QoS classification tools categorize packets by examining the contents of the frame, cell, and packet headers, whereas marking tools allow the QoS tool to change the packet headers for easier classification.

Most QoS tools classify traffic, which allows for each class of traffic to receive a different level of treatment from other traffic classes. These different types or classes of traffic are typically called service classes in QoS terminology.

To place voice and data traffic in separate queues, for example, you must use some form of classification to differentiate the two types of traffic and place the identified traffic in the proper queue.

Marking provides a way for QoS tools to change bits in the packet header to indicate the level of service this packet should receive from other QoS tools. For instance, you can use marking tools to change the marking in voice packets to ensure that a classification tool can differentiate a voice packet from a data packet.

Classification Tools

Class-Based Marking (CB-Marking) – CB Marking can also refer to access control lists (ACLs) to match packets, with packets permitted by an ACL being considered to match the logic used by CB Marking.

Classification with NBAR – NBAR classifies packets that are normally difficult to classify. For instance, some applications use dynamic port numbers, so a statically configured match command, looking for a particular UDP or TCP port number, simply could not classify the traffic. NBAR can look past the UDP and TCP header, and refer to the host name, URL, or MIME type in HTTP requests. This deeper examination of the packet contents is sometimes called deep packet inspection.

Marking

Marking involves setting some bits inside a data link or network layer header, with the goal of letting other devices’ QoS tools classify traffic based on the marked values.

QoS Marking Fields

The specific fields which can be used for QoS Marking are as follows:

Field	Location	Length
IP Precedence (IPP)	IP Header	3 bits
IP DSCP (Differentiated Services Code Point)	IP Header	6 bits
DS Field (Differentiated Services)	IP Header	1 Byte
ToS Byte (Type of Service)	IP Header	1 Byte
CoS (Class of Service)	ISL and 802.1Q Header	3 bits
Discard Eligible (DE)	Frame Relay Header	1 bit
Cell Loss Priority (CLP)	ATM Cell Header	1 bit
MPLS Experimental (EXP)	MPLS Header	3 bits

Legacy ToS Field

The IP header defined in RFC 791, includes a 1 Byte field called the “Type of Service (ToS). The ToS byte was intended to be used as a field to mark a packet for QoS. The ToS byte was further subdivided with the high-order 3 bits (0 through 2) defined as the IP Precedence (IPP) field. The bits 3 through 6 of the ToS Byte included flag fields that were toggled on (1) or off (0) to imply a particular QoS service. The final bit 7 was not defined in RFC791. The flags were not used very often. The main purpose of the ToS byte was to hold 3-bit IPP field.

                              -----------
                               IP Header
                              -----------

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |Version|  IHL  |Type of Service|          Total Length         |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |         Identification        |Flags|      Fragment Offset    |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |  Time to Live |    Protocol   |         Header Checksum       |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                       Source Address                          |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                    Destination Address                        |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                    Options                    |    Padding    |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+


          ----------------------------------------------------
           The Type of Service octet consists of three fields
          ----------------------------------------------------

                0     1     2     3     4     5     6     7
             +-----+-----+-----+-----+-----+-----+-----+-----+
             |                 |                       |     |
             |   PRECEDENCE    |          TOS          | MBZ |
             |                 |                       |     |
             +-----+-----+-----+-----+-----+-----+-----+-----+

First 3 bits (0 through 2) of ToS / IP Precedence

The Precedence field values imply that the larger the value, the more important the traffic.

Field and Value (Decimal)	Binary Value	Name
Precedence 0	000	Routine
Precedence 1	001	Priority
Precedence 2	010	Immediate
Precedence 3	011	Flash
Precedence 4	100	Flash Override
Precedence 5	101	Critic/Critical/ECP
Precedence 6	110	Internetwork Control
Precedence 7	111	Network Control

Next 4 bits (3 through 6) of TOS Values (RFC1349)

0000 — normal service (Default)
0001 — minimize monetary cost
0010 — maximize reliability
0100 — maximize throughput
1000 — minimize delay

The last field labeled “MBZ” was unused.

Modern DS Field (Differentiated Services)

The ToS field was updated by series of RFCs and the field itself was renamed as Differentiated Services (DS) field. IPP field of ToS byte was replaced with a 6-bit (high order bits 0 through 5) field called the Differentiated Services Code Point (DSCP) field. The RFC3168 defined the low order 2 bits (bits 6 through 7) of DS field for use with the QoS Explicit Congestion Notification (ECN) feature.

 

 

 

 

 

 

 

Differentiated Services Architectural Model

The differentiated services architecture is based on a simple model where traffic entering a network is classified and possibly conditioned at the boundaries of the network, and assigned to different behavior aggregates. Each behavior aggregate is identified by a single Differentiated Services Code Point (DSCP). Within the core of the network, packets are forwarded according to the per-hop behavior associated with the DSCP. RFC2475

Behavior Aggregates and Per-Hop Behavior

 

 

 

 

 

 

 

 

The Class Selector PHB and DSCP Values

The DS field is simply a redefinition of the original ToS Byte in the IP Header. IP Precedence (IPP) filed of ToS Byte overlaps with first 3-bits of DSCP field of DS field. Because of this overlap, RFC2475 defines a set of DSCP values and PHBs, called Class Selector (CS) PHBs, that provide backward compatibility with IPP.

