Classification and
Marking
Overview
This module describes the mechanisms that are used to classify and mark IP
packets. This module builds on the knowledge acquired from the introductory
module where classification and marking is discussed. Theoretical knowledge is
supplemented by detailing Policy-based routing (PBR) and QoS Policy Propagation
through BGP (QPPB) mechanisms.
Objectives
Upon completion of this module, you will be able to:
n Describe Policy-based routing and how it is used to classify and mark IP
packets
n Describe QoS Policy Propagation through BGP and how it is used to classify
and mark IP packets
n List other mechanisms that also support classification and marking capabilities
(Committed Access Rate, Class-based Policing and Class-based Marking)
2-2 IP QoS Classification and Marking Copyright  2001, Cisco Systems, Inc.
© 2001, Cisco Systems, Inc. Classification and Marking-3
Traffic Classification and Marking
Traffic Classification and Marking
Classification
• Most QoS mechanisms in the Cisco IOS
include some type of classification
• Some mechanisms classify packets
automatically, some require manual
configuration
Marking
• Only a small number of mechanisms also
include a marking capability

This module focuses on the QoS mechanisms that are used for classification and
marking purposes only. Most QoS mechanisms include some type of classification
but only a small number of mechanisms also include marking capability.
Classification is the term used for identifying a Behavior Aggregate to which a
packet belongs. A Behavior Aggregate is a collection of flows requiring the same
quality of service.
Marking is the term used for coloring packets by applying a class-identifying
value to one of the following markers: IP precedence, DSCP, QoS group (value is
local to a router), MPLS experimental bits (can be used only in MPLS-enabled
networks), ATM CLP bit (value can be used only within ATM networks), Frame
Relay DE bit (value can be used only within Frame Relay networks), IEEE 802.1q
or ISL cos/priority bits (value can be used on within LAN-switched networks).


Copyright  2001, Cisco Systems, Inc. IP QoS Classification and Marking 2-3
© 2001, Cisco Systems, Inc. Classification and Marking-4
Traffic Classification and Marking
Traffic Classification and Marking
• This module describes the two mechanisms
that are used for classification and marking
only:
– Policy-based Routing (PBR)
– QoS Policy Propagation through BGP (QPPB)
• Other classification and/or marking
mechanisms are described in other QoS
modules

This module describes the two QoS mechanisms that are used purely for
classification and marking purposes:
n Policy-based Routing (PBR)

n QoS Policy Propagation through BGP (QPPB)
There are other QoS mechanisms that also support classification and marking:
n Committed Access Rate (CAR) – this mechanism is described in the “IP
QoS – Traffic Shaping and Policing” module
n Class-based Policing (CB-Policing) – this mechanism is described in the
“IP QoS – Modular QoS CLI (Chapter 2)” module
n Class-based Marking (CB-Marking) – this mechanism is described in the
“IP QoS – Modular QoS CLI (Chapter 2)” module

2-4 IP QoS Classification and Marking Copyright  2001, Cisco Systems, Inc.
Policy-based Routing
Objectives
Upon completion of this lesson, you will be able to:
n Describe Policy Based Routing (PBR)
n Configure PBR on Cisco routers
n Monitor and troubleshoot PBR
Copyright  2001, Cisco Systems, Inc. IP QoS Classification and Marking 2-5
© 2001, Cisco Systems, Inc. Classification and Marking-7
Policy-based Routing
Policy-based Routing
• Policy-based Routing (PBR) is a mechanism
that can be used to bypass the default
destination-based forwarding functionality of
routers
• PBR is implemented using a route map
where match commands are used to classify
packets and set commands are used to
process packets
• Route maps are applied to interfaces for
processing of inbound packets (forwarding

and/or marking)

The primary function of Policy-based Routing (PBR) is to bypass the
destination-based forwarding functionality of routers by using a route map to make
a forwarding decision based on other information.
One additional feature of Policy Based Routing is the ability to modify IP packets
by marking them with IP precedence or QoS group.
2-6 IP QoS Classification and Marking Copyright  2001, Cisco Systems, Inc.
© 2001, Cisco Systems, Inc. Classification and Marking-8
PBR “match” and “set” Options
PBR “match” and “set” Options
PBR has two primary applications:
• Implementation of more complex routing paradigms than a
simple destination-based forwarding
• Classification and marking of packets for QoS purposes
Match on:
• Standard and extended access
lists
• Length of packets (min,max)
Set:
• Output interface (bypass the
routing table)
• Next-hop address (bypass the
routing table)
• ToS field (QoS marking)
• IP precedence (QoS marking)
• QoS group (QoS marking)
Output
interface
Input

