Firewall > QoS Mapping
468
SonicOS Enhanced 4.0 Administrator Guide
But all is not lost. Once SonicOS Enhanced classifies the traffic, it can tag the traffic to
communicate this classification to certain external systems that are capable of abiding by CoS
tags; thus they too can participate in providing QoS.
Note Many service providers do not support CoS tags such as 802.1p or DSCP. Also, most
network equipment with standard configurations will not be able to recognize 802.1p tags,
and could drop tagged traffic.
Although DSCP will not cause compatibility issues, many service providers will simply strip
or ignore the DSCP tags, disregarding the code points.
If you wish to use 802.1p or DSCP marking on your network or your service provider’s
network, you must first establish that these methods are supported. Verify that your
internal network equipment can support CoS priority marking, and that it is correctly
configured to do so. Check with your service provider – some offer fee-based support
for QoS using these CoS methods.
MarkingOnce the traffic has been classified, if it is to be handled by QoS capable external systems (e.g.
CoS aware switches or routers as might be available on a premium service provider’s
infrastructure, or on a private WAN), it must be tagged so that the external systems can make
use of the classification, and provide the correct handling and Per Hop Behaviors (PHB).
Originally, this was attempted at the IP layer (layer 3) with RFC791’s three Precedence bits and
RFC1394 ToS (type of service) field, but this was used by a grand total of 17 people throughout
history. Its successor, RFC2474 introduced the much more practical and widely used DSCP
(Differentiated Services Code Point) which offered up to 64 classifications, as well as user-
definable classes. DSCP was further enhanced by RFC2598 (Expedited Forwarding, intended
to provide leased-line behaviors) and RFC2697 (Assured Forwarding levels within classes, also
known as Gold, Silver, and Bronze levels).
DSCP is a safe marking method for traffic that traverses public networks because there is no
risk of incompatibility. At the very worst, a hop along the path might disregard or strip the DSCP
tag, but it will rarely mistreat or discard the packet.
The other prevalent method of CoS marking is IEEE 802.1p. 802.1p occurs at the MAC layer
(layer 2) and is closely related to IEEE 802.1Q VLAN marking, sharing the same 16bit field,
although it is actually defined in the IEEE 802.1D standard. Unlike DSCP, 802.1p will only work
with 802.1p capable equipment, and is not universally interoperable. Additionally, 802.1p,
because of its different packet structure, can rarely traverse wide-area networks, even private
WANs. Nonetheless, 802.1p is gaining wide support among Voice and Video over IP vendors,
so a solution for supporting 802.1p across network boundaries (i.e. WAN links) was introduced
in the form of 802.1p to DSCP mapping.
802.1p to DSCP mapping allows 802.1p tags from one LAN to be mapped to DSCP values by
SonicOS Enhanced, allowing the packets to safely traverse WAN links. When the packets
arrive on the other side of the WAN or VPN, the receiving SonicOS Enhanced appliance can
then map the DSCP tags back to 802.1p tags for use on that LAN. Refer to the “802.1p and
DSCP QoS” section on page 469 for more information.
ConditioningFinally, the traffic can be conditioned (or managed) using any of the many policing, queuing,
and shaping methods available. SonicOS provides internal conditioning capabilities with its
Egress and Ingress Bandwidth Management (BWM), detailed in the “Bandwidth Management”