# Classification and marking


Fields that can be marked for QoS purposes

- IP header
- LAN trunking header
- Frame Relay header
- ATM cell header

IP Precedence and DSCP compared

The IP header is defined in RFC 791, including 1 bytes called Type of Service (ToS).
The ToS was further subdivided, with the high-order 3 bits defined as the IP Precedence (IPP):

- Routine: Precedence 0 - 000
- Priority: Precedence 1 - 001
- Immediate: Precedence 2 - 010
- Flash: Precedence 3 - 011
- Flash Override: Precedence 4 - 100
- Critical: Precedence 5 - 101
- Internetwork Control: Precedence 6 - 110
- Network Control: Precedence 7 - 111

A series of RFC collectively called Differentiated Services (DiffServ) came along later.
The ToS was renamed the Differentiated Services (DS) field, and IPP was replaced with a 6 bits field called the Differentiated Services Code Point (DSCP).

DSCP settings and terminology

Several DiffServ RFCs suggest a set of values to use in the DSCP field and the associated QoS behavior recommended, called Per-Hop Behavior (PHB).

Class selector PHB and DSCP values

IPP overlaps with the first 3 bits of the DSCP.
RFC 2475 defines a set of DSCP values and PHBs, called Class Selector (CS) PHBs, that provide backward compatibility with IPP:

- Default/CS0: 000000 - 000 - Routine
- CS1: 001000 - 001 - Priority
- CS2: 010000 - 010 - Immediate
- CS3: 011000 - 011 - Flash
- CS4: 100000 - 100 - Flash Override
- CS5: 101000 - 101 - Critical
- CS6: 110000 - 110 - Interwork Control
- CS7: 111000 - 111 - Network Control

Packets with larger CS should be given better queuing preference.

Assured Forwarding PHBs and DSCP values

AF defines four classes (1-4) for queuing purposes with tree levels (1-3) of drop probability inside each queue.
Classes with a higher value have a better queuing treatment.
A higher level means a higher probability to being dropped.

- AF11, AF12, AF13: 001010, 001100, 001110
- AF21, AF22, AF23: 010010, 010100, 010110
- AF31, AF32, AF33: 011010, 011100, 011110
- AF41, AF42, AF43: 100010, 100100, 100110

Expedited Forwarding PHB and DSCP values

Packets marked as EF should be given queuing preference so that they experience minimal latency but they should be policed to do not consume all bandwidth on the link or starve other queues.
The DSCP value defined is binary value 101110 (class 5, EF53).

Ethernet LAN Class of Service

Ethernet supports a 3-bit QoS marking field when using either an 802.1q or ISL trunking header.
802.1q defines its QoS field as the 3 most-significant bits of the 2-byte Tag Control field.
ISL defines the 3 least-significant bits from the 1-byte User field.
Generally speaking, these 3 bits are called the Class of Service (CoS).

WAN marking fields

Frame Relay uses the Discard Eligibility (DE) bit. Frames with the DE set to 1 are considered to be dropped.
ATM uses the Cell Loss Priority (CLP) bit. Cells with the CLP set to 1 are considered to be dropped.
MPLS uses the a 3-bit field called Experimental (EXP) for general QoS marking.

Locations for marking and matching

For IPP and DSCP on edge devices.
For CoS, DE, CLP and EXP:

- For classification: on ingress interfaces.
- For marking: on egress interfaces.

Cisco Modular QoS CLI

MQC is a common set of configuration commands to configure many QoS features in a router or switch.
MQC-based tools can be identified by the name, they all begin with the phrase "Class-Based" (CB):

- CB Marking
- CB Weighted Fair Queuing (CBWFQ)
- CB Policing
- CB Shaping
- CB Header Compression

Mechanics of MQC

There are three major commands with MQC:

- The class-map command defines the matching parameters.
- The PHB actions (marking, queuing, ...) are configured under the policy-map.
- The policy map is enabled on an interface by using a service-policy command.

