Guide Verizon LTE Mobile Private Network Cisco Integrated Services Router Router Configuration Guide for Private Network Traffic Management (LTE QoS) on Verizon Wireless MPN Revision 1.0 August 2015 © 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco/Verizon Public Information.
Introduction Verizon offers Private Network Traffic Management (PNTM) for the Verizon 4G LTE Mobile Private Network service (MPN). MPN provides private last-mile access to an organization’s internal network via 4G LTE or 3G cellular wireless. With MPN, enterprise traffic over Verizon LTE is not exposed to the public Internet. The router’s LTE IP address and LAN addresses are part of the organization’s private address space, allowing for native routing and static IP addressing for manageability.
Today’s 4G LTE technology was designed to support single-user devices such as cell phones and tablets. LTE QoS is based on a traffic flow template pushed to the LTE modem from the network. Historically, the flow template was based on a 5-tuple (source and destination IP addresses, protocol, source and destination port numbers). A use case was streaming of pay-per-view video content. This method of classification by the modem is not scalable for network-based multi-user deployment.
AF3x, AF4x is prioritzed above remaining traffic. The combination of the above important traffic is rate limited to not exceed the service rate (either 512Kbps or 2Mbps). - Second level: if the important traffic rate (CS3/AF3x, CS4/AF4x, CS5/EF) will exceed the service rate, CS3/AF3x abd CS4/AF4x traffic will be shaped so that the service rate (max allowed bit rate on dedicate bearer) is not exceeded.
LTE QoS Planning Guidelines - The ISR prerequisite for PNTM on Verizon 4G LTE MPN is an ISR with embedded Verizon LTE interface running recommended IOS and modem firmware releases. All other Verizon and Cisco recommendations for MPN and DMNR are also applicable. The following guide provides the specifics. www.cisco.com/c/dam/en/us/td/docs/routers/access/interfaces/software/deployment/guide/guide_c07-720264.
- Mark packets as close to the source as can be trusted to differentiate traffic into sub-classes to be used in the third level policy. Methods for marking are provided in Cisco best practices QoS guides such as www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Campus/Borderless_Campus_Network_10/Borderless_Campus_1-0_Design_Guide/BN_Campus_QoS.html#wp1232603 and www.cisco.com/c/en/us/td/docs/solutions/Enterprise/WAN_and_MAN/QoS_SRND/QoS-SRND-Book.
“Bandwidth remaining ratio” provides a method of balancing the minimum bit rates that traffic classes will receive when there is congestion. The algorithm works as follows in 3-level policies: st nd “Bandwidth remaining” equals the 1 level shaped rate minus the 2 level strict priority rate. For example, if the top level shaped rate is 1.5mbps and the strict priority class rate is 100kbps, “bandwidth remaining” is 1.4mbps.
Private Network Traffic Management - LTE QoS Design and Configuration Scenarios Typical Deployment: The following scenario may be seen in a typical deployment. After an ISR installation with LTE site survey, downstream LTE performance may consistently exceed 10Mbps and upstream LTE total bit rate may consistently exceed 3Mbps. Leveraging Verizon PNTM with the 2Mbps service rate, below is a feasible logical and configuration model. It assumes 200Kbps of voice traffic (e.g. 5 simultaneous G.
The 2Mbps service rate assumed in the above scenario offers flexibility and a significant bit rate for important applications. The 2Mbps service rate can also offer value if tht total upstream consistent throughput is as low as 2Mbps. However, not all of the service rate would be configured in this instance. The recommended practice (and Cisoo ISR configuration default) is to limit traffic with preferential treatment to 75% of the total traffic sent.
The diagram below depicts the logical QoS egress policy, assuming 1.5Mbps consistently achievable upstream total LTE bit rate. The ISR QoS egress policies depicted in the diagram below implements the logical design shown above. There are three example configurations that follow, based on scenario above.
