Home > Articles > Network Technology > IP Communications/VoIP > Classification and Marking for Cisco DQOS and QOS Exams

Classification and Marking for Cisco DQOS and QOS Exams

Chapter Description

Brush up on your skills with this review of exam topics and objectives for the Cisco DQOS and QoS exams.

Classification and Marking Concepts

Most QoS tools classify traffic, which allows for each class of traffic to receive a different level of treatment from other traffic classes. You can use this method to prioritize one type of traffic over another. Classification and marking tools play a large role in this solution. Instead of giving queuing preference, or dropping a packet, or shaping, or policing, or fragmenting, and so on, classification and marking tools change some bits in the packet header. Other QoS tools throughout the network can examine the marked bits to classify packets.

First, this discussion focuses on classification, and then examines marking more closely.

Classification

Almost every QoS tool uses classification to some degree. To put one packet into a different queue than another packet, the IOS must somehow differentiate between the two packets. To perform header compression on Real Time Protocol (RTP) packets, but not on other packets, the IOS must determine which packets have RTP headers. To shape data traffic going into a Frame Relay network, so that the voice traffic gets enough bandwidth, the IOS must differentiate between Voice over IP (VoIP) and data packets. If an IOS QoS feature needs to treat two packets differently, you must use classification.

Because most QoS tools need to differentiate between packets, most QoS tools have classification features. In fact, many of you will already know something about several of the QoS tools described in this book, and you will realize that you already know how to perform classification using some of those tools. For instance, many QoS tools enable you to classify using access-control lists (ACLs). If ACL 101 permits a packet, a queuing tool might put the packet into one queue; if ACL 102 permits a packet, it is placed in a second queue; and so on. In one way of thinking, queuing could instead be called classification and queuing, because the queuing feature must somehow decide which packets end up in each queue. Similarly, traffic shaping could be called classification and traffic shaping, policing could be called classification and policing, and so on. Because most QoS tools classify traffic, however, the names of most QoS tools never evolved to mention the classification function of the tool.

Most classification and marking tools, like the other types of QoS tools, generally operate on packets that are entering or exiting an interface. The logic works something like an ACL, but the action is marking, as opposed to allowing or denying (dropping) a packet. More generally, classification and marking logic for ingress packets can be described as follows:

  • For packets entering an interface, if they match criteria 1, mark a field with a value.

  • If the packet was not matched, compare it to criteria 2, and then mark a potentially different field with a potentially different value.

  • Keep looking for a match of the packet, until it is matched, or until the classification logic is complete.

NOTE

This book uses the following terms describe the data structures used when sending data:

  • Frame—Bits that include the data link layer header and trailer (for example, Ethernet frame and Frame Relay frame)

  • Cell—Specifically, an Asynchronous Transfer Mode (ATM) cell

  • Packet—Bits that include the network layer header, but does not include the data link header (for instance, an IP packet)

  • Segment—Bits that include the TCP or UDP header, but not the data link or network layer header

The key to evaluating the classification features of different classification and marking tools is to examine what can be matched in packet headers. Because many classification and marking tools can refer to IP ACLs to classify packets, Table 3-2 shows the list of items that you can match with an extended IP ACL. Table 3-3 lists the fields that classification and marking tools can match without use of an ACL. Note that some header fields can be matched by an ACL or directly through some other style of configuration—in those cases, it is typically better to match the field directly, rather than with an ACL.

Table 3-2 IP Extended ACL Matchable Fields—IOS 12.2

Field

Comments

Source IP address

A range of source IP addresses can be matched by using a wildcard mask.

Destination IP address

A range of source IP addresses can be matched by using a wildcard mask.

IP Precedence

Format of command uses names for precedence. The following table lists the decimal value for each name.

Name
IP precedence value
routine
0
priority
1
immediate
2
flash
3
flash-override
4
Critic
5
internet
6
network
7

IP DSCP

Format of the command allows use of differentiated services code point (DSCP) names, as well as decimal values.

IP ToS

Can check to see whether a single Type of Service (ToS) field bit is toggled on; keywords are normal (binary 0000), max-reliability (binary 1000), max-throughput (binary 0100), min-delay (binary 0010), and min-monetary-cost (binary 0001).

TCP ports

Can check source and destination ports; can also check a range of port numbers, whether a port number is larger or smaller than a single value.

