Searching for the QoS Holy Grail

With the convergence of voice, video and data in enterprise networks, and the increasing need to cut travel costs, both voice over IP and videoconferencing are becoming increasingly important. When coupled with the ever-present requirement that critical enterprise applications perform at their best, even in a fiscally tight environment, the days of “best effort” service are rapidly disappearing.

Quality of service (QoS) is actually an ad hoc collection of technologies and techniques. This ad hoc nature is what has created a barrier to true end-to-end strategy. Because application, operating system and networking vendors often differ on what set of QoS technologies they implement, it has been difficult for IT groups to implement QoS across their entire networks.

Some say adding bandwidth is effective in providing QoS. While adding bandwidth certainly helps, the real goal of QoS is to provide a level of guarantee to all traffic in the network. This is just as true for a fractional T-1 WAN circuit as it is for a Gigabit Ethernet link. For corporations, QoS can provide assurances that real-time and essential business traffic gets the bandwidth it needs while moving across the corporate LAN — no matter what else is on the network, including denial-of-service (DoS) attacks. QoS can make existing WAN and Internet connections usable again when the added expense of increased bandwidth cannot be justified. Enhancing existing bandwidth to save money will drive most companies to make their first excursions into the world of QoS.

We set out to explore some different approaches and strategies of QoS, test different QoS appliances and discuss ways to implement QoS using equipment you already might own. The best approach to QoS depends on several situations, which we will highlight.

Appliances to the rescue

For many companies, QoS appliances are the first step toward bringing QoS into the network where it is needed most – heavily congested WAN and Internet connections.

We tested QoS-specific equipment from five different vendors using a simulated enterprise network, which included a LAN and branch-office locations connected to the enterprise LAN via frame relay. The corporate office was connected to the Internet via a simulated DS-3. We ran each vendor’s equipment through a series of tests meant to replicate common scenarios in which QoS would be used to improve a congested network.

These scenarios included:

— An outbound DoS attack over the DS-3 to affect performance of the corporate Web site.

— Congested WAN links interfering with videoconference and voice-over-IP calls.

— A DS-3 congested with Web and other traffic preventing an MPEG-2 distance training session from working.

In each test, we added enough congestion to cause extreme performance problems with our applications – Web performance was very close to zero, and videoconferencing and VoIP calls could not be made.

We also ran raw throughput tests on each LAN device, as they are expected to sit inline on high-speed networks. Note that it is unusual to have high rates of minimum-sized frames traveling over the network. These numbers are presented only so that the appliance can be properly matched with the demands of the network.

Because some appliances were designed specifically for WAN environments, the full suite of tests were not run on all equipment.

Allot Communications Ltd.

NetEnforcer 201 and 301

Allot’s NetEnforcer 201 and 301 are LAN-based QoS appliances. Each device comes with two 10/100M bit/sec ports, one labeled “External” and one labeled “Internal.” The 201 can support configurations ranging from 2M through 10M bit/sec, and the 301 is rated for 100M bit/sec throughput. Our baseline performance tests showed that 32 percent of 64-byte packets were passed, which increased linearly to 100 percent as the packet size grew above 512 bytes. While most QoS boxes we reviewed were unable to pass small frames (below 512 bytes in length) at line rate, this should only be a concern if your specific traffic patterns dictate large numbers of such small frames.

NetEnforcer uses a two-stage classification system with the concept of pipes and virtual channels, and each contain rules and actions. Pipes are the top of the hierarchy and are normally used to differentiate between sites that might be running through the same NetEnforcer appliance. Within each pipe, virtual channels can be defined to differentiate priorities for users or applications, with all unclassified traffic going into the fallback pipe. Classification up to Layer 7 is supported for several common protocols, and support for non-IP protocols is strong. System configuration and policies may be backed up using Trivial FTP and pushed from one NetEnforcer to others. Redundancy via connecting multiple NetEnforcer boxes also is supported.

In our performance tests, both NetEnforcer models did well. With policies enabled to block User Datagram Protocol (UDP) traffic, our HTTP server performance was untouched by the other traffic. Implementing a policy to prefer HTTP traffic over all others was also very effective, with little noticeable difference in performance during our DoS attack. We used NetEnforcer 201 in our WAN testing, and it could classify nearly all traffic flowing by application name. We could get videoconferencing and VoIP working in a predictable manner, although it required some bandwidth carving.

