Cisco Connect Toronto 2017 - Optimizing your client's Wi-Fi Experience

© 2016 Cisco and/or its affiliates. All rights reserved. 1
Cisco
Connect Your Time
Is Now
Optimizing Your Client's Wi-Fi
Experience
Robert James Lloyd
TSA EN Mobility
October 12, 2017

-Nikola Tesla
“It seems that I have always been ahead of my
time. I had to wait nineteen years before
Niagara was harnessed by my system, fifteen
years before the basic
inventions for wireless which I gave to
the world in 1893 were applied universally”

Acknowledgement
• A large portion of this presentation was gleaned from the remarkable Cisco Live Berlin 2017
Session: Wireless Deployment and Design for Media-Rich Mobile Applications
https://www.ciscolive.com/online/connect/sessionDetail.ww?SESSION_ID=93867&backBtn=true. I
highly recommend viewing it in it’s entirety and I thank my colleagues for allowing me to use their
content. Said session was created and delivered by the following Principal Engineers:
• Robert Barton, P. Eng
@MrRobbarto CCIE #6660, CCDE #2013::6
• Jerome Henry, Technical leader - TME
@wirelessccie CCIE Wireless #24750, CWNE #45
More related presentations and references will be noted in the supplemental information slide(s)
following the core material of this delivery.

4© 2016 Cisco and/or its affiliates. All rights reserved.
Part 1: Optimizing the RF Environment for Mobile Applications
Part 2: Optimal AP and Antenna deployment for Real-Time Applications
Part 3: Cisco Innovations for Mobility Client QoE
Part 4: Developing your Wireless QoS Strategy
Part 5: AireOS QoS Foundations.
Part 6: Cisco and Apple Fastlane
Agenda

Optimizing the RF Environment for
Mobile Applications

Real Time Voice vs Real Time Video Applications
6

Below 4.1, VoIP Quality Changes from “Good” to close
to “Fair” (“slightly annoying”)
≈4.1
7

VoIP Golden Rules for Wi-Fi
Packet Error Rate (PER) <=1%
As low jitter as possible, less than 100ms
Retries should be < 20%
End to end delay 150 – 200 ms, 30 ms in cell
When these values are exceeded, MOS reduces too much
Your mission is to keep MOS high
8

RF Design - Signal
Closer distance to the AP means higher signal level (RSSI), which translates in more complex modulation
scheme and higher data rate
9

Higher Power Does not Always Mean Better Signal
You are a bit quiet
Blah blah blah
Is it better now?
RSSI
dBm
Noise Level
Time
Aim for:
•Noise level ≤ -92 dBm
•RSSI ≥ 67 dBm
-> 25 dB or better SNR
•Typically, AP power same as client power
-> commonly 11 to 14 dBm
10

Imagine This Scenario . . . .
(based on an actual customer situation)
11
1
1
1
1
1
1
1
1
1
• Customer moved to first Wi-Fi only
building (including voice and video)
• DISASTER! Wi-Fi was Terrible!!
• Investigation revealed all APs at
max power (power level 1)
• Covering ~7500 sq. ft. per AP (2500
sq. ft. per AP is recommended)
• They needed 3x as many APs!
~ 120 ft

SSIDs and Low Rates Consume Air Time
5% After
60% Before
 Reduce SSID number,
disable low
rates, solve OBSS issues
 Keep CU below 50%
 Before: 8 SSIDs, all
rates allowed
 After: 2 SSIDs, 802.11b
rates disabled
12

What Should Your Minimum Rate Be?
 Stop your cell where:
1. Signal to your clients is still strong
2. Clients and overhead traffic still “reasonably fast”
3. Retries are low
 Beyond that point, clients should be able to get to another AP
if they want to.
 On the right:
 STA1 and STA2 hear each other -> less collisions
 STA 1 and STA2 send @ 54 Mb/s -> short delays
 STA3 is far from AP -> lower data rate (longer transmission delay),
higher PER and loss risks
 STA3 does not hear STA1 and STA2 -> higher collision risk
24 Mbps
6 Mbps
STA1
STA2
STA3
13

- 67 dBm… How Much is That in Data Rate?
 And BER is important, because more retries means more
chances that the frame will be dropped
 Your job is to limit frame drops to
1% or less to maintain 4.1 MOS
 At -67 dBm RSSI, SNR is
typically around 25 dB or more*
 You can run any rate of 24 Mbps
and up, and still have good
frame success rate
* well, at least in ideal conditions… see next slides
14

Hand and Phone Position Affect Signal
Object in Signal Path
Signal Attenuation
Through Object
Plasterboard wall 3 dB
Glass wall with metal frame 6 dB
Cinderblock wall 4 dB
Office window 3 dB
Metal door 6 dB
Metal door in brick wall 12 dB
Phone and body position 3 - 6 dB
Phone near field absorption Up to 15 dB
There can be a 20 dB difference
between these photos
15

Big Hands are Okay if Your Design is Clever
-67 dBm
-67 – 20 = -87 dBm
Signal is too weak…
AP
AP
But you can roam to the other AP @ -67 dBm!
16

Positioning APs and Antennas
for Optimal Real-Time Application
QoE

Where do You Need Coverage?
 Talk to end-users. Think what they will need and when, look for roaming paths
18

AP Placement Guidelines
Mount APs so that antennas are vertical (we use vertical polarization)
1919

20
Radiation Pattern
 Do not mount on a wall an AP built for ceiling
mount…

21
 Do not mount on a wall an AP built for ceiling
mount…
Radiation Pattern

AP Placement Guidelines
Avoid metallic objects that can affect the signal to your clients
22

AP Placement – Bad Examples
 AP too high:
Low rate to the ground
Client signal too weak at the AP level
> 20ft
Nice… but you won’t cover the
jetway as soon as the door closes
23

RF Design – Cell Overlap
Cell overlap coverage is not always the only concern
Roaming can fail if the client device does not have enough time to properly scan for neighboring access points
Imagine turning the corner around a metal or high attenuation barrier – the RF environment changes very
rapidly
Challenging RF obstacles need to be considered during AP placement
A “Transition” AP that is placed at the intersection of hallways can alleviate some scenarios
24

RF Design – Next AP Position
• At point A the phone is connected to AP 1
• At point B the phone has AP 2 in the neighbor
list, AP 3 has not yet been scanned due to the
RF shadow caused by the elevator bank
• At point C the phone needs to roam, but AP 2
is the only AP in the neighbor list
• The phone then needs to rescan and connect
to AP 3
1
3
2A B
C
25