TCP Established

Although not typically useful for QoS classification, ACLs can match all TCP segments after the initial segment used for connection establishment.

UDP

Checks the source and destination ports; can also check a range of port numbers, whether a port number is larger or smaller than a single value.

ICMP

Checks a larger variety of ICMP messages and code types (for example, echo request and echo reply).

IGMP

Checks for Internet Group Management Protocol (IGMP) message types.


Table 3-3 Fields Directly Matchable by Classification and Marking Tools

Field

Tool

Comments

Source MAC address

CAR, CB marking

Committed access rate (CAR) uses special "access-rate" ACLs; class-based (CB) marking uses the match command.

IP Precedence

CAR, CB marking

CAR uses special "access-rate" ACLs specific to CAR; CB marking uses the match command; both can match a subset of values.

MPLS Experimental

CAR, CB marking

CAR uses special "access-rate" ACLs specific to CAR; CB marking uses the match command; both can match a subset of values.

CoS

CB marking

Checks incoming ISL/802.1P CoS bits. Can match multiple values.

Destination MAC address

CB marking

Checks for destination MAC address. Can match multiple values.

Input Interface

CB marking

Checks for input interface. Can match multiple values.

IP DSCP

CB marking

Can check for multiple values using multiple match commands.

RTP's UDP port-number range

CB marking

RTP uses even-numbered UDP ports from 16,384 to 32,767. This option allows matching a subset of these values, even-numbered ports only, because RTP only uses even-numbered ports.

QoS Group

CB marking

The QoS Group field is used to tag packets internal to a single router.

NBAR protocol types

CB marking

Refer to the "Network Based Application Recognition (NBAR)" section in this chapter for more details.

NBAR Citrix applications

CB marking

NBAR can recognize different types of Citrix applications; CB marking can use NBAR to classify based on these application types.

Host name and URL string

CB marking

NBAR can also match URL strings, including the host name, using regular expressions. CB marking can use NBAR to match these strings for classification.

Outgoing Interface

Policy-based routing (PBR)

Checks the routing table and finds all valid routes for the packet; matches based on the outgoing interface.

Next-Hop

PBR

Similar to the outgoing interface, but it checks the next-hop routers' IP addresses.

Metric

PBR

Checks the routing table entry for this packet, and compares the metric value to match the packet.

Route type

PBR

Checks the routing table, looking at the source of the routing table entry that matches the packet.

Dial Peer

Dial peers

Based on the dial peer and used to connect a VoIP call.


These two tables can be a little intimidating, especially for those of you studying to pass the QoS exams! Rest assured, however, that this book covers approximately 30 QoS tools, and the exams typically have no more than 60 questions on QoS. So, statistically speaking, the exams simply do not have enough questions to ask you about every little item that a tool could use for classification. I just included these tables, and others like them, for reference.

Marking

Marking involves setting some bits inside a data link or network layer header, with the goal of letting other devices' QoS tools classify based on the marked values. You can mark a wide variety of fields, and each has a particular purpose. Some fields are more widely used, and some are less widely used. Some marking options make sense for all devices on the LAN, whereas others only when using specific hardware platforms. Marking at the WAN is possible, too.

The following sections list the header fields that you can use for marking, along with explanations of when it is most useful to use that particular field. Recommendations follow these sections as to when to use classification and marking.

IP Header QoS Fields: Precedence and DSCP

The two most popular marking fields for QoS are the IP Precedence and IP DSCP fields that were introduced in Chapter 2, "QoS Tools and Architectures." QoS tools frequently use these two fields in part because the IP packet header exists from endpoint to endpoint in a network, as shown in Figure 3-1.

Figure 01Figure 3-1 Headers Used During Typical Packet Flow


As seen in Figure 3-1, the IP packet en route to host PC2 stays intact throughout the network, whereas the data-link headers only exist while a frame is crossing between a host and a router, or between routers.

Figure 3-2 outlines the two marking fields and their positions inside an IP header.

Figure 02Figure 3-2 IP Precedence and IP DSCP Fields

You can mark the Precedence and DSCP fields with any valid binary value of either 3 or 6 bits, respectively. Chapter 2 contains detailed discussion of the recommended values used in these two fields. Briefly, Precedence field values should grow in importance, and in QoS behavior, as the number gets higher. DSCP differs in that several per-hop behavior (PHB) RFCs define suggested DSCP values for which the larger number does not always get a better QoS treatment.