We tested Version 4.2 of the NetEnforcer software. Like most of the products in this review, management is accomplished via a very nice Java Web-based graphical user interface (GUI). The GUI is more complex than other appliances, but is very powerful. Near real-time monitoring lets you see exactly what traffic is flowing over the network and what policies are being matched. A command-line interface (CLI) is also available that gives access to the underlying Linux operating system. This makes NetEnforcer extremely flexible. The software is broken into monitor, classify, enforce and reporting sections.

Additional software modules can be purchased from Allot and include NetAccountant (extended accounting features, including policy-based bandwidth tracking), CacheEnforcer (network cache enforcement) and NetBalancer (server load balancing). Software to manage multiple NetEnforcers (in groups of 5, 20, 50, etc.) also can be purchased.

Bottom line

Allot Communications

Category: LAN appliance

NetEnforcer 201 (up to 2M and 10M bit/sec, up to 12,000 flows) Cost: $5,500 to $7,500

NetEnforcer 301 (up to 100M bit/sec, up to 96,000 flows) Cost: $13,000

Advantages: Very nice Web interface; policies easy to configure; good performance; high level of customization possible with unfettered access to underlying operating system.

Disadvantage: Must run the appliance through a shutdown routine before powering off.

Best suited for: Users who need extreme flexibility and customization capabilities.

End-to-end QoS capabilities: Accepts IP Precedence- and DSCP-tagged traffic; marks using IP Precedence or DSCP tags based on classification phase.

Packeteer PacketShaper 2500 and 8500

Packeteer’s PacketShaper 2500 and 8500 are LAN-based QoS appliances. Each device comes with two ports (one each for inbound and outbound, respectively). The 2500 can support configurations ranging from 2M through 10M bit/sec, and the 8500 scales above OC-3 (155M bit/sec) speeds. Baseline performance tests showed that they pass over 90 percent of minimum-size frames and 100 percent of 128-byte or larger frames.

When you first turn on PacketShaper, all traffic is combined into a default group based on the inbound or outbound direction. If the box recognizes a particular type of traffic, it automatically moves it out of the default group and into a list of classified traffic after it has seen a configurable number of flows. This works well for the majority of traffic, but the occasional flow might run for a while and never be classified outside the default queue. Classification is performed up to Layer 7 for many protocols, and several non-IP protocols (including IPX, Appletalk and SNA) are recognized.

In performance testing, the 2500 and 8500 performed extremely well. Our DoS attack against each PacketShaper model found they could quickly identify and stop the source of unwanted traffic. Rules that preferred HTTP were very effective with almost no perceptible difference in HTTP performance before and during the attack. In the branch-office tests, the video and voice streams were nearly perfect, with no bandwidth carving necessary and little configuration needed. In our final test, some minor bandwidth carving was needed to protect the MPEG-2 stream, but this was expected, as MPEG-2 streams are sensitive to any loss or delay.

The PacketShaper Web-based GUI has classification, analysis, control and reporting sections. The GUI was intuitive and fairly easy to use. Occasionally we wanted more detail and had to turn to the CLI to see what protocols were seen on the network, and how well our policies were being matched. We would like to see more details about the classification process available via the Web interface.

Packeteer LAN expansion modules (LEM) are available for each PacketShaper model – these let the device be connected to additional 10/100 LANs (and Gigabit networks in the case of the 8500). The LEMs can reduce the number of PacketShapers required in a network. Redundancy and hot standby capabilities also are included. ReportCenter and PolicyCenter also are available for central policy management and report generation.

Bottom line


PacketShaper 2500 (2M or 10M bit/sec, up to 5,000 or 20,000 flows, respectively) Cost: $12,000

PacketShaper 8500 (200M bit/sec, up to 200,000 flows) Cost: $32,000

Category: LAN appliance

Advantages: Excellent performance; GUI is simple and easy to use; LEMs let multiple networks be controlled from the same appliance.

Disadvantages: Some classification detail not visible from GUI; very low flow-count traffic may not be classified.

Best suited for: High bit-rate connections; networks that are physically close to each other to minimize the number of appliances.

