IP Precedence and DSCP Values

Hello Pradyumna

These are values that are contained within the eight bit DCHP/ToS field. When this field is populated, the packet is marked, in other words, it is given a marking that can be interpreted by network equipment that is configured with QoS mechanisms. Once marked, QoS mechanisms use these values to employ prioritization of traffic.

I hope this has been helpful!


Hi Laz,

Thanks for clearing out my doubts. I have more doubts please clear them out as well.

  1. In IP precedence i can understand when precedence is 001 mean this packet is prioritize over other packets similarly for Immediate traffic but not able to understand when packets having IP precedence value expect 001,010.
    How can we read packet if we given any other precedence value, eg packet with 001 precedence value mean this packet will be served first but in case of routine, flush, flush override etc what is that mean?
  2. Can we need to learn all these Class of service PHB,EF forwarding and Assured Forwarding along with value and purpose of use?
    3)The first 3 bits are used to define a precedence. The higher the value, the more important the IP packet is, in case of congestion the router would drop the low priority packets first, Concerned is that when packets are queued how they can be dropped b/c Packets in queue will either be served first or later. one thing is possible that packet out side the queue will be dropped when there is congestion

Hello Pradyumna

The precedence value simply shows the “importance” of IP packets. Higher priority packets take precedence, while lower priority packets may be dropped. Packets will be dropped if queues are filled to capacity. When this happens, the packets with lower precedence are dropped, while those with higher precedence are queued.
As far as the various class of service and PHB, you won’t need to know the specific numbers by memory or what they are used for, but you should understand the syntax (the meaning of CS and PHB, and AF, and EF) and the mechanisms used.

I hope this has been helpful!


Hi Lazaros,

I am super confused after reading the IP Precendence Lesson. For the Precedence values is 7 suppose to be more important for queuing and if so why is something named Internetwork Control more important than something named “Immediate”?

Does immediate mean it is sent out immediately. I felt like this wasn’t addressed at all in the lesson. What do the designations mean in layman’s terms for a beginner?

Why is having less options and only being able to choose one “good thinking”? and what does “monetary cost” refer to?

In an above response a student was told we ignore the 6th bit as it is part of the CU and hence why AF31 is 011010, but looking at the actual picture from lesson this doesn’t make sense. Clearly 345 are in blue and labeled drop probability?

Also, if a packet is part of high drop but in class 4 and another packet is in low drop class 1 will the high drop class 4 still get dropped after the low drop in class 1?

Moreover, how as a beginner can we make these classes and drops more concrete and less abstract?
What is the actual effect of being in a “class 3 medium drop”?

Lastly, it was stated that the EF in binary is 101110 this makes no sense 6th bit or not, as F = 1111 in binary?

Hello Daniel

The names used to define the various levels of precedence were defined in RFC791. The names are a matter of convention and are subjective, so don’t use their meaning to try to decipher what is meant. Just keep in mind that the higher the value of the precedence, the more important the IP packet is. That’s the only objective measurement in this case.

Similarly, RFC1349 gave a new definition for the five Type of Service bits (the blue bits in the image). Again, the names given are defined in the RFC and are subjective. You can however read the RFC to further understand the logic behind the names. Specifically, for details about the use of the term “monetary cost” take a look at the relevant section of RFC1349.

In the original definition, in RFC791, it was theoretically possible to have the ToS bits indicate a low delay and a high throughput because the value of each individual bit means something. That doesn’t make sense, and it is difficult to appropriately apply QoS to such a packet. The “good thinking” is in the fact that the new definition of RFC1349, you can’t have such conflicting options. You only have the single value defined by the whole section (blue bits) of the ToS byte.

In any case, both of these RFCs are old, and are not used often. Don’t worry about the names, just focus on the operation.

The idea here is that the 6th bit (bit 5 if you’re counting from zero) always has a value of 0. The network devices always take all six bits into account. However, for us humans, when labeling them using the AFXX labels, you don’t use the last bit to determine the XX. For example, for AF22, you can see that we have 010100. Break these six bits into the class and drop portions and you get:

  • class 010 = 2 in decimal
  • drop 100 = 4 in decimal

But 4 is wrong! In order to do it correctly, ignore the last bit:

  • drop 10 = 2 in decimal.