Table 3-4 lists the IP precedence and DSCP values, and their names, for review. Note that not all DSCP values are listed; only the DSCP values suggested by the DiffServ RFCs are listed in the table. QoS tools that are capable of setting DSCP can set any of the actual 64 values.

Table 3-4 IP Precedence and DSCP—Popular Values and Names1

Field and Value (Decimal)

Binary Value

Name

Defined by This RFC

Precedence 0

000

routine

791

Precedence 1

001

priority

791

Precedence 2

010

immediate

791

Precedence 3

011

flash

791

Precedence 4

100

flash override

791

Precedence 5

101

critic

791

Precedence 6

110

internetwork control

791

Precedence 7

111

network control

791

DSCP 0

000000

best effort or default

2475

DSCP 8

001000

CS1

2475

DSCP 16

010000

CS2

2475

DSCP 24

011000

CS3

2475

DSCP 32

100000

CS4

2475

DSCP 40

101000

CS5

2475

DSCP 48

110000

CS6

2475

DSCP 56

111000

CS7

2475

DSCP 10

001010

AF11

2597

DSCP 12

001100

AF12

2597

DSCP 14

001110

AF13

2597

DSCP 18

010010

AF21

2597

DSCP 20

010100

AF22

2597

DSCP 22

010110

AF23

2597

DSCP 26

011010

AF31

2597

DSCP 28

011100

AF32

2597

DSCP 30

011110

AF33

2597

DSCP 34

100010

AF41

2597

DSCP 36

100100

AF42

2597

DSCP 38

100110

AF43

2597

DSCP 46

101110

EF

2598


The two IP header QoS marking fields do not provide all the QoS marking fields needed today. One day, all other Layer 3 protocols besides IP may no longer be used. One day, all LAN switches will be capable of looking at IP headers, including IP DSCP and Precedence, and perform QoS based on those fields. Likewise, one day, all WAN services, including Frame Relay and ATM switches, will be able to perform QoS based on these same fields. However, today's reality is that even as more and more devices become capable of marking and reacting to IP precedence and DSCP, it will be a long time before all networking devices are both capable and configured to use these fields for QoS purposes. So, other QoS marking fields are needed.

LAN Class of Service (CoS)

Many LAN switches today can mark and react to a Layer 2 3-bit field called the Class of Service (CoS) located inside an Ethernet header. The CoS field only exists inside Ethernet frames when 802.1Q or Inter-Switch Link (ISL) trunking is used. You can use the field to set 8 different binary values, which can be used by the classification features of other QoS tools, just like IP precedence and DSCP.

Figure 3-3 shows the general location of the CoS field inside ISL and 802.1P headers.

Figure 03Figure 3-3 LAN CoS Fields

The term CoS really refers to two different fields—a field inside either the 802.1Q trunking header, or a field inside the ISL header. The IEEE 802.1Q standard uses the 3 most-significant bits of the 2-byte Tag Control field, called the user-priority bits. The Cisco proprietary ISL specification uses the 3 least-significant bits from the 1-byte User field, which is found inside the ISL header's user field byte. In general conversation, and in the QoS courses from Cisco, the term CoS applies to either of these two fields.

When can CoS be marked, and when can it be useful for classification to a QoS tool? First of all, trunking with 802.1Q or ISL must be enabled before the CoS field even exists! Second, as soon as the packet experiences Layer 3 forwarding, either with a router or some Layer 3 switch, the old LAN header gets discarded—which means you lose the CoS field. After a CoS field has been created and populated with the desired markings, routers and switches have several QoS tools that can react to these markings. Consider, for instance, a typical trunking environment, as shown in Figure 3-4, where all LAN switches are only performing Layer 2 switching.

Figure 04Figure 3-4 CoS—Trunking Locations in a Typical Network, Layer 2 Switches Only


To mark the CoS bits, trunking must be used—and in Figure 3-4, trunking could be used on every Ethernet segment. Switches typically use trunking on the Ethernet segments to other switches, routers, and to IP Phones. Typically, switches do not need to use trunking on segments connected to PCs or servers. Because some networking cards have the capability to support 802.1Q or ISL trunking, however, servers and PCs can set the CoS bits.

