QoS Marking on Cisco IOS Router

This topic is to discuss the following lesson:

1 Like

Hi Rene,

Why only switches and wireless devices are used to configure for re-marking traffic?
We do it for qos traffic confidentiality ?
The PHB logic is setting QoS marking for every devices right ? According to that do we need to re- match the traffics along the way , I am not clear about that…

Thnx , Thnx & Thnx again
Deniz

Hi Deniz,

Marking is typically done on the “border” of our network. This could be an IP phone or the switch or router that first receives these packets.

Once the packets are marked, there’s no need to do this again. You can trust the markings and apply an action to it (queuing, policing, shaping, etc.). The only reason to re-mark packets is if you don’t trust your traffic.

Rene

1 Like

Thnx Rene,

You are best !
Deniz

thankyou v much rene !

Hi, Rene.

Reading this tutorial I had a doubt: what is the difference of I configure the command set precedence and set ip precedence or even if it was set dscp or set ip dscp into the policy-map? What changes in time of the router should mark the packet?

Thank you in advance

Hello Stafanio

According to Cisco, the set ip dscp command was replaced with the set dscp command:

set dscp - 12.2(13)T - This command was introduced. It replaced the set ip dscp command.

Similarly, the set ip precedence command was replaced with the set precedence command:

set precedence - 12.2(13)T This command was introduced. This command replaces the set ip precedence command.

More information about these commands from Cisco can be found here.

I hope this has been helpful!

Laz

2 Likes

Would it be possible for you to provide marking examples using ECN and CoS?

Hi Chris,

I’ll add ECN (RED/WRED) for sure.

What would you like to know about CoS? It’s similar to DSCP/ IP Precedence but it’s marking on L2 when you use 802.1Q:

Rene

1 Like

Is it possible for you to cover Layer 2 QoS in more detail?

Just going off the blueprint you are expected to know queueing, scheduling, classifcation and marking techniques

Hello Chris.

All of Rene’s lessons concerning Layer 2 QoS can be found under Unit 2 of the Quality of Service course coverage found at the following link:


Unit 2 is titled “LAN QoS” and includes all the L2 QoS found on NetworkLessons.

If you would like something more specific or more detailed than this, feel free to make a suggestion on the Lesson Ideas page found below.


I hope this has been helpful!

Laz

You need static routes for this lab to work or some kind of routing

r1 192.168.23.0 255.255.255.0 192.168.12.2
r3 192.168.12.0 255.255.255.0 192.168.23.2

Hello Evan

Yes, you are correct, those static routes should be indicated in the configurations at the end. I will let Rene know.

Thanks for catching that!

Laz

Hi All,

I am trying to add DSCP marking for softphones on a cisco 3850. But I am not sure what I am missing and I hoping you can help me. Down below is my config.

config) ip access-list extended VOIP
config-ext-nacl) permit udp any any range 16384 32767
exit

config) ip access-list extended SIP
config-ext-nacl) permit udp any any range 5060 5061
config-ext-nacl) permit tcp any any range 5060 5061
exit



config) class-map match-any VOIP-TRAFFIC
config-cmap) match access-group name VOIP

config-cmap) class-map match-any SIGNALLING
config-cmap) match access-group name SIP
exit


config) policy-map LTU-INGRESS-POLICY
config-pmap) class VOIP-TRAFFIC
config-pmap-c) set dscp ef
config-pmap-c) class SIGNALLING
config-pmap-c) set dscp CS3
exit


int gig1/0/37
service-policy input LTU-INGRESS-POLICY

and this is what I see on the interface:

SW-LAB#show policy-map int gig1/0/37
 GigabitEthernet1/0/37

  Service-policy input: LTU-INGRESS-POLICY

Class-map: VOIP-TRAFFIC (match-any)
  12431 packets
  Match: access-group name VOIP
    0 packets, 0 bytes
    5 minute rate 0 bps
  QoS Set
    dscp ef

Class-map: SIGNALING (match-any)
  545 packets
  Match: access-group name SIP
    0 packets, 0 bytes
    5 minute rate 0 bps
  QoS Set
    dscp cs3

Class-map: class-default (match-any)
  6399 packets
  Match: any

Hello Steve

Looking over your configuration, everything looks to be configured correctly. I don’t see any issues that could be causing the packets not to be matched.