RF Design – Next AP Position
At point A the phone is connected to AP 1
At point B the phone has AP 2 in the neighbor list as it
was able to scan it while moving down the hall
At point C the phone needs to roam and successfully
selects AP 2
The phone has sufficient time to scan for AP 3 ahead
of time
A B
C
1
2
3
26

Radiation Pattern and Roaming Buffer
When users are expected to roam while communicating, make sure their BYOD can detect neighboring APs
BEFORE roaming
Directional vs omnidirectional antenna
Floor
AP signal drops fast
AP signal drops slowly
User does not have much space/time
to find the next AP
27

Controller Redundancy and Roaming Paths
Design expected roaming paths and make sure all APs connect to the same controller, and overlap
allows for next AP discovery
28

Going Further
• BRKEWN-2019 - 7 Ways to Fail as a Wireless Expert (2017 Berlin)
https://www.ciscolive.com/online/connect/sessionDetail.ww?SESSION_ID=93858&backBtn=true
• BRKEWN-3010 - Improve enterprise WLAN spectrum quality with Cisco's advanced RF
capacities (RRM, CleanAir, ClientLink, etc) (2017 Berlin)
https://www.ciscolive.com/online/connect/sessionDetail.ww?SESSION_ID=94062&tclass=popup
29

Cisco Innovations for Mobility
Client QoE

© 2016 Cisco and/or its affiliates. All rights reserved. 3131BRKEWN-2670
BESTPRACTICES(AireOS) Make it Easy Make it work
INFRASTRUCTURE
Enable High Availability (AP and Client SSO)
Enable AP Failover Priority
Enable AP Multicast Mode
Enable Multicast VLAN
Enable Pre-image download
Enable AVC
Enable NetFlow
Enable Local Profiling (DHCP and HTTP)
Enable NTP
Modify the AP Re-transmit Parameters
Enable FastSSID change
Enable Per-user BW contracts
Enable Multicast Mobility
Enable Client Load balancing
Disable Aironet IE
FlexConnect Groups and Smart AP Upgrade
Enable 802.1x and WPA/WPA2 on WLAN
Enable 802.1x authentication for AP
Change advance EAP timers
Enable SSH and disable telnet
Disable Management Over Wireless
Disable WiFi Direct
Peer-to-peer blocking
Secure Web Access (HTTPS)
Enable User Policies
Enable Client exclusion policies
Enable rogue policies and Rogue Detection RSSI
Strong password Policies
Enable IDS
BYOD Timers
Set Bridge Group Name
Set Preferred Parent
Multiple Root APs in each BGN
Set Backhaul rate to "Auto"
Set Backhaul Channel Width to 40/80 MHz
Backhaul Link SNR > 25 dBm
Avoid DFS channels for Backhaul
External RADIUS server for Mesh MAC Authentication
Enable IDS
Enable EAP Mesh Security Mode
MESH
WIRELESS/RF
SECURITY
Disable 802.11b data rates
Restrict number of WLAN below 4
Enable channel bonding – 40 or 80 MHz
Enable BandSelect
Use RF Profiles and AP Groups
Enable RRM (DCA & TPC) to be auto
Enable Auto-RF group leader selection
Enable Cisco CleanAir and EDRRM
Enable Noise &Rogue Monitoring on all channels
Enable DFS channels
Avoid Cisco AP Load
http://www.cisco.com/c/en/us/td/docs/wireless/technology/wlc/82463-wlc-config-best-practice.html
Best Practices Summary
For Your
Reference

Optimized Roaming
RX-SOP
Pervasive Wi-Fi
HDX Turbo
Performance
Event Driven
RRM
XOR Radio
FRA
Cisco CleanAir®
RF Profiles
RRM, DCA, TPC, CHDM
Load Balancing
Band Select
Client Link 4.0
Off-Channel
Scanning
Flex DFS
DBS
5GHz
Serving
2.4GHz
Serving
5/2.4GHz
Monitor
• Enabled by Dual 5GHz
• Adjust Radio Bands to Better Serve the
Environment
RF Optimized
Connectivity

XOR Radio and FRA
2.4GHz
Serving
2.4-5GHz
Monitoring
5GHz.
Serving
5GHz.
Serving
2.4GHz
Serving
5GHz.
Serving
5GHz
Serving5Hz
Serving
2.4GHz
Serving
 FRA-auto (default value) or Manual
 Auto 2.4 -> 5GHz or Monitor Mode
 Transition to 2.4 GHz if coverage drops

FRA Sensitivity and Preference
 FRA Sensitivity configurable
• Low–100% COF
• Medium–95% COF
• High–90% COF
 Client Network Preference
• Connectivity Preference
• Throughput Preference

Micro  Macro Cell Transitions
-51 dBm
-65 dBm
-51 dBm-51 dBm≥ 55
dBm?
Probe Response
Client Steering
• 802.11v BSS Transition – Default Enable
• 802.11k – Default Enable
• Probe Suppression – Default Disable
Client Types
• 11v capable – 802.11v BSS Transition
• Non-11v capable – 802.11k neighbor list +
disassociation
• No 11k or 11v support – Probe Suppression Micro – 5GHz on XOR
Macro -- Dedicated 5 GHz

Optimize Wi-Fi with CleanAir
Quickly Identify and Mitigate Wi-Fi Impacting Interference
Channel 48
48
48
48
48
48
48
48
48
48
48
48
 Interference on 20/40/80/160 MHz
 Air Quality and Interference by
AP/radio on WLC
 AQ Threshold trap and Interference
Device trap (per radio)
 CleanAir-enabled RRM
Network Air Quality and Interference Location with PI 3.1.x and MSE 8.0.