Trunking requires a Fast Ethernet interface, or Gigabit, or 10 Gigabit—it is not supported over 10-Mbps Ethernet. This book does not distinguish among the different types of Ethernet upon each mention.

Both routers and switches use QoS tools that can react to the marked CoS bits. Cisco routers can indeed mark CoS bits for frames exiting an Ethernet interface that supports trunking. For instance, R3 could mark CoS 5 on a frame it forwards out its FA 0/0 interface. Other Cisco router QoS tools can react to the marked CoS bits on incoming frames as well. For instance, R3 could mark packets entering its FA0/0 interface with a particular DSCP value based on the incoming CoS value. Later in this chapter, you will see a sample configuration for class-based marking that performs both of these functions.

Cisco switches vary widely regarding their capabilities to set CoS bits and react to previously marked CoS bits. Switches can support marking of CoS, and more often today support marking of IP precedence and DSCP as well. LAN switches that do support QoS features generally perform output queuing, and sometimes input queuing, choosing queues based on CoS values. Congestion avoidance using Weighted Random Early Detection (WRED) is another typical switch QoS feature. In addition, some switches support policing tools, also based on CoS. Although campus QoS is not covered in depth on the QoS exams today, it is an important topic, particularly with converged voice, video, and data networks. Chapter 10, "LAN QoS," covers LAN QoS in additional depth.

Other Marking Fields

You can use single-bit fields in Frame Relay and ATM networks to mark a frame or cell for Layer 2 QoS. Unlike IP precedence, IP DSCP, and 802.1P/ISL CoS, however, these two fields are not intended for general, flexible use. Each of these single-bit fields, when set, imply that the frame or cell is a better candidate to be dropped, as compared with frames or cells that do not have the bit set. In other words, you can mark the bit, but the only expected action by another QoS tool is for the tool to drop the frame or cell.

Frame Relay defines the discard eligibility (DE) bit, and ATM defines the cell loss priority (CLP) bit. The general idea is that when a device, typically a WAN switch, experiences congestion, it needs to discard some frames or cells. If a frame or cell has the DE or CLP bit set, respectively, the switch may choose to discard those frames or cells, and not discard other frames or cells. If the DE or CLP bit is set, there is no requirement that the Frame Relay and ATM switches react to it—just like there is no guarantee that an IP packet with DSCP EF will get special treatment by another router. It's up to the owner of the Frame Relay or ATM switch to decide whether it will consider the DE and CLP bits, and how to react differently.

You can use two other QoS marking fields in specialized cases. The MPLS Experimental bits comprise a 3-bit field that you can use to map IP precedence into an MPLS label. This allows MPLS routers to perform QoS features indirectly based on the original IP Precedence field inside the IP packets encapsulated by MPLS, without the need to spend resources to open the IP packet header and examine the IP Precedence field.

Finally, the QoS Group field, an internal marking that exists only within the router, may be set as a packet passes through the fabric of a Cisco gigabit switch router (GSR) or edge services router (ESR). QoS processing can be performed more quickly inside the switching fabric by using the QoS group. Therefore, you may want to configure GSRs and ESRs to mark the QoS group on ingress so that QoS processing occurs more rapidly.

Summary of Marking Fields

Not all these marked fields receive the same amount of attention on the QoS exams. Refer to the Introduction of this book, and the website suggested there, for the latest information about where to focus your attention. Table 3-5 summarizes the marking fields.

Table 3-5 Names of Marking Fields

Field

Location

Length

Comments

IP Precedence

IP header

3 bits

Contained in the first 3 bits of the ToS byte.

IP DSCP

IP header

6 bits

Contained in the first 6 bits of the DS field, which replaces the ToS byte.

DS

IP header

1 byte

Replaces ToS byte per RFC 2475.

ToS

IP header

1 byte

Replaced by DS field per RFC 2475.

ToS

IP header

4 bits

A field inside the ToS byte; superseded by RFC 2475.

CoS

ISL and 802.1Q/P

3 bits

Cisco convention uses "CoS" to describe either trunking headers' QoS field.

Priority bits

802.1Q/P

3 bits

The name used by IEEE 802.1P for the CoS bits.