DSCP Class Selector Names	Binary Value of DSCP	Binary Value of IPP	IPP Field and Decimal Value	IPP Name
CS0 (Default)	000000	000	Precedence 0	Routine
CS1	001000	001	Precedence 1	Priority
CS2	010000	010	Precedence 2	Immediate
CS3	011000	011	Precedence 3	Flash
CS4	100000	100	Precedence 4	Flash Override
CS5	101000	101	Precedence 5	Critic/Critical/ECP
CS6	110000	110	Precedence 6	Internetwork Control
CS7	111000	111	Precedence 7	Network Control

Assured Forwarding PHB and DSCP Values

RFC 2597 defines four classes of Assured Forwarding (AF) PHB for queuing purpose, along with the three levels of drop probability inside each queue. To mark packets and distinguish into which of four queues a packet should be placed, along with one of three drop priorities inside each queue, the AF PHB defines 12 DSCP values and their meanings. The names of the AF DSCPs conform to the following format:

AFxy

where x implies one of the four queues (values 1-4) and y implies one of the three drop probabilities (values 1-3).

To convert from the AF name to the decimal equivalent, you can use a simple formula.

If you think of the AF values as AFxy, the formula is 8x + 2y = decimal value

For example, AF41 gives you a formula of (8 x 4) + (2 x 1) = 34

Queue Class	Low Drop Probability Within Class	Medium Drop Probability Within Class	High Drop Probability Within Class
	Name/Decimal/Binary	Name/Decimal/Binary	Name/Decimal/Binary
Class 1	AF11/10/001010	AF12/12/001100	AF13/14/001110
Class 2	AF21/18/010010	AF22/20/010100	AF23/22/010110
Class 3	AF31/26/011010	AF32/32/011100	AF33/30/011110
Class 4	AF41/34/100010	AF42/42/100100	AF43/38/100110

Commonly Used DSCP Values

DSCP Value	Decimal Value	Meaning	Drop Probability	Equivalent IP Precedence Value
101 110	46	High Priority Expedited Forwarding (EF)	N/A	101 – Critical
000 000	0	Best Effort	N/A	000 – Routine
001 010	10	AF11	Low	001 – Priority
001 100	12	AF12	Medium	001 – Priority
001 110	14	AF13	High	001 – Priority
010 010	18	AF21	Low	010 – Immediate
010 100	20	AF22	Medium	010 – Immediate
010 110	22	AF23	High	010 – Immediate
011 010	26	AF31	Low	011 – Flash
011 100	28	AF32	Medium	011 – Flash
011 110	30	AF33	High	011 – Flash
100 010	34	AF41	Low	100 – Flash Override
100 100	36	AF42	Medium	100 – Flash Override
100 110	38	AF43	High	100 – Flash Override
001 000	8	CS1		1
010 000	16	CS2		2
011 000	24	CS3		3
100 000	32	CS4		4
101 000	40	CS5		5
110 000	48	CS6		6
111 000	56	CS7		7

The Expedited Forwarding PHB and DSCP Values

RFC 2598 defines the expedited forwarding per-hop behaviors. This RFC defines a very simple PHB (low latency, with a cap on bandwidth), and a single DSCP (EF) to represent it. Expedited forwarding simply states that a packet with the EF DSCP should minimize delay, jitter, and loss, up to a guaranteed bandwidth level for the class.

The expedited forwarding PHB uses a DSCP name of EF, whose binary value is 101110, with a decimal value of 46.

Ethernet LAN CoS (Class of Service)

The CoS (Class of Service) field only exists inside Ethernet frames when 802.1Q or Inter-Switch Link (ISL) trunking is used. The IEEE 802.1P standard actually defines the usage of the CoS bits inside the 802.1Q header. It is called CoS (Class of Service) in ISL header and   “User-Priority bits” in 802.1Q tag field. But in general, it is referred as CoS field regardless of the type of trunking.

 

 

 

 

 

 

 

WAN Marking Fields

You can use single-bit fields in Frame Relay and ATM networks to mark a frame or cell for Layer 2 QoS. Frame Relay defines the discard eligibility (DE) bit, and ATM defines the cell loss priority (CLP) bit. The general idea is that when a device, typically a WAN switch, experiences congestion, it needs to discard some frames or cells. If a frame or cell has the DE or CLP bit set, respectively, the switch may choose to discard those frames or cells, and not discard other frames or cells. If the DE or CLP bit is set, there is no requirement that the Frame Relay and ATM switches react to it, just like there is no guarantee that an IP packet with DSCP EF will get special treatment by another router. It’s up to the owner of the Frame Relay or ATM switch to decide whether it will consider the DE and CLP bits, and how to react differently.

The MPLS Experimental bits comprise a 3-bit field that you can use to map IP precedence into an MPLS label.

Frame Relay Header

 

 

 

 

 

 

ATM Cell Header

 

 

 

 

 

 

 

 

 

 

MPLS Header

 

 

 

 

QoS Values Calculator

Reference: http://www.netcontractor.pl/blog/wp-content/uploads/2011/11/QoS-Values-Calculator-v3.jpg

Classification and Marking Design Choices

In summary, classification and marking tools classify packets based on a large number of different fields inside data link and network layer headers. Based on the classification, the tools then mark a field in a frame or packet header, with the goal that other QoS tools can more easily classify and perform specific QoS actions based on these marked fields. Among all the fields that can be marked, IP Precedence and DSCP, because they are part of the IP header, are the only fields that can be marked and carried from end to end in the network.

Cisco Recommended QoS Baseline

 

 

 

 

 

 

https://www.cisco.com/en/US/technologies/tk543/tk759/technologies_white_paper0900aecd80295a9b.pdf