interface
IP

PBR classifies packets based on standard or extended access lists, the length of
packets and the incoming router interface (a route map is applied to an input
interface).
The route map sets the following parameters:
n Output interface: force the router to forward packets to an interface even if it
would not provide for optimal routing
n Next-hop address: to make a forwarding decision by using a different next-hop
address than the one determined by the routing table
n ToS value: the ToS value in this case applies to bits 4,3,2 and 1 of the ToS field
n IP precedence: three-bit field used to identify a class of service
n QoS group: the local parameter with an expanded value range
The first two parameters (output interface and next-hop address) are used to
bypass the default destination-based routing. The other three parameters are used
for QoS purposes (ToS value is less commonly used).
Copyright  2001, Cisco Systems, Inc. IP QoS Classification and Marking 2-7
© 2001, Cisco Systems, Inc. Classification and Marking-9
Inbound
or
Locally-originated
PBR Capabilities
PBR Capabilities
Classifier Marker
Dropper
Meter
Outbound
Classifier Marker
Shaper

Dropper
Meter
Forwarding
Queuing
PBR can only
classify and mark
inbound or locally-
originated packets

The figure illustrates the “full” QoS building-block scheme showing that PBR
works only on input and that it supports only classification and marking. The
“Forwarding” box could be colored as well since PBR can be used to make a
forwarding decision. PBR contains no mechanism for metering or dropping of data
packets.


2-8 IP QoS Classification and Marking Copyright  2001, Cisco Systems, Inc.
© 2001, Cisco Systems, Inc. Classification and Marking -10
Configuring Classification and
Marking Using PBR
Configuring Classification and
Marking Using PBR
• Create a route map
• Apply the route map to an incoming interface
and/or
• Apply the route map to locally originated
traffic
• Monitor and debug policy routing

Configuring PBR involves the following steps:

n Creating a route map where the match statement is used to match with the
source or destination IP address or with any other parameter that can be
matched by an access list (standard or extended). It can also match packets
based on their size.
n Applying the route-map to:
n An input interface to process inbound packets on that interface or
n To locally originated packets


Copyright  2001, Cisco Systems, Inc. IP QoS Classification and Marking 2-9
© 2001, Cisco Systems, Inc. Classification and Marking -11
Route Map Rules
Route Map Rules
• Route maps are identified by a case sensitive name
• Route maps can have multiple statements (same name,
different sequence number)
• Packets are processed in the specified sequence
• Packets not matched by the route map are forwarded using the
default destination-based forwarding
• If packets are matched by the “match” condition but the route
map statement is using the “deny” option, the default
destination-based forwarding is applied to the packet
route-map <name> [permit | deny] [<sequence-number>]
match <condition>
set <parameter>
Router(config)#

A brief refresher about route maps:
n Route maps can have one or more statements. A route map, or a set of
route-map statements with the same name is identified by a case-sensitive

name.
n Individual route-map statements are identified by their name and sequence
number. When packets are processed by a route map they are evaluated in
the order specified by sequence numbers.
n A route map is basically made to be a filtering mechanism. When used for
PBR:
n permit means “do whatever the set commands says”
n deny means “do not do anything”
n When a packet is matched by one of the route-map statements it is processed
by that statement and the processing of the packet ends. Ordering route-map
statements correctly is therefore necessary.


2-10 IP QoS Classification and Marking Copyright  2001, Cisco Systems, Inc.
© 2001, Cisco Systems, Inc. Classification and Marking -12
PBR Classification
PBR Classification
match ip address <#acl>
Router(config-route-map)#
• Classify using a standard access list against the source
address
• Classify using an extended access list against the source
and/or destination address, source and/or destination TCP/UDP
port, IP precedence, DSCP, ToS
match length <min> <max>
Router(config-route-map)#
• Classify using a range of packet lengths that will be matched by
the route map statement

Route maps have a number of match options but only two can be used for policy-

based routing purposes:
n match ip address is used to examine the packet’s headers with a standard or
an extended access list
n match length is used to mach packets based on their length


Copyright  2001, Cisco Systems, Inc. IP QoS Classification and Marking 2-11
© 2001, Cisco Systems, Inc. Classification and Marking -13
PBR Marking
PBR Marking
set ip precedence <precedence>
Router(config-route-map)#
• Set the specified IP precedence to packets matched by the route map
• IP precedence supports 8 classes, two are reserved (6 and 7)
set ip tos <tos>
Router(config-route-map)#
• Set the low-order 4 bits of the Type-of-service (ToS) field
• These bits are used to specify the delay, throughput and reliability
parameters (specified in RFC 791, no longer used after RFC 1812)
set ip qos-group <qos-group>
Router(config-route-map)#
• Classify using a range of packet lengths that will be matched by the
route map statement
• QoS group supports 100 classes (0-99)