Discard Eligible (DE)

Frame Relay header

1 bit

Frame Relay switches may discard DE-marked frames, avoiding discarding frames without DE marked, under congestion.

Cell Loss Priority (CLP)

ATM cell header

1 bit

ATM equivalent of the DE bit

MPLS Experimental values(s)

MPLS header

3 bits

Used to pass QoS marking information across an MPLS network.

QoS Group

Headers internal to IOS

N/A

Uses values between 1–99 inclusive. Used for marking only internal to a single router, specifically only on the GSR/ESR product lines.


The names of the various marking fields can be confusing. Quality of service (QoS) does not refer to any specific marking field, but it is a term that refers to a broad set of tools that effect bandwidth, delay, jitter, and loss. In other words, this whole book is about QoS. Class of service (CoS) refers to both of the two 3-bit fields in Ethernet trunking headers—one in the ISL header, and one in the 802.1Q trunking header. However, CoS also refers to a 2-bit field inside Systems Network Architecture (SNA) Layer 3 headers, which is also used for QoS functions. Type of service (ToS) is my personal favorite—ToS is the 1-byte field in the IP header, which includes a 3-bit Precedence field, and 4 ToS bits. And of course, DiffServ re-defines the ToS Byte as the DS-byte, with the DSCP field in the first 6 bits. Make sure you remember the true meanings of QoS, CoS, ToS, Precedence, and DSCP.

Classification and Marking Design Choices

Classification and marking tools provide many options, but sometimes sorting out the best way to use the tools can be difficult. Classification and marking tools can classify based on a large number of frame and packet header fields. They can also mark a number of fields, the most notable being the IP Precedence and DSCP fields. You can use the classification and marking tools on all routers in the network, on many LAN switches, and even on IP Phones and host computers. This brief section discusses some of the classification and marking design choices.

The first step in making good classification and marking design choices is to choose where to mark. The general rule for choosing where to mark is as follows:

Mark as close to the ingress edge of the network as is possible.

Figure 3-5 diagrams a typical enterprise IP network, which will be used to look more closely at the options for where to mark packets.

Figure 05Figure 3-5 Typical Enterprise Network

Consider packets that flow left to right in Figure 3-5. Hannah and Jessie, both client PCs, can mark IP precedence, IP DSCP, and CoS if their Ethernet card supports ISL or 802.1Q. The IP Phone internally marks its own voice bearer traffic precedence 5, DSCP EF, and CoS 5 by default, its own voice signaling traffic precedence 3, DSCP 31, and CoS 3. The phone can also re-mark the CoS, precedence, and DSCP sent by Hannah's PC. (The phone default action is to re-mark 0 for all three values.) SW1, depending on the type of switch, might be able to re-mark CoS, re-mark precedence or DSCP, or make general (multifield) classification and marking decisions—in other words, it might be able to look at some of the fields listed earlier in Tables 3-2 and 3-3. Finally, R1 can use general multifield classification and marking before sending the packet over the WAN—but over the next link to R2, because the link is a PPP link, the only marking options would be in the IP header.

So marking can be done in many places near the ingress edge of the network—but whom do you trust? Classification and marking should not be performed before the frame/packet reaches a trusted device. This location in the network is called the trust boundary. For instance, Jessie formerly marked her packets with DSCP default, but because the user of the PC can change that value, Jessie changed to use DSCP EF to get better service. In most cases, the end-user PCs are beyond the trust boundary. IP Phones can reset CoS, precedence, and DSCP to 0 for Hannah's traffic, and mark the VoIP with CoS 5, precedence 5, and DSCP EF—with the added benefit that the phone user cannot reset those values. The IP Phone trust settings are controlled by the connected Cisco Catalyst switch, enabling the system administrator to trust markings received from the IP Phone while rewriting the values received from the attached PC.

The final consideration when deciding where to mark involves the function of the various devices, and personal preferences. For instance, IP Phones provide three classes—one for voice bearer traffic, one for voice signaling traffic, and one for all packets from the PC. However, a network may need multiple classes for data traffic, so further classification may be required by a switch or router. Some switches provide robust Layer 3 QoS classification and marking functions—in these cases, classification and marking may be performed on the switch; otherwise classification and marking must be performed on the router. Figure 3-6 outlines some of the strategies for classification and marking for three different LAN topologies.