So the ignoring of the last bit only has to do with the given labels, and not how the devices themselves perceive the values.

You can’t compare them in this way. Each class is placed in a different queue. Within each queue, the drop probability value prioritizes them within the queue. CLass 1 queue takes priority over class 2, and so on. So how a particular AF43 and AF11 marking will be treated depends upon both the queuing mechanisms, and on the drop probability mechanisms within each queue.

You can take a look at the application of assured forwarding and DSCP values at the following lesson:

I think you’re confusing hexidecimal here. F in hex = 1111 in binary = 15 in decimal. But here, EF stands for Expedited Forwarding, and this is simply a name or a label that defines a particular DSCP value as stated in the lesson. That value is 101110. You can find out more about this in the following lesson:

I hope this has been helpful!


Can you please describe littlebit about HQF & MQC in real scenario??

Lets say i marked the HTTP traffic as EF but i did not configure any policy, will router treat that traffic as EF by default ??

how to identify the marking type like CS or AF or EF or DSCP or IP precedence just after looking at binary ??

In which case i can mark as IP precedence vale .DSCP,AF,CS.EF etc etc and how these are related in real network ??

1 Like

Hello Narad

MQC (Modular QoS CLI) is the CLI structure that allows you to enable QoS features in Cisco routers. It uses the following three steps to configure QoS:

  • Define a traffic class with the class-map command.
  • Create a traffic policy by associating the traffic class with one or more QoS features (using the policy-map command).
  • Attach the traffic policy to the interface with the service-policy command.

For more info, take a look at this lesson:

HQF (Hierarchical Queuing Framework) is an evolution of MQC, that adds the following functionality:

  • The ability to provide multiple levels of packet scheduling
  • The ability to support integrated class-based shaping and queuing
  • The ability to apply fair queuing and drop policies on a per-class basis

More info about this can be found here:

No. What you have achieved is marking. If you have no QoS mechanisms configured to act upon that marking, then no QoS mechanisms will be employed by default./

If you are using packet sniffing software like Wireshark, you can see all of these values in the fields of the IP header. They are interpreted for you so you don’t have to read the binary.

The following lessons show examples of how these are applied in a real network:

I hope this has been helpful!


1 Like

What is call signaling, I tried searching network lessons but didnt’ find anything.

Hello Abdulrahman

A typical voice communication using Voice over IP (VoIP) technology has two components: the signaling component, and the actual voice component.

The voice component carries voice packets from the source device to the destination. These packets actually contain the digitized and packetized voice of the people talking on the phone.

The signaling component deals with setting up the call, maintaining the voice session, and tearing it down once the call is complete. Signaling is also involved with transmitting things like dual tone multi frequency (DTMF) dialing, known as “touch-tone dialing” and also controls the various telephony features and tones, such as making a phone ring, playing back busy tone, and implementing typical telephony features call waiting, call transfer, call hold, and conferencing, to name a few.

The signaling session is separate and distinct from the voice packet session, although these two sessions are related, and operate together to successfully complete a telephone call.

When it comes to applying various QoS markings on such traffic, call signaling and voice sessions will often have different QoS requirements, so each type of communication may be managed differently from a QoS perspective.

I hope this has been helpful!



Since DSCP values are inside the packet with the other IP values, why do they get altered by many ISP and ISP routers? What is the big deal, why cant they just keep these values as it gets sent from one router to another? I just did a test using colasoft packet player, and with dscp values set to high priority, and sure enough by the time the packets get to my server on the internet, the DSCP values have been reset. whats the logic in doing that?

Hello Rod

It is always possible for an administrator to change the DSCP values of traffic that goes over their own network. It is only natural that you have power over such parameters when it comes to traffic traversing your networks. There are many reasons why an ISP would do this.

