QoS Classification & Marking

Classification & Marking are some technique to identify traffic types and segregate them by defining specific values in some additional fields of the IP/Frame Header.


Classification can be done in several ways like using ACL with IP Address or port number. But using ACL, Application Inspection is not possible. We can enable NBAR(Network Based Application Recognition) to do Application Payload Inspection. NBAR does deep packet inspection(mostly Application Layer Headers, Mime types, Request Methods etc.) and compare with signatures and attributes in PDLM(Packet Description Language Module) to determine the type of payload. In Cisco IOS we can use both ACL and NBAR. In MQC Model, we can call the ACLs in Class-Map.


Marking can be done using Precedence, DSCP, TOS and MPLS-Exp Bits in Packet or Frame and . IPv4 packet has a TOS field(1 Octate – 8 bits). We can add specific values to TOS according to their class and QoS models(DSCP or Precedence). In a Ethernet Frame(802.1q) we can use PCP(Priority Code Point) and DEI(Drop Eligibility Identifier) to enable marking on L2 Frames. In MPLS, the CS(Class Selector) values from the DSCP or Precedence values of IP Packed can be copied to the Label Stack according to the MPLS-QoS Model(unifor, pipe or short-pipe).

DSCP, Precedence(IP Header)

DSCP and Precedence is a part of IP Header TOS field. There is a long story behind the development of DSCP and IP Precedence. So we will discuss long story in short. The TOS field of IP Header is a 8bits word. When using IP Precedence, we use first 3bits and while using DSCP, we use 6bits. In DSCP first 3 bytes called class-selector(CS), which is there to make DSCP compatible with IP Precedence and also to support PCP and MPLS Exp. Then the additional 3 fields in DSCP is called drop-precedence or drop-probability. Whether it’s a DSCP class-selector or Precedence, higher value always takes priority.
IP Precedence has 8 values ranging from 0 to 7. Each of the values has special significance in terms of giving priority to the packet.
DSCP use 6bits. First 3bits define class selectors. Remaining 3bits define drop-probability. DSCP has 8 class selector ranging from CS0 to CS7. Using only class-selectors, the remaining 3bits remain all zero(000). The function of these DSCP classes are almost identical to IP Precedence. Further these class selectors has been subdivided into AF(Assured Forwarding) and EF(Expedited Forwarding) classes. We will discuss the AF and EF classes on the next section.

IP Precedence
Value Description
0 Best Effort
1 Priority
2 Immediate
3 Flash – mainly used for voice signaling
4 Flash Override
5 Critical – mainly used for voice RTP
6 Internetwork Control
7 Network Control
DSCP Class-Selector(CS)
DSCP CS Binary/Decimal Value Description
CS0 [000 000] =   0 Best Effort
CS1 [001 000] =   8 Priority
CS2 [010 000] = 16 Immediate
CS3 [011 000] = 24 Flash
CS4 [100 000] = 32 Flash Override
CS5 [101 000] = 40 Critical
CS6 [110 000] = 48 Internetwork Control
CS7 [111 000] = 56 Network Control

DSCP/IP Precedence Conversion Table
Class selector name DSCP value IP Precedence value IP Precedence name
Default / CS0 000000 000 Routine
CS1 001000 001 Priority
CS2 010000 010 Immediate
CS3 011000 011 Flash
CS4 100000 100 Flash Override
CS5 101000 101 Critic/Critical
CS6 110000 110 Internetwork Control
CS7 111000 111 Network Control

Further the DSCP Classes has been grouped into two different Forwarding classes. RFC 2597 has defined AF & EF DSCP Group. AF(Assured Forwarding) and EF(Expedited Forwarding) has been defined with specific function.

Assured Forwarding (AF)
There are 4 different classes in AF and each class will be placed in a different queue, within each class there is also a drop probability. When the queue is full, packets with a “high drop” probability will be deleted from the queue before the other packets. In total there are 3 levels for drop precedence. The functions of the AF group is defined below.

  • Queuing
  • Congestion Avoidance (WRED)
Assured Forwarding behavior group
Class 1 Class 2 Class 3 Class 4
Low drop probability AF11 (DSCP 10) 001010 AF21 (DSCP 18) 010010 AF31 (DSCP 26) 011010 AF41 (DSCP 34) 100010
Med drop probability AF12 (DSCP 12) 001100 AF22 (DSCP 20) 010100 AF32 (DSCP 28) 011100 AF42 (DSCP 36) 100100
High drop probability AF13 (DSCP 14) 001110 AF23 (DSCP 22) 010110 AF33 (DSCP 30) 011110 AF43 (DSCP 38) 100110

You can see that AF DSCP group is being represented by AFxy. The formula to find out the decimal value of the AFxy is 8 times x plus 2 times y.
AFxy = 8x + 2y; eg. AF21 = 8*2 + 2*1 = 18; AF33 = 8*3 + 2*3 = 30; AF12 = 8*1 + 2*2 = 12

Expedited Forwarding (EF)
The purpose of EF group to place a packet in a priority queue so that the delay could be minimized. EF group has highest drop precedence [110]. Value of EF is [ 101 110 ] which is decimal 46. The functions of the EF group is defined below.