End-to-end QoS capabilities: Accepts IP Precedence-, DSCP-, 802.1p- and MPLS-tagged traffic; marks using IP Precedence, DSCP, 802.1p and MPLS tags based on classification phase; can translate between different marking standards (DSCP to IP Precedence, for example).

Sitara Networks QoSWorks 10000

Sitara’s QoSWorks 10000 is a LAN-based QoS appliance rated up to 100M bit/sec of throughput. The device comes with two 10/100 ports, one labeled WAN and one labeled LAN. Baseline performance tests revealed that the unit could pass 30 percent of the traffic at minimum frame size, going to near line rate once the frames reached 512 bytes in length.

We reviewed two versions of the QoSWorks firmware; 1.9 is shipping now, and 2.0 will start shipping in June. The 2.0 firmware is a big step forward for Sitara because it adds Layer 7 classification for many common protocols, including H.323 and HTTP. It also adds a more dynamic Java-based interface, which adds 1-minute updates for traffic monitoring. Unfortunately, Layer 7 classification of some peer-to-peer applications is not currently available.

QoSWorks did well on our performance tests. It immediately identified the source of our DoS attack and blocked it. It also simply prioritized HTTP traffic at the application layer, without writing a rule specific to the DoS attack, which resulted in the restoration of about 90 percent of HTTP performance. In the WAN tests, we could prioritize our videoconference at the application layer, with our voice traffic classified based on IP address. Once policies were put into place, the videoconference ran with only minor packet loss, and the voice streams were clear with little latency. QoSWorks includes the ability to limit queue depth for real-time traffic. This can be a bonus for heavily congested networks because it limits latency and jitter. The appliance also can mark traffic in the IP Precedence field of the type-of-service (ToS) byte, but cannot enforce based on it.

The Web-based management interface was easy to use and includes sections on monitoring, reports and policy creation. Near real-time reports make it easy to verify that policies are being matched. The LAN vs. WAN distinction in the monitoring and policy-creation sections was a bit confusing and could use clarification. In Version 2.0, not all interfaces were converted to Java, so integration between monitoring and the policy editor, for example, wasn’t very tight. Sitara says it will address this in future releases.

Sitara also has its QoSDirector product for central policy management. Redundancy is available via QoSArray, which is a separate product from the QoSWorks 10000.

Bottom line

Sitara Networks

QosWorks 10000 (up to 100M bit/sec) Cost: $25,000

Category: LAN appliance

Advantages: Good performance; queue depth controls for limited delay/jitter.

Disadvantage: Understanding traffic direction can be a little confusing.

Best suited for: Novices, or traffic with low latency requirements.

End-to-end QoS capabilities: Accepts IP Precedence and DSCP tagged traffic; marks using IP Precedence or DSCP tags based on classification phase.

Kentrox ServicePoint

2040-tmc DSU

The Kentrox ServicePoint 2040-tmc DSU is a WAN-based QoS appliance with built-in DSU/CSU and QoS functionality. Kentrox uses Packeteer’s QoS classification and enforcement engine. This device actually replaces your existing DSU/CSUs and sits on the serial side of your WAN router, making it easy to install in virtually any existing WAN topology. Baseline performance tests indicate that it can pass traffic at the same rate as a native T-1 interface.

Because ServicePoint 2040 sits directly on the frame relay link, it can see things that LAN-based QoS boxes normally cannot see, such as Local Management Interface exchanges and Data Link Connection Identifier (DLCI) mappings, and router-originated traffic. During the first part of performance testing, the box could classify traffic by DLCI, which makes it very easy to write policies for specific frame relay permanent virtual circuits. In a hub-and-spoke topology, a ServicePoint 2040 sitting at a corporate office can enforce policies for traffic between branch offices, which can reduce the number of units necessary, depending on the traffic makeup. Because the ServicePoint is connected to the serial interface of the WAN router, it can see and prioritize router-originated traffic, such as toll-bypass VoIP traffic or routing updates, which a LAN-based box could not handle.