The following marking options are available with route maps:
n IP precedence
n QoS group
n ToS value (the four bits below IP precedence in the ToS field) used for
Delay, Throughput, Reliability and Monetary Cost

IP precedence is encoded into the three high-order bits of the ToS field in the IP
header. It supports eight classes of which two are reserved and should not be used
for user-defined classes (IP precedence 6 and 7). Ip precedence 0 is the default
value and is usually used for the best-effort class.
QoS group has one major advantage over IP precedence and one major
drawback:
n QoS group supports up to 100 classes. Values 0 to 99 can be used to mark
packets.
n QoS group is a parameter that is local to the router where it is set. It is not part
of any header. It is usually set on input interface and later examined (matched)
on output interfaces. Once the packet is transmitted, the QoS-group
information is lost, and the next router must reclassify and mark the packet.
ToS value is encoded into bits 4,3,2 and 1 of the ToS field (according to older
RFCs 791 and 1349). This value was made obsolete by the introduction of the
DiffServ Code Point, which does not take into account compatibility with these
bits.


2-12 IP QoS Classification and Marking Copyright  2001, Cisco Systems, Inc.
© 2001, Cisco Systems, Inc. Classification and Marking -14
Applying a Route Map
Applying a Route Map
ip policy-map <route-map-name>
Router(config-if)#
• Specifies the route map used to set QoS and other
policy-routing parameters for packets received
through the specified interface
ip local policy-map <route-map-name>
Router(config)#
• Specifies the route map used to set QoS and other

policy-routing parameters for packets generated by
the router

Once a route map is configured it must be applied to either packets coming into the
router through an interface or to packets being generated by the router.
The first command (ip policy-map) is used for forwarded packets.
The second command (ip local policy-map) is used for packets generated by a
router and is typically used for tunneling packets (e.g. DLSw)
Note Policy-based routing is a mechanism that puts interfaces into Process Switching
mode. This will significantly degrade performance. PBR has been available in
the fast-switching path since Cisco IOS version 11.3. The ip route-cache policy
command can be used on an interface to enable caching for PBR. This
command has been available since Cisco IOS software version 12.0.


Copyright  2001, Cisco Systems, Inc. IP QoS Classification and Marking 2-13
© 2001, Cisco Systems, Inc. Classification and Marking -15
Monitoring and Troubleshooting
PBR
Monitoring and Troubleshooting
PBR
show route-map <name>
Router#
• Displays the route map and number of packets and
bytes matched by each statement
debug ip policy
Router#
• Displays all packets matched by policy routing route-
maps


The show route-map command is used to display the route map with its match
and set options.
The debug ip policy command is used to display all packets being processed by
PBR.
The show ip policy command is used to see a list of all interfaces that are enabled
for PBR. The output also displays the corresponding route maps.
The show ip local policy command is used to display the configured parameters
for local PBR with a number of packets and bytes that have been policy-routed by
the local PBR.
2-14 IP QoS Classification and Marking Copyright  2001, Cisco Systems, Inc.
© 2001, Cisco Systems, Inc. Classification and Marking -16
Monitoring and Debugging
Policy Routing
Monitoring and Debugging
Policy Routing
Router#show route-map CPE
route-map CPE, permit, sequence 10
Match clauses:
ip address (access-lists): 199
Set clauses:
ip precedence flash-override
Policy routing matches: 3418 packets, 412108 bytes
route-map CPE, permit, sequence 20
Match clauses:
ip address (access-lists): MatchPing
Set clauses:
ip precedence priority
Policy routing matches: 82 packets, 31045 bytes
Router#show access-list MatchPing
Extended IP access list MatchPing

permit icmp any any echo (25 matches)
Router#
Router#show route-map CPE
route-map CPE, permit, sequence 10
Match clauses:
ip address (access-lists): 199
Set clauses:
ip precedence flash-override
Policy routing matches: 3418 packets, 412108 bytes
route-map CPE, permit, sequence 20
Match clauses:
ip address (access-lists): MatchPing
Set clauses:
ip precedence priority
Policy routing matches: 82 packets, 31045 bytes
Router#show access-list MatchPing
Extended IP access list MatchPing
permit icmp any any echo (25 matches)
Router#

The figure shows a sample output of the show route-map and show access-list
commands.

