Heavy Rain is not a good thing when your week-long vacation is about to start. As we start packing the rain is pounding on the window and though we’ll be about 400 miles south at the Shenandoah National Park and Blue Ridge parkway area, it is annoying
So wish me good weather and don’t miss me too much. I’ll be back in a week time and hope to bring some new energy and renewed motivation toward completing my ONT exam and CCNP track!
Now that I covered Layer 2 marking it is time for the more resource friendly way, Layer 3 marking.
Definition:
ToS (Type of Services) byte in the IPv4 header contain a six-bit DSCP (Differentiated Services Code Point) and a two-bit ECN (Explicit Congestion Notification) field. It is located between the Destination IP and L4 data in the header.
Layer 3 marking has the ability to carry data (marking info) from router to router across the network. The first implementation of marking using the ToS byte was IP Precedence which only used the left-most 3 bits. The IP Precedence marking strategies are the same as the CoS marking strategies.
DSCP Marking strategies:
Introduced more usable markings
Maintained backwards compatibility with IP precedence
The eight bits are split as shown:
000 | 000 | 00
Left part is PHB (Per-Hop Behavior) – major class
Middle part is Drop Probability - minor class, it will break the tie if left part is equal
Right part is Flow Control - PCs can be told to slow down to prevent packet loss. This is not included in DSCP marking.
PHB can be one of the three things (6 & 7 are reserved for network routing data):
Expedited Forwarding (EF – 5)
Assured Forwarding (AF4, AF3, AF2, AF1)
Best Effort (0)
Drop Probability currently only uses the left-most two (of three) bits and can be one of three:
High drop preference: 11
Medium drop preference: 10
Low drop reference: 01
The rules for can be confusing: while higher PHB is better, higher Drop Probability is worse. The combination of the two fields will make the decision on the precedence.
As with classification, it is important to remember that the level of preferences is just for marking, it does not define treatment (policing). We use marking techniques for greater flexibility but only when we actually apply them on an interface they will have an impact.
Following the QoS basics, the next step is Classification and Marking.
Quick definition reminder:
Classification – Inspecting one or more aspects of a packet to see what the packet is carrying. This is a local process affecting one router.
Marking – Writing information to a packet to easily identify it on other network devices. This is a global process running on one router but affecting any router on the network.
Whenever possible we should use marking because it has big impact on the network performance. Big example for the benefits of marking is when marked traffic leave the LAN and enter the ISP’s cloud. Using classification the same traffic will get to the ISP and will have no information attached to it while marking pass the data to the ISP. In this example your ISP can apply priority and other rules on the data and offer you the service you need.
Two other terms we should be familiar with (both in the QoS spirit):
CoS = Class of Service => L2 marking used on Ethernet
ToS = Type of Service => L3 marking = 1byte (8bits)
Types:
Frame Relay DE bit: 0 or 1. value of 0 = no, value of 1 = maybe, possible.
DE = Discard Eligible. You can mark the traffic that will become DE.
MPLS Exp bits: similar to CoS.
Ethernet trunk CoS: 3 bits.
CoS work by using 3bits -> only working on trunk connections (isl \ dot1q)
Ethernet CoS can get to 8 levels of service:
000 = best effort
001 = low data -> like web traffic
010 = high data -> apps like Citrix that need constant connection
011 = voice signal -> hold music
100 = video -> video streaming
101 = voice -> top class of traffic
110 = reserved -> that is for routing update traffic, STP etc
111 = reserved -> used by the router by default
Summary: L2 marking is stripped at every router and consume more resources. L3 marking is going all the way, marking on one router and using it all over the network. It is a much more important type of marking and will get its own (next) post.
After the Feb 17th security alert that focused on security products problems, Cisco released on March 24th another alert which focus on this blog’s current business – voice.