Unfortunately, during more advanced classification and enforcement tests, we ran into a bug that prevented some traffic from being properly classified. While bug encounters are not necessarily unusual during testing, this one brought to light two important limitations of ServicePoint’s implementation. First, traffic must be seen by the unit before a policy can be created for it. This means policies cannot be prewritten or based on IP address only. Second, if the classification engine does not recognize the traffic, it doesn’t show up on any utilization graphs or reports. As a result, a fairly utilized T-1 looks almost empty from the management console. Because of these issues, we couldn’t test the box fully. Kentrox says the traffic classification bug has been resolved and is shipping an update to fix the problem.

Management is handled via ServicePoint Manager, sold separately but required for the monitoring and traffic management functions of the DSUs. The server component runs on a Windows NT or 2000

server, with clients that can be run on Windows 98 or above. ServicePoint has a fairly intuitive interface and provides a rich set of features, including near real-time monitoring of all the DSUs, centralized storing and deployment of policies, and report generation. It can scale up to 600 DSUs natively and go higher by deploying remote collection agents.

Bottom line


ServicePoint 2040-tmc DSU (V.35 Interface) Cost: $5,000

ServicePoint Manager (required) Cost: $10,000

Category: WAN appliance

Advantages: Easy to deploy in any existing frame relay network; can monitor and manage the frame relay network and the applications using it.

Disadvantages: Policy definition not flexible enough for heavy management; cannot effectively manage large amounts of UDP traffic because of where it sits on the network.

Best suited for: Frame-relay traffic monitoring.

End-to-end QoS capabilities: Accepts IP Precedence-marked traffic.

NetReality WiseWan 201 and 601

NetReality’s WiseWan comes in both LAN- and WAN-based formats. WiseWan 201 is rated at speeds of up to 2M bit/sec and is available in serial, Ethernet and DSU/CSU formats. It inserts into the network via a WiseCable, which lets the connection be passive until the unit is activated. WiseWan 601 supports Ethernet and High Speed Serial Interface (HSSI) configurations and is rated at speeds of up to 52M bit/sec. We tested WiseWan 201 with a serial interface sitting between the router and the frame relay network, and WiseWan 601 with two Fast Ethernet interfaces. Baseline performance tests showed WiseWan 601 could pass all frames at its rated speed for all frame sizes.

For the most part, the unit performed well in testing. It could prioritize HTTP over all other traffic during the DoS attack and maintain performance to 90 percent of what it was before the attack. Rules prioritizing H.323 videoconferencing and voice traffic were effective in maintaining voice and video quality during congestion with only minor video glitches.

When we introduced a large amount of “connectionless” traffic such as UDP into the network, WiseWan sitting on the WAN side of the router had increased difficulty maintaining desired policies. This is because UDP traffic has no inherent congestion control (as does TCP), so WiseWan couldn’t tell the sender to “slow down.” Because the router itself will drop traffic if the maximum speed of the serial interface is exceeded, connectionless traffic can “push” all other sources out of the way. This makes bandwidth guarantees difficult to honor in high UDP situations or unusual network conditions, such as a DoS attack. If you expect such conditions on your network, you might want to opt for the LAN-based WiseWan units.

As is the case with Kentrox’s ServicePoint, because WiseWan can sit on the WAN, it has a unique perspective of the WAN. This lets the box provide useful information on network congestion, control multiple sites in a hub-and-spoke configuration and manage traffic originating from the router itself. WiseWan is capable of up to Layer 7 recognition for a large number of common protocols.

Management of WiseWan devices is through WanXplorer (we tested Version 5.2), a client/server product that runs under Solaris or Windows. The server communicates with the WiseWan device via a SNMP channel. The server contains a database back end that stores policies and statistics, which are automatically aggregated over time. Users initiate client connections to the server to obtain statistics and make policy and configuration changes. The client can run as a native Java application or via a Web browser.

The user interface was easy to use and straightforward. We could create, activate and move between policies with just a few mouse clicks. Configuration is kept centrally, making unit replacement a snap in the event of failure.

Bottom line


WiseWan 201 (up to 2M bit/sec) Cost: $9,000 for Ethernet; $10,000 for serial or DSU/CSU

WiseWan 601 (up to 52M bit/sec) Cost: $27,000 for Ethernet; $28,000 for HSSI

Advantages: Good performance; using WanXplorer, very easy to control large numbers of devices at once; can monitor and manage the frame relay network and the applications using it.

