Traffic Mirroring Configuration Guide for Cisco 8000 Series Routers, Cisco IOS XR Release

Traffic mirroring with DSCP

Updated: February 5, 2026

On this page

Overview

Benefits of traffic mirroring with DSCP

DSCP marking on egress GRE tunnel in ERSPAN

Configure DSCP marking on egress GRE tunnel in ERSPAN

DSCP bitmask to filter ingress ERSPAN traffic

Benefits of using DSCP bitmask to filter ingress ERSPAN traffic (Reference)

Configuration guidelines for DSCP bitmask to filter ingress ERSPAN traffic

Configure DSCP bitmask to filter ingress ERSPAN traffic

Overview

This section explains how traffic mirroring uses Differentiated Service Code Point (DSCP) values to classify and prioritize network traffic. By assigning different priority levels to packets, you can enhance the Quality of Service (QoS) for mirrored data.

Traffic mirroring with DSCP is a traffic mirroring feature that:

uses the DSCP value in the Differentiated Services (DS) field of an IP packet to classify network traffic
sets the DSCP value in the six most significant bits of the DS field in the IP header, allowing for 64 different values ranging from 0 to 63
these six bits affect the Per Hop Behavior (PHB) and determine how a packet is moved forward, and
places packets into limited traffic classes for prioritization by routers.

Table 1. DSCP, DS, and ToS values
DSCPValue in Decimal	DS Binary	DSHex	DSCPName	DS/ToSValue	ServiceClass
0	000000	0x00	DF/CS0	0	Standard
-	-	-	none	2
1	000001	0x01	None	4
1	000001	0x01	LE	4	Lower-effort
2	000010	0x02	None	8
4	000100	0x04	None	16
8	001 000	0x08	CS1	32	Low-priority data
10	001 010	0x0a	AF11	40	High-throughput data
12	001 100	0x0c	AF12	48	High-throughput data
14	001 110	0x0e	AF13	56	High-throughput data
16	010 000	0x10	CS2	64	OAM
18	010 010	0x12	AF21	72	Low-latency data
20	010 100	0x14	AF22	80	Low-latency data
22	010 010	0x16	AF23	88	Low-latency data
24	011 000	0x18	CS3	96	Broadcast video
26	011 000	0x1a	AF31	104	Multimedia streaming
28	011 100	0x1c	AF32	112	Multimedia streaming
30	011 110	0x1e	AF33	120	Multimedia streaming
32	100 000	0x20	CS4	128	Real-time interactive
34	100 010	0x22	AF41	136	Multimedia conferencing
36	100 100	0x24	AF42	144	Multimedia conferencing
38	100 110	0x26	AF43	152	Multimedia conferencing
40	101 000	0x28	CS5	160	Signaling(IP telephony, etc)
44	101 100	0x2c	Voice-admit	176
46	101 110	0x2e	EF	184	Telephony
48	110 000	0x30	CS6	192	Network routing control
56	111 000	0x38	CS7	224	“reserved”

Note

The DS field was formerly known as Type of Service (ToS).

The table summarizes the service class names as defined in RFC 2474.

Benefits of traffic mirroring with DSCP

Benefits of using Traffic mirroring with DSCP are:

It classifies and manages network traffic.
It assigns different priority levels to packets.
It enhances the Quality of Service (QoS) for mirrored packets.

DSCP marking on egress GRE tunnel in ERSPAN

Differentiated Service Code Point (DSCP) marking on egress GRE tunnel in ERSPAN is a mechanism that:

classifies and manages network traffic by assigning different priority levels to packets, and
defines the Quality of Service (QoS) for the mirrored packets by configuring the DSCP marking on an egress GRE tunnel for ERSPAN traffic.

Starting with Cisco IOS XR Software Release 7.5.4, you can set or modify the DSCP marking on ERSPAN GRE tunnels. This allows captured traffic routing using GRE encapsulation.

Table 1. Feature History Table
Feature Name	Release Information	Feature Description
DSCP marking on egress GRE tunnel in ERSPAN	Release 25.1.1	Introduced in this release on: Fixed Systems ( 8700 [ASIC: K100], 8010 [ASIC: A100]) This feature is now supported on: 8712-MOD-M 8011-4G24Y4H-I
DSCP marking on egress GRE tunnel in ERSPAN	Release 24.4.1	Introduced in this release on: Fixed Systems(8200, 8700)(select variants only); Modular Systems (8800 [LC ASIC: P100])(select variants only). This feature which allows you to control the QoS for your network's ERSPAN GRE tunnel traffic and eases the effort to control your customers' bandwidth across next-hop routers is supported on the following hardware. *This feature is now supported on: 8212-48FH-M 8711-32FH-M 8712-MOD-M 88-LC1-12TH24FH-E 88-LC1-52Y8H-EM 88-LC1-36EH
DSCP marking on egress GRE tunnel in ERSPAN	Release 7.5.4	You can now set or modify Differentiated Service Code Point (DSCP) value on the ERSPAN GRE tunnel header. This feature allows you to control the QoS for your network's ERSPAN GRE tunnel traffic and eases the effort to control your customers' bandwidth across next-hop routers.

Configure DSCP marking on egress GRE tunnel in ERSPAN

Follow this procedure to configure DSCP marking on egress GRE tunnel in ERSPAN. You can configure DSCP value on both IPv4 and IPv6 headers.

Procedure

Enter the terminal configuration mode.

Example:

Router#configure terminal

Specify the tunnel interface and configure the DSCP value.