ISR Configuration for LTE eHWIC (1900/2900/3900) – LTE QoS !### IOS 15.5(2)T or later ### service internal ! hostname C1921-QOS-A boot-start-marker boot system flash:c1900-universalk9-mz.SPA.155-2.T.bin boot-end-marker ! ip dhcp pool VLAN1 network 10.250.2.0 255.255.255.0 default-router 10.250.2.1 dns-server 4.2.2.
policy-map BCPS-IN class MARK-CS4 set dscp cs4 class MARK-CS5 set dscp cs5 class MARK-CS3 set dscp cs3 ! interface Loopback100 ip address 10.250.0.1 255.255.255.255 ! interface Embedded-Service-Engine0/0 no ip address shutdown ! interface GigabitEthernet0/0 description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-GE 0/0$ ip address 10.10.10.1 255.255.255.248 duplex auto speed auto ! interface GigabitEthernet0/1 ip address 10.10.29.12 255.255.255.
mobile-network Loopback100 mobile-network Vlan1 register retransmit initial 2000 maximum 2000 retry 2 register extend expire 40 retry 10 interval 4 register lifetime 181 reverse-tunnel tunnel mode gre no multi-path ! ip access-list extended CS3 permit ip host 10.250.1.12 any ip access-list extended CS4 permit ip host 10.250.1.10 any ip access-list extended CS5 permit ip host 10.250.1.
ISR Configuration for LTE 8xx (819, 899) – LTE QoS !### IOS 15.5(2)T or later ### service internal hostname C819VZ-XL ! boot-start-marker boot system flash:c800-universalk9-mz.SPA.155-2.T1.bin boot-end-marker ! ip dhcp pool VLAN1 network 10.250.2.0 255.255.255.0 default-router 10.250.2.1 dns-server 4.2.2.
policy-map BCPS-IN class MARK-CS4 set dscp cs4 class MARK-CS5 set dscp cs5 class MARK-CS3 set dscp cs3 ! interface Loopback100 ip address 192.168.249.2 255.255.255.255 ! interface Loopback1234 description ### NEMO Router Home Address. Dummy non-Routable IP ### ip address 1.2.3.4 255.255.255.
service-policy input BCPS-IN ! router mobile ! ip forward-protocol nd ! ip mobile secure home-agent 66.174.251.2 spi decimal 256 key ascii VzWNeMo algorithm hmac-md5 ip mobile router address 1.2.3.4 255.255.255.0 collocated single-tunnel home-agent 66.174.251.2 mobile-network Vlan1 mobile-network Loopback100 non-connected-network 192.168.99.0 255.255.255.
ISR Configuration for LTE NIM (ISR 4K) – LTE QoS !### IOS XE 3.16 or later ### service internal ! hostname C4321-4G ! boot-start-marker boot system bootflash:isr4300-universalk9.03.16.00.S.155-3.S-ext.SPA.bin boot-end-marker ! ip dhcp pool 10dot250dot1 network 10.250.1.0 255.255.255.0 default-router 10.250.1.1 dns-server 10.20.45.
policy-map BCPS-IN class MARK-CS4 set dscp cs4 class MARK-CS5 set dscp cs5 class MARK-CS3 set dscp cs3 ! interface Loopback1234 description ### NEMO Router Home Address ip address 1.2.3.4 255.255.255.255 ! interface GigabitEthernet0/0/0 ip address 10.250.1.1 255.255.255.0 ip tcp adjust-mss 1390 load-interval 30 media-type rj45 negotiation auto service-policy input BCPS-IN ! interface GigabitEthernet0/0/1 ip address 10.0.3.1 255.255.255.
collocated single-tunnel home-agent 66.174.251.2 mobile-network GigabitEthernet0/0/1 mobile-network GigabitEthernet0/0/0 non-connected-network 192.168.222.0 255.255.255.0 register extend expire 10 retry 3 interval 5 reverse-tunnel tunnel mode gre ! ip access-list extended CS3 permit ip host 10.250.1.12 any ip access-list extended CS4 permit ip host 10.250.1.10 any ip access-list extended CS5 permit ip host 10.250.1.11 any ! access-list 105 permit udp any any eq mobile-ip dialer watch-list 1 ip 5.6.7.8 0.0.
