Classification and Marking

Classification and Marking

  • Classify and mark as close to the ingress edge as possible.
  • Mark or re-mark traffic when it reaches a trusted device in the network.
  • There are only two IP QoS marking fields that are carried end to end, Precedence and DSCP, mark one of these fields to maximize the benefits of reducing classification overhead.

Class-Based Marking
Service classes are different types of traffic that have been marked to receive better or worse service. Class-based marking (CB-Marking) examines the packet and classifies it into a service class.
Fields that can be examined for classification:

  • IP ACLs
  • Any markable fields
  • Input interface
  • MAC Addresses
  • All NBAR-enabled fields

Fields that can be marked:

  • IP Precedence
  • DSCP
  • 802.1P CoS
  • ISL Priority
  • Frame Relay DE
  • MPLS Experimental
  • QoS Group

You can mark the Precedence and DSCP fields with any valid binary value of either 3 or 6 bits respectively. Precedence fields should grow in importance and QoS behavior as the number gets higher. DSCP differs in that the larger number does not always get better QoS treatment.

Marking happens primarily in CoS, TOS, Precedence and DSCP.

IP ToS Byte — The 1 byte field in the IP header that was originally defined for QoS in RFC 791 released in 1981. It includes a 3 bit Precedence field and 4 ToS bits. p. 117 QoS

IP Precedence — Bits 0,1,2 of the IP ToS byte as defined by RFC 791.

TOS Field — Bits 4,3,5,6 of the IP Tos Byte as defined by RFC 791.

LAN CoS — Layer 2 marking. Refers to two different fields inside either the 802.1Q trunking header or a field inside the ISL header. Trunking or ISL must be enabled for the CoS field to exist. As soon as the packet is Layer 3 forwarded, either by a router or a layer 3 switch, the old LAN header gets discarded and the CoS field with it. p. 201 QoS
ISL — Uses the 3 least significant bits.
802.1Q — Uses the 3 most significant bits.

IP DSCP — Contained in the first 6 bits of the DS field in the IP header, which replaced the ToS byte. DiffServ defines 8 class selector DSCP values for backward compatibility with IP precedence.
Cisco Recommended Values for Marking

Traffic Tyoe CoS Precedence SCP
Voice Payload 5 5 EF
Voice Payload 4 4 AF41
Voice Payload 4 4 AF41
Voice/Video Signaling 3 3 CS3
Mission Critical Data 3 3 AF31



Transactional Data 2 2 AF21



Bulk Data 1 1 AF11



Best Effort 0 0 BE
Scavenger 0 0 2



The order of the class commands inside the policy-map is important. Each packet is compared to each class’s matching criteria in order, and once the first match is made the packet is considered to be in that class. So, the order of the class impact the logic of the policy-map. Order also matters in the in regards to CPU cycles. If the last rule matches most of the traffic, it will require more CPU.

Class-map names are code sensitive. It is recommended to stick with the same style or naming convention such all lower case, ALL UPPER CASE or HumpBack.

The class-map has two optional keywords after the name of the class-map, namely match-all or match-any because you can use multiple match statements. The match-all command is the default when nothing specified.

Match statements
There are differing amounts of values IOS will match depending upon the field that has been marked.

  • The match subcommand under class-map can be used to match up to four IP Precedence values in one command, for instance, match ip precedence 0 1 2.
  • Up to eight DSCP values can be matched with the match ip dscp subcommand.
  • Four CoS values can be matched.

NBAR can give statistical information about traffic mix as well as recognition of traffic that uses dynamic ports. When the match protocol command is given, the traffic is being matched by NBAR.

CEF forwarding must be enabled if using NBAR matching inside a policy map.

1. Classify packets into service classes using the match command inside an MQC class map.
2. Mark the packets in each service class using the set command inside an MQC policy map.
3. Enable the CB marking logic using the service-policy command under the interface.

A simple example:
All voice traffic should be marked with DSCP EF.
All other traffic should be marked with DSCP default.

ip cef

class-map match-all voip-rtp
	match ip ftp 16384 16383

policy-map voip-and-be
	class voip-rtp
		set dscp ef
	class class-default
		set dscp default

int fa0/0
	service-policy input voip-and-be

The show commands for confirmation and troubleshooting of the configuration:

show policy-map
show policy-map interface
This entry was posted in Routing. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s