Skip Links

Network World

Dennis Hartmann

Switch QoS: Classification and Marking

By Dennis Hartmann on Tue, 06/02/09 - 8:05pm.
Newsletter Signup

Classification and marking at the access layer switch port allows a more granular policy than configuring trust boundaries of any kind at the switch port. A classification and marking policy provisioned at the access layer port of a switch assumes any existing markings are not trusted. Cisco routers can use NBAR to identify traffic in the application (layer 7) header, but NBAR requires stateful packet inspection which can be processor intensive. If an application can be identified by port number, classification and marking at the access layer switch will lower the resource requirements of the customer edge (CE) router. The CE router could then classify traffic into application classes based on the existing marking rather than looking further into the packet and incurring more processor overhead.

QoS trust boundaries provide a great mechanism to trust the signaling and media marking coming from a Cisco IP phone, but they do not identify important application data traffic. Classification and marking at the access layer provides a mechanism to identify traffic belonging to the following Cisco recommended application classes:

Voice Media
Interactive Video
Telepresence
Streaming Video
Call Signaling
IP Routing
Network Management
Mission-Critical Data
Transactional Data
Bulk Data
Best Effort
Scavenger

Classification and marking on Cisco switches leverages a function of the ternary content addressable memory (TCAM) hardware. Some Cisco switches have limited TCAM resources that will make it difficult (or impossible) to allow a granular classification and marking policy at the access layer. The 2950 EI switch has a limitation which will not allow an access control list to identify traffic by port range. The lack of a port range identification mechanism in this switch makes it impossible to identify voice media (RTP) which uses even numbered UDP ports in the range of 16,384 through 32,767. If a limitation similar to this is discovered, a conditional trust boundary at the access layer switch can be configured to trust the markings coming from the Cisco IP phone.

In the next blog, we will look at an access layer switch classification and marking example policy that incorporates the creation of a scavenger class.

REFERENCES

Implementing Cisco Quality of Service
http://www.globalknowledge.com/training/course.asp?pageid=9&courseid=757...

Advanced Cisco Quality of Service
http://www.globalknowledge.com/training/course.asp?pageid=9&courseid=936...

Enterprise QoS Solution Reference Network Design Guide
http://www.cisco.com/en/US/docs/solutions/Enterprise/WAN_and_MAN/QoS_SRN...

Network Based Application Recognition
www.cisco.com/go/nbar

Post new comment

The content of this field is kept private and will not be shown publicly.
  • You can use BBCode tags in the text.
  • Lines and paragraphs break automatically.
  • Allowed HTML tags: <p> <strong> <i> <br /> <br> <ul> <ol> <li> <dl> <dt> <dd> <blockquote>

More information about formatting options

CAPTCHA
This question is for testing whether you are a human visitor and to prevent automated spam submissions.
Welcome, visitor. Register Log in
About Cisco Unified Communications

Dennis Hartmann, CCIE No. 15651, is a consultant with www.highpoint.com and author of Implementing Cisco Unified Communications Manager, Part 1. Dennis is also a lead instructor at Global Knowledge. Dennis has various certifications, including the Cisco CCVP, CCSI, CCNP, CCIP, and the Microsoft MCSE.  Dennis has various specializations including unified communications, data center, routing & switching, service provider (MPLS and optical).  Dennis has worked for various Fortune 500 companies, including AT&T, Sprint, Merrill Lynch, KPMG, and Cabletron Systems. He lives with his wife and children in Hopewell Junction, New York.

Global Knowledge