  • Queuing
  • Policing

IETF Guideline and Consolidated DSCP and IP Precedence Values
Below are the consolidated list of DSCP and IP Precedence Value. The Configuration Guideline and IETF Recommendation has been mentioned in another table below.

DSCP/IP Precedence Consolidated Table hide
DSCP Name DS Field Value (Dec) IP Precedence (Description)
CS0 0 0: Best Effort
CS1, AF11-13 8,10,12,14 1: Priority
CS2, AF21-23 16,18,20,22 2: Immediate
CS3, AF31-33 24,26,28,30 3: Flash – mainly used for voice signaling
CS4, AF41-43 32,34,36,38 4: Flash Override
CS5, EF 40,46 5: Critical – mainly used for voice RTP
CS6 48 6: Internetwork Control
CS7 56 7: Network Control
IETF RFC 4594 recommendations
Service class DSCP Conditioning at DS edge PHB Queuing AQM
Network control CS6 See section 3.1 RFC 2474 Rate Yes
Telephony EF46 Police using sr+bs RFC 3246 Priority No
Signaling CS5 Police using sr+bs RFC 2474 Rate No
Multimedia conferencing AF41, AF42, AF43 Using two-rate, three-color marker (such as RFC 2698) RFC 2597 Rate Yes per DSCP
Real-time interactive CS4 Police using sr+bs RFC 2474 Rate No
Multimedia streaming AF31, AF32, AF33 Using two-rate, three-color marker (such as RFC 2698) RFC 2597 Rate Yes per DSCP
Broadcast video CS3 Police using sr+bs RFC 2474 Rate No
Low-latency data AF21, AF22, AF23 Using two-rate, three-color marker (such as RFC 2698) RFC 2597 Rate Yes per DSCP
OAM CS2 Police using sr+bs RFC 2474 Rate Yes
High-throughput data AF11, AF12, AF13 Using two-rate, three-color marker (such as RFC 2698) RFC 2597 Rate Yes per DSCP
Standard DF Not applicable RFC 2474 Rate Yes
Low-priority data CS1 Not applicable RFC 3662 Rate Yes

PCP(L2 Header)

PCP(Priority Code Point) is a part of 802.1Q Frame header. Eight different classes of service are available as expressed through the 3-bit PCP field. The way traffic is treated when assigned to any particular class is undefined and left to the implementation. The IEEE, however, has made some broad recommendations

PCP value Priority Acronym Traffic types
1 0 (lowest) BK Background
0 1 (default) BE Best effort
2 2 EE Excellent effort
3 3 CA Critical applications
4 4 VI Video, < 100 ms latency and jitter
5 5 VO Voice, < 10 ms latency and jitter
6 6 IC Internetwork control
7 7 (highest) NC Network control

MPLS Exp Bits(MPLS Header)

Experimental bits(3bits) of a MPLS header is used for QoS. There are no specific values defined, IP DSCP to QoS Exp mapping is completely depend on the Design and MPLS QoS Model such as Uniform model, Pipe and Short Pipe model. There is not a standard that defines the semantics associated with each of the EXP field values. Cisco generally recommends you not use values 6 and 7 for traffic other than control plane traffic (such as routing protocols). Cisco also suggests that decreasing values are associated with decreasing priorities. This is an example of a hypothetical mapping between DSCP and EXP bits in which four classes of service are defined: one for real-time traffic, another for best-effort traffic, and two more metered classes that incorporate the concept of in-profile and out-of-profile traffic.


Reserved for control plane traffic

Class Selector 7


Reserved for control plane traffic

Class Selector 6


Class 1 (real-time traffic)



Class 2 in-profile



Class 2 out-of-profile

AF32, AF33


Class 3 in-profile



Class 3 out-of-profile

AF12, AF13


Class 4 (best effort)




Using MQC model we can configured traffic classes in Cisco IOS. A traffic class can be defined using several ways, based on S-IP, D-IP, S-MAC, D-MAC, S-Port, D-Port, Application Type(NBAR). In MQC and traffic class is a class-map defined under global config mode. We can match ACLs in class-map to identify a specific types. Further ACLs can be configured to permit or deny IP Address, Port Number, MAC Address, Application Types, DSCP/Precedence values.


Policy Map is the Policy Object where we will configure the marking, remarking and per-hop-behavior. Under a single policy-map several class-map can be linked. Each of the classes under the policy-map we will define the behaviors. Below is a illustration of the relationship of Class & Policy Map.

  Previous Next  

Comment ( 1 )

  1. Replykrishnendu Das
    This is really good. Great Job !

Leave a Reply