Copyright  2001, Cisco Systems, Inc. IP QoS Classification and Marking 2-15
© 2001, Cisco Systems, Inc. Classification and Marking -17
Monitoring and Debugging
Policy-based Routing
Monitoring and Debugging
Policy-based Routing
Router#debug ip policy

Policy routing debugging is on
Router#ping 192.168.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 28/31/32 ms
Router#
2d02h: IP: s=192.168.1.2 (local), d=192.168.1.1, len 100, policy match
2d02h: IP: route map CPE, item 20, permit

Router#debug ip policy
Policy routing debugging is on
Router#ping 192.168.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 28/31/32 ms
Router#
2d02h: IP: s=192.168.1.2 (local), d=192.168.1.1, len 100, policy match
2d02h: IP: route map CPE, item 20, permit


The debug ip policy command is similar to the debug ip packet except that the
debug ip policy only displays policy-routed packets. This command should be
used with caution as it may produce too much output.
2-16 IP QoS Classification and Marking Copyright  2001, Cisco Systems, Inc.
© 2001, Cisco Systems, Inc. Classification and Marking -18
IP Precedence Marking
Case Study #1
IP Precedence Marking

Case Study #1
• Branch office of a bank has two LANs connected to
an access router
• Ethernet0 is the front office with the real time transactions
• Ethernet1 is the back office with non-real time transactions
(like e-mail)
• The network provides different services to two
classes:
• Business traffic (marked with IP precedence 2)
• Other traffic (marked with IP precedence 0)
• Packets coming from Ethernet 0 should be classified
and marked as Business traffic
• Packets coming from Ethernet 1 should be classified
and marked as Other traffic

The case study involves a bank branch office where a single router connects two
LANs to the corporate network via one serial interface. This case study focuses
on the classification and marking part of a larger QoS solution, which includes
other QoS mechanisms.

Copyright  2001, Cisco Systems, Inc. IP QoS Classification and Marking 2-17
© 2001, Cisco Systems, Inc. Classification and Marking -19
Core
WAN core
Branch
office
E0
E1
Case #1- Solution
Case #1- Solution

interface ethernet 0
ip policy-map set-prec-2
!
interface ethernet 1
ip policy-map set-prec-0
!
route-map set-prec-2 permit 10
set ip precedence 2
!
route-map set-prec-0 permit 10
set ip precedence 0
interface ethernet 0
ip policy-map set-prec-2
!
interface ethernet 1
ip policy-map set-prec-0
!
route-map set-prec-2 permit 10
set ip precedence 2
!
route-map set-prec-0 permit 10
set ip precedence 0
Mark all traffic with
precedence 2
Mark all traffic with
precedence 0

Policy-based routing can be used to mark packets with IP precedence values. All
packets from Ethernet 0 are marked with IP precedence 2. Since matching is
applied to all packets no “match” command is needed in the route map. The other

route map is applied to the other Ethernet interface and it marks packets with IP
precedence 0.

2-18 IP QoS Classification and Marking Copyright  2001, Cisco Systems, Inc.
© 2001, Cisco Systems, Inc. Classification and Marking -20
IP Precedence Marking
Case Study #2
IP Precedence Marking
Case Study #2
• Branch office of a bank has one LAN connected to an
access router
• The network provides different services to three
classes:
• Transaction traffic (marked with IP precedence 2)
• Business traffic (marked with IP precedence 1)
• Other traffic (marked with IP precedence 0)
• TN3270 should be marked as Transaction traffic
• Internal HTTP should be marked as Business traffic
• All other traffic should be marked as Other traffic

The second case study is more complicated because classification is not done
based on the input interface. Instead, classification if performed based on
application (TCP or UDP port numbers).

Copyright  2001, Cisco Systems, Inc. IP QoS Classification and Marking 2-19
© 2001, Cisco Systems, Inc. Classification and Marking -21
Core
WAN core
Branch
office

E0
Mark IP precedence:
Telnet = 2
Corporate Web = 1
everything else = 0
Mark IP precedence:
Telnet = 2
Corporate Web = 1
everything else = 0
Case #2 - Solution
Case #2 - Solution
interface eth 0
ip policy-map set-prec
!
route-map set-prec permit 10
match ip address CorporateWebTraffic
set ip precedence 1
route-map set-prec permit 20
match ip address TN3270
set ip precedence 2
route-map set-prec permit 30
set ip precedence 0
!
ip access-list extended CorporateWebTraffic
permit tcp any 10.1.1.0 0.0.0.255 eq www
ip access-list extended TN3270
permit tcp any any eq telnet
interface eth 0
ip policy-map set-prec
!

route-map set-prec permit 10
match ip address CorporateWebTraffic
set ip precedence 1
route-map set-prec permit 20
match ip address TN3270
set ip precedence 2
route-map set-prec permit 30
set ip precedence 0
!
ip access-list extended CorporateWebTraffic
permit tcp any 10.1.1.0 0.0.0.255 eq www
ip access-list extended TN3270
permit tcp any any eq telnet

A route map is created with three statements, one for each application:
n The first statement uses an access list to identify corporate web traffic
(destination port 80). IP precedence 1 is applied to these packets.
n The second statement uses another access list to identify outbound telnet
sessions. IP precedence 2 is applied to these packets.
n The last statement sets IP precedence 0 to all other packets.

