

Search...

Table of Contents
CCIE Routing & Switching

Unit 1: Preparation
Unit 2: Switching
Unit 3: IP Routing
Unit 4: RIP
Unit 5: EIGRP
Unit 6: OSPF
Unit 7: BGP
Unit 8: Multicast
Unit 9: IPv6
Unit 10: Quality of Service
IP Precedence and DSCP values

Classi cation on Cisco IOS Router

Marking on Cisco IOS Router

QoS Pre-Classify on Cisco IOS

Why do we need QoS on Switches

QoS Trust Boundary on Switches

Classi cation and Marking on Switches

Queueing on Switches

CBWFQ not supported on sub-interfaces

Policing Explained

QoS Policing Con guration Example

Shaping explained

Tra c Shaping on Cisco IOS

Peak Tra c Shaping on Cisco IOS

Shaping with Burst up to Interface Bandwidth

PPP Multilink Link Fragmention and Interleaving

Introduction to RSVP

RSVP DSBM (Designated Subnetwork Bandwidth Manager)

Block Websites with NBAR

Unit 11: Security

Unit 12: System Management
Unit 13: Network Services
 Unit 14: MPLS

You are here: Home » Cisco » CCIE Routing & Switching

QoS Classification on Cisco IOS Router

15 votes

On most networks you will see a wide range of applications, each application is unique and has its
own requirements when it comes to bandwidth, delay, jitter, etc. For example, an FTP application
used for backups of large les might require a lot of bandwidth but delay and jitter won’t matter
since it’s not an interactive application.

Voice over IP on the other hand doesn’t require much bandwidth but delay and jitter are very
important. When your delay is too high your calls will become walkie-talkie conversations and jitter
screws up the sound quality.

To make sure each application gets the treatment that it requires we have to implement QoS
(Quality of Service).

The rst step when implementing QoS is classi cation, that’s what this tutorial is all about.

By default your router doesn’t care what kind of IP packets it is forwarding…the only important
thing is looking at the destination IP address, doing a routing table lookup and whoosh…the IP
packet has been forwarded.

Before we can con gure any QoS methods like queuing, policing or shaping we have to look at the
tra c that is running through our router and identify (classify) it so we know to which application
it belongs. That’s what classi cation is about.

Once the tra c has been classi ed, we will mark it and apply a QoS policy to it. Marking and
con guring QoS policies are a whole di erent story so in this tutorial we’ll just stick to classi cation.

On IOS routers there are a couple of methods we can use for classi cation:

Header inspection
Payload inspection

There are quite some elds in our headers that we can use to classify applications. For example,
telnet uses TCP port 23 and HTTP uses TCP port 80. Using header inspection you can look for:

Layer 2: MAC addresses

Layer 3: source and destination IP addresses
Layer 4: source and destination port numbers and protocol
This is a really simple method of classi cation that works well but has some downsides. For
example, you can con gure your router that everything that uses TCP and destination port number
80 is “HTTP” but it’s possible that some other applications (instant messaging for example) are also
using TCP port 80. Your router will perform the same action for IM and HTTP tra c.

Payload inspection is more reliable as it will do deep packet inspection. Instead of just looking at
layer 2/3/4 information the router will look at the contents of the payload and will recognize the
application. On Cisco IOS routers this is done with NBAR (Network-Based Application
Recognition).

When you enable NBAR on an interface, the router will inspect all incoming IP packets and tries to
match them with signatures and attributes in the PDLM (Packet Description Language Module). For
example, NBAR can detect HTTP tra c no matter what ports you are using and it can also match
on things like:

URL
MIME type (zip le, image, etc)
User-agent (Mozilla, Opera, etc)

Since NBAR can see the URL, it is also commonly used to block websites and a popular choice for
classi cation.

You should now have an idea what classi cation is about, let’s look at some routers and con gure
classi cation.

Configuration
We’ll start with a simple example where I use an access-list to classify some telnet tra c. Here’s the
topology that I will use:

R1 will be our telnet client and R2 the telnet server. We will classify the packets when they arrive at
R2. Let’s look at the con guration!

Classification with access-list

First I have to create an access-list that matches on telnet tra c:

R2(config)#ip access-list extended TELNET

R2(config-ext-nacl)#permit tcp any any eq 23

This will match on all IP packets that use TCP as the transport protocol and destination port 23.
Normally when you con gure an access-list for ltering, we apply it to the interface. When
con guring QoS we have to use the MQC (Modular Quality of Service Command-Line Interface).
The name is pretty spectacular but it’s a really simple method to con gure QoS.
We use something called a policy-map where we con gure the QoS actions we want to perform…
marking, queueing, policing, shaping, etc. These actions are performed on a class-map, and that’s
where we specify the tra c. Let me show you how this is done:

