QOS Classification and Marking

Today I am going to continue to talk about QOS (Quality of Service). QOS is used on network devices to classify and mark traffic based on their priority level, allowing for higher priority traffic to receive different treatment than lower priority traffic as it moves through the network. The steps of QOS are:

Classification- When a packet is being created, it must first be classified. A traffic class in QOS is a distinct group of packets that share a similar quality. For example video, Voice over IP, best effort, bulk file transfers can all be designated in their own kind of class. Classification is the process of identifying and categorizing network traffic into different groups or classes based on certain criteria. The certain criteria that can be used to categorize a packet into a class can be port number, IP addresses, and applications. Port numbers allow the network to know what type of traffic is being sent for example HTTPS for port 443, SIP for port 5060-5061, or SMTP for port 25. IP addresses can also be included when classifying network traffic providing context and endpoint identification. 

NBAR- The final way to classify network traffic is by application being used. The way this is done is by a technology that operates at layer 7 called NBAR (Network Based Application Recognition.) NBAR is a Cisco QOS classification technology that performs deep packet inspection to identify and classify network traffic at the application level. Instead of relying on port numbers and IP addresses, NBAR looks beyond the packet headers and examines the actual payload (data content/packet content) to identify applications. This is a good feature that provides application detection even if an application uses dynamic ports often such as FTP or TFTP. NBAR can recognize applications’ unique signatures (patterns or characteristics) and classify packets accordingly. 

Marking- Once traffic (packets) are classified, they are then marked. QOS marking can happen at layer 2 with PCP (Priority Code Point) or at layer 3 with DSCP (Differentiated Services Code Point.) The purpose of marking is to communicate the desired PHB (Per Hop Behavior) to be received as the packet traverses the network. Per Hop Behavior is the specific treatment each network device applies to a packet based on its QOS markings. It’s important to know that these are “desired PHB” as each network device a packet traverses has the potential to be configured differently. PCP values are used to prioritize packets for a LAN (Local Area Network) while DSCP is used for both LAN and WAN. 

PCP- PCP is found in the 802.1Q tag, under the Tag Control Information section taking up 3 bits with values ranging from 0 to 7. PCP’s QOS values are: 

DSCP- DSCP has four different per hop behaviors that can be marked on IP packets. These are DF (Default Forwarding), EF (Expedited Forwarding), AF (Assured Forwarding), and CS (Class Selector.) Each PHB serves its own purpose, and each class has different levels of treatment provided. 

DF- The first PHB in DSCP is DF. DF is the standard, best effort handling of traffic that is not assigned any specific QOS marking or priority value. Traffic in this class has the DSCP value of 0 [000000], and is not given any kind of priority over other traffic. Traffic in this class is treated equally with all other nonmarked packets as they move through the network. Traffic in this class is the first to be delayed,and more likely to be dropped during congestion to protect higher priority traffic. The type of traffic in this class are typical non time-sensitive packets such as web browsing, email, or file downloads. 

EF- The next PHB in DSCP is EF. EF refers to the class that provides low latency, low jitter, and low packet loss transmission for delay-sensitive traffic. EF is typically used for real-time applications such as VoIP, that need consistent and fast delivery. Traffic in this class is usually paired with a strict priority queue, which means that this type of traffic is forwarded ahead of any other traffic on the network. This is vital for applications that require strict requirements to function properly, especially when needing to satisfy the recommended standard for 150ms or less delay(latency), 30ms or less jitter, and 1% of less of packet loss. 

AF- Another DSCP PHB is AF. AF is a PHB group that provides a method for a network to offer different levels of delivery/forwarding assurance for various traffic classes. AF is divided into four classes from AF1 to AF4 with 4 having the highest priority and with 1 having the least priority. Each class has 3 drop precedence levels, which determine how likely packets are to be dropped during congestion with 1 being the lowest and 3 being the most likely to be dropped. AF is for traffic that needs better forwarding treatment than the standard best effort/default forwarding but can tolerate some delay such as file transfers, business critical traffic, or remote access sessions. The DSCP values for AF varies, in order to calculate it you do: 

X = class (1 – 4)

Y = Drop precedence (1 – 3) 

DSCP AF Value = (8 * x) + (2 * Y) 

CS- The last but not least PHB in DSCP is CS. CS is a set of backward compatible priority values (CS0 to CS7) that provide interoperability with the older IP precedence QOS model. CS markings use the first 3 bits of the DSCP field and keep the remaining 3 bits to zero. The first 3 bits are used to directly map with the older IP precedence values of 0 to 7, with 7 being the highest priority and zero being the lower priority. This allows for a company to maintain QOS while having a mixture of both legacy and newer network devices.