0 Replies Latest reply: Nov 1, 2017 4:27 PM by Juan RSS

    Classification and Marking

    Juan

      Before applying any type of differentiated service business policy it is necessary to identify to which kind of Traffic Class (TC) traffic belongs to. There are two different mechanisms that help to identify and categorize different types of traffic: classification and marking.

       

      Classification is the most fundamental QoS building block and without it all packets are treated in the same way. Classification is the action that identifies and organizes packets into different types of traffic.

       

      Marking is the action that change a field into the packet header to preserve the classification decision and identifies the type of traffic that packet belongs to, so it can be identified from other packets in QoS treatment.

       

       

       

      Classification

      Classification is the process of inspection of one or more fields in a frame, packet, segment or data in order to identify the type of traffic being transported by the network. This traffic categorization into classes can be based on different fields of the packet such as IP source or destination addresses, DSCP value or even the ingress interface.

       

      The classification process allows to group traffic by similarity assigning it to a TC which will be treated accordingly to an uniform QoS strategy in the network.

       

      The next table summarizes the fields that may be used to perform the classification process.

       


      OSI Layer

      Layer

      Data unit

      Classification

      Layer 1

      Physical

      Bits

      Interface, subinterface, port...

      Layer 2

      Data Link

      Frames

      802.1Q/p CoS

      (Layer 2.5)

      MPLS

      Labeled Packets

      MPLS Traffic Class (TC) Field

      Layer 3

      Network

      Packets

      DSCP, Src & Dst IP addr.

      Layer 4

      Transport

      Segments

      UDP & TCP ports

      Layer 7

      Application

      Data

      Application Recognition

       

       

      Once the traffic is identified and categorized, network devices can be configured to give a differential QoS treatment to each TC, allocating the network resources needed to deliver the best possible performance for each type of traffic. This process is known as the policy-enforcement mechanism for the TC and may be preferential or deferential. Such treatment can include marking/remarking, queuing, policing, shaping, etc.

       

      Classification does NOT implies marking. The marking process that may come after classification will be discussed briefly in the next section.

       

       

       

      Marking

      Marking usually refers to changing a field within the frame or packet to preserve the classification decision that was reached in the previous step. Marking action can’t be done without classification and can be used to avoid repetitive in-deep classification process within the QoS domain.

       

      An in-depth classification of ingress traffic at the QoS domain edge follows a lighter classification of traffic inside the QoS domain based on the marking set at the QoS domain trust boundary.

       

       

       

       

       

      The next table summarizes the most common marking actions that can be performed.

       


      OSI Layer

      Layer

      Data unit

      Marking

      Bits / Values

      Layer 2

      Data Link

      Frames

      802.1Q/p CoS

      3 / 8

      (Layer 2.5)

      MPLS

      Labeled Packets

      MPLS Traffic Class (TC) Field

      3 / 8

      Layer 3

      Network

      Packets

      IP DSCP

      6 / 64

       

       

      Marking can NOT be done without classification, because network devices need to identify the traffic in advance to performing some kind of marking action. Traffic can be re-marked or marked down within a QoS domain in order to apply a different QoS treatment for several reasons (policing, domain merging).

       

      Whenever possible, it’s recommended to use the DSCP marking. The standard-based IP DSCP marking is interoperable with any other QoS domains in the same enterprise or an external SP.  Enterprises can use DSCP marking to interface with SP classes of service. Merging processes are also easier when using this kind of marking.

       

       

      Layer 2 marking: Ethernet

       

      The next figure details the Layer 2 (ethernet) frame marking fields and values.

       




      Traffic Type

      Acronym

      802.1Q/p CoS Value

      Best Effort

      BE

      0

      Background

      BK

      1

      Excellent Effort

      EF

      2

      Critical Apps

      CA

      3

      Video

      VI

      4

      Voice

      VO

      5

      Internetwork Control

      IC

      6

      Network Control

      NC

      7

       

       

       

      Layer 2.5 marking: MPLS shim header

       

      The next figure details the Layer 2.5 (MPLS) frame marking fields. The correspondence from the MPLS TC field and DSCP or other field may be agreed in advance between the customer and the service provider (SP) in case the MPLS network were not managed by the enterprise.

       

       

       

       

      Layer 3 marking: IP DSCP

       

      The next figure details the Layer 3 (IP) frame marking fields and values.

       

       



      DSCP Per-Hop-Behaviour (PHB)

      DSCP Values

      Expedited Forwarding (EF) = Strict Priority

      46

      Traffic Class

      Assured Forwarding (AF)

      Low drop probability

      Medium drop probability

      High drop probability

      Class 4

      AF41

      AF42

      AF43

      34

      36

      38

      Class 3

      AF31

      AF32

      AF33

      26

      28

      30

      Class 2

      AF21

      AF22

      AF23

      18

      20

      22

      Class 1

      AF11

      AF12

      AF13

      10

      12

      14

      Default Forwarding (DF) = Best Effort

      0

       

       

      As already said, it’s recommended to use DSCP markings whenever possible. They are standard-based, end-to-end, more granular and more flexible than layer 2 markings.

       

      • DSCP markings can be preserved end-to-end, allowing for uniform QoS service policy enforcement. Layer 2 markings are lost when the media changes or in the border between the LAN and the WAN.
      • DSCP flexibility is higher than 802.1Q/p CoS field. CoS field is a 3-bit field, so it can be defined up to 8 different classes of service at layer 2. DSCP 6-bit field supports up to 64 different classes of traffic.
      • CoS field does not support intra-class relative priority as is supported by the Assured Forwarding (AF) Drop Precedence. In this sense, DSCP is more granular than the layer 2 marking field.

       

      Trust boundary

       

      It’s recommended to classify and mark traffic as close to their sources as technically and administratively feasible. By defining a trust boundary at the edge of the network, subsequent nodes do not have to perform a detailed traffic analysis to know how to treat some kind of traffic.

       

      The trust boundary should be located at the point as close to the edge as possible with an administrative control in place. This may be an access switch, an IP phone, or some aggregation point. It is not recommended to trust markings that can be set by users on their PC, phones, applications, etc. Without proper control, users could try to get from the network a privileged treatment for their non-business-relevant applications.

       

      As other nodes will later depend on this marking, it’s important to clearly define and control the trust boundary for a successful QoS deployment.

       

       

       

      Summary

       

      Classification and marking process are two important processes on which other subsequent QoS mechanisms depend on.

       

      From a best practices point of view:

       

      • Classify and mark traffic as close to the source as possible.
      • As a general rule, don’t trust end user device marking.
      • Use standard end-to-end marking whenever possible (DSCP PHB).
        • Standard-based marking.
        • Enables end-to-end QoS network design.
        • More granular, allowing for different treatment within the same TC.
        • More flexible because more bits allow for more classes of traffic.

       


      Classification Criteria

      Marking Field

      Layer 1

      Physical Interface

      Layer 2

      IEEE 802.1Q/p CoS

      (Layer 2.5)

      MPLS TC

      Layer 3

      IP DSCP

      Layer 4

      TCP/UDP Ports

      Layer 7

      NBAR Application Signatures

       

       

       

      I hope you find it useful.