2-20 IP QoS Classification and Marking Copyright  2001, Cisco Systems, Inc.
© 2001, Cisco Systems, Inc. Classification and Marking -22
Route Map - Review
Route Map - Review
• Policy routing with route maps can classify
and mark IP packets based on a wide variety
of conditions
• No metering, shaping or dropping is possible
• Performance depends on the IOS version

– Policy routing is fast-switched in 11.3 and 12.0
– (d)CEF or NetFlow-switched in 12.0(3)T

Policy-based Routing features:
n Static classification and marking (no metering, shaping, policing or dropping is
possible).
n PBR has performance limitations due to implementation (complex access lists
can degrade performance, sub-optimal order of statements can also degrade
performance due to sequential processing) and the IOS version (newer IOS
versions support fast-switched operation of PBR).

Copyright  2001, Cisco Systems, Inc. IP QoS Classification and Marking 2-21
Summary
Policy based routing is used for two purposes:
n Bypassing the traditional destination-based forwarding
n Marking of IP packets with Ip precedence or QoS group
Lesson Review
n What are the applications of Policy-based Routing?
n What configuration tool is used to implement PBR?
n How can PBR be applied to IP traffic?
n Describe the classification options with PBR.
n Describe the marking options with PBR.
2-22 IP QoS Classification and Marking Copyright  2001, Cisco Systems, Inc.
QoS Policy Propagation through BGP (QPPB)
Objectives
Upon completion of this lesson, you will be able to:
n Describe the QPPB mechanism
n Configure the QPPB mechanism on Cisco routers
n Monitor and troubleshoot QPPB
Copyright  2001, Cisco Systems, Inc. IP QoS Classification and Marking 2-23

© 2001, Cisco Systems, Inc. Classification and Marking -27
IP QoS Policy Propagation
Through BGP (QPPB)
IP QoS Policy Propagation
Through BGP (QPPB)
• QPPB uses BGP attributes to advertise class of
service to other routers in the network
• BGP Communities are usually used to propagate
class of service information bound to IP networks
• Packet classification policy can be propagated via
BGP without having to use complex access lists at
each of a large number of border (edge) routers
• A route map is used to translate BGP information
(e.g. BGP Community value) into IP precedence or
QoS group

QoS Policy Propagation through BGP is a mechanism that can be split into two
parts:
n Policy propagation via BGP, where a QoS policy is encoded into a BGP
attribute. BGP Communities are typically used to encode a QoS policy.
n Marking of packets with IP precedence or QoS group based on the QoS policy
learned via BGP.
BGP Policy is usually set on ingress routers (ingress for route propagation, egress
for packet forwarding) in an Autonomous System. BGP then carries the
information to other routers in the AS and translates (using a route map) this
information into IP precedence or QoS group. Marking is then enabled on per-
interface basis.


2-24 IP QoS Classification and Marking Copyright  2001, Cisco Systems, Inc.

© 2001, Cisco Systems, Inc. Classification and Marking -28
QPPB Capabilities
QPPB Capabilities
Inbound
or
Locally-originated
Classifier Marker
Dropper
Meter
Outbound
Classifier Marker
Shaper
Dropper
Meter
Forwarding
Queuing
QPPB can only
classify and mark
inbound packets

Similar to PBR, QPPB also supports classification and marking only on the input
interface.
Copyright  2001, Cisco Systems, Inc. IP QoS Classification and Marking 2-25
© 2001, Cisco Systems, Inc. Classification and Marking -29
BGP Marking
BGP Marking
1. Propagate the class of service by encoding it into BGP attributes:
• BGP communities,
• AS paths,
• IP prefixes or

• any other BGP attribute
2. Translate the selected BGP attribute into either:
• IP precedence or
• QoS group
3. Enable Cisco Express Forwarding (CEF) and packet marking on
interfaces
Inbound
traffic
stream
Classifier Marker
Dropper
Meter

QoS policy can be applied to source or destination IP addresses or networks.
When BGP entries are inserted into the routing table a route map is used to
translate a certain BGP parameter or attribute into IP precedence or QoS group.
Packet marking is then enabled on input interfaces.