IP packets are classified for QoS in the Type of Service (ToS) byte, the original method of marking was with IP Precedence (IPP), its defined in the early RFC791. The 3 high order bits were used to define the precedence and their meanings are summarized in the table below;

The next 3 bits after the precedence were flags in bit order for Delay, throughput, and reliability, where if they were set to 1 would request either low delay, low throughput or low reliability. The final 2 low order bits were reserved.

Then along came Differentiated Services (DiffServ) with RFC2475, which needed more than 3 bits to correctly classify the information so the upper 6 bits in the ToS byte were replaced with Differentiated Services Code Point (DSCP), and the lower 2 bits used for QoS Explicit Congestion Notification (ECN). The DSCP and associated actions are termed Per Hop Behavior (PHB).

There are 4 main types of PHB, ill go through each one in turn.

Default PHB – This is for traffic that does not meet the other criterion and is essentially a best effort method of forwarding. The DSCP value to request this is 000000.

Expedited Forwarding (EF) – Expedited forwarding if a fancy term for getting that packet across the network as quickly as possible, the EF queue is usually policed to ensure that the queue does not utilize to much bandwidth and starve other queues.

Assured Forwarding (AF) – Assured forwarding has 4 classes of of queuing priority and 3 drop priorities, AF classes are represented in the format AF(1-4)(1-3) eg AF41 represents a class with a high priority and a low drop probability.

This table is from Page 410, of CCIE Routing & Switching 3rd Edition from Cisco Press;

Class Selector PHBs – This is for backwards compatibility with IPP, each Class Selector is equivalent to the binary value of the 3 precedence bits eg CS0 is 000, and CS7 is 111

I was reading about traffic shaping & policing and the acronyms in the book they were as clear as mud, but now Ive written them down and understand them they are really really simple. I put a few formulas on for them aswell, but havnt checked them so please correct me if im wrong, oh and I have presumed that you are attempting to traffic shape to the CIR.

Tc – This is a time interval in milliseconds when a Committed Burst (Bc) can get sent. Usually Tc = Bc / CIR

Bc – Committed Burst this is the amount of data in bits which can bet sent every Tc. Usually Bc = CIR / Tc

Be – Excess Burst is the number of bits the Bc can be exceed by if no data has been sent if no data has been sent in previous Tcs. EDIT: As commented by Jeriel Atienza the formula is Be = (Ar – CIR) * Tc/1000

CIR – Committed Information Rate this is the bandwidth of a link or VC in bps which the Service Provider guarantees to provide. Quite often the CIR is lower than the full capabilities of a link which is the main reason why traffic should be shaped & policed. CIR = Bc * Tc

Shaped Rate – This is the rate of the traffic which is being shaped in bps, it normally matches the CIR. Usually CIR = Shaped Rate!

WRED is a method of congestion avoidance which manages and slows down TCP flows to prevent them from congesting a link.

Tail Drops are packets which are dropped when the queues are full, if trail drops occur then multiple packets usually get dropped this causes TCP to slow down considerably. It is more efficient to discard fewer packets before the queue gets full rather than have packets being tail dropped, WRED achieves this.

WRED looks at the average queue depth and compares this to the minimum & maximum queue depth. If the average queue depth stays below the minimum queue depth no packets will be dropped, but likewise if it goes past the maximum queue depth all packets will be dropped, this is called full drop and is different to tail drop as the buffers are not full but it works in a similar way. If the average queue depth is between the minimum & maximum queue depths then it will drop a percentage of packets from 0 to a maximum percent. The maximum percent to drop is defined in the Mark Probability Denominator (MPD), the simple formula is;

Drop % = 1 / MPD

For IPP 0 traffic the MPD defaults to 10, which results in a maximum of 10% (10% = 1 / 10) of the traffic being dropped between the minimum & maximum threshold, remember that  if the average queue depth exceeds the the maximum threshold it will always drop 100% of the traffic. I have created a graph showing this below;

Not all queuing methods support WRED so it can only be configured on a physical interface (with FIFO), on a non LLQ class inside a CBWFQ policy map, or on an ATM VC.