To confirm that SIP and voice packets are indeed passing through that interface and that the access list is correctly configured to match them, I suggest you modify your access lists to log packets like so:

Router(config)#ip access-list extended VOIP
Router(config-ext-nacl)#permit udp any any range 16384 32767 log
Router(config-ext-nacl)#exit
Router(config)#ip access-list extended SIP
Router(config-ext-nacl)#permit udp any any range 5060 5061 log
Router(config-ext-nacl)#permit tcp any any range 5060 5061 log
Router(config-ext-nacl)#exit
Router(config)#

And then apply both access lists to the interface in an inward direction. For example:

Router(config)#int gig1/0/37
Router(config-if)#ip access-group VOIP in
Router(config-if)#ip access-group SIP in

Make some calls on your softphone, and check to see that you are indeed matching packets. The show access-list VOIP and the show access-list SIP commands should show the number of matched packets. If you’re getting matches, then you can go on to troubleshoot the class-map. If you’re not getting matches, then there may be an issue with what traffic is actually passing through that interface.

Hopefully, this will give you a first step in your troubleshooting procedure just to see where the problem may be.

I hope this has been helpful!

Laz

Hi,
Could you pleas help me with a query?
Let’s say hypothetically if I receive certain types of traffic from a company that has certain QoS marking (EF) for example and they are destined to the internet. How do I ensure that this traffic will get the same marking when I receive them back from the internet? Any idea? Is this even possible?
Thanks
Tarek

Hello Tarek

The Internet is a “best-effort” network. There are no provisions for implementing quality of service on the Internet itself, so any packets you sent out to the Internet, even if you mark them with EF, for example, will have those markings removed before being forwarded downstream.

However, when you receive packets from the Internet (or from anywhere) you are able to mark them however you like before sending them internally on your network. You can mark them based on whatever parameters you want.

Now having said that, some ISPs on their own internal networks may choose to apply QoS markings and keep them active as long as the packets remain within their networks. In such a case, two customers connected to the same ISP may be able to maintain those markings, if they request this from the ISP.

Could you tell us a little more about what you would like to achieve in your particular case? If you give us some more details, we may be able to suggest a solution that is more suitable to your specific situation. Let us know!

I hope this has been helpful!

Laz

1 Like

I have a question? R2 configured to classify and mark the pckts received from R1 to R3 via telnet. Then R3 configured in order to see if there are duplicated marked packet and as the pictures shows there are 2 pckts as http traffic received from R1. Where should be supposed to be these pckts, still in ingeueu of R3 ?
Cause since R3 receives the pckts these are going up to layer 7 OR just router log this traffic and simple wth the configuration i am able to see it?

Hello Konstantinos

I’m not sure I understand your question. Can you clarify?

The destination of the packets was R3, and they were either Telnet or HTTP packets. Because R3 acts as a Telnet server when we connect to it, and it has also been enabled as an HTTP server as well, this communication does indeed go to the Application layer for both of these communications. However, the policy map that is applied uses the values in the IP header to determine what DSCP markings have been configured on the packets that have been received.

I hope this has been helpful!

Laz

Hello, everyone!

There’s one thing that I am not understanding. I believe that Rene mentioned that in CBWFQ, there is a scheduler which decides which queue should be served and how many packets within it should be sent out.

However, how exactly do we configure CBFWQ? We’ve configured classification, sure, we’ve configured marking and we could even reserve some bandwidth, but how would the device know that traffic classified under, let’s say CLASS-A should be considered more important than the rest and have more packets sent out of it during CBWFQ?

Thank you.
David