Figure 06Figure 3-6 Three Classification and Marking Placement Strategies


Figure 3-6 shows three typical paths for frames between the end-user device and the first router. The first instance shows a typical installation near the end users—a switch that performs only Layer 2 QoS, and PCs connected to it. Only Layer 2 QoS just means that the switch can react to, or possibly set, CoS, but it cannot react to or mark IP precedence or DSCP. In this case, classification and marking is typically performed as packets enter R1's Ethernet interface. In addition, because SW1 can support CoS, but not precedence or DSCP, R1 may want to map incoming CoS values to the Precedence or DSCP fields.

The second part of Figure 3-6 shows a network with a Layer 3 QoS-capable switch. Depending on the type of switch, this switch may not be able to perform Layer 3 switching, but it does have the capability to react to or mark IP precedence or DSCP. In this case, you should classify and mark on the switch. Classification and marking on the Layer 3 switch allows classification and marking closer to the trust boundary of the network, and offers the added benefits of queuing, congestion avoidance, and policing based on the marked values. If only a few sites in the network have Layer 3 QoS-capable switches, you may prefer to perform classification and marking on the router, so all sites' configurations are similar. However, classifying and marking in the router places additional overhead on the router's CPU.

Finally, the third example shows a PC cabled through an IP Phone to a Layer 3 QoS-capable switch. The IP Phone can easily take care of classification and marking into two categories—voice and nonvoice. The switch and router can take advantage of those marked values. If more classes are needed for this network's QoS policy, SW3, or R3, can perform classification and marking. Of course, if the QoS policy for this network only requires the three classes—one for voice bearer traffic, one for voice signaling traffic, one for nonvoice—and all PCs are connected through the switch in the IP Phone, no classification and marking is needed on SW3 or R3!

Figure 3-7 summarizes some of the design options for where to classify and mark, showing the remote site from Figure 3-5.

Figure 07Figure 3-7 Classification and Marking Options Applied to a Typical Enterprise Network


The choices of where to perform classification and marking can be summarized as follows:

  • Classify and mark as close to the ingress edge as possible.

  • Consider the trust boundary in the network, making sure to mark or re-mark traffic after it reaches a trusted device in the network

  • Because the two IP QoS marking fields—Precedence and DSCP—are carried end to end, mark one of these fields to maximize the benefits of reducing classification overhead by the other QoS tools enabled in the network.

Typically, when the packet makes it to the first WAN router, the initial marking has occurred. However, there may be other instances where marking should take place. Consider Figure 3-8, which shows several additional options for where marking can occur.

Figure 08Figure 3-8 Classification and Marking Options—Typical Enterprise WAN


Most QoS tools can classify based on IP precedence and DSCP. However, the Frame Relay or ATM switches can also react to the DE and CLP bits, respectively. Therefore, you might want to set DE or CLP for the least-important traffic. If the LAN switches connected to R3 react to CoS settings, but not precedence or DSCP, which is typical of switches that only support Layer 2 QoS, you might want to mark the CoS bits on R3 before sending frames onto the Ethernet.

Finally, when you do mark CoS, IP precedence, and IP DSCP, what values should you use? Well, the "bigger is better" attitude is suggested for CoS and precedence, whereas the DiffServ PHB RFCs should be followed for DSCP settings. Cisco also suggests some specific values in cases where your policies allow for voice payload, video payload, voice/video signaling, and two classes of data. Table 3-6 lists these recommended values.

Table 3-6 Cisco's Recommended Values for Marking

Type of Traffic

CoS

Precedence

DSCP

Voice payload

5

5

EF

Video payload

4

4

AF41

Voice/Video signaling

3

3

AF31

High-priority or gold data classes2

2

2

AF21

AF22

AF23

Medium-priority or silver data*

1

1

AF11

AF12

AF13

All else

0

0

Default


In summary, classification and marking tools classify packets based on a large number of different fields inside data link and network layer headers. Based on the classification, the tools then mark a field in a frame or packet header, with the goal that other QoS tools can more easily classify and perform specific QoS actions based on these marked fields. Among all the fields that can be marked, IP Precedence and DSCP, because they are part of the IP header, are the only fields that can be marked and carried from end to end in the network.

3. Classification and Marking Tools | Next Section Previous Section