R2(config)class-map TELNET
R2(config-cmap)#match ?
access-group Access group
any Any packets
class-map Class map
cos IEEE 802.1Q/ISL class of service/user priority
values
destination-address Destination address
discard-class Discard behavior identifier
dscp Match DSCP in IP(v4) and IPv6 packets
flow Flow based QoS parameters
fr-de Match on Frame-relay DE bit
fr-dlci Match on fr-dlci
input-interface Select an input interface to match
ip IP specific values
mpls Multi Protocol Label Switching specific values
not Negate this match result
packet Layer 3 Packet length
precedence Match Precedence in IP(v4) and IPv6 packets
protocol Protocol
qos-group Qos-group
source-address Source address
vlan VLANs to match

I created a class-map called “TELNET” and when you create a class-map you have a lot of options.
On top you see access-group which uses an access-list to classify the tra c, that’s what I will use.
Some other nice methods are the input-interface, frame-relay DLCI values, packet length, etc. The
most simple option is probably the access-list:

R2(config-cmap)#match access-group name TELNET

My class-map called “TELNET” now matches tra c that is speci ed in the access-list called
“TELNET”.

Now we can create a policy-map and refer to our class-map:

R2(config)#policy-map CLASSIFY
R2(config-pmap)#class TELNET

The policy-map is called “CLASSIFY” and the class-map called “TELNET” belongs to it. Normally this is
where I also specify the QoS action like marking, queueing, etc. I’m not con guring any action right
since this tutorial is only about classi cation.
Before the policy-map does anything, we have to attach it to an interface:

R2(config)#interface GigabitEthernet 0/1

R2(config-if)#service-policy input CLASSIFY

That’s it, our router can now classify telnet tra c. Let’s try it by telnetting from R1 to R2:

R1#telnet 192.168.12.2
Trying 192.168.12.2 ... Open

Let’s see what R2 thinks of this:

R2#show policy-map interface GigabitEthernet 0/1

GigabitEthernet0/1

Service-policy input: CLASSIFY

Class-map: TELNET (match-all)

11 packets, 669 bytes
5 minute offered rate 0 bps
Match: access-group name TELNET

Class-map: class-default (match-any)

3 packets, 206 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: any

Great! Our router sees the telnet tra c that arrives on the GigabitEthernet 0/1 interface. You can
see the name of the policy-map, the class-map and the access-list that we used. Something that
you should remember is that all tra c that is not speci ed in a class-map will hit the class-default
class-map. Not too bad right? Let’s see if we can also make this work with NBAR…

Classification with NBAR

The con guration of NBAR is quite easy. First let me show you a simple example of NBAR where it
shows us all tra c that is owing through an interface:

R2(config)#interface GigabitEthernet 0/1

R2(config-if)#ip nbar protocol-discovery

Now you can view all tra c that is owing through the interface:

R2#show ip nbar protocol-discovery

GigabitEthernet0/1
 Last clearing of "show ip nbar protocol-discovery" counters 00:00:20

Input Output
----- ------
Protocol Packet Count Packet Count
Byte Count Byte Count
5min Bit Rate (bps) 5min Bit Rate (bps)
5min Max Bit Rate (bps) 5min Max Bit Rate
(bps)
------------------------ ------------------------ ---------------------
---
telnet 8 7
489 457
0 0
0 0
unknown 3 2
180 120
0 0
0 0
Total 11 9
669 577
0 0
0 0

I don't have a lot going on on this router but telnet is there. This is a nice way to see the di erent
tra c types on your interface but if we want to use this information for QoS we have to put NBAR
in a class-map. Here's how:

R2(config)#class-map NBAR-TELNET
R2(config-cmap)#match protocol ?
3com-amp3 3Com AMP3
3com-tsmux 3Com TSMUX
3pc Third Party Connect Protocol
914c/g Texas Instruments 914 Terminal
9pfs Plan 9 file service
CAIlic Computer Associates Intl License Server
Konspire2b konspire2b p2p network
acap ACAP
acas ACA Services
accessbuilder Access Builder
accessnetwork Access Network
acp Aeolon Core Protocol
acr-nema ACR-NEMA Digital Img
aed-512 AED 512 Emulation service
agentx AgentX
alpes Alpes
 aminet AMInet
an Active Networks
anet ATEXSSTR
ansanotify ANSA REX Notify
ansatrader ansatrader
aodv AODV
[output omitted]

I created a class-map called "NBAR-TELNET" and when I use match protocol you can see there's a
long list of supported applications. I'm not going to show all of it but telnet is in there somewhere:

R2(config-cmap)#match protocol telnet

That's how we use NBAR in a class-map. Now we need to add this class-map to the policy-map:

R2(config)#policy-map CLASSIFY
R2(config-pmap)#no class TELNET
R2(config-pmap)#class NBAR-TELNET

I'll remove the old class-map with the access-list and add the new class-map to our policy-map.