Interference Devices and Air Quality Report
CleanAir Enabled RRM
Mitigated RF interference for improved
reliability and performance
Wi-Fi and
non-Wi-Fi
aware
Dynamic
mitigation
ED-RRM
Granular
spectrum
visibility and
control
Air Quality Performance
Improved Client
Performance
Complete Automatic Interference Mitigation Solution for Rogues and Non-Wi-Fi Interference

Cisco Enhanced Interference Mitigation
After
Mitigated RF interference for improved
reliability and performance
Before
Rogue Wi-Fi interference decreases reliability and performance
until next dynamic channel assignment (DCA) cycle
Improved Client
Performance
Wi-Fi and
non-Wi-Fi
aware
Dynamic
mitigation
ED-RRM
Granular
spectrum
visibility and
control
Rogues seen as
security threat only
Non-Wi-Fi
interference
prioritized
Complete Automatic Interference Mitigation Solution for Rogues and Non-Wi-Fi Interference
Air Quality PerformanceAir Quality Performance

Maximize Channels When Radar Is Present
Flexible Dynamic Frequency Selection
5170
MHz
5330
MHz
36
40
44
48
52
56
60
64
20MHz.
40MHz.
80MHz.
160MHz.
5490
MHz
5710
MHz
100
104
108
112
116
120
124
128
132
136
140
Channel Used
by Air Traffic
Radar
See it on
160MHZ Band
Dynamic Frequency
Selection
Flexible
Dynamic Frequency
Selection

FlexDFS with Dynamic Bandwidth Selection
Identifies radar
frequency to
1 MHz
FlexDFS
isolates radar
event to
20MHz
DBS allows
best channel
and width
Interference is impacting
only channel 60
FlexDFS + DBS
Automatic and intelligent use of spectrum
52
56
60
64
DBS combined with FlexDFS: Increased confidence in using wider channel bandwidth; reduced radio flapping
Primary
20
Secondary
20
Secondary
40
52 56 60 64
Optimizes
HD Experience

Better Support for Users on the Move
Optimized Roaming
Optimized Roaming: Wireless Devices
Connect to the Most Effective APClient Stickiness

Improve Connectivity to All Devices
Cisco ClientLink 4.0
Improves device
performance
802.11ac Wave 2
Access Point: TX
beamforming
• 802.11a
• 802.11g
• 802.11n
• 802.11ac Wave 1
• 802.11ac Wave 2
• 802.11ac Wave 2
802.11ac Wave 2
Access Point: ClientLink

Better Client Connectivity
RXSOP, Load Balancing, Band Select

Fine-tuning HDX with RF Profiles
Wi-Fi Triggered
ED-RRM
Optimized
Roaming
RXSOP
Dynamic
Bandwidth
Selection
TPC, DCA
CHDM
FlexDFS
CORE:
• CleanAir
• ClientLink 4.0
• Turbo Performance
 Pre-canned RF Profiles
 Client Distribution
 Data Rates
 DCA, TPC, CHDM
 Profile Threshold for Traps
 High Density Features

Cisco Air Time Fairness (ATF)
After
Air time is allocated per SSID, per realm, per client.
There is now better control over how air time is shared.
Before
Rate limiting can only specify a bit rate (throughput) limit.
There is no way to limit the duration that the bit rate will use.
Gain the Ability to
Meet SLAs
Time-
based
Automatic
calculation
on
availability
Ongoing
recalculation
Bandwidth
rate
unpredictable
Client-
dependent
fluctuation
Not time-
based
Improved Predictability and Performance
SSID 2
30%
SSID 1
70%
SSID 2
48%
SSID 1
52%

Zero Impact Application Visibility and Control
Maintain performance with zero-impact AVC
Gain visibility
into the network
Control application
performance
App App App App
App App App App
App App App App
App App App App
Red Hat
Cisco
WebEx
Rhapsody Gmail
TIBCO
Microsoft
Exchange
YouTube Skype
SAP Citrix BitTorrent iTunes
SharePoint
Windows
Server
Google
Talk
Salesforce
Monitor critical
applications

Developing your Wireless QoS
Strategy

Why Wireless QoS For Real Time Applications
• QoS is like a chain
It’s only as strong as its weakest link
• the WLAN is one of the weakest links* in enterprise QoS
designs for three primary reasons:
1) Typical downshift in speed (and throughput)
2) Shift from full-duplex to half-duplex media
3) Shift from a dedicated media to a shared media
• WLAN QoS policies need to control both jitter and packet loss
1 Gbps170 Mbps
Full DuplexHalf Duplex
*weakest link is WAN, second weakest is WLAN 48

WLAN QoS Improvements Quantified
Application Original Metric Improved Metric Percentage
Improvement
Voice 15 ms max jitter 5 ms max jitter 300%
3.92 MOS
(Cellular Quality)
4.2 MOS
(Toll Quality)
Video 9 fps 14 fps 55%
Visual MOS:
Good
Visual MOS:
Excellent
Transactional Data 14 ms latency 2 ms latency 700%
http://www.cisco.com/en/US/prod/collateral/wireless/cisco_avc_application_improvement.pdf
49

Mobile Applications – on Wi-Fi
Wi-Fi is the primary network access method
Mission-critical applications cannot fail
Wi-Fi space has become congested
Proper RF and QoS management is the only way to ensure real-
time applications QoE and prioritization
50

Wireless QoS-Specific Limitations
• No priority servicing
• No bandwidth guarantees
• Non-deterministic media access
• Only 4 levels of service
LAN QoS WLAN QoS
51

Real Time Applications and Wireless
Video/Voice & Other Applications over WLAN are the same as over other media, except... they’re carried over
wireless!
Signaling: SCCP/SIP… or others!
Transport Protocols: RTP or other… but still real time
Wireless adds some important differences
Shared Media, Unlicensed Spectrum
802.11 Protocol Design
Physical Coverage Design
Users are Mobile
Battery Life
Application Design...
52

What Do You Consider First?
53

Start by Defining Your QoS Strategy
Articulate Your Business Intent, Relevant Applications and End-to-End Strategy
http://tinyurl.com/gu42acb
54

Translate your Strategy to a Framework
55
Transactional Data
Realtime
4-Class Model
Best Effort
Control Signaling
Transactional Data
Multimedia Conferencing
Voice
8-Class Model
Scavenger
Best Effort
Multimedia Streaming
Network Control
OAM
Realtime Interactive
Transactional Data
Voice
12-Class Model
Bulk Data
Scavenger
Best Effort
Multimedia Streaming
Network Control
Broadcast Video
Signaling
1. Organize your
applications into groups
or “classes”
2. Assign a DSCP value to
each class
3. Ensure that each
application correctly
marks this DSCP
4. Decide how each class
will be treated by the
devices in your network

