Classification and Marking
Classification
Classification using MQC
Classification is the process of assigning a packet to a category. QoS parameters are assigned to each category, therefore a different QoS level is applied for each packet. Classification of the packets can be done using information at Layer 2, Layer 3, Layer 4 or even Layer 7 (via NBAR). Classification is the first step in applying QoS policies and it can be done in several ways. Probably the most used method is via the MQC module of CLI. Inside a class-map define the match criteria using:
The attributes that can be used for a match include ACLs, other class-maps, source or destination MAC Addresses, Layer 3 DSCP, IP Precedence, Layer 2 CoS, etc:
Legacy methods of classification
Legacy methods of performing traffic classification are used by CAR, CQ or PQ.
NBAR
NBAR is an advanced classification feature that is able to identify Layer 7 – Application traffic. To use NBAR in a class-map you have to use:
NBAR has built-in support for most applications, but additional modules can be added either from a file:
or by manual definition:
NBAR Protocol Discovery
NBAR Protocol Discovery is a simple method of finding out what protocols run in the network. When enabled, it will start to account for the total number of bytes and packets for each type of protocol that is incoming or outgoing on the interface. It will also compute average bit rates. To enable NBAR Protocol Discovery, use:
To view the statistics, use:
Marking
Usually, traffic classification is only performed at the network edge. Each packet will be considered as part of a class, and that class identifier will be inserted in the packet header. Marking a packet for QoS can be done at layer 2 or layer 3. Layer 2 markings can only be inserted if the encapsulation type permits, while Layer 3 markings use the IPv4 or IPv6 ToS Byte.
Layer 2 Marking
On Ethernet links, a 3 bit CoS field (Class of Service) is encoded inside the 3 bits PRIORITY field of 802.1q, or inside the 4 bits USER field of ISL. This QoS information can only be used on trunk links, and there is no mechanism to carry it on access ports.
On Frame Relay links, we have 1 bit, called the “Discard Eligible” bit that can be used to mark traffic that exceeds the configured level of service.
MPLS also offers support for QoS markings inside its EXP field.
Layer 3 Marking
For Layer 3 marking we use the Type of Service byte from the IPv4 header or the Traffic Class byte from the IPv6 header. Over the years, the interpretation of the IPv4 ToS byte has changed. First, only the 3 most significant bits were used for QoS. On 3 bits, only 8 classes could be encoded, and this was called IP Precedence. Later, the first 6 bits where used as the DSCP (Differentiated Services Code Point). The DSCP field was interpreted in such a way that was going to be backwards compatible with IP Precedence. A DSCP Class Selector has the same value for the 3 most significant bits as the IP Precedence.
IP Precedence
IP Precedence uses only the first 3 bits of the ToS field, so it offers support for only 8 markings. Actually, only 6 are available, since IP Precedence 6 (internet) and 7 (network) are reserved for network control protocols like routing updates.
000
0 – Routine
000 000
CS0
001
1 – Priority
001 000
CS1
010
2 – Immediate
010 000
CS2
011
3 – Flash
011 000
CS3
100
4 – Flash Override
100 000
CS4
101
5 – Critical
101 000
CS5
110
6 – Internetwork Control
110 000
CS6
111
7 – Network Control
111 000
CS7
DSCP
DSCP was introduced to allow a higher granularity of network traffic but also to provide compatibility with IP Precedence. Therefor the class system was used, where the available values are grouped into classes according to the first 3bits of the DSCP field. The values with 0 in the last 3 bits are called CS (Class Selectors) and they map to the 8 values of IP Precedence. CS0 is the default DSCP value of a packet. It represents a DSCP field with all zeros (000000) and matches to IP Precedence 0. CS1 through CS4 constitute the AF (Assured Forwarding) Classes. AF classes are further subdivided according to the Drop probability. These PHBs are noted AFxy. A higher x means traffic of higher priority, while a higher y represents traffic with a higher drop probability. AFxy is equivalent to a DSCP value of 8*x + 2*y. Bitwise, the x value is encoded in the 3 most significant bits of DSCP, while y is encoded in the next 2 bits. The last bit is always 0. When using DSCP,the highest priority PHB is EF (Expedite Forwarding) and it has a DSCP value of 46 (101 110)
Low
AF11 DSCP 10 001 010
AF21 DSCP 18 010 010
AF31 DSCP 26 011 010
AF41 DSCP 34 100 010
Medium
AF12 DSCP 12 001 100
AF22 DSCP 20 010 100
AF32 DSCP 28 011 100
AF42 DSCP 36 100 100
High
AF13 DSCP 14 001 110
AF23 DSCP 22 010 110
AF33 DSCP 30 011 110
AF43 DSCP 38 100 110
EF DSCP 46 101 110
Marking with MQC
Now, how do we configure a Cisco router to mark the packets? When selecting a class, inside a policy, we can instruct the router to mark the traffic with the appropriate PHB before sending out the packet. This is done using the set command:
When this policy is used on an interface, it will mark the packets that are matched by each class according to the ATTRIBUTES and VALUES used in the set command.
When setting some attributes like CoS, DSCP or IP Precedence, you can use a table map to configure an automatic conversion from one marking to another:
You can use this table with some set commands.
Other ways to mark
There are other features that can be used to mark the packets, like CAR or Policing and Shaping.
Last updated