Operation and Show Commands ISR 819 QoS policy: - 3 level, total shaper to 1.5 Mbps, 0.5 Mbps service rate, - 100 Kbps strict priority (EF), 400 Kbps AF3x/AF4x/CS3/CS4) - At least 250 Kbps for CS4/AF4x, 150 Kbps for CS3/AF3x Traffic sent through 819: - ~90 Kbps voice, ~300 Kbps CS3, ~1.2Mbps best effort Traffic sent to ISR 819 VLAN Interface: C819VZ-XL#siv (“siv” is a configured alias that expands to “show int vlan1”) Vlan1 is up, line protocol is up Hardware is EtherSVI, address is bcc4.93da.
DCD=up DSR=up DTR=up RTS=up CTS=up Traffic sent by 819 LTE Interface: QoS Specifics C819VZ-XL#spc (“spc” is an alias that expands to “show policy-map int cell0 out” Cellular0 Service-policy output: LTE-SHAPER Class-map: class-default (match-any) 72629 packets, 39623223 bytes 30 second offered rate 1643000 bps, drop rate 148000 bps Match: any Queueing queue limit 64 packets (queue depth/total drops/no-buffer drops) 42/1583/0 (pkts output/bytes output) 71046/37498130 shape (average) cir 1500000, bc 6000,
queue limit 64 packets (queue depth/total drops/no-buffer drops) 0/0/0 (pkts output/bytes output) 4225/5449119 bandwidth 150 kbps Class-map: PREC-4 (match-any) 0 packets, 0 bytes 30 second offered rate 0000 bps, drop rate 0000 bps Match: ip precedence 4 0 packets, 0 bytes 30 second rate 0 bps Queueing queue limit 64 packets (queue depth/total drops/no-buffer drops) 0/0/0 (pkts output/bytes output) 0/0 bandwidth 200 kbps Class-map: class-default (match-any) 96 packets, 14208 bytes 30 second offered rate 0000
ISR 4321 QoS policy: - 3 level, total shaper to 1.5 Mbps, 0.5 Mbps service rate, - 100 Kbps strict priority (EF), 400 Kbps AF3x/AF4x/CS3/CS4) - At least 250 Kbps for CS4/AF4x, 150 Kbps for CS3/AF3x Traffic sent through 819: - ~90 Kbps voice, ~400 Kbps CS4, ~1.2Mbps best effort Traffic sent to 4321 Gigabit Ethernet LAN Interface: C4321-4G#sig (“sig” is a configured alias that expands to “show int gi0/0/0”) GigabitEthernet0/0/0 is up, line protocol is up Hardware is ISR4321-2x1GE, address is f07f.06ca.
0 0 0 0 output errors, 0 collisions, 0 interface resets unknown protocol drops output buffer failures, 0 output buffers swapped out carrier transitions Traffic sent by ISR 4321 LTE Interface: QoS Specifics C4321-4G#spc (“spc” is an alias that expands to “show policy-map int cell0/1/0 out” Cellular0/1/0 Service-policy output: LTE-SHAPER Class-map: class-default (match-any) 5356207 packets, 788090423 bytes 30 second offered rate 1728000 bps, drop rate 238000 bps Match: any Queueing queue limit 64 packets
Class-map: PREC-4 (match-any) 13900 packets, 18838805 bytes 30 second offered rate 394000 bps, drop rate 0000 bps Match: ip precedence 4 Queueing queue limit 64 packets (queue depth/total drops/no-buffer drops) 1/127/0 (pkts output/bytes output) 13773/18666593 bandwidth 250 kbps Class-map: class-default (match-any) 5 packets, 740 bytes 30 second offered rate 0000 bps, drop rate 0000 bps Match: any queue limit 64 packets (queue depth/total drops/no-buffer drops) 0/0/0 (pkts output/bytes output) 5/740 Class-m
Frequenty Asked Questions Q) If encryption is enabled (GETVPN, DMVPN, etc.) with QoS, QoS reorders packets. Can packets be dropped by the anti-replay algorithm in the crypto function? A) While this is possible, it is not seen in most deployments. The anti-replay window (if enabled) defaults to a 64 packet sliding window, which is normally wide enough to accommodate this packet reordering. The packets most likely to be affected are those in the default/best-effort class(es).