A Consolidated Strategy:
Comparing Wired and Wireless QoS
• By definition of IEEE 802.11e standard there
are only 4 levels of service (called “Access
Categories”)
• LAN switches service queues based on Priority
Queue (PQ) and Class-Based Weighted Fair
Queue (CBWFQ)
• 802.11e uses the Enhanced Distributed
Channel Access (EDCA) method
• WLANs have no priority queue
Class 6
Class 4
Class 2
Class 1
Class 7
Class … n
Class 3
Background
Best Effort
Video
Voice
Enterprise QoS WLAN QoS
Class 5
56
PQ + CBWFQ EDCA Algorithm

• Reconciles RFC 4594 with IEEE 802.11
• Summarizes our internal consensus on DSCP-
to-UP mapping
• Advocates DSCP-trust in the upstream direction
(vs. UP-to-DSCP mapping)
IETF Draft on
DSCPUP Mapping
https://tools.ietf.org/html/draft-ietf-tsvwg-ieee-802-11-00
57

Downstream DSCP-to-UP Mapping Model
Ratified Cisco Consensus Model (June 2015)
IEEE 802.11 Model
Voice
Access
Category
Best Effort
Access
Category
Video
Access
Category
Background
Access
Category
UP 7
UP 5
UP 3
UP 2
UP 6
UP 4
UP 0
UP 1
OAM
Signaling
Realtime Interactive
Transactional Data
Bulk Data
AF2
CS3
CS4
AF4
CS2
AF1
Scavenger CS1
Best Effort DF
Multimedia Streaming AF3
Broadcast Video
Voice + DSCP-Admit
RFC 4594-Based Model
CS5
EF + 44
Internetwork Control CS6
DSCP
Network Control (CS7)• Plugs potential security
vulnerabilities
• Provides distinction
between elastic and
inelastic video classes
• Aligns RFC 4594
recommendations into the
IEEE 802.11 model
• Requires several custom
DSCP-to-UP mappings
Remark /
Drop
if not in
use
58

AireOS Default DSCP  UP Mapping Table
Traffic Type DSCP
802.11e
UP
WMM Access Category
Voice 46 (EF) 6 Voice
Interactive Video 34 (AF41) 5 Video
Call Signaling 24 (CS3) 3 Best Effort
Transactional / Interactive Data 18 (AF21) 3 Best Effort
Bulk Data 10 (AF11) 2 Background
Best Effort 0 (BE) 0 Best Effort
59
• Other UP values are derived from the 3 msb of the packet’s DSCP
value and then mapped to the correct AC accordingly
• E.g. DSCP 40 = 101000  UP = 101 = 5

Downstream QoS Model (Simplified)
Note: DSCP trust model (dot1p CoS tagging on WLC not in use here)
Wired
Network802.1Q Trunk
CAPWAP Encapsulated
DSCP802.1p
802.1Q TrunkCAPWAP
CAPWAP Encapsulated
DSCP
60
802.11 DSCP Payload 802.11 DSCP Payload
802.1p DSCP Payload
1
The Ethernet frame is received over an 802.1q trunk by the WLC. The WLC uses the
DSCP value of the IP packet and maps it to the outer DSCP of the CAPWAP tunnel.
1

Downstream QoS Model (Simplified)
Wired
Network
UP DSCP Payload
802.1Q Trunk
1
CAPWAP Encapsulated
DSCP802.1p
802.1Q TrunkCAPWAP
CAPWAP Encapsulated
DSCP
2
61
802.1p DSCP Payload
2
Once the Ethernet frame is received by the AP, it maps the DSCP value of the IP packet
to the 802.11e UP value on the wireless frame. The frame is then sent to the client.
1
The Ethernet frame is received over an 802.1q trunk by the WLC. The WLC uses the
DSCP value of the IP packet and maps it to the outer DSCP of the CAPWAP tunnel.

802.1p DSCP Payload
CAPWAP Encapsulated
DSCP
802.11 DSCP Payload
UP DSCP Payload
Upstream QoS Model (Simplified)
Wired
Network802.1Q Trunk802.1Q TrunkCAPWAP
62
CAPWAP Encapsulated
DSCP802.1p 802.11 DSCP Payload
31
The client 802.11e frame is received by the AP. The AP maps the 802.11e UP value
*or* original packet DSCP to the outer CAPWAP IP DSCP header (configurable)
1
Default
Optional

802.1p DSCP Payload
CAPWAP Encapsulated
DSCP
802.11 DSCP Payload
UP DSCP Payload
Upstream QoS Model (Simplified)
Wired
63
CAPWAP Encapsulated
At the WLC end of the CAPWAP tunnel, the 802.11e frame is bridged to the
Ethernet switch. CAPWAP DSCP is mapped to 802.1p CoS value on trunk.
2
2
1
2
31
The client 802.11e frame is received by the AP. The AP maps the 802.11e UP value
*or* original packet DSCP to the outer CAPWAP IP DSCP header (configurable)
2

802.1p DSCP Payload
CAPWAP Encapsulated
DSCP
802.11 DSCP Payload
UP DSCP Payload
Two Options to Influence QoS Markings Upstream
Wired
64
CAPWAP Encapsulated
Map UP to DSCP or Just Copy
the original DSCP value

 Windows Vista, 7, 8, 10 Jabber or Lync Client:
Call Manager can be used to set DSCP, however . . .
Global Policy Objects (GPOs) will override the DSCP
 Mac OSX, iOS, and Android Jabber Client:
Call Manager sets DSCP value
 UP value is typically determined by the client’s OS and
hardware drivers
Where Are DSCP and UP Values Set?
65

In Windows, DSCP is set globally by Group Policy
Note – WMM UP Value Cannot be Configured – Only DSCP
66

Example: Lync QoS Setting
 Note: MS Windows
applies DSCP value
based on the UDP
port range
 Solution: use
different port ranges
for voice and video,
resulting in the correct
DSCP value
• In MS Windows, the WMM UP is derived
from the 3 msb of the DSCP value
• DSCP ef (46) = [101 110]  101 = UP 5
67

Microsoft Packet Capture In Upstream Direction
68

Summary of Typical WMM/11e UP Mappings
Endpoint/Client Voice (EF) Video (AF41) Control (CS3)
Cisco
Recommendation
6 5 4
Jabber/Spark
iOS 10+
6 5 5
Jabber/Spark for
Android
6 5 3
Jabber/Spark for
OSX
5 5 0
Jabber/Spark for
Windows (desktop)
5 4 3
MS Lync / Skype for
Business (Win 10)
5 4 3
Unified IP Phones
(DX650, 9971)
6 5 4
Apple FaceTime
(iPad)
6 5 5
Note:AppleValuesbasedoniOS10.x
69

