Before applying any type of differentiated service business policy it is necessary to identify to which kind of Traffic Class (TC) traffic belongs to. There are two different mechanisms that help to identify and categorize different types of traffic: classification and marking.
Classification is the most fundamental QoS building block and without it all packets are treated in the same way. Classification is the action that identifies and organizes packets into different types of traffic.
Marking is the action that change a field into the packet header to preserve the classification decision and identifies the type of traffic that packet belongs to, so it can be identified from other packets in QoS treatment.
Classification is the process of inspection of one or more fields in a frame, packet, segment or data in order to identify the type of traffic being transported by the network. This traffic categorization into classes can be based on different fields of the packet such as IP source or destination addresses, DSCP value or even the ingress interface.
The classification process allows to group traffic by similarity assigning it to a TC which will be treated accordingly to an uniform QoS strategy in the network.
The next table summarizes the fields that may be used to perform the classification process.
Interface, subinterface, port...
MPLS Traffic Class (TC) Field
DSCP, Src & Dst IP addr.
UDP & TCP ports
Once the traffic is identified and categorized, network devices can be configured to give a differential QoS treatment to each TC, allocating the network resources needed to deliver the best possible performance for each type of traffic. This process is known as the policy-enforcement mechanism for the TC and may be preferential or deferential. Such treatment can include marking/remarking, queuing, policing, shaping, etc.
Classification does NOT implies marking. The marking process that may come after classification will be discussed briefly in the next section.
Marking usually refers to changing a field within the frame or packet to preserve the classification decision that was reached in the previous step. Marking action can’t be done without classification and can be used to avoid repetitive in-deep classification process within the QoS domain.
An in-depth classification of ingress traffic at the QoS domain edge follows a lighter classification of traffic inside the QoS domain based on the marking set at the QoS domain trust boundary.
The next table summarizes the most common marking actions that can be performed.
Bits / Values
3 / 8
MPLS Traffic Class (TC) Field
3 / 8
6 / 64
Marking can NOT be done without classification, because network devices need to identify the traffic in advance to performing some kind of marking action. Traffic can be re-marked or marked down within a QoS domain in order to apply a different QoS treatment for several reasons (policing, domain merging).
Whenever possible, it’s recommended to use the DSCP marking. The standard-based IP DSCP marking is interoperable with any other QoS domains in the same enterprise or an external SP. Enterprises can use DSCP marking to interface with SP classes of service. Merging processes are also easier when using this kind of marking.
Layer 2 marking: Ethernet
The next figure details the Layer 2 (ethernet) frame marking fields and values.
802.1Q/p CoS Value
Layer 2.5 marking: MPLS shim header
The next figure details the Layer 2.5 (MPLS) frame marking fields. The correspondence from the MPLS TC field and DSCP or other field may be agreed in advance between the customer and the service provider (SP) in case the MPLS network were not managed by the enterprise.
Layer 3 marking: IP DSCP
The next figure details the Layer 3 (IP) frame marking fields and values.
DSCP Per-Hop-Behaviour (PHB)
Expedited Forwarding (EF) = Strict Priority
Assured Forwarding (AF)
Low drop probability
Medium drop probability
High drop probability
Default Forwarding (DF) = Best Effort
As already said, it’s recommended to use DSCP markings whenever possible. They are standard-based, end-to-end, more granular and more flexible than layer 2 markings.
- DSCP markings can be preserved end-to-end, allowing for uniform QoS service policy enforcement. Layer 2 markings are lost when the media changes or in the border between the LAN and the WAN.
- DSCP flexibility is higher than 802.1Q/p CoS field. CoS field is a 3-bit field, so it can be defined up to 8 different classes of service at layer 2. DSCP 6-bit field supports up to 64 different classes of traffic.
- CoS field does not support intra-class relative priority as is supported by the Assured Forwarding (AF) Drop Precedence. In this sense, DSCP is more granular than the layer 2 marking field.
It’s recommended to classify and mark traffic as close to their sources as technically and administratively feasible. By defining a trust boundary at the edge of the network, subsequent nodes do not have to perform a detailed traffic analysis to know how to treat some kind of traffic.
The trust boundary should be located at the point as close to the edge as possible with an administrative control in place. This may be an access switch, an IP phone, or some aggregation point. It is not recommended to trust markings that can be set by users on their PC, phones, applications, etc. Without proper control, users could try to get from the network a privileged treatment for their non-business-relevant applications.
As other nodes will later depend on this marking, it’s important to clearly define and control the trust boundary for a successful QoS deployment.
Classification and marking process are two important processes on which other subsequent QoS mechanisms depend on.
From a best practices point of view:
- Classify and mark traffic as close to the source as possible.
- As a general rule, don’t trust end user device marking.
- Use standard end-to-end marking whenever possible (DSCP PHB).
- Standard-based marking.
- Enables end-to-end QoS network design.
- More granular, allowing for different treatment within the same TC.
- More flexible because more bits allow for more classes of traffic.
IEEE 802.1Q/p CoS
NBAR Application Signatures
I hope you find it useful.