QoS Classification Marking and Queuing
QoS Classification Marking and Queuing
Introduction
Quality of Service (QoS) is one of the most critical topics you will encounter in enterprise network design. Without QoS, all traffic on your network is treated equally — a voice call competes with a file download, and a business-critical application gets the same treatment as background traffic. In modern campus and WAN environments, this is simply unacceptable.
This lesson covers the core QoS mechanisms you need to understand for the CCNP ENCOR exam and for real-world enterprise deployments: classification, marking, queuing, prioritization, and policing. By the end of this lesson, you will understand how traffic is identified and categorized, how markings are applied at different layers of the network, how queuing mechanisms ensure critical traffic gets preferential treatment, and how policing enforces bandwidth limits. You will also see a complete configuration walkthrough that demonstrates prioritization of voice traffic and policing of all remaining traffic.
Key Concepts
Classification
Classification is the process of examining traffic and placing it into different categories or classes. This is always the first step in any QoS deployment — before you can treat traffic differently, you must identify what kind of traffic it is. Classification can happen at multiple layers of the OSI model, and the method you use depends on where in the network the classification occurs.
At the Access layer of a campus network, classification typically uses Layer 2 Class of Service (CoS) values. At the Distribution layer, more advanced classification tools such as NBAR (Network-Based Application Recognition) are used to identify applications and classify traffic based on deeper inspection.
Marking
Marking is the act of setting a value in the packet or frame header so that downstream devices can quickly identify the traffic class without needing to re-classify. Two common marking fields are:
| Marking Type | Layer | Field | Value Range | Where Used |
|---|---|---|---|---|
| CoS | Layer 2 | 802.1Q header | 0-7 | Access layer, switched environments |
| IP DSCP | Layer 3 | IP header (DiffServ field) | 0-63 | Distribution, Core, WAN, across routed boundaries |
The key distinction is that CoS is a Layer 2 marking carried inside the 802.1Q VLAN tag, so it only survives within a Layer 2 domain. IP DSCP is a Layer 3 marking embedded in the IP header, so it persists as traffic is routed across Layer 3 boundaries. For this reason, DSCP is the preferred marking for end-to-end QoS across an enterprise network.
Queuing and Prioritization
Once traffic is classified and marked, queuing mechanisms determine the order in which packets are sent out an interface. The most important queuing mechanism for real-time traffic is Low Latency Queuing (LLQ). LLQ provides a strict priority queue that ensures latency-sensitive traffic such as voice is always transmitted first, ahead of all other queued traffic.
When you enable priority for a traffic flow, you are placing that flow into the LLQ. Packets in this queue are serviced before any other queue, which minimizes delay and jitter for applications that cannot tolerate either.
Policing
Policing enforces a bandwidth limit on a traffic class. Traffic that conforms to the configured rate is permitted through. Traffic that exceeds the rate is handled according to the configured exceed action — typically it is dropped. Policing uses three key parameters:
| Parameter | Description |
|---|---|
| Committed Rate (bps) | The maximum bandwidth allowed for the traffic class |
| Conform Action | What to do with traffic within the rate limit (e.g., transmit) |
| Exceed Action | What to do with traffic that exceeds the rate limit (e.g., drop) |
| Burst Size | The amount of traffic allowed in a temporary burst above the committed rate |
How It Works
QoS in the Campus Network Architecture
QoS operates at multiple layers of the campus network hierarchy, and each layer handles QoS differently based on its role:
-
Access Layer: This is where initial classification and marking typically occurs. The Access layer uses L2 CoS classification and marking to identify and tag traffic as it enters the network. Because the Access layer is predominantly Layer 2 switched, CoS values carried in 802.1Q tags are the primary QoS mechanism here. The Access layer also supports features such as 802.1x for security and NetFlow variants (AVC, FNF, EPA, and ETA) for visibility.
-
Distribution Layer: At this layer, the network transitions from Layer 2 switching (southbound toward the Access) to Layer 3 routing (northbound toward the Core). The Distribution layer uses more sophisticated classification via NBAR, which can identify applications at a deeper level than simple CoS or DSCP matching. QoS policies at the Distribution layer apply classification and marking that will carry traffic priorities across the routed core. The Distribution layer also runs SVIs, HSRP/VRRP, ARP/ND, IGP routing protocols, and PIM on its northbound interfaces.
-
Extended Access Layer: In very large campus or large branch deployments, an Extended Access layer extends the reach of the Access layer to connect more hosts. This layer also applies L2 CoS classification and marking, along with access security features like 802.1x, VACLs, and PACLs.
The Classification and Marking Workflow
The typical QoS workflow follows a logical sequence:
- Define the traffic class: Create a class map that identifies which traffic should receive special treatment. This can match on DSCP values, CoS values, protocol, or other criteria.
- Define the QoS actions: Create a policy map that specifies what actions to apply to each class — prioritization, policing, shaping, or marking.
- Apply the policy: Attach the policy to an interface in the appropriate direction (input or output).
Any traffic that does not match a specifically defined class falls into the class-default class. You can apply separate QoS actions to class-default to manage all remaining traffic that was not explicitly classified.