A Closer Look: Deploying Jabber or SfB on Microsoft
*Note: DSCP is set globally by Group Policy
Application
Recommended
DSCP Value
Resulting UP Value Recommended Values
Voice 46 (EF) 5 6 (AC_VO)
Video 34 (AF41) 4 5 (AC_VI)
Call Signaling 24 (CS3) 3 4 (AC_BE)
File Transfer
(bulk data)
10 (AF11) 1 2 (AC_BK)
App Sharing Default (0) 0 0 (AC_BE)
70

SIP Signaling
Lync File Transfer
Interactive Video
Voice
Application Type
Scavenger
Lync App Sharing & BE
Streaming Video
Network Control
Voice
(VO)
WMM Model +
802.11e User Priority
Best Effort
(BE)
Video
(VI)
Background
(BK)
UP 7
UP 5
UP 3
UP 2
UP 6
UP 4
UP 0
UP 1
CS3
AF11
AF41
EF
DSCP
CS1
DF
AF31
CS6
Example: Voice AC Is Is Unused in this Structure
71

Mismarking Impacts Wireless QoS
1. In this scenario voice packets get sent from the video AC
2. Voice frames have longer wait times and a greater chance of
retries
EDCA / WMM AC AIFS Number CWmin CWmax
Voice 2 3 7
Video 2 7 15
Best Effort 3 15 1023
Background 7 15 1023
72

AireOs QoS Foundations

AireOS QoS History in a Nutshell
2007 2011 2012 20132005
802.11e / WMM
released. Support
on the Wi-Fi side
Differential
treatment for
unmarked traffic
AVC (per application
marking)
Wireless to Wired
mapping support
(per profile)
Per user BW
Per user, profile,
WLAN QoS policies
(BW + AVC)
20142001
There is no QoS in
Wi-Fi, everything is
DCF / BE
BE
BE
DCF
BE
BE
EDCA
EF
CoS5
UP 6
“Voice SSID”
EF
CoS5
UP 6
“Voice SSID”
BE
CoS4
UP 5
“Untagged=video”
1 M
100k
100k
Common SSID
1 M
200k
200k
Skype
CoS5
UP 6
Common SSID
Youtube
CoS4
UP 5
2015 2016
Qos maps
Trust UP? Trust DSCP?
Major simplifications
FastLane & QoS Map
Improvements
74

1. QoS Mappings Fixing the issue with UP to
DSCP inconsistency

Default UP to DSCP Mapping Problems
Voice Client Marked 46 (EF) UP = 5 Demoted to 34 (AF41)
Video Client Marked 34 (AF41) UP = 4 Demoted to 26 (AF31)
Signaling Client Marked 24 (CS3) UP = 3 Demoted to 18 (AF21)
76
802.1p DSCP Payload
CAPWAP Encapsulated
DSCP
802.11 DSCP Payload
UP DSCP Payload
Wired
CAPWAP Encapsulated
34
5
46 34
446 46

802.1p DSCP Payload
CAPWAP Encapsulated
DSCP
802.11 DSCP Payload
UP DSCP Payload
A Good QoS Design Requires DSCP Consistency
Wired
Network802.1Q Trunk802.1Q TrunkAccess mode
77
CAPWAP Encapsulated
• This approach greatly simplifies QoS design and removes unexpected
mapping behaviors
• Introduced in AireOS 8.1MR, but greatly improved in 8.4

QoS Map
Configuration
Copy inner DSCP to CAPWAP
DSCP (changes default behavior)
This is the recommended
deployment model
78
Note: this screen has
been significantly
updated in AireOS 8.4

Trust DSCP Solves the Windows Problem (mostly)
Video-Quality QoS
(handled by the Video AC)
Voice-Quality QoS
Recommended and Available as of AireOS 8.1MR
79
802.1p DSCP Payload
CAPWAP Encapsulated
DSCP
802.11 DSCP Payload
UP DSCP Payload
Wired
CAPWAP Encapsulated
46
5
46 46
46 46

QoS Map
Menu, Cont’d
Customize the UP to DSCP
mapping (likely won’t use
this very often)
80

Some Mystery Platforms Mark UP but not DSCP
802.1p DSCP Payload
CAPWAP Encapsulated
DSCP
802.11 DSCP Payload
UP DSCP Payload
Wired
CAPWAP Encapsulated
46
5
0 46
0 0
AVC on the WLC to correct
inner DSCP
UP to DSCP Mapping
modifies CAPWAP DSCP

2. QoS Profiles
Limit Max. DSCP on CAPWAP
and in turn the 802.11 UP
Value

Configure the QoS Profile  The main purpose of the QoS
profile is to limit the maximum
DSCP allowed on a CAPWAP
tunnel, and thus limit the 802.11
UP value
 QoS profiles may be used and
applied to each WLAN (SSID)
Recommendation:
For enterprise class, mixed-use WLANs, use the Platinum
profile, for hotspots, use Silver or Bronze
83
DSCP 10
DSCP 34
DSCP 46
DSCP 0
Max DSCP values per profile

802.1p DSCP Payload
CAPWAP Encapsulated
DSCP
802.11 DSCP Payload
UP DSCP Payload
Example: Effect of “Gold” Profile
Wired
Network
UP DSCP Payload
802.1Q Trunk
46
CAPWAP Encapsulated
DSCP802.1p
802.1Q TrunkCAPWAP
CAPWAP Encapsulated
DSCP
46
3446
46
46
6
5 34
34 46
84
802.11 DSCP Payload
46
802.11 DSCP Payload
802.1p DSCP Payload
CAPWAP Encapsulated
34 46

Configure the QoS Profile Page
Create default bandwidth contracts for
each user or each SSID
 Note bandwidth contracts are
bidirectional (set them only for data /
hotspot networks)
Set the maximum priority for WMM
and non-WMM clients
(more on this later)
Profile Name
Max
Downstream
DSCP Value
Max Upstream
DSCP Value
Platinum / Voice 46 (EF) 46 (EF)
Gold / Video 34 (AF41) 34 (AF41)
Silver / Best Effort 0 (CS0) 18 (AF21)
Bronze /
Background
10 (AF11) 10 (AF11) 85