Disadvantages: From monitoring interface, difficult to tell when traffic is matching policies; high connectionless traffic percentage can affect bandwidth guarantees with the WAN-based unit.

Best suited for: Frame relay or mixed frame relay/Ethernet environments, in which a common management interface is desired.

End-to-end QoS capabilities: Marks using IP Precedence or DSCP tags based on classification tags.

Hewlett-Packard Procurve 9304m

In addition to testing appliances designed to perform QoS from the ground up, we also tested routers that include QoS features, routers you already might have in your network. We ran these devices through the same series of tests to see what could be achieved at little or no cost. We tested Hewlett-Packard’s Procurve 9304 (also known as the Foundry Networks’ BigIron 4000) and Cisco’s 7206VXR. We tested only the feature sets we thought would be common to most modern routers in use today.

HP’s Procurve 9304m is a high-capacity Layer 3 switch usually found in core enterprise networks. This Layer 3 switch implements a core set of QoS features that are likely to be found in varying degrees in most midlevel to high-end network equipment.

Classification is mostly done via access policies that match IP addresses, IP protocol, Layer 4 ports or all of the above. Packet classification also may be based on virtual LAN, ingress port, media access control address or Appletalk socket. If a protocol cannot be classified at Layer 4 (such as H.323), rules must be written based on IP address of the sender or receiver. The switch also can act based on traffic that has been preclassified and tagged using 802.1p or the IP Precedence field of the ToS byte. Once the traffic has been classified, packets can be placed in any one of four system queues. The queues are serviced in a strict priority or weighted fair fashion.

In our tests, we used weighted fair queuing, the method that the vendor recommended. We wrote access policies to prioritize TCP Port 80 into the highest-priority queue and placed everything else in the lowest-priority queue. Because we used a Gigabit Ethernet connection, we used equipment from Ixia Communications and Spirent Communications to generate enough background traffic to cause congestion and interfere with the corporate Web site. Once the policy was enacted, the Web site returned to normal with little difference in performance from the uncongested network.

We ran the same test with a videoconference between two locations on the corporate network. Because we used H.323, the 9304m (like most routers) couldn’t classify above Layer 4. So we used IP address-based access policies to distinguish the traffic. Again, after applying the policy, video quality returned to normal with little distortion.

Overall, we found the QoS implementation in the 9304m basic, but effective in providing QoS for the limited set of tests we ran. Implementing QoS in this way requires that you know what traffic is going over your network and probably only can be obtained using separate protocol analyzers or Remote Monitoring-style probes. The design of the 9340m and other such high-capacity Layer 3 switches is geared toward accepting QoS tags, usually in the form of IP Precedence bits, and enforcing based on those tags, rather than performing much classification.

Bottom line


Procurve 9304M Cost: $6,270 (base price, no modules)

Advantages: High Performance; simple configuration.

Disadvantages: Limited classification capabilities; limited tag-generation capabilities; limited QoS reporting.

Best suited for: Core networks

End-to-end QoS capabilities: Accepts IP Precedence- and 802.1p-tagged traffic; marks using IP Precedence or DSCP for rate-limit functions only.

Cisco 7206 VXR

Cisco’s 7206 VXR is a more classical IOS-based software router more likely to be found at the edge of a midsize or large enterprise network. As such, it has many more QoS features than the higher-end Layer 3 switches, but its performance expectations compared with a Layer 3 switch are also significantly lower.

We tested a Cisco 7206 VXR running IOS 12.1. Our initial tests ran the same way as the 9304m testing. We used access lists to differentiate HTTP traffic from other traffic and used class maps and policy maps to place the traffic into a queue. We used class-based weighted fair queuing with guaranteed bandwidth to satisfy all requests. As with our other tests, the corporate Web site was nearly unaffected by other traffic on the network, even in extreme conditions. Other options include priority queuing, low-latency queuing and flow-based weighted fair queuing. Congestion avoidance algorithms and committed access rate rules also can be used to back off TCP-based transmissions.

