Traffic Mirroring Configuration Guide for Cisco 8000 Series Routers, Cisco IOS XR Release

PDF

Traffic mirroring with DSCP

Updated: February 5, 2026

Overview

This section explains how traffic mirroring uses Differentiated Service Code Point (DSCP) values to classify and prioritize network traffic. By assigning different priority levels to packets, you can enhance the Quality of Service (QoS) for mirrored data.

Traffic mirroring with DSCP is a traffic mirroring feature that:

  • uses the DSCP value in the Differentiated Services (DS) field of an IP packet to classify network traffic

  • sets the DSCP value in the six most significant bits of the DS field in the IP header, allowing for 64 different values ranging from 0 to 63

  • these six bits affect the Per Hop Behavior (PHB) and determine how a packet is moved forward, and

  • places packets into limited traffic classes for prioritization by routers.

Table 1. DSCP, DS, and ToS values
DSCPValue in Decimal DS Binary DSHex DSCPName DS/ToSValue ServiceClass
0 000000 0x00 DF/CS0 0 Standard
- - - none 2
1 000001 0x01 None 4
1 000001 0x01 LE 4 Lower-effort
2 000010 0x02 None 8
4 000100 0x04 None 16
8 001 000 0x08 CS1 32 Low-priority data
10 001 010 0x0a AF11 40 High-throughput data
12 001 100 0x0c AF12 48 High-throughput data
14 001 110 0x0e AF13 56 High-throughput data
16 010 000 0x10 CS2 64 OAM
18 010 010 0x12 AF21 72 Low-latency data
20 010 100 0x14 AF22 80 Low-latency data
22 010 010 0x16 AF23 88 Low-latency data
24 011 000 0x18 CS3 96 Broadcast video
26 011 000 0x1a AF31 104 Multimedia streaming
28 011 100 0x1c AF32 112 Multimedia streaming
30 011 110 0x1e AF33 120 Multimedia streaming
32 100 000 0x20 CS4 128 Real-time interactive
34 100 010 0x22 AF41 136 Multimedia conferencing
36 100 100 0x24 AF42 144 Multimedia conferencing

38

100 110

0x26 AF43 152 Multimedia conferencing
40 101 000 0x28 CS5 160 Signaling(IP telephony, etc)
44 101 100 0x2c Voice-admit 176
46 101 110 0x2e EF 184 Telephony
48 110 000 0x30 CS6 192 Network routing control
56 111 000 0x38 CS7 224 “reserved”
Note

The DS field was formerly known as Type of Service (ToS).

The table summarizes the service class names as defined in RFC 2474.

Benefits of traffic mirroring with DSCP

Benefits of using Traffic mirroring with DSCP are:

  • It classifies and manages network traffic.

  • It assigns different priority levels to packets.

  • It enhances the Quality of Service (QoS) for mirrored packets.


DSCP marking on egress GRE tunnel in ERSPAN

Differentiated Service Code Point (DSCP) marking on egress GRE tunnel in ERSPAN is a mechanism that:

  • classifies and manages network traffic by assigning different priority levels to packets, and

  • defines the Quality of Service (QoS) for the mirrored packets by configuring the DSCP marking on an egress GRE tunnel for ERSPAN traffic.

Starting with Cisco IOS XR Software Release 7.5.4, you can set or modify the DSCP marking on ERSPAN GRE tunnels. This allows captured traffic routing using GRE encapsulation.

Table 1. Feature History Table

Feature Name

Release Information

Feature Description

DSCP marking on egress GRE tunnel in ERSPAN

Release 25.1.1

Introduced in this release on: Fixed Systems ( 8700 [ASIC: K100], 8010 [ASIC: A100])

This feature is now supported on:

  • 8712-MOD-M

  • 8011-4G24Y4H-I

DSCP marking on egress GRE tunnel in ERSPAN Release 24.4.1

Introduced in this release on: Fixed Systems(8200, 8700)(select variants only*); Modular Systems (8800 [LC ASIC: P100])(select variants only*).

This feature which allows you to control the QoS for your network's ERSPAN GRE tunnel traffic and eases the effort to control your customers' bandwidth across next-hop routers is supported on the following hardware.

*This feature is now supported on:

  • 8212-48FH-M

  • 8711-32FH-M

  • 8712-MOD-M

  • 88-LC1-12TH24FH-E

  • 88-LC1-52Y8H-EM

  • 88-LC1-36EH

DSCP marking on egress GRE tunnel in ERSPAN

Release 7.5.4

You can now set or modify Differentiated Service Code Point (DSCP) value on the ERSPAN GRE tunnel header. This feature allows you to control the QoS for your network's ERSPAN GRE tunnel traffic and eases the effort to control your customers' bandwidth across next-hop routers.


Configure DSCP marking on egress GRE tunnel in ERSPAN

Follow this procedure to configure DSCP marking on egress GRE tunnel in ERSPAN. You can configure DSCP value on both IPv4 and IPv6 headers.

Procedure

1.

Enter the terminal configuration mode.

Example:

Router#configure terminal
2.

Specify the tunnel interface and configure the DSCP value.