WRED is configured on a physical interface or in a class within a policy map with the random-detect command. By default WRED will only look at IPP and not DSCP but we can use the random-detect dscp-based command to tell WRED to look at DSCP instead of IPP.
By default WRED will also respect the drop probability set in the DSCP value for Assured Forwarding by changing the default minimum drop threshold depending upon the drop proabibiltiy.

The WRED settings for each IPP or DSCP value can be changed with either of the following commands;
Random-detect precedence precedence-value min-threshold max-threshold [mark-probability-denominator]
Random-detect dscp dscp-value min-threshold max-threshold [mark-probability-denominator]

We can also change part of the WRED calculation which changes the formula for the rolling average queue depth, this is called the exponential weighting constant and changed with the command random-detect exponential weighting-constant exponent. Setting it to a high value makes the changing average move slower, and setting it to a low value makes it a quicker changing value, its not recommended that this is changed.

To improve performance of network devices packets should be marked as close to the source of the traffic, all network devices can then make decisions based upon those markings and do not need to reclassify or remark the traffic.

ToS Byte & IPP

RFC 791 defines the ToS (Type of Service) byte for “internet service quality selection”, thats QoS to you and me. The ToS byte initially used the first 3 bits to define the IP Precedence (IPP), the remaining bits where defined (except for the final bit) but rarely used.

Differentiated Services

Later on a standards were created for Differentiated Services (DiffServ), it went a little further and defined what each hop should do with the packet called Per Hop Behavior (PHB). The standard renamed the first 6 bits of the ToS byte to Differentiated Services Code Point (DSCP). The DSCP was used it for the selection of class in DiffServ, the first 3 bits are used for backwards compatibility with IPP. The final 2 bits were not defined but later used for Explicit Congestion Notification (apparently Vista is the first desktop OS which incorporates support for the ECN bits, but I don’t have a source for that info and its just hear say).

Please see the table below for the binary values of IPP/DSCP and the DSCP Class Selector values compared to the IPP names.

Assured Forwarding

Assured Forwarding (AF) is very common today, it defines the 6 DSCP bits to be used into 12 values. The 12 values for AF allows for 4 classes and 3 levels of drop probability for each class. AF DSCPs are shorted to the following format AFxy, x defines which queue and y defines the drop probability.

This handy table is from Page 410, of CCIE Routing & Switching 3rd Edition from Cisco Press;

Its really easy to turn the binary into the the AFxy format once you realise that the first 3 bits are for class and the final 3 bits in the DSCP field are are drop probability.

I have just gone through some of the methods of marking IP packets but not in that much detail, there are of course many other methods of marking traffic such as with the Discard Eligible (DE) bit in Frame Relay, Cell Loss Priority (CLP) in ATM, the MPLS Experiential bits, & CoS in the trunking headers.

There are 4 types of network delay which are summarized to form end to end delay they are;
Processing Delay, which is the time it takes a network device to make a decision on what to action to perform to a packet
Queuing Delay, is the time a packet spends in the outbound queue
Serialization Delay, how long it takes to put the bits onto the physical link
Prorogation Delay, this is the time a packet takes to travel down a physical link

Delays generally occur at the points where multiple downstream links aggregate into an upstream link or when there is a speed mismatch, eg your high speed LAN access the lower speed ISP connection.

But its not just delay which can cause problems, other network nasties include Packet Loss, Jitter, and lack of available bandwidth.

When the network was only being used for web, email, and file sharing it didn’t matter so much if there was jitter, a moderate packet loss or bad delays. Now with applications such as VOIP and video conferencing it has shifted engineers focus onto providing Quality of Service for the network, delays of greater than 150-200ms and packet losses higher than 1% can cause a significant degradation in quality.

The recognised methods of reducing delay are;
Increasing link speed – this can be an expensive approach and rarely solves the issue
Prioritise packets – by implementing queuing methods
Compress the packet payload – this is CPU Intensive
Compress the headers - this uses cRTP and is exceptionally handy for small VOIP packets where the header is a large percentage of the packet size
Avoid Congestion – using Congestion Avoidance techniques

In my next few posts I will go through the various stages for implementing Quality of Service, starting with classification & marking, congestion management & queuing, and policing & shaping.