A recent addition to Cisco’s QoS strategy is Network Based Application Recognition (NBAR). This gives the router some Layer 7 classification capabilities that normally are found only on QoS appliances. We repeated our tests with NBAR to classify our Web traffic based on URL rather than TCP port number. We saw the same results, but noticed a bit higher CPU utilization on the router, no doubt because of the increased classification load. Because classification was occurring above Layer 4, we just as easily could have prioritized one URL over another, which is something that up until now was the domain of the network QoS appliance. Although NBAR does not recognize as many protocols as most of the QoS appliances, its modular design means that new protocols can be added to the router without a software upgrade.

Because this router sits closer to the edge, it usually is tasked with marking and classification. We extended our policy maps to mark the traffic as it exited the router with an IP Precedence mark, so other routers upstream might recognize it. A quick traffic capture confirmed the correct ToS bits were set.

As was the case with HP’s 9304m, classifying traffic with the 7206 VXR requires that you know what types of traffic are going over your network. Protocol-analysis tools are required here. It also requires a fairly detailed understanding of how different protocols act and react to different congestion situations – for example, how HTTP acts vs. FTP. NBAR helps the situation, as long as the protocol in which you are interested is supported.

Bottom line


Cisco 7206VXR Cost: $17,500 (7206VXR, NPE400, 2FE ports)

Advantages: Good performance; flexible classification and tag-generation capabilities; some Layer 7 classification of traffic.

Disadvantages: Limited QoS reporting; doesn’t support as many Layer 7 protocol classifications as the appliances.

Best suited for: Edge routing on midsized or large enterprise networks.

End-to-end QoS capabilities: Accepts IP Precedence-, DSCP-, 802.1p- and MPLS-tagged traffic; marks using IP Precedence, DSCP, 802.1p and MPLS tags based on class maps; can translate between different marking standards (DSCP to IP Precedence, for example).

End-to-end QoS?

Using these pieces should let you implement a comprehensive QoS strategy. Using the appliances or smaller routers to classify, mark and enforce at the edge, and core routers to expedite critical flows, you’ll have most locations in the network covered. The exception is the desktop. Most QoS designs do not give critical traffic from desktops or servers any special treatment until it hits the first router, where it is classified and marked. This may not be good enough. That 100M bit/sec uplink off of a 24-port 10/100 switch is often a spot for congestion. So what should you do?

Because QoS is most applicable for real-time traffic such as voice or video, that is where you should concentrate your efforts. If you have equipment that will set 802.1p tags for you (as many VoIP phones do) and a switch that has more than one egress queue and understands 802.1p, then you may be in luck, at least for those specific services. Even better, some newer edge switches also can prioritize traffic based on IP precedence, DSCP values, or even IP address, which opens the door to a wider variety of applications and services that can be prioritized at the edge.

But for most desktop applications, there are few options. Although most recent versions of Windows support 802.1p in some manner, the network card also must support it, and native application support is rare.

Third-party vendors such as Intel and 3Com ship additional software with their 802.1p-enabled network interface cards that lets policies determine which traffic is tagged. These policies must exist on each desktop and be kept up to date, which can be time-consuming. The good news is that most desktop applications easily can deal with short periods of congestion, so QoS to the desktop might not be required.

The term “QoS” has long instilled fear in the minds of network engineers. Although the panacea of end-to-end QoS is on the horizon, effective QoS capabilities exist and can be deployed today.

Two other QoS options

In addition to the QoS appliances we tested, other vendors also are producing QoS-aware equipment.

Procera Networks MLS

Procera’s MLS is a 24-port, multilayer switch with Routing Information Protocol and Open Shortest Path First routing capabilities. In addition to wire-speed routing and switching, a network administrator can prioritize traffic based on user-defined policies. Up to 100 policies can be created using a Web-based graphical user interface and can be applied per port or to all ports. Each policy is based on a set of actions that apply to each packet, which include “discard,” “do not drop,” “mirror” and “prioritize.” Actions can be based on IP port number, IP address or subnet. Additional QoS features are being planned.

Procera Networks

Procera MLS (24 fixed 10/100 ports and two optional gigabit uplinks) Cost: $9,000

Category: Router/switch

U4EA FlowFusion

U4EA’s FlowFusion device also can control WAN bandwidth. It consists of two 10/100M bit/sec ports (one for inbound, one for outbound) and usually is inserted between a LAN switch (the branch office) and the upstream WAN router.

U4EA is promoting FlowFusion specifically for use in videoconferencing and voice over IP, but it can be used with any IP-based application.


