Classification and Marking
- Classify and mark as close to the ingress edge as possible.
- Mark or re-mark traffic when it reaches a trusted device in the network.
- There are only two IP QoS marking fields that are carried end to end, Precedence and DSCP, mark one of these fields to maximize the benefits of reducing classification overhead.
Service classes are different types of traffic that have been marked to receive better or worse service. Class-based marking (CB-Marking) examines the packet and classifies it into a service class.
Fields that can be examined for classification:
- IP ACLs
- Any markable fields
- Input interface
- MAC Addresses
- All NBAR-enabled fields
Fields that can be marked:
- IP Precedence
- 802.1P CoS
- ISL Priority
- ATM CLP
- Frame Relay DE
- MPLS Experimental
- QoS Group
You can mark the Precedence and DSCP fields with any valid binary value of either 3 or 6 bits respectively. Precedence fields should grow in importance and QoS behavior as the number gets higher. DSCP differs in that the larger number does not always get better QoS treatment.
Marking happens primarily in CoS, TOS, Precedence and DSCP.
IP ToS Byte — The 1 byte field in the IP header that was originally defined for QoS in RFC 791 released in 1981. It includes a 3 bit Precedence field and 4 ToS bits. p. 117 QoS
IP Precedence — Bits 0,1,2 of the IP ToS byte as defined by RFC 791.
TOS Field — Bits 4,3,5,6 of the IP Tos Byte as defined by RFC 791.
LAN CoS — Layer 2 marking. Refers to two different fields inside either the 802.1Q trunking header or a field inside the ISL header. Trunking or ISL must be enabled for the CoS field to exist. As soon as the packet is Layer 3 forwarded, either by a router or a layer 3 switch, the old LAN header gets discarded and the CoS field with it. p. 201 QoS
ISL — Uses the 3 least significant bits.
802.1Q — Uses the 3 most significant bits.
IP DSCP — Contained in the first 6 bits of the DS field in the IP header, which replaced the ToS byte. DiffServ defines 8 class selector DSCP values for backward compatibility with IP precedence.
Cisco Recommended Values for Marking
|Mission Critical Data||3||3||AF31
The order of the class commands inside the policy-map is important. Each packet is compared to each class’s matching criteria in order, and once the first match is made the packet is considered to be in that class. So, the order of the class impact the logic of the policy-map. Order also matters in the in regards to CPU cycles. If the last rule matches most of the traffic, it will require more CPU.
Class-map names are code sensitive. It is recommended to stick with the same style or naming convention such all lower case, ALL UPPER CASE or HumpBack.
The class-map has two optional keywords after the name of the class-map, namely match-all or match-any because you can use multiple match statements. The match-all command is the default when nothing specified.
There are differing amounts of values IOS will match depending upon the field that has been marked.
- The match subcommand under class-map can be used to match up to four IP Precedence values in one command, for instance, match ip precedence 0 1 2.
- Up to eight DSCP values can be matched with the match ip dscp subcommand.
- Four CoS values can be matched.
NBAR can give statistical information about traffic mix as well as recognition of traffic that uses dynamic ports. When the match protocol command is given, the traffic is being matched by NBAR.
CEF forwarding must be enabled if using NBAR matching inside a policy map.
1. Classify packets into service classes using the match command inside an MQC class map.
2. Mark the packets in each service class using the set command inside an MQC policy map.
3. Enable the CB marking logic using the service-policy command under the interface.
A simple example:
All voice traffic should be marked with DSCP EF.
All other traffic should be marked with DSCP default.
ip cef class-map match-all voip-rtp match ip ftp 16384 16383 policy-map voip-and-be class voip-rtp set dscp ef class class-default set dscp default int fa0/0 service-policy input voip-and-be
The show commands for confirmation and troubleshooting of the configuration:
show policy-map show policy-map interface