Example:

Router(config)#interface tunnel-ip1
Router(config-if)#tunnel tos 96
Router(config-if)#tunnel mode gre ipv4
Router(config-if)#tunnel source 192.0.2.1
Router(config-if)#tunnel destination 192.0.2.254
Router(config-if)#commit
The router configures the DSCP or ToS value as 96 on the tunnel-ip1 interface.
3.

Verify the configuration.

Example:

Router#show run interface tunnel-ip1
interface tunnel-ip1
ipv4 address 192.0.2.0/24
tunnel tos 96
tunnel mode gre ipv4
tunnel source 192.0.2.1
tunnel vrf red
tunnel destination 192.0.2.254
Router#show monitor-session ERSPAN-2 status internal
Information from SPAN Manager and MA on all nodes:
Monitor-session ERSPAN-2 (ID 0x00000003) (Ethernet)
SPAN Mgr: Destination interface tunnel-ip1 (0x20008024)
Last error: Success
Tunnel data:
Mode: GREoIPv4
Source IP: 192.0.2.1
Dest IP: 192.0.2.254
VRF: red
VRF TBL ID: 0
ToS: 96
TTL: 255
DFbit: Not set
This setup confirms the DSCP marking and ensures the correct configuration and operation of traffic mirroring with DSCP.

DSCP bitmask to filter ingress ERSPAN traffic

DSCP bitmask to filter ingress ERSPAN traffic is a mechanism that:

  • filters ingress ERSPAN traffic with a specific DSCP value

  • matches the bitmask in the Access Control List (ACL) rule with the DSCP field in the IP packet header, and

  • determines if the packet aligns with the desired bitmask, classifying and prioritizing traffic as it enters the network.

Table 1. Feature History Table

Feature Name

Release Information

Feature Description

DSCP bitmask to filter ingress ERSPAN traffic

Release 25.1.1

Introduced in this release on: Fixed Systems ( 8700 [ASIC: K100], 8010 [ASIC: A100])

This feature is now supported on:

  • 8712-MOD-M

  • 8011-4G24Y4H-I

DSCP bitmask to filter ingress ERSPAN traffic Release 24.4.1

Introduced in this release on: Fixed Systems(8200, 8700)(select variants only*); Modular Systems (8800 [LC ASIC: P100])(select variants only*).

This feature now allows to mirror multiple traffic flows for matched DSCP value of IP header on the ERSPAN on the following hardware.

*This feature is now supported on:

  • 8212-48FH-M

  • 8711-32FH-M

  • 8712-MOD-M

  • 88-LC1-12TH24FH-E

  • 88-LC1-52Y8H-EM

  • 88-LC1-36EH

DSCP bitmask to filter ingress ERSPAN traffic

Release 7.5.4

You can now mirror multiple traffic flows for matched Differentiated Service Code Point (DSCP) value of IP header on the Encapsulated remote SPAN (ERSPAN). The matched DSCP value is based on the DSCP value and the bitmask configured in Access Control List (ACL) rule.

Earlier, you could monitor single traffic flow by setting the RFC 4594 defined DSCP values in the GRE tunnel header.

This feature introduces the following changes:

Benefits of using DSCP bitmask to filter ingress ERSPAN traffic (Reference)

Using a DSCP bitmask to filter ingress ERSPAN traffic offers these advantages:

  • It allows for specific traffic flow mirroring.

  • It enhances traffic classification and prioritization.

  • It reduces unnecessary traffic mirroring on incoming ports.


Configuration guidelines for DSCP bitmask to filter ingress ERSPAN traffic

Use these guidelines to configure the DSCP bitmask to filter ingress ERSPAN traffic:

  • Starting , you can configure an ACL rule with DSCP bitmask on the ERSPAN GRE tunnels to mirror specific traffic flows.

  • When you configure an ACL with DSCP and DSCP mask on ERSPAN, ERSPAN mirrors the traffic whose DSCP value lies within the combination of DSCP value and the specified mask.

  • Without ACL rule, ERSPAN mirrors all the traffic on the incoming port.

  • Verify that the DSCP value lies within the specified mask range.

  • The router maps the DSCP value to a single traffic class according to the values defined in RFC2474.

  • Masking the DSCP value in ACL rule allows mirroring multiple traffic flows.

  • DSCP value and mask operate similarly to IPv4 address and mask.


Configure DSCP bitmask to filter ingress ERSPAN traffic

To configure DSCP bitmask, use the bitmask option along with the dscp option while configuring the ACL.

Use these steps to configure DSCP bitmask on ingress ERSPAN for IPv4 traffic.

Procedure

1.

Configure an ACL.

Example:

Router# config
Router(config)# ipv4 access-list acl1
Router(config-ipv4-acl)# 10 permit ipv4 host 192.0.2.1 any dscp af22 bitmask 0x3f
Router(config-ipv4-acl)# commit
Router(config-ipv4-acl)# exit
2.

Attach the created ACL to an interface.

Example:

Router(config)# interface HundredGigE0/0/0/6
Router(config-if)# ipv4 address 192.0.2.51 255.255.255.0
3.

Monitor the ingress ACL applied and DSCP-masked IPv4 traffic on ERSPAN.

Example:

Router(config-if)# monitor-session TEST ethernet direction rx-only port-level acl ipv4 acl1
Router(config-if)# commit