802.1p DSCP Payload
CAPWAP Encapsulated
DSCP
802.11 DSCP Payload
UP DSCP Payload
Wired
CAPWAP Encapsulated
46
X
0 46
50 0
Dealing With Non-WMM Clients
The Client is Not WMM capable, but
AP automatically maps the
CAPWAP DSCP to EF (46) If LAN switch is set to
trust CoS, BitTorrent
becomes DSCP EF

Alloy QoS: Apply QoS Control For Non-WMM Clients
 Maximum Priority allows you to customize the upper limit QoS marking
for a QoS policy
Sets the default QoS markings for
all non-WMM clients
Sets maximum DSCP & UP
values for WMM clients
Recommendation:
• Use Alloy QoS to treat non-WMM clients as best effort (DSCP and UP
values default to zero).
• If the client doesn’t support QoS, don’t try to give them QoS!
87

Wired QoS Protocol Field (legacy - do not use)
 Upstream, this caps the CoS value of the
802.1p trunk.
 Downstream, this value sets the CAPWAP
DSCP upper limit (mapped from the
incoming CoS value)
 If set to “none”, the CoS field is marked to
zero for the trunk.
 Upstream, towards the wired network, the
trunk CoS value is mapped from the
CAPWAP DSCP value.
 CoS limits the QoS design to eight classes
 Recommendation: set this to none,
unless you cannot trust DSCP for some
extraordinary reason
88

Apply the QoS Profile to the WLAN
 Choose the QoS profile you want
to apply for this WLAN
 In this example, the “Platinum”
profile is selected
 This sets the ceiling on all traffic to
DSCP 46 (up and downstream)
and UP to 6 (downstream only)
 You can also set the bi-directional
per-user and per-SSID bandwidth
contracts from this screen (usually
not needed)
89

3. AireOS AVC
Application Visibility and
Control
Discover which applications are
running on your corporate and
guest WLANs
Prioritize critical wireless apps
and de-prioritize non-business
apps
Monitor voice and video
performance on the WLAN

Application Visibility & Control (AVC)
Deep Packet Inspection in the wireless controller – allows application identification,
remarking, rate limiting, and dropping of unwanted traffic
Leverages the IOS NBAR2 Engine – same list of traffic signatures as IOS & XE
Protocol packs are used to update signatures (more than 1,400 today)
92
• Discover which applications are running on your
corporate and guest WLANs
• Prioritize critical wireless apps and de-prioritize
non-business apps
• Monitor voice and video performance on the
WLAN
AVC In The Wireless LAN Controller

Key Points To Know About AVC
CAPWAP Tunnel
In AireOS 8.0, AVC can be
applied in a specific direction
(upstream or downstream)
• AVC Policy operates here in
centralized mode
• An AVC Policy supports a
maximum of 32 entries (rules)
• AVC Modifies the inner DSCP value,
thus influencing the CAPWAP
DSCP and wireless UP values
• AVC Policy functions here in
FlexConnect (AireOS 8.1)
93
Wired
Network802.1Q Trunk802.1Q TrunkAccess mode

AVC Example: Build A Multimedia AVC Policy
More Key Points To Know:
• Applications are grouped by class
(such as “voice-and-video” shown
here)
• From AireOS 7.6 Protocol Packs
are used for signature updates
• Approx. 1400+ AVC Signatures
available today
• Note: only 32 applications can be
added to a single profile
94

A Simple AVC Remarking Example:
 AVC has three basic control
capabilities:
1. Modify the inner packet’s DSCP to a
custom value
2. Drop the packet
3. Rate Limit
 E.g. Mark MS Lync Media to Gold
(DSCP 34)
95

Expanded AVC Example:
MS Lync Policy
Cisco Jabber and IP
Phone Policy
Unwanted applications
Policy – drop or police
AVC can be applied in upstream,
downstream, or both directions
AVC can drop unwanted traffic
AVC has ability to police
applications bi-directionally
Note: AireOS 8.x is shown here
96

AVC Example Cont’d: Apply The AVC Policy
1. Navigate to the QoS policy for
the WLAN where you want to
apply the AVC policy
2. Enable AVC
3. Apply the AVC policy you
created to this QoS policy
97

AVC Provides Application Visibility
98

4. AireOS
Bandwith Controls
You can limit BW downstream (from WLC
and down) and/or Upstream (at the AP):

AireOS Bandwidth Control Points
You can limit BW downstream (from WLC and down) and/or Upstream (at AP):
Upstream is an “indirect method”:
Limits can be applied at profile level, WLAN level, user level, based on device profile or user profile, using
local profiling or AAA override
Can target “real time” (i.e. UDP) or “Data” (i.e. TCP) traffic
Can be “Average” or “Burst” (last second budget excess)
You CAN do it, but should you? Marking down is the preferred method
Don’t
send!
I decide, alone,
when to send (thank
you CSMA/CA)

Bandwidth Control – Per User
Many places to configure bandwidth controls . . .

Bandwidth Control – Per Device Type
• You can also identify connecting devices, from the WLC or though Cisco ISE, and create a
policy based on what they are:
How to identify that device
What policy to apply
~ 100 device types supported

Configuring Policies
• You can then apply the policies to the WLANs, in the order you want them to be applied, up to
16 policies per WLAN:
• Each policy can group
several devices
Set the index
Pick the policy,
then click Add
10

Bandwidth Control – AAA Override
• With AAA Override, Upstream/Downstream BW values can be returned from ISE along with
user profile:
10

5. AireOS CAC
Call Admission Control
Part of 802.11e, purpose is to
reserve bandwidth for devices
running real time applications

CAC Quick Recap
CAC was part of 802.11e, purpose is to reserve
bandwidth for devices running real time
applications
Relies on Add Traffic Stream (ADDTS)
exchange, containing Traffic Classification
(TCLAS) section and Traffic Specification
(TSPEC) element
Keep in mind that applications and OSes are
not all network-aware
RF
Load Level
ADDTS (TSpec)
Accept or Reject
ACM
Enabled
RTP Traffic
(no ADDTS)
10

CAC Configuration - Voice
Up to 90% (static)
or 85% (load-based) BW
Use load-based for
TSpec … but Static for
SIP non-WMM!
10