FlowFusion 2M (up to 2M bit/sec) Cost: $7,000

FlowFusion 5M (up to 5M bit/sec) Cost: $12,000

Category: WAN appliance

QoS terms defined


A conversation between a single-source address and a single destination using a unique set of Layer 3 addresses and Layer 4 ports.

Type-of-service (ToS) byte

An eight-bit field in the IP header. IP Precedence, Differentiated Services Code Point and ToS field all use this byte.

Differentiated Services Code Point (DSCP)

A different use of the ToS byte. Six bits of this byte are being reallocated for use as the DSCP field, where each DSCP specifies a particular per-hop behavior that is applied to a packet. Support for DSCP still is lacking in some network equipment, however (see RFC 2474). DSCP is not compatible with IP Precedence.

IP Precedence field

A three-bit field in the ToS byte of the IP header (see RFC 791). Using IP Precedence, a network administrator can assign values from 0 (the default) to 7 to classify and prioritize types of traffic. IP Precedence is being phased out in favor of DSCP, but is supported by many applications and routers.

ToS field

Lets values from 0 to 15 be assigned to request special handling of traffic (for example, minimize delay, maximize throughput). The ToS field is being phased out in favor of DSCP (see RFC 1349).

Multi-protocol Label Switching (MPLS)

A standard for applying “labels” to traffic for the purposes of routing and special handling. Among other things, MPLS can be used to differentiate and prioritize network traffic. Mostly used in WAN and service provider environments (see RFC 3031).


A three-bit value that can be placed inside an 802.1Q frame tag. It serves much the same purpose as IP Precedence, but is done at Layer 2, so it is protocol-independent. Usually converted to IP Precedence or DSCP when the packet reaches the first router.

Packet drop

When a queue reaches its maximum length, packet drops can occur. When a packet drop occurs, connection-based protocols such as TCP slow down their transmission rates in an attempt to let queued packets be serviced, thereby letting the queue empty. This is also known as tail drop because packets at the end of the queue prevent other packets from entering the queue.

Bandwidth carving

Dedicating bandwidth to a specific application or set of applications. Because bandwidth is dedicated, other applications cannot use it, even when there is little congestion on the connection. This usually is done when other QoS methods, such as weighted fair queuing, are not effective in providing the desired handling of priority traffic.

TCP rate shaping

A technique that modifies the TCP window size to control the rate at which hosts will transmit TCP-based traffic. When the host believes that the TCP window is full, it will pause its transmissions.

Priority queuing

Priority queuing supports some number of queues, usually from high to low. Queues are serviced in strict order of queue priority, so the high queue always is serviced first, then the next-lower priority and so on.

If a lower-priority queue is being serviced and a packet enters a higher queue, that queue is serviced immediately. This mechanism is good for important traffic, but can lead to queue starvation.

Weighted fair queuing (WFQ)

WFQ is a flow-based queuing algorithm that schedules low-volume traffic first, while letting high-volume traffic share the remaining bandwidth. This is handled by assigning a weight to each flow, where lower weights are the first to be serviced.

Stages of network QoS

Classification: Recognizing packets moving across a network as part of an application or flow. This is done by inspecting the packets as they cross the network or by accepting “marks” for traffic that have already been classified. Classification is the most important part of quality of service and in some environments can be the most difficult step. As applications advance, classification becomes more difficult.

A classic example is H.323, used for videoconferencing, which must be examined all the way to the application layer to ensure it is properly classified.

Marking: Using information learned in the classification stage to tell other network equipment how to handle individual packets. This is usually done by inserting tags such as 802.1p, Differentiated Services Code Point or IP Precedence into the packet (see story “QoS defined,” page 54).

In an end-to-end QoS environment, classification and marking are performed at the network edge, even though traffic may be remarked as it moves across the network.

Enforcement: Also known as policing. The information learned in the classification stage is used along with current network conditions, such as congestion level, to determine how to handle the packets. Policing can involve many techniques, including packet drop, various flavors of queuing, traffic shaping and TCP rate shaping. However, the heavy queuing of real-time traffic such as video or voice over IP can make things worse because of increased latency and jitter. Fortunately, some implementations let you control the queue depth. The purpose of enforcement is threefold