In this lesson, we’ll take a look at marking packets. Marking means that we set the TOS (Type of Service) byte with an IP Precedence value or DSCP value. If you have no idea what precedence or DSCP is about, then you should read my IP Precedence and DSCP value lesson first. I’m also going to assume that you understand what classification is. If you don’t…read my classification lesson first.
Marking on a Cisco catalyst switch is a bit different than on a router. If you want to know how to configure marking on your Cisco switch, then look at this lesson.
Having said that, let’s take a look at the configuration!
Configuration
I will use three routers to demonstrate marking, connected like this:
I will send some traffic from R1 to R3, and we will use R2 to mark our traffic. I use static routes on R1 and R3 to make all networks reachable. We’ll keep it simple and start by marking telnet traffic.
Let’s create an access-list for classification:
R2(config)#ip access-list extended TELNET-TRAFFIC
R2(config-ext-nacl)#permit tcp any any eq telnet
Now, we need to add the access-list to a class-map:
R2(config)#class-map TELNET-TRAFFIC
R2(config-cmap)#match access-group name TELNET-TRAFFIC
And we’ll add the class-map to a policy-map:
R2(config)#policy-map MARKING
R2(config-pmap)#class TELNET-TRAFFIC
R2(config-pmap-c)#set ?
atm-clp Set ATM CLP bit to 1
cos Set IEEE 802.1Q/ISL class of service/user priority
cos-inner Set Inner CoS
discard-class Discard behavior identifier
dscp Set DSCP in IP(v4) and IPv6 packets
fr-de Set FR DE bit to 1
ip Set IP specific values
mpls Set MPLS specific values
precedence Set precedence in IP(v4) and IPv6 packets
qos-group Set QoS Group
vlan-inner Set Inner Vlan
There are quite some options for the set command. When it comes to IP packets, we’ll use the precedence or DSCP values. Let’s start with precedence:
R2(config-pmap-c)#set precedence ?
<0-7> Precedence value
cos Set packet precedence from L2 COS
critical Set packets with critical precedence (5)
flash Set packets with flash precedence (3)
flash-override Set packets with flash override precedence (4)
immediate Set packets with immediate precedence (2)
internet Set packets with internetwork control precedence (6)
network Set packets with network control precedence (7)
priority Set packets with priority precedence (1)
qos-group Set packet precedence from QoS Group.
routine Set packets with routine precedence (0)
For this example, it doesn’t matter much what we pick. Let’s go for IP precedence 7 (network):
R2(config-pmap-c)#set precedence network
Last but not least, we have to activate the policy-map:
R2(config)#interface FastEthernet 0/0
R2(config-if)#service-policy input MARKING
That’s all there is to it. Let’s see if it works….I’ll telnet from R1 to R3:
R1#telnet 192.168.23.3
Trying 192.168.23.3 ... Open
Now look at R2:
R2#show policy-map interface FastEthernet 0/0
FastEthernet0/0
Service-policy input: MARKING
Class-map: TELNET-TRAFFIC (match-all)
10 packets, 609 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: access-group name TELNET-TRAFFIC
QoS Set
precedence 7
Packets marked 10
Class-map: class-default (match-any)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: any
That’s looking good! Ten packets have been marked with precedence 7. That’s not too bad, right?
Let’s see if we can also mark some packets with a DSCP value, let’s mark some HTTP traffic:
R2(config)#ip access-list extended HTTP-TRAFFIC
R2(config-ext-nacl)#permit tcp any any eq 80
Create a class-map:
R2(config)#class-map HTTP-TRAFFIC
R2(config-cmap)#match access-group name HTTP-TRAFFIC
And we’ll add it to the policy-map:
R2(config)#policy-map MARKING
R2(config-pmap)#class HTTP-TRAFFIC
R2(config-pmap-c)#set dscp ?
<0-63> Differentiated services codepoint value
af11 Match packets with AF11 dscp (001010)
af12 Match packets with AF12 dscp (001100)
af13 Match packets with AF13 dscp (001110)
af21 Match packets with AF21 dscp (010010)
af22 Match packets with AF22 dscp (010100)
af23 Match packets with AF23 dscp (010110)
af31 Match packets with AF31 dscp (011010)
af32 Match packets with AF32 dscp (011100)
af33 Match packets with AF33 dscp (011110)
af41 Match packets with AF41 dscp (100010)
af42 Match packets with AF42 dscp (100100)
af43 Match packets with AF43 dscp (100110)
cos Set packet DSCP from L2 COS
cs1 Match packets with CS1(precedence 1) dscp (001000)
cs2 Match packets with CS2(precedence 2) dscp (010000)
cs3 Match packets with CS3(precedence 3) dscp (011000)
cs4 Match packets with CS4(precedence 4) dscp (100000)
cs5 Match packets with CS5(precedence 5) dscp (101000)
cs6 Match packets with CS6(precedence 6) dscp (110000)
cs7 Match packets with CS7(precedence 7) dscp (111000)
default Match packets with default dscp (000000)
ef Match packets with EF dscp (101110)
qos-group Set packet dscp from QoS Group.
Let’s pick something…..AF12 will do:
R2(config-pmap-c)#set dscp af12
Let’s generate some traffic:
R3(config)#ip http server
R1#telnet 192.168.23.3 80
Trying 192.168.23.3, 80 ... Open
And check out the policy-map:
R2#show policy-map interface FastEthernet 0/0
FastEthernet0/0
Service-policy input: MARKING
Class-map: TELNET-TRAFFIC (match-all)
10 packets, 609 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: access-group name TELNET-TRAFFIC
QoS Set
precedence 7
Packets marked 10
Class-map: HTTP-TRAFFIC (match-all)
3 packets, 180 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: access-group name HTTP-TRAFFIC
QoS Set
dscp af12
Packets marked 3
Class-map: class-default (match-any)
99 packets, 5940 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: any
Hi Rene,
Why only switches and wireless devices are used to configure for re-marking traffic?
We do it for qos traffic confidentiality ?
The PHB logic is setting QoS marking for every devices right ? According to that do we need to re- match the traffics along the way , I am not clear about that…
Thnx , Thnx & Thnx again
Deniz
Hi Deniz,
Marking is typically done on the “border” of our network. This could be an IP phone or the switch or router that first receives these packets.
Once the packets are marked, there’s no need to do this again. You can trust the markings and apply an action to it (queuing, policing, shaping, etc.). The only reason to re-mark packets is if you don’t trust your traffic.
Rene
Thnx Rene,
You are best !
Deniz
thankyou v much rene !
Hi, Rene.
Reading this tutorial I had a doubt: what is the difference of I configure the command set precedence and set ip precedence or even if it was set dscp or set ip dscp into the policy-map? What changes in time of the router should mark the packet?
Thank you in advance