802.1p DSCP Payload
CAPWAP Encapsulated
DSCP
802.11 DSCP Payload
UP DSCP Payload
Wired
Network
UP DSCP Payload
802.1Q Trunk
46
CAPWAP Encapsulated
DSCP802.1p
802.1Q TrunkCAPWAP
CAPWAP Encapsulated
DSCP
46
4646
46
46
6
0 46
34 46
108
802.11 DSCP Payload
46
802.11 DSCP Payload
802.1p DSCP Payload
CAPWAP Encapsulated
34 46
Caution: CAC Enabled and a non-TSpec Client
Enabling CAC limits downstream of non-TSpec clients to BE, even with
Platinum Profile
Best Effort (BE)
Voice (VO)
Non-
TSpec
Clients
Platinum

CAC Configuration - Video
Important CAC Recommendation:
• Very, very few video clients use
TSPEC (ADDTS)
• Only enable Video CAC if you know
that your client supports it, otherwise
you will get BE downstream
10

6. EDCA
Enhanced Distributed Channel
Access and TXOP (Transmit
Opportunity)

Tweaking the EDCA Parameters (Cont.)
• Wireless > 802.11a | 802.11bg > EDCA Parameters
AC AIFSN CwMi
n
CwMax TXOP
VO 2 2 3 47
VI 2 3 4 94
BE 3 4 10 0
BK 7 4 10 0
AC AIFSN CwMi
n
CwMax TXOP
VO 2 2 4 0
VI 5 3 5 0
BE 5 6 10 0
BK 12 8 10 0
AC AIFSN CwMi
n
CwMax TXOP
VO 2 2 4 0
VI 5 3 5 0
BE 12 6 10 0
BK 12 8 10 0
111

Implications of WMM EDCA Configuration
If you are voice, you can keep sending
for up to 1.5 ms (47 x 32 µs)
If you are video, you can send
chunks of up to 3 ms (94 x 32 µs)
If you are best effort of background, you can
only send one frame at a time (0 grouping)
• 802.11n (2009) and 802.11ac (2013) allow “blocks” (one ‘train’ of many frame-
wagons)
• Now, your voice and video queues are limited in time consumption…
while your BE/BK queues can send ‘one’ frame of (somewhat) ‘unlimited’ duration

802.11-2016 EDCA
• Example on 802.11a/n/ac network
• (TXOP values depend on what 802.11 protocol is enabled)
11

Tweaking the EDCA Parameters
Recommendation:
• Use the EDCA profile to Fastlane (as
of AireOS 8.3)

Cisco and Apple Fastlane

Apple / Cisco Partnership – Three Key
Enhancements
3. Centralized iOS App Policy Control
Better Roaming through Adaptive 11r
Proper QoS Handling
1. Enhanced QoS for iOS 10+
2. Improved Roaming
IT Administrator control of applications and QoS

Improved QoS UP and DSCP Markings (iOS 10+)
Endpoint/Client Voice (EF) Video (AF41) Control (CS3)
Cisco
Recommendation
6 5 4
Jabber for iOS 10+
(iPad, iPhone)
6 5 5
Jabber for
Android
6 5 3
Jabber for OSX 5 5 0
Jabber for Windows
(desktop)
5 4 3
MS Lync / Skype for
Business (Win 10)
5 4 3
Unified IP Phones
(DX650, 9971)
6 5 4
Apple FaceTime
(iPad)
6 5 5
11

Improved Roaming Performance
• In 802.11, delay in roaming causes poor experience, especially for rich-media
real-time applications. Interoperability increases complexity and prevents
adoption.
Standards to the rescue?
• 802.11k – Know about neighboring APs as you join the cell! No time wasted
scanning when roaming is needed
• 802.11v – Allows configuration of device while connected to a WLAN
• 802.11r – Fast Roaming / Transition (FT) without need to reauthenticate

802.11k, 802.11v, 802.11r help efficient roaming
802.11r enables fast roaming without complete reauth
802.11k sends you list of neighbors
802.11v BSS Transition sends you the new best AP Cisco-
AP-2 to connect to
Association
Fast Transition (802.11r)
Cisco-AP-1 Cisco-AP-2

Association
Apple / Cisco Innovation: Adaptive 802.11r
Legacy client cannot
join the same SSID
where 11r is enabled
I recognize that you
are an Apple device
11r is enabled for you
802.11k, 802.11v
are on by default
Legacy client that does
not support 11r/k/v can
join the same SSID
Cisco-APNon-Cisco-AP

Roaming Performance : 10x Better end-user
Browsing and App Experience
QoS, 802.11r/k/vNo QoS, No 802.11r/k/v
Time (s)*
*Time Interval between last packet on previous AP, and first packet on next AP

FastLane Best Practices Configuration in AireOS
1. Configure Platinum Profile for Voice ->UP 6, Multicast and non-
WMM unicast -> BE
2. Remove bandwidth limitation for UDP on Platinum Profile
3. Apply Platinum Profile to your WLAN
4. Apply EDCA 802.11revmc TXOP values to both bands
5. Enable Voice CAC, with 50% BW / 6% roaming limits
6. Trust DSCP upstream
7. Create an optimized UP-DSCP map, applied downstream
8. Create an optimized AVC profile for well-known applications
(AUTOQOS-AVC-PROFILE)
If you expect iOS devices in your cell, one click does it all:
TECEWN-3010 122

FastLane
Enabling FastLane enables best practice QoS config
globally:
Platinum profile sets Max Priority to voice (UP 6), non-
WMM and multicast to BE, 802.1p disabled,
bandwidth contracts disabled
EDCA profile is set to FastLane
12

FastLane
• Enabling FastLane enables
best practice QoS config
globally:
• DSCP is trusted upstream
(instead of UP)
• DSCP to UP mapping is
configured based on IETF
recommendations (standards-
based DSCP values mapped
to IEEE values; non-standard
DSCP values mapped to BE)

FastLane
• When FastLane is enabled
on a WLAN, an AVC
AUTOQOS-AVC-PROFILE
is also created
• You can add this profile to
your WLAN, or use another
profile*
• It is also possible to
customize the Auto AVC
profile if necessary
* 8.3 mandated the use of the AUTOQOS-AVC-PROFILE on FastLane WLANs, 8.3MR removes this limitation

FastLane CAC
• Enabling FastLane enables
best practice QoS config
globally:
• ACM is enabled on both
bands (load-based), with
max RF bandwidth 50% and
roaming bandwidth to 6%
• Expedited bandwidth is
enabled

