Options

DSCP question

rakemrakem Member Posts: 800
in CCNP
So i have reached the DSCP section of ONT, so far i think I'm understanding it fairly well...

The only thing i don't quite understand yet (and maybe i just haven't reached this section yet) is how or what defines the type of traffic that belongs to a certain DSCP value.

so i can define a class map saying 'match dscp af43' but what traffic as af43 referring to?
CCIE# 38186
showroute.net
· Share on FacebookShare on Twitter

Comments

  • Options
    mattsthe2mattsthe2 Member Posts: 304
    yet to reach ONT yet but i had trouble with this concept to. Id be interested to see what others post but i believe the applications or devices them selfs can set the DSCP value.

    For example for video conferencing you usually can set whatever DSCP value you like, although there are certain types of values that should be set for example Voice is EF. I believe its the phone that marks the traffic as EF.

    As an example we marked all our traffic with a certain QoS level for our Oracle servers, matched it from an ACL and marked it with QoS marking that made sense to our organization.
    · Share on FacebookShare on Twitter
  • Options
    ColbyGColbyG Member Posts: 1,264
    The traffic would be marked by the device it originated from (eg Cisco phone), or a router/switch near the source of the traffic.
    http://blog.alwaysthenetwork.com
    · Share on FacebookShare on Twitter
  • Options
    rakemrakem Member Posts: 800
    ColbyNA wrote: »
    The traffic would be marked by the device it originated from (eg Cisco phone), or a router/switch near the source of the traffic.


    Yep that makes sense...

    On a router or switch i guess you could do something like the following;

    RouterA(config)#class-map BLAH
    RouterA(config-cmap)#match protocol http
    RouterA(config-cmap)#match protocol ftp
    RouterA(config-cmap)#match protocol ssh
    RouterA(config-cmap)#exit
    RouterA(config)#pol
    RouterA(config)#policy-map LOL
    RouterA(config-pmap)#claas
    RouterA(config-pmap)#clas
    RouterA(config-pmap)#class BLAH
    RouterA(config-pmap-c)#set dscp
    RouterA(config-pmap-c)#set dscp af11

    so we have http, ftp and ssh getting marked as AF11, then on a different router you could to something like:

    RouterB(config)#clas
    RouterB(config)#class-map ABC
    RouterB(config-cmap)#match ip dscp af11
    RouterB(config-cmap)#ex
    RouterB(config)#policy-map XYZ
    RouterB(config-pmap)#class ABC
    RouterB(config-pmap-c)#police 80000
    RouterB(config-pmap-c-police)#exit

    so router B would police anything marked as Af11....

    Is that correct?

    Or like if your IP phone couldn't set its own DSCP or IP Prec values, you could set it on the switchport which the phone connects to...
    CCIE# 38186
    showroute.net
    · Share on FacebookShare on Twitter
  • Options
    kpjunglekpjungle Member Posts: 426
    rakem wrote: »
    Yep that makes sense...

    On a router or switch i guess you could do something like the following;

    RouterA(config)#class-map BLAH
    RouterA(config-cmap)#match protocol http
    RouterA(config-cmap)#match protocol ftp
    RouterA(config-cmap)#match protocol ssh
    RouterA(config-cmap)#exit
    RouterA(config)#pol
    RouterA(config)#policy-map LOL
    RouterA(config-pmap)#claas
    RouterA(config-pmap)#clas
    RouterA(config-pmap)#class BLAH
    RouterA(config-pmap-c)#set dscp
    RouterA(config-pmap-c)#set dscp af11

    so we have http, ftp and ssh getting marked as AF11, then on a different router you could to something like:

    RouterB(config)#clas
    RouterB(config)#class-map ABC
    RouterB(config-cmap)#match ip dscp af11
    RouterB(config-cmap)#ex
    RouterB(config)#policy-map XYZ
    RouterB(config-pmap)#class ABC
    RouterB(config-pmap-c)#police 80000
    RouterB(config-pmap-c-police)#exit

    so router B would police anything marked as Af11....

    Is that correct?

    Or like if your IP phone couldn't set its own DSCP or IP Prec values, you could set it on the switchport which the phone connects to...

    Yep.. Marking is basically done so other devices can provide a differentiated service. You want to mark as close to the source as possible.

    For example at your switch level, mark using CoS (trunks only), and at the first router (or any L3 device), mark it at layer 3 as well, to preserve the markings across multiple different L2 mediums.
    Studying for CCNP (All done)
    · Share on FacebookShare on Twitter
  • Options
    malcyboodmalcybood Member Posts: 900 ■■■□□□□□□□
    If you wanted to for example mark email traffic with a server IP address of 10.10.10.10 and TCP port 1616 TO the server from a remote site you could do something along the lines of

    (on the switch)
    ip access-list extended MARK_EMAIL
    permit tcp 0.0.0.0 0.0.0.0 10.10.10.10 0.0.0.0 eq 1616

    class-map MARK_EMAIL
    match ip address MARK_EMAIL
    set ip dscp af41

    policy-map MARK_EMAIL
    class MARK_EMAIL

    int-range fa0/2 - 24
    service-policy input MARK_EMAIL

    Then trust all markings on the switch port that connects to the router (i.e. fa0/1).

    (on the router)
    class-map MATCH_EMAIL_DSCP
    match ip dscp af41

    policy-map EMAIL_OUT
    class MATCH_EMAIL_DSCP

    int s0/0
    desc WAN interface to MPLS
    service-policy out EMAIL_OUT

    The above config would obviously vary slightly depending on what type of switch you had and it's capabilities, but the general answer to your question is you would use acl's with source / destination IP addresses to mark non standard services other than voice which usually is marked on the phone.

    Does this make sense?
    · Share on FacebookShare on Twitter
Sign In or Register to comment.