Classification and Marking


Classification using MQC

Classification is the process of assigning a packet to a category. QoS parameters are assigned to each category, therefore a different QoS level is applied for each packet. Classification of the packets can be done using information at Layer 2, Layer 3, Layer 4 or even Layer 7 (via NBAR). Classification is the first step in applying QoS policies and it can be done in several ways. Probably the most used method is via the MQC module of CLI. Inside a class-map define the match criteria using:

R(config-cmap)# match ATTRIBUTE VALUE

The attributes that can be used for a match include ACLs, other class-maps, source or destination MAC Addresses, Layer 3 DSCP, IP Precedence, Layer 2 CoS, etc:

R(config-cmap)#match ?
  access-group         Access group - match using ACL
  any                  Any packets
  class-map            Class map
  cos                  IEEE 802.1Q/ISL class of service/user priority values
  destination-address  Destination MAC address
  discard-class        Discard behavior identifier
  dscp                 Match DSCP in IP(v4) and IPv6 packets
  fr-de                Match on Frame-relay DE bit
  fr-dlci              Match on fr-dlci
  input-interface      Select an input interface to match
  ip                   IP specific values (DSCP values, IP Precedence, RTP Ports)
  mpls                 Multi Protocol Label Switching specific values (EXP)
  not                  Negate this match result
  packet               Layer 3 Packet length
  precedence           Match Precedence in IP(v4) and IPv6 packets
  protocol             Protocol
  qos-group            Qos-group
  source-address       Source MAC address

Legacy methods of classification

Legacy methods of performing traffic classification are used by CAR, CQ or PQ.


NBAR is an advanced classification feature that is able to identify Layer 7 – Application traffic. To use NBAR in a class-map you have to use:

R(config-cmap)# match protocol PROTOCOL [OPTIONS]

NBAR has built-in support for most applications, but additional modules can be added either from a file:

R(config)# ip nbar pdlm PDLM-FILE

or by manual definition:

R(config)# ip nbar custom CUSTOM-NAME ...

NBAR Protocol Discovery

NBAR Protocol Discovery is a simple method of finding out what protocols run in the network. When enabled, it will start to account for the total number of bytes and packets for each type of protocol that is incoming or outgoing on the interface. It will also compute average bit rates. To enable NBAR Protocol Discovery, use:

R(config-if)# ip nbar protocol-discovery

To view the statistics, use:

R# show ip nbar protocol-discovery ...


Usually, traffic classification is only performed at the network edge. Each packet will be considered as part of a class, and that class identifier will be inserted in the packet header. Marking a packet for QoS can be done at layer 2 or layer 3. Layer 2 markings can only be inserted if the encapsulation type permits, while Layer 3 markings use the IPv4 or IPv6 ToS Byte.

Layer 2 Marking

On Ethernet links, a 3 bit CoS field (Class of Service) is encoded inside the 3 bits PRIORITY field of 802.1q, or inside the 4 bits USER field of ISL. This QoS information can only be used on trunk links, and there is no mechanism to carry it on access ports.

On Frame Relay links, we have 1 bit, called the “Discard Eligible” bit that can be used to mark traffic that exceeds the configured level of service.

MPLS also offers support for QoS markings inside its EXP field.

Layer 3 Marking

For Layer 3 marking we use the Type of Service byte from the IPv4 header or the Traffic Class byte from the IPv6 header. Over the years, the interpretation of the IPv4 ToS byte has changed. First, only the 3 most significant bits were used for QoS. On 3 bits, only 8 classes could be encoded, and this was called IP Precedence. Later, the first 6 bits where used as the DSCP (Differentiated Services Code Point). The DSCP field was interpreted in such a way that was going to be backwards compatible with IP Precedence. A DSCP Class Selector has the same value for the 3 most significant bits as the IP Precedence.

IP Precedence

IP Precedence uses only the first 3 bits of the ToS field, so it offers support for only 8 markings. Actually, only 6 are available, since IP Precedence 6 (internet) and 7 (network) are reserved for network control protocols like routing updates.

IP Precendece BitsIP PrecedenceDSCP BitsDSCP Class Selector


0 – Routine

000 000



1 – Priority

001 000



2 – Immediate

010 000



3 – Flash

011 000



4 – Flash Override

100 000



5 – Critical

101 000



6 – Internetwork Control

110 000



7 – Network Control

111 000



DSCP was introduced to allow a higher granularity of network traffic but also to provide compatibility with IP Precedence. Therefor the class system was used, where the available values are grouped into classes according to the first 3bits of the DSCP field. The values with 0 in the last 3 bits are called CS (Class Selectors) and they map to the 8 values of IP Precedence. CS0 is the default DSCP value of a packet. It represents a DSCP field with all zeros (000000) and matches to IP Precedence 0. CS1 through CS4 constitute the AF (Assured Forwarding) Classes. AF classes are further subdivided according to the Drop probability. These PHBs are noted AFxy. A higher x means traffic of higher priority, while a higher y represents traffic with a higher drop probability. AFxy is equivalent to a DSCP value of 8*x + 2*y. Bitwise, the x value is encoded in the 3 most significant bits of DSCP, while y is encoded in the next 2 bits. The last bit is always 0. When using DSCP,the highest priority PHB is EF (Expedite Forwarding) and it has a DSCP value of 46 (101 110)

Drop probabilityCS 0CS 1CS 2CS 3CS 4CS 5CS 6CS 7


AF11 DSCP 10 001 010

AF21 DSCP 18 010 010

AF31 DSCP 26 011 010

AF41 DSCP 34 100 010


AF12 DSCP 12 001 100

AF22 DSCP 20 010 100

AF32 DSCP 28 011 100

AF42 DSCP 36 100 100


AF13 DSCP 14 001 110

AF23 DSCP 22 010 110

AF33 DSCP 30 011 110

AF43 DSCP 38 100 110

EF DSCP 46 101 110

Marking with MQC

Now, how do we configure a Cisco router to mark the packets? When selecting a class, inside a policy, we can instruct the router to mark the traffic with the appropriate PHB before sending out the packet. This is done using the set command:

R(config)# policy POLICY
R(config-pmap)# class CLASS
(config-pmap-c)# set ATTRIBUTE VALUE
!The attributes that can be set:
R(config-pmap-c)#set  ?
  atm-clp        Set ATM CLP bit to 1
  cos            Set IEEE 802.1Q/ISL class of service/user priority
  discard-class  Discard behavior identifier
  dscp           Set DSCP in IP(v4) and IPv6 packets
  fr-de          Set FR DE bit to 1
  ip             Set IP specific values (IP Precedence, DSCP)
  mpls           Set MPLS specific values (EXP)
  precedence     Set precedence in IP(v4) and IPv6 packets
  qos-group      Set QoS Group

When this policy is used on an interface, it will mark the packets that are matched by each class according to the ATTRIBUTES and VALUES used in the set command.

When setting some attributes like CoS, DSCP or IP Precedence, you can use a table map to configure an automatic conversion from one marking to another:

R(config)#table-map TABLE
R(config-tablemap)# map from VAL-FROM to VAL-TO

You can use this table with some set commands.

Other ways to mark

There are other features that can be used to mark the packets, like CAR or Policing and Shaping.

Last updated