• FastLane-enabled Apple IOS devices mark QoS correctly
• DSCP 46 / UP 6 is real voice traffic
• We trust this traffic, even without TSPEC
• Behavior:
• DSCP 46 / UP 6 traffic coming from Apple iOS FastLane devices gets DSCP
46 / UP 6 end-to-end (with or without TSPEC)
• DSCP 46 / UP 6 traffic, without TSPEC, coming from other devices gets BE
(0) downstream
Important!!!
Differences With FastLane Handling of CAC
127

iOS 10 Fastlane – Trusting Voice traffic
Platinum Profile – Voice Stream – CAC Enabled, iOS 10 client, AireOS 8.3
128
802.1p DSCP Payload
CAPWAP Encapsulated
DSCP
802.11 DSCP Payload
UP DSCP Payload
Wired
Network
UP DSCP Payload
802.1Q Trunk
CAPWAP Encapsulated
DSCP802.1p
802.1Q TrunkAccess mode
CAPWAP Encapsulated
DSCP
802.1p DSCP Payload
CAPWAP Encapsulated
4646
465 546466 46
46
46 46
6
6 646 465 5 46

Apple Configurator 2 – Whitelist QoS

Cisco and Apple Together
for a Better End-User Experience
Improve device
efficiency through
joint tested
standards-based
functionality
Analyze and
prioritize Apple-
based applications
Minimize impact of
Apple upgrades by
accessing local
instances on
Cisco® ASRs
Display content
from Apple
devices Wirelessly

Reduce
Cost &
Complexity
• Cisco CMX Solution https://www.youtube.com/watch?v=KQRb8vfU0qM
• CMX Hyperlocation vs RSSI Demo
https://www.youtube.com/watch?v=6ls7EHbSK4A
• Cisco Dual 5GHz Wi-Fi https://www.youtube.com/watch?v=mbpjiETvDXc
• Cisco Aironet AP-3800 RF Excellence
https://www.youtube.com/watch?v=dBpGsTKeyNM&t=64s
• Digital Network Architecture with Wave2 with 802.11ac
https://www.youtube.com/watch?v=ySjN13hPhXY&t=2s
• Cisco Aironet Series – Flexible Radio Assignment
https://www.youtube.com/watch?v=K_-BykT_YIM
• TechWiseTV: Apple and Cisco: Fast-Tracking the Mobile Enterprise
https://www.youtube.com/watch?v=bh8rEvrzm7Y&feature=youtu.be
• Prioritized Business Apps
https://www.youtube.com/watch?v=z0EOKNxL964&feature=youtu.be
• Apple and Cisco: Three Solutions Coming Together
https://www.youtube.com/watch?v=7MgsDkf55wQ&feature=youtu.be
• WiFi Optimized Feature
https://www.youtube.com/watch?v=xgPfxAolJoQ&feature=youtu.be
Faster Innovation
VoD Links
Lower
Risk
• Fastlane App Demo
https://www.youtube.com/watch?v=N1QMUcv3aRQ
• Cisco APIC-EM Wireless PnP Demo
https://www.youtube.com/watch?v=_9P2-bU66PU
• Cisco Aironet Plug and Play Cloud Redirection
https://www.youtube.com/watch?v=W7fBZ6xfSxw
• Wireless LAN Controller Dashboard Review
https://www.youtube.com/watch?v=af09TBaafRI&feature=youtu.be
• Cisco Wireless Mobile App
https://www.youtube.com/watch?v=HyvZ4mbVAWs
• WLC Advanced UI Client Troubleshooting
https://www.youtube.com/watch?v=dZVxI6jOx_Q
• ISE Simplified Wireless Setup
https://www.youtube.com/watch?v=A3F2DrFu7Lo&feature=youtu.be
• Cisco Wireless TrustSec Demo
https://www.youtube.com/watch?v=A3F2DrFu7Lo&feature=youtu.be
• Cisco Wireless Netflow Lancope Integration Demo
https://www.youtube.com/watch?v=TuWYkrt94CQ
• OpenDNS Integration with WLC
https://www.youtube.com/watch?v=cMdX8sBBYG4

• 5520 WLC
• 8540 WLC
• AP1570
• AP1810 OE
• AP1810W Wall Plate
• AP1850
• AP2700/3700
• AP2800/3800
• AP702W
• APIC-EM Wireless AP PnP
• Flex7500 WLC
• Mesh APs
• Mobility Express
• Smart Licensing
• Univ. AP Regulatory Domain
• Virtual WLC
Cisco Wireless LAN Documentation
INSTALLATION GUIDES
• 802.11r BSS Fast Transition
• Adaptive wIPS
• ATF Ph 1 & 2
• CleanAir
• CMX FastLocate
• High Density
• Rogue Management
• RRM RF Grouping Algorithm
• RRM White Paper
RADIO CONFIGURATION
• BYOD for FlexConnect
• BYOD with ISE
• Security Integration
ENCRYPTION
• Bi-Directional Rate Limiting
• Flex AP-EoGRE Tunnel Gtwy
• IPv6
• Jabber
• Jabber and UCM
• Microsoft Lync
• Passpoint Configuration
• Real-Time Traffic Over WLAN
• VideoStream
• Vocera IP Phone in WLAN
• VoWLAN Troubleshooting
CLIENT ADDRESSING POLICY ENGINE
• AVC
• Bonjour
• Chromecast
• Device Classification
• Domain Filtering
• mDNS Gateway w/Chromecast
• Wireless Device Profiling & Policy Classification
BEST PRACTICES
• Apple Devices
• Enterprise Mobility Design Guide
• High Availability (SSO)
• HyperLocation
• iPhone 6 Roaming
• N+1 High Availability
• WLAN Express
• WLC Configuration Best Practices

Cisco Connect Toronto 2017 - Optimizing your client's Wi-Fi Experience

Recommandé

Recommandé

Contenu connexe

Tendances

Tendances (20)

En vedette

En vedette (18)

Similaire à Cisco Connect Toronto 2017 - Optimizing your client's Wi-Fi Experience

Similaire à Cisco Connect Toronto 2017 - Optimizing your client's Wi-Fi Experience (20)

Plus de Cisco Canada

Plus de Cisco Canada (20)

Dernier

Dernier (20)

Cisco Connect Toronto 2017 - Optimizing your client's Wi-Fi Experience