Prioritization and Policing Together
A common and practical QoS design combines LLQ for voice traffic with policing for all remaining traffic. In this design:
- Voice traffic is matched by its DSCP value and placed into a strict priority queue using LLQ. This ensures voice packets experience minimal delay and jitter.
- All remaining traffic (matched by class-default) is policed to a defined bandwidth limit. Traffic within the limit is transmitted normally. Traffic that exceeds the limit is dropped.
This two-part approach ensures that critical real-time applications always get through, while bulk traffic is rate-limited to prevent any single flow from overwhelming the link.
Configuration Example
The following example demonstrates a complete QoS configuration that prioritizes voice traffic and polices all remaining traffic to 2 Mbps. This configuration uses a service policy approach applied to an interface.
Step 1: Classify Voice Traffic Using IP DSCP
First, create a class map that matches voice traffic based on its IP DSCP value. The DSCP selection identifies the specific traffic you want to prioritize.
class-map match-any voice-class
match ip dscp ef
Note: The class map defines the traffic-match criteria. All packets matching the specified DSCP value will be handled by the QoS actions defined in the next step.
Step 2: Create a Policy Map with LLQ for Voice
Next, create a policy map and enable priority (LLQ) for the voice traffic class. This places matched voice traffic into the strict priority queue.
policy-map qos-policy
class voice-class
priority
By enabling priority for this flow, you activate Low Latency Queuing. Voice packets are now serviced ahead of all other traffic on the interface.
Step 3: Police All Remaining Traffic
Within the same policy map, configure the class-default class to police all remaining (non-voice) traffic to 2 Mbps. The policing parameters are:
- Committed Rate: 2,000,000 bps (2 Mbps)
- Conform Action: Transmit
- Exceed Action: Drop
- Burst Size: 1,500 bytes (default)
policy-map qos-policy
class class-default
police output 2000000 1500 conform-action transmit exceed-action drop
Any traffic within the 2 Mbps limit is transmitted normally. Any out-of-profile traffic that exceeds 2 Mbps is dropped.
Step 4: Apply the Policy to an Interface
Finally, apply the service policy to the outbound direction of the appropriate interface.
interface GigabitEthernet0/0
service-policy output qos-policy
Verification
After applying the policy, verify that your QoS configuration is active and review the traffic-match criteria and policy actions.
show policy-map interface GigabitEthernet0/0
Best Practice: Always verify your QoS policy after applying it. Confirm that the correct traffic classes are being matched and that the conform/exceed counters reflect expected behavior.
Real-World Application
Campus Network Deployments
In production campus networks, QoS classification and marking are applied at the Access layer as close to the traffic source as possible. This is known as the "trust boundary" — the point in the network where you begin trusting and acting on QoS markings. At the Access layer, L2 CoS values are used to classify and mark traffic within the switched domain. As traffic moves to the Distribution layer, NBAR provides deeper classification, and DSCP markings carry QoS information across Layer 3 boundaries into the Core and WAN.
Voice and Video Prioritization
The most common QoS deployment scenario is prioritizing voice and video traffic. These applications are extremely sensitive to delay and jitter, making LLQ essential. By placing voice traffic into a strict priority queue, you guarantee that voice packets are always transmitted first, regardless of how congested the link may be.
Bandwidth Enforcement with Policing
Policing is used in production to enforce bandwidth contracts and prevent any single traffic class from consuming more than its fair share of bandwidth. The combination of LLQ for priority traffic and policing for everything else is a standard design pattern. For example, policing all non-voice traffic to 2 Mbps on a WAN link ensures that bulk transfers cannot starve voice traffic of bandwidth.
Design Considerations
- Oversubscription ratios matter for QoS planning. In campus designs, the recommended oversubscription ratio from the Access layer to the Distribution layer is 20:1 or less. Higher oversubscription means more potential for congestion, which makes QoS policies even more critical.
- Always classify and mark traffic as close to the source as possible.
- Use DSCP for end-to-end QoS markings since CoS values do not survive Layer 3 routing boundaries.
- Apply policing with appropriate burst sizes to avoid dropping traffic unnecessarily during short micro-bursts.
Summary
- Classification identifies traffic types; marking tags them with CoS (Layer 2) or DSCP (Layer 3) values so downstream devices can apply appropriate treatment without re-classifying.
- Low Latency Queuing (LLQ) provides a strict priority queue for latency-sensitive traffic like voice, ensuring it is always transmitted ahead of other traffic.
- Policing enforces bandwidth limits by transmitting conforming traffic and dropping traffic that exceeds the committed rate — for example, policing non-priority traffic to 2 Mbps with a conform action of transmit and an exceed action of drop.
- QoS is applied at every layer of the campus hierarchy: CoS classification and marking at the Access layer, and NBAR-based classification at the Distribution layer, with a recommended Access-to-Distribution oversubscription ratio of 20:1 or less.
- Next, continue your CCNP ENCOR preparation by studying QoS shaping and congestion avoidance mechanisms, which complement the classification, marking, and queuing concepts covered in this lesson.