Type of Service (ToS)

The first stab at QoS was RFC 791, published September 1981, which defined the ToS byte. Inside the ToS byte the first three bits were defined as IP precedence. The greater the IP precedence the more important the traffic, the higher the probability of timely forwarding.

This table is reproduced based on one from the QoS Exam Certification Guide and shows the IP precedence bits of the ToS field.

Precedence 0 000 Routine
Precedence 1 001 Priority
Precedence 2 010 Immediate
Precedence 3 011 Flash
Precedence 4 100 Flash Override
Precedence 5 101 Critic/ECP/Critical
Precedence 6 110 Internetwork Control
Precedence 7 111 Network Control

For the sake of completeness I made this table from data in RFC 791 showing all of the bits on the ToS field.

Bit 0 IP Precedence
Bit 1 IP Precedence
Bit 2 IP Precedence
Bit 3 0 == Normal Delay 1 == Low Delay
Bit 4 0 == Normal Throughput 1 == High Throughput
Bit 5 0 == Normal Relibility 1 == High Relibility
Bit 6 Reserved for Future Use
Bit 7 Reserved for Future Use


The introduction of RFC 2474 states that differentiated services are intended to provide a framework and building blocks to enable deployment of scalable service discrimination in the Internet. Marking is performed by traffic conditioners or DS boundary routers. The DiffServ code point or DSCP redefines the ToS byte in the IP header. DSCP redefined the ToS byte to include the first 6 bits with RFC 2474 designating the last two bits as unused. RFC 3168 specified the last two bits of the DSCP field would be used for explicit congestion notification (ECN) bits. The DSCP describes per hop behavior to be used in that autonomous system.


From the CCNP ONT Certification Guide, PHB is formally defined as an externally observable forwarding behavior of a network on a group of IP packets that have the same DSCP Value. First traffic is classified as close to the source as possible, then marking is performed. If marking is done in our autonomous sytem (AS) it is trusted and the markings can be used in subsequent nodes.

There are four per hop behaviors:

    1. Best Effort (BE)
      Provides no QoS marking or treatment, the default, DSCP value of 000000.


    1. Expedited Forwarding (EF)
      From RFC 2598, the EF PHB can be used to build a low loss, low latency, low jitter, assured bandwidth, end-to-end service through DS domains. Such a service appears to the endpoints like a point-to-point connection or a “virtual leased line”. This service has also been described as premium service.

      A priority queue must be used to minimize the time EF packets spend waiting in the queue. It should also be policed so as to not exceed a configured rate. The DSCP field is set to 101110, a decimal value of 46.


    1. Class Selector (CS)
      DiffServ calls DSCP values used for backword compatibility with ToS-based IP precedence class selectors (CS). The least significant bits are set to 0, so it only uses 8 DSCPs. More important traffic is classified with a higher value as in the ToS table above. From the QoS Exam Certification Guide, it is important to distinguish between what the values of the precedence and DSCP fields can mean and what the should mean when following sound QoS design practices. IP precedence with value 0 should imply the lowest QoS service possible, with 7 implying the best.

      DSCP Class Selector, IOS Values Binary Values of DSCP Precedence Value (Decimal)
      Default 000000 0
      CS1 001000 1
      CS2 010000 2
      CS3 011000 3
      CS4 100000 4
      CS5 101000 5
      CS6 110000 6
      CS7 111000 7


  1. Assured Forwarding(AF)
    A company intranet often includes geographically distributed offices that have limited bandwidth connecting them. The company will have to specify which packets take precedence by classifying and marking packet forwarding assurance as well as drop precedence for its service provider.RFC 2597 defines AF as four independently forwarded classes. Within each AF class, an IP packet can be assigned one of three different levels of drop precedence which correlate to different discard rates during congestion. A higher decimal number represented by the bits in AF does not represent a better service level as it does in ToS and CS.

    From RFC 2597, in a DS node, the level of forwarding assurance of an IP packet depends on (1) how much forwarding resources has been allocated to the AF class that the packet belongs to, (2) what is the current load of the AF class, and, in case of congestion within the class, (3) what is the drop precedence of the packet.

    The following table is reproduced from the QOS Exam Configuration Guide and shows the four AF classes as well as the probability of being dropped:

Low Drop Probability Within Class Medium Drop Probability within Class High Drop Probability within Class
Name/Decimal/Binary Name/Decimal/Binary Name/Decimal/Binary
Class 1 AF11 / 10 / 001010 AF12 / 12 / 001100 AF13 / 14 / 001110
Class 2 AF21 / 18 / 010010 AF22 / 20 / 010100 AF23 / 22 / 010110
Class 3 AF31 / 26 / 011010 AF32 / 28 / 011100 AF33 / 30 / 011110
Class 4 AF41 / 34 / 100010 AF42 / 36 / 100100 AF43 / 38 / 100110

A list of the RFCs pertinent to this discussion:
791 ToS
2474 Details of the DSCP field in the IP header
2475 Core concepts of DiffServ
2597 Assured Forwarding PHB
2598 Expedited Forwarding
3260 Diffserv Clarification

This entry was posted in Routing. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s