Example:

Router(config)#interface tunnel-ip1
Router(config-if)#tunnel tos 96
Router(config-if)#tunnel mode gre ipv4
Router(config-if)#tunnel source 192.0.2.1
Router(config-if)#tunnel destination 192.0.2.254
Router(config-if)#commit

The router configures the DSCP or ToS value as 96 on the tunnel-ip1 interface.

Verify the configuration.

Example:

Router#show run interface tunnel-ip1
interface tunnel-ip1
ipv4 address 192.0.2.0/24
tunnel tos 96
tunnel mode gre ipv4
tunnel source 192.0.2.1
tunnel vrf red
tunnel destination 192.0.2.254
Router#show monitor-session ERSPAN-2 status internal
Information from SPAN Manager and MA on all nodes:
Monitor-session ERSPAN-2 (ID 0x00000003) (Ethernet)
SPAN Mgr: Destination interface tunnel-ip1 (0x20008024)
Last error: Success
Tunnel data:
Mode: GREoIPv4
Source IP: 192.0.2.1
Dest IP: 192.0.2.254
VRF: red
VRF TBL ID: 0
ToS: 96
TTL: 255
DFbit: Not set

This setup confirms the DSCP marking and ensures the correct configuration and operation of traffic mirroring with DSCP.

DSCP bitmask to filter ingress ERSPAN traffic

DSCP bitmask to filter ingress ERSPAN traffic is a mechanism that:

filters ingress ERSPAN traffic with a specific DSCP value
matches the bitmask in the Access Control List (ACL) rule with the DSCP field in the IP packet header, and
determines if the packet aligns with the desired bitmask, classifying and prioritizing traffic as it enters the network.

Table 1. Feature History Table
Feature Name	Release Information	Feature Description
DSCP bitmask to filter ingress ERSPAN traffic	Release 25.1.1	Introduced in this release on: Fixed Systems ( 8700 [ASIC: K100], 8010 [ASIC: A100]) This feature is now supported on: 8712-MOD-M 8011-4G24Y4H-I
DSCP bitmask to filter ingress ERSPAN traffic	Release 24.4.1	Introduced in this release on: Fixed Systems(8200, 8700)(select variants only); Modular Systems (8800 [LC ASIC: P100])(select variants only). This feature now allows to mirror multiple traffic flows for matched DSCP value of IP header on the ERSPAN on the following hardware. *This feature is now supported on: 8212-48FH-M 8711-32FH-M 8712-MOD-M 88-LC1-12TH24FH-E 88-LC1-52Y8H-EM 88-LC1-36EH
DSCP bitmask to filter ingress ERSPAN traffic	Release 7.5.4	You can now mirror multiple traffic flows for matched Differentiated Service Code Point (DSCP) value of IP header on the Encapsulated remote SPAN (ERSPAN). The matched DSCP value is based on the DSCP value and the bitmask configured in Access Control List (ACL) rule. Earlier, you could monitor single traffic flow by setting the RFC 4594 defined DSCP values in the GRE tunnel header. This feature introduces the following changes: CLI: deny (IPv4), deny (IPv6), permit (IPv4), and permit (IPv6) are modified to include new keyword bitmask . YANG DATA Model: New XPaths for Cisco-IOS-XR-um-ipv4-access-list-cfg and Cisco-IOS-XR-um-ipv6-access-list-cfg (see Github, YANG Data Models Navigator).

Benefits of using DSCP bitmask to filter ingress ERSPAN traffic (Reference)

Using a DSCP bitmask to filter ingress ERSPAN traffic offers these advantages:

It allows for specific traffic flow mirroring.
It enhances traffic classification and prioritization.
It reduces unnecessary traffic mirroring on incoming ports.

Configuration guidelines for DSCP bitmask to filter ingress ERSPAN traffic

Use these guidelines to configure the DSCP bitmask to filter ingress ERSPAN traffic:

Starting , you can configure an ACL rule with DSCP bitmask on the ERSPAN GRE tunnels to mirror specific traffic flows.
When you configure an ACL with DSCP and DSCP mask on ERSPAN, ERSPAN mirrors the traffic whose DSCP value lies within the combination of DSCP value and the specified mask.
Without ACL rule, ERSPAN mirrors all the traffic on the incoming port.
Verify that the DSCP value lies within the specified mask range.
The router maps the DSCP value to a single traffic class according to the values defined in RFC2474.
Masking the DSCP value in ACL rule allows mirroring multiple traffic flows.
DSCP value and mask operate similarly to IPv4 address and mask.

Configure DSCP bitmask to filter ingress ERSPAN traffic

To configure DSCP bitmask, use the bitmask option along with the dscp option while configuring the ACL.

Use these steps to configure DSCP bitmask on ingress ERSPAN for IPv4 traffic.

Procedure

Configure an ACL.

Example:

Router# config
Router(config)# ipv4 access-list acl1
Router(config-ipv4-acl)# 10 permit ipv4 host 192.0.2.1 any dscp af22 bitmask 0x3f
Router(config-ipv4-acl)# commit
Router(config-ipv4-acl)# exit

Attach the created ACL to an interface.

Example:

Router(config)# interface HundredGigE0/0/0/6
Router(config-if)# ipv4 address 192.0.2.51 255.255.255.0

Monitor the ingress ACL applied and DSCP-masked IPv4 traffic on ERSPAN.

Example:

Router(config-if)# monitor-session TEST ethernet direction rx-only port-level acl ipv4 acl1
Router(config-if)# commit

Need help?

Open a support case

(Requires a Cisco Service Contract)

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.