Classification using class maps

- The match command has many options for matching packets (QoS fields, ACLs, MACs, ...).
- Class-map names are case sensitive.
- The match protocol command means that IOS uses Network Based Application Recognition (NBAR) to perform the match.
- The match any command matches any packet.
- CEF is required for CB Marking.
ip cef
class-map match-all myclass1
 match ip rtp 16384 16383 ! (16384-32767)
class-map match-all myclass2
 match any
policy-map mypolicy
 class myclass1
  set dscp EF
 class myclass2
  set dscp default
interface fa0/0
 service-policy output mypolicy
Using multiple match commands

- Up to four (CoS and IPP) or eight (DSCP) values can be listed on a single match cos, match precedence or match dscp.
- If a class map has multiple match commadns in it, the match-any or match-all (default) define a logical OR or a logical AND between the match commands.
- The match class _name_ command refers to another class map by name.

Classification using NBAR

NBAR can look past the UDP and TCP header and refer to the host name, URL or MIME type in HTTP requests.
You can upgrade NBAR without changing to a later IOS version. Cisco uses a feature called Packet Description Language Modules (PDLM) to define new protocolos that NBAR should match:
ip nbar pdlm _pdlm-name_

Class-Based Marking (CB Marking) configuration

- A CB Marking policy map is processed sequentially; one a packet has matched a class, it is marked based on the set commands.
- You can configure multiple set commands in one class to set multiple fields.
- Packets that do not explicity match a defined class are considered to have matched a special class called class-default.
- For any class inside the policy map for which there is no set command, packets in that class are not marked.

- set [ip] precedence _value_
- set [ip] dscp _value_
- set cos _value_
- set qos-group _id_ ! Marks the group identifier for the QoS group
- set atm-clp
- set fr-de

CB Marking design choises

Mark as close to the ingress edge of the network as possible but not so close to the edge that the marking is made by an untrusted device.
RFC-recomended values for marking CoS, IPP, DSCP:

- Voice payload: 5, 5, EF
- Video payload: 4, 4, AF41
- Voice/video signaling: 3, 3, CS3
- Mission-critical data: 3, 3, AF31/AF32/AF33
- Transactional data: 2, 2, AF21/AF22/AF23
- Bulk data: 1, 1, AF11/AF12/AF13
- Best effort: 0, 0, BE
- Scavenger: 0, 0, 2/4/6

QoS pre-classification

With VPN traffic, the only thing we have to work with is the ToS byte of the original packet, which is automatically copied to the tunnel header (IPsec transport mode, IPsec tunnel mode and GRE).
But features like NBAR are broken.
Cisco IOS includes a feature called QoS pre-classification that can be enabled on VPN endpoint routers that keep the original traffic in memory until the egress QoS actions is taken:

- GRE and IPIP: interface tunnel
- L2F and L2TP: interface virtual-template
- IPsec: crypto map

AutoQoS

Is a macro that helps automate class-based Qos configuration using best practice recommendations.
There are two flavors: AutoQoS for VoIP and for the Enterprise.
To verify AutoQoS configuration use:

- show auto qos
- show mls qos
- show policy-map interface
- show auto discovery qos

AutoQoS for VoIP

Provides QoS both global and interface configuration for voice and video applications.
Is supported on routers and switches.
When enabled on access ports, AutoQoS uses CDP to detect the presence of a Cisco phone or softphone:
- auto qos voip {cisco-phone | cisco-softphone}
- Normal traffic is treated as best effort.
- For phone traffic, the switch trusts the QoS markings it receives.
When enabled on a trunk or uplink, it trusts the CoS or DSCP values received:
- auto qos voip trust

AutoQoS for the Enterprise

Provides QoS both global and interface configuration for voice, video and other network applications.
Is supported on routers.
The command to enable traffic discovery is auto discovery qos [trust] and is configured at the interface, DLCI or PVC level.
Use the trust keyword if you trust the traffic already marked because AutoQoS policies will use those markings during the configuration stage.
The router will classify the traffic collected into one of ten classes:

- Routing: CS6 - EIGRP, OSPF
- VoIP: EF - RTP voice media
- Interactive video: AF41 - RTP video media
- Streaming video: CS4 - Real audio, Netshow
- Control: CS3 - RTCP, H323, SIP
- Transactional: AF21 - SAP, Citrix, Telnet, SSH
- Bulk: AF11 - FTP, SMTP, POP3, Exchange
- Scavenger: CS1 - P2P applications
- Management: CS2 - SNMP, Syslog, DHCP, DNS
- Best effort: All others - All others.

Finally, configure the auto qos command and disable the traffic discovery.

No comments: