by the WLC. Should this value exceeded, it will be capped to the QoS setting.
- QoS profile is required to have 802.1p enabled for the 802.1p value on a wired packet to be translated to a DSCP value in CAPWAP header. Otherwise, CAPWAP header from WLC will always have DSCP value of 0, assuming AVC profile is not applied.
- AVC profile is applied to packets in both directions.
Hopefully this article gives you a more insight into how packet marking is performed by a wireless LAN controller so you know what to expect and how to plan the QoS strategies for your wireless LAN environment.
About Author
Metha Chiewanichakorn, CCIE#23585 (Ent. Infra, Sec, SP), is a Cisco networking enthusiast with years of experience in the industry. He is currently working as a consulting engineer for a Cisco partner. As a founder of and an instructor at labminutes.com, Metha enjoys learning and challenges himself with new technologies.