Skip Links

Network World

Dennis Hartmann

Switch QoS: Other Trust Boundary Options

By Dennis Hartmann on Fri, 05/29/09 - 3:03pm.

Here are the available switchport trust options that we will discuss in this blog:

Untrusted
Trust CoS
Trust DSCP
Trust IP Precedence
Passthru DSCP
Untrusted with Access Control List

The Untrusted model is the default. As discussed in the last blog, this model re-marks every incoming Ethernet frame to a CoS value of zero. The CoS-DSCP mapping table will overwrite the layer 3 DSCP mapping and every packet will now have a DSCP marking different than the original. Deep packet classification can take place at every hop, but it is best practice to classify and mark at the access layer switch. The other switches and routers in the network can either perform trust boundaries or perform a classification and marking policy based on the marking of the packet. A router can perform a lookup in the layer 3 header faster than looking into the transport layer of the packet (ACL). The network based application recognition (NBAR) features look up to 400 bytes into the packet inspecting the layer 7 header.

The Trust CoS option was discussed in the last blog as well. This option will mark the DSCP of the output packet based on the incoming CoS. There’s always a loss of granularity when using this model because there are only 8 possible CoS values, while there are up to 64 DSCP values in the layer 3 header. The 64 DSCP values and the practically used assured forwarding (AF) and expediting forwarding (EF) models were discussed in detail in the last QoS blog series.

The Trust DSCP model allows the switch to skip the CoS to DSCP mapping table entirely. The switch uses the incoming packet’s DSCP marking as the internal DSCP to perform layer 3 DSCP to CoS queue mapping. The output packet’s DSCP will be the same as the input packets DSCP. I’m a fan of using this trust model at distribution and core layer switches that are used to aggregate access layer switching wiring closets. I prefer to not use the trust DSCP model on any port with an end user. I prefer to do classification and marking (no trust) on devices that will perform these operations in hardware.

The Trust IP Precedence option is normally not used because most deployments are using DSCP markings at this point. The trust IP precedence options is very similar to the trust DSCP with the exception that the ip precedence field only has 8 possible values, while the DSCP markings have 64 values. All best practices recommend DSCP markings. This option exists for backward compatibility purposes.

The passthru DSCP model will use the incoming DSCP as the internal and outgoing DSCP. While this model appears to be the same as the trust DSCP model, there is one minor distinction. This model uses the incoming CoS value to map directly to a queue.

Remember that each switch performs QoS in hardware and there are many variations of hardware out there (ASICs). In the next blog we will discuss the benefits of doing classification and marking at the access layer.

REFERENCES

Implementing Cisco Quality of Service
http://www.globalknowledge.com/training/course.asp?pageid=9&courseid=757...

Advanced Cisco Quality of Service
http://www.globalknowledge.com/training/course.asp?pageid=9&courseid=936...

how about a real blog

0
By Anon (not verified) on Sun, 05/31/2009 - 8:59pm.

Rather than giving us a global knowledge class, why not give us a real blog in UC, talk about Cisco, Avaya, Nortel and other. Looks at Bard and Larry's blogs. They have things people read and reply to, yours is just dry and class room material.

You really need to think about writing a real blog and not class material. It is getting really old.

Cisco UC Blog

0
By Dennis Hartmann on Sun, 05/31/2009 - 8:02pm.

This blog covers Cisco Unified Communications deployments. If you're interested in Avaya and Nortel news, this is definitely not the blog for you. I will be writing some blogs in the future regarding Cisco and Microsoft UC (OCS / Microsoft Exchange) integration in the future if multi-vendor topics and interoperability interests you.

Spelling errors?

0
By Kevin (not verified) on Sun, 05/31/2009 - 9:01pm.

I think you meant Brad, but I agree with what you wrote.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

Post new comment

The content of this field is kept private and will not be shown publicly.
  • You can use BBCode tags in the text.
  • Lines and paragraphs break automatically.
  • Allowed HTML tags: <p> <strong> <i> <br /> <br> <ul> <ol> <li> <dl> <dt> <dd> <blockquote>

More information about formatting options

CAPTCHA
This question is for testing whether you are a human visitor and to prevent automated spam submissions.
Welcome, visitor. Register Log in
About Cisco Unified Communications

Dennis Hartmann, CCIE No. 15651, is a consultant with www.highpoint.com and author of Implementing Cisco Unified Communications Manager, Part 1. Dennis is also a lead instructor at Global Knowledge. Dennis has various certifications, including the Cisco CCVP, CCSI, CCNP, CCIP, and the Microsoft MCSE.  Dennis has various specializations including unified communications, data center, routing & switching, service provider (MPLS and optical).  Dennis has worked for various Fortune 500 companies, including AT&T, Sprint, Merrill Lynch, KPMG, and Cabletron Systems. He lives with his wife and children in Hopewell Junction, New York.

Global Knowledge