Overview of Quality of Service and ACL
Typically, networks operate on a best-effort delivery basis. By enabling the Quality of Service feature, you can provide preferential treatment to certain types of traffic using the congestion-management and congestion-avoidance techniques. Quality of Service (QoS) allows you to classify your network traffic, police and prioritize traffic flow, and provide congestion avoidance. You can configure QoS on physical ports and on switch virtual interfaces (SVIs).
To implement QoS, the device must perform the following tasks:
-
Classify the traffic: Distinguish packets or flows from one another.
-
Assign a label: Indicate the given QoS as the packets move through the device.
-
Police and mark the traffic: Make the packets comply with the configured resource usage limits.
-
Queue and schedule traffic: Provide a different treatment in all those situations where resource contentions exist.
-
Shape traffic: Ensure that traffic sent from the device meets a specific traffic profile.
With QoS enabled, an Ethernet switching device uses Ethernet QoS technology to provide different levels of QoS guarantees to support traffic flows that have higher delay and jitter requirements.
Access control list (ACL) contains an ordered list of access control entries (ACEs). Each ACE specifies permit or deny and a set of conditions that a packet must meet in order to match the ACEs. When an interface receives a packet, the device tests the packet against the conditions in the ACL. The first match decides whether the device accepts or rejects the packet. The device stops testing after the first match.
Combining QoS and ACL associates traffic rules with traffic operations that use ACL. You can perform QoS functions, such as, packet filtering, commit access rate, traffic mirroring, traffic redirection, and so on, by referencing an ACL.
Traffic Classification Based on QoS and ACL
Classification is the process of distinguishing one type of traffic from another by examining the fields in a packet.
You can use Standard, Extended, or Layer 2 ACL to define a group of packets with the same characteristics (class). After a traffic class is defined with an ACL, you can attach a policy to it. A policy contains multiple classes with actions that are specified for each one of them. A policy can also include commands to classify the class as a particular aggregate (for example, assign a DSCP) or rate-limit the class. This policy is then attached to the port on which it becomes effective.
Prioritization in Layer 2 Frames
Each host that supports IEEE 802.1Q protocol adds a 4-byte 802.1Q tag header to the source address when sending packets. A 3-bit priority field is a part of this 4-byte header. These three bits indicate the priority of the frame; this determines which packet is sent first when the device is blocked. There are eight priorities that range from 0 to 7.
Class of Service (Decimal) |
Class of Service (Binary) |
Meaning |
---|---|---|
0 |
000 |
Spare |
1 |
001 |
Background |
2 |
010 |
Best effort |
3 |
011 |
Excellent effort |
4 |
100 |
Controlled load |
5 |
101 |
Video |
6 |
110 |
Voice |
7 |
111 |
Network management |
Prioritization in Layer 3 Packets
Layer 3 IP packets carry the classification information in the type of service (ToS) field that has eight bits. The ToS field carries either an IP precedence value or a Differentiated Services Code Point (DSCP) value. IP precedence values range from 0 to 7. DSCP values range from 0 to 63. Based on DSCP or IP precedence, traffic is put into particular service class. Packets within a service class are treated the same way.
If an IP precedence value is used, a 1-byte ToS field consists of three bits of IP precedence and four bits of ToS, and one unused bit. Four bits of ToS field represent minimum latency, maximum throughput, maximum reliability, and, minimal cost. If all the four bits are zero, the service is a general service.
IP Precedence(Decimal) |
IP Precedence(Binary) |
Meaning |
---|---|---|
0 |
000 |
Routine |
1 |
001 |
Priority |
2 |
010 |
Immediate |
3 |
011 |
Flash |
4 |
100 |
Flash override |
5 |
101 |
Critical |
6 |
110 |
Internet |
7 |
111 |
Network |
Differentiated Services, which is defined in RFC 2474, increases the number of definable priority levels. The Differenciated Services field in a packet makes per-hop behavior decisions about packet classification and traffic conditioning functions, such as metering, marking, shaping, and policing.
In a Differenciated Services field, the first six bits (0 to 5) of a ToS field represent DSCP. The Differentiated Services network defines the following four types of traffic:
-
Expedited Forwarding (EF) class, which is applicable to low-delay, low-loss, low-jitter, and bandwidth-priority services (such as virtual leased lines), regardless of whether other traffic share its link.
-
Assured Forwarding (AF) class, which is divided into four subcategories (AF1, AF2, AF3, AF4). Each AF class is divided into three drop precedence, which is used to classify the AF business. An AF class has a lower QoS level than an EF class.
-
Class Selector (CS) evolves from the IP ToS field, which has a total of eight categories.
-
Best Effort (BE) is a special category of CS, and there is no guarantee. An AF class is downgraded to BE class after overrun. The existing IP network traffic is also defaulted to this category.
DSCP(Decimal) |
DSCP(Decimal) |
Meaning |
---|---|---|
0 |
000000 |
BE |
46 |
101110 |
EF |
10 |
001010 |
AF1 |
18 |
010010 |
AF2 |
26 |
011010 |
AF3 |
34 |
100010 |
AF4 |
8 |
001000 |
CS1 |
16 |
010000 |
CS2 |
24 |
011000 |
CS3 |
32 |
100000 |
CS4 |
40 |
101000 |
CS5 |
48 |
110000 |
CS6 |
56 |
111000 |
CS7 |