The term “trust boundary” can be used to define the CoS trust boundary of the DSCP trust boundary or both. It depends on what you decide to use on your network to trust the traffic you are receiving. The term is not limited to be used for either one or the other or both, so it depends on what you decide to use.
Just for clarification, the trust commands you have in your post will classify ingress packets by trusting their CoS values, but will also allow egress packets to be sent without modifying the DSCP value, which is what the pass-through keyword does.
This command is used on a port where an IP phone is connected to the port and a PC is connected to the IP phone. (For more info about such an arrangement, take a look at the Voice VLAN lesson.) This command will cause the port on the phone to accept and trust any CoS values that the PC may send, and leave them unchanged.
Now, this introduces a new question, which you very correctly asked. Does that mean that the PC is capable of 802.1Q trunking since CoS values are contained within the VLAN Tags? The answer is yes. Page 14-2 of the following Cisco Documentation (PDF file) indicates that with this command you can configure the device attached to the access port on the Cisco IP phone to accept tagged traffic.
I understand your point about classifying traffic based on cos, because it trusts it, but I found the following in a qos FAQ on Cisco’s website:
Q. What is pass-through mode?
A. In pass-through mode, the switch uses the class of service (CoS) value of incoming packets without a modification of the differentiated services code point (DSCP) value. The frame can pass through the switch with both the incoming CoS and DSCP values intact. When you disable pass-through mode and configure the switch port to trust CoS, the DSCP value is derived from the CoS-to-DSCP map. In this case, the DSCP usually changes as a result. In Cisco IOS Software releases earlier than Cisco IOS Software Release 12.1(11)EA1, this derivation of the DSCP value is on by default and you cannot change it. In Cisco IOS Software Release 12.1(11)EA1 and later, you can configure this with the enablement of pass-through mode on the port.
which implies that using pass-through means the dscp value will remain unaltered for ingress traffic on that port. But you mentioned egress, which has confused me.
I wasn’t clear in my wording, I apologize. My meaning is that pass-through will not alter the DSCP values as traffic passes through the switch. I should have said, “it will allow packets to egress without modifying the DSCP value”. The Cisco documentation is excactly right, which is what I was trying to (somewhat clumsily ) say.
Fundamentally, you are correct. CoS is a value that exists within the VLAN tag at Layer 2 and is used to prioritize frames that traverse a trunk. Particular frames of specific VLANs are given priorities within that VLAN tag. You can find out more about the contents of the tag at the following lesson:
CoS uses three bits, and can thus have values between 0 and 7.
Now DSCP operates at Layer 3, and is part of the DS field in the IP header. The DS field contains 8 bits and can thus have values between 0 and 255. The values are not simply used in this range, but depending on how they are interpreted, allow you to deliver a more granular and customized prioritization of packets. In addition, unlike CoS which exists only on a particular trunk link, DSCP is something that remains within the packet from end to end, so an IP packet can be prioritized accordingly throughout its journey.
Keep in mind that DSCP values can be changed by network devices along the way, so even if you set these values when you send out the packet, if it traverses a network that you do not administer, those values can be changed.
I have read conflicting information in regards to congestion with QoS. Seems some think that FIFO is the case when there is no congestion - regardless of qos. The other side of the aisle thinks it ALWAYS is classifying, queuing regardless of congestion (so i guess FIFO in their respective queues during no congestion).
We must keep in mind that any QoS mechanisms employed will only kick in when there is congestion. Imagine a GigabitEthernet port on a router or switch receiving traffic at rates well below 1Gbps. As soon as a packet arrives, it is processed and forwarded. The packet never enters any queues. Such packets are served on a first come first serve basis simply because the bandwidth is available to serve it immediately. If you have no packets in queues, QoS mechanisms are not activated, simply because they are unneeded.
Queues will begin to fill up only when traffic arrives on an interface at a rate greater than the speed of the port. Once you have queues that are non-zero in size, only then will QoS mechanisms be applied.
hello Rene please can you explain to me concretely when do I have to apply this QoS Course module if I am ever called to work for a company, the methodology to adopt is which one, what is it that we apply the most, is it the marking; the classification, in short, I am a little confused by this course, especially since it is vast. I want a tangible example in life, please. can’t find my concern nonsense. I’m getting ready for my CCNP exam, what do I absolutely need to understand in order to be effective in the field?
In order to understand QoS as a whole, you must first understand the need for such a feature. Typically, QoS is necessary in the following scenarios:
When you have services that can be adversely affected by network congestion, such as real-time services including VoIP or videoconferencing
When you are called to rate limit a specific interface (such as your connection to the ISP) you must use either policing or shaping with the appropriate parameters to ensure that your network is performing as expected
QoS must always be applied based on the specifications of what you want to achieve. Once that is clearly defined, you can then use the various mechanisms and features (Layer 2 QoS with CoS, Layer 3 QoS with DSCP, policing, shaping, queuing etc…) to achieve that goal.
For example, the administration of your company may say that they want to ensure that VoIP and videoconferencing traffic should always have priority internally as well as over the Internet, while it is acceptable for web, VoD, and social media traffic can suffer somewhat if the network is congested. You will use the QoS tools available to you to deliver that level of service on your network.
The below lines in lesson Qos Trust boundary in cisco switch
Maybe you wonder how the switch knows the difference between a Cisco IP phone and another vendor. CDP (Cisco Discovery Protocol) is used for this. Now we trust the CoS value of the Cisco IP phone, but what about the computer behind it? We have to do something about it…here’s one way to deal with it:
3560Switch(config-if)#switchport priority extend cos
this command we need to run in every interface of the port
The switchport priority extend cos command is an interface configuration mode command and affects only the interface on which it is applied. You must apply this command on a per interface basis.
The QoS in this lesson is Multilayer Switch QoS or MLS QoS. This has been largely replaced by IOS Modular QoS Command Line Interface (MQC) in newer switches, including the IOU L2 you are using. This has different syntax and has a different application methodology.
the MLS QoS is not available in the IOSv images used by GNS3. From the little research that I did, it is not possible to run an IOS image that supports the MLS commands. Unfortunately, you can only run MQC on GNS3, and it’s not available on Cisco’s CML either.
Am I correct in thinking that for CoS value to be passed through multiple switches, they all need incoming traffic interfaces configured as CoS trusted?
Switch3(config-if)#mls qos
Switch3(config-if)#mls qos trust cos
And at least one switch at the front of the line must assign CoS value? If not using Cisco IP Phones.
Switch2(config-if)#mls qos
Switch2(config-if)#mls qos cos 5
Yes, this is the case. You must also ensure that you have configured trunk links between all the switches in question since the CoS values are actually contained within the 802.1Q tags exchanged by switches. If there is an access port between switches, no tag will be included in the frame.
I’m confused by the begining of the lesson. We start with: 3560Switch(config)#no mls qos rewrite ip dscp
because the default behavior of a switch is to erase DCSP (meaning setting the DSCP field at 0?)
So we apply this command, and we keep DSCP.
Then we say “By default, your switch will overwrite the DSCP value of the packet inside your frame according to the cos-to-dscp map.”
Does it means we have like a first default behavior that erase DCSP, and a second default behavior that overwite DSCP with CoS value?
) say.