For example, the SLA of the ISP may state simply that they will route all customer traffic on a first come first serve best effort basis. This means that all traffic will be treated equally. Internally, the ISP may have configured QoS mechanisms for their own traffic (control traffic or otherwise) so they want to make sure that those mechanisms don’t act upon customer traffic, thus possibly causing disruption to their own prioritized traffic.

Now if you choose to, you can request some level of QoS on the ISP’s network for your traffic, but this may cost more, and it depends upon the policies of each ISP. But remember, once traffic leaves their network and enters the Internet at large, even if packets have DSCP values marked, QoS is virtually non-existent there, and everything is routed as best effort.

Even if your ISP keeps the DSCP values, once they route the traffic to a Tier-2 or a Tier-1 ISP, the DSCP values are typically reset, or simply ignored. For more info on the Tier structure of the Internet, take a look at this post:

I hope this has been helpful!


1 Like

ok thanks. Yeah I found a research paper where they looked at IP headers. they found around 24% of the time the IP headers went through undisturbed, the majority of the time they did not make it through the way originally set up. they also found it problem worse with ipv4 than with ipv6. ipv6 had better chance of not altering those ip values. also I think ipv4 NATs have alot to do with this and probably account for most of the disruption. it seems the carriers themselves rarely change these values? but cheap routers, ones that have lazy ipv4 nat that do not include all the ipv4 value from the original source ip, i think that happens alot. my guess.

Hello Rod

Yes, NAT would definitely be a major source of modification of the QoS markings in IP packets. Typically they wouldn’t be maintained across a NAT router. The statistics you state are interesting. Do you have a picture of the difference between IPv4 and IPv6 as far as the percentage of IP headers that go through? That would be interesting to know…


Hi, great lesson and thanks for all the help. I reached a section in the CCNP/CCIE official cert guide that seems to contradict what I’ve read here and in the CCNA guide pertaining to AF classes, its states:

"The AF class number does not represent precedence; for example, AF4 does not get any preferential treatment over AF1. Each class should be treated independently and placed into differnt queues "

Here its states:

"Class 4 has the highest priority. For example, any packet from class 4 will always get better treatment than a packet from class 3."

I’m guessing it means that AF class is user enforced (i.e. ultimatley controlled by user configuration) with the class 1 to 4 being used as a best practice guideline for configuration on what traffic should get better treatment. Any Guidance would be greatly appreciated.

Hello Nizar

When in doubt, go back to the original definition. Going to RFC 2597, we see the following:

  • Packets in one AF class MUST be forwarded independently from packets in another AF class, i.e., a DS node MUST NOT aggregate two or more AF classes together.
  • A DS node MUST allocate a configurable, minimum amount of forwarding resources (buffer space and bandwidth) to each implemented AF class.
  • An AF class MAY also be configurable to receive more forwarding resources than the minimum when excess resources are available either from other AF classes or from other PHB groups. This memo does not specify how the excess resources should be allocated, but implementations MUST specify what algorithms are actually supported and how they can be parameterized.

The third point is especially useful as it states that classes are not inherently assigned some specific priorities, but you can prioritize them with user-implemented configurations to have more resources for one class over another.

I will let Rene know about this so he can make any necessary changes to the content.

Thanks for pointing this out!

I hope this has been helpful!



That’s cleared it up. Thanks again for help and the quick response. :slight_smile:



Can anyone help answer the question below?

If they are just markings, why is the following statement valid? “IP precedence - The higher the value, the more important the IP packet is, in case of congestion the router would drop the low priority packets first.”

If we do not do anything aside from marking, how does the router know to drop the low priority packets first?

Thank you,
Daniel Lizhong

Hello Daniel

Take a look at this post:

I hope this has been helpful!


1 Like

Thanks, Laz, this is useful.

It resolves my question that when there is congestion over the WAN link, we simply set the desired traffic with IP precedence 6 or 7, and such kind of traffic subsequently becomes less prone to be dropped. In implementing this, I first argued with my team that aside from marking we needed to prioritise them (LLQ)… Now I understand that was why…

Thanks again!

1 Like

what should be understood in this course Mr. Rene because there, it confuses; and this is useful for the CCNP?