I showed you how you can use the ip nbar protocol-discovery command, it's a great way to
see the tra c on the interface but it's not a requirement for NBAR to work in a class-map.
Using "match protocol" in the class-map is enough for NBAR to work.

Now take a look at the policy-map in action:

R2#show policy-map interface GigabitEthernet 0/1

GigabitEthernet0/1

Service-policy input: CLASSIFY

Class-map: NBAR-TELNET (match-all)

9 packets, 549 bytes
5 minute offered rate 0 bps
Match: protocol telnet

Class-map: class-default (match-any)

3 packets, 180 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: any

The output is pretty much the same as when I used the access-list but the "match: protocol telnet"
reveals that we are using NBAR for classi cation this time.
That's all I have for now! I hope this tutorial helps you to understand classi cation, in other tutorials
I will show you how to let your policy-map do something...things like queueing, marking, shaping or
policing. If you have any questions feel free to leave a comment.

Rate this Lesson:

« Previous Lesson
IP Precedence and DSCP values
Next Lesson
Marking on Cisco IOS Router »
Home › Forums › QoS Classi cation on Cisco IOS Router

This topic contains 8 replies, has 5 voices, and was last updated by   Rene Molenaar 7 months, 3
weeks ago.

Viewing 8 posts - 1 through 8 (of 8 total)

Author
Posts  | Subscribe
October 7, 2014 at 06:09 #11396 Reply

Hasan
Thank you very much. This is really very good topic and it is very clear to me.

September 29, 2015 at 06:29 #17486 Reply

Jude O
Participant
Thanks Renee! I’m gaining some traction on QOS

November 17, 2015 at 04:28 #19744 Reply

dong q
Participant
Hello Renee

Thanks for your excellent introduction!

Here I have one concern, which “Tool” is better to identify the speci c tra c? For example, If want
to perform QoS for one of applications named ABC, how does router know which tra c is for
Application – ABC?

Thanks

Dong

November 17, 2015 at 18:56 #19772 Reply

Rene Molenaar
Keymaster
Hi Dong,

If it’s a well known application like HTTP, HTTPS, SMTP, POP3, IMAP, SQL, etc. then NBAR can
recognize them. Otherwise, it’s best to use an access-list to match the port numbers of your
application.

Rene

November 18, 2015 at 08:45 #19779 Reply

dong q
Participant
Hello Rene

Thanks for your feedback, and then, what’s the best way to get the port numbers of some
particular applications?

Thanks

Dong

November 19, 2015 at 11:53 #19826 Reply

Rene Molenaar
Keymaster
Hi Dong,

If you have “well known” applications like HTTP, FTP, telnet, SSH, etc. then it’s easy to look them up.
You can google for the RFCs to nd the o cial documentation. Here’s an example for HTTP:

https://tools.ietf.org/html/rfc2616
If it’s an application from some vendor, contact them…most of them o er an overview with
addresses / protocols / port numbers that should be allowed. Here’s a good example from
Airwatch:

http://www.air-watch.com/downloads/resources/AirWatch-Install-Requirements-SaaS.pdf

Hope this helps.

Rene

April 20, 2016 at 15:54 #23522 Reply

Primoz C
Participant
Hi, Rene,
my question is, how can I classify the encrypted tra c of a certain tra c category? If I want to
classify all streaming video tra c and I don’t know the ports or IP addresses of the video streaming
sources. And we know that great deal of tra c is encrypted (https) nowadays.
Is there a possibility?

Thanks.

Primoz

April 20, 2016 at 20:27 #23524 Reply

Rene Molenaar
Keymaster
Hi Primoz,

If your tra c is encrypted with IPsec then you could use QoS pre-classify. You’ll have to mark the
non-encrypted tra c before it enters the tunnel:

QoS Pre-classify

If it’s HTTPS tra c then it will be di cult. From the outside, you can’t really tell what kind of tra c
you are transmitting. If possible, see if your application can be con gured to mark your tra c. If
this is possible then you don’t have to classify/mark on the router, you can queue right away.

Rene

Author
Posts

Viewing 8 posts - 1 through 8 (of 8 total)

Reply To: QoS Classi cation on Cisco IOS Router
b i link b-quote del img ul ol li code close tags ¶
Please put con gurations in between `backticks` or use the CODE button.
To place inline images, please use a image share service (such as TinyPic or Imgur) and use the IMG
button!

Notify me of follow-up replies via email

Maximum le size allowed is 2048 KB.

Attachments:
Choose File No file chosen
Add another le

Submit

About NetworkLessons.com

Hello There! I'm René Molenaar (CCIE #41726), Your Personal Instructor of
Networklessons.com. I'd like to teach you everything about Cisco, Wireless and
Security. I am here to Help You Master Networking!

Read my story

Social Fans

  
14,351 8,735 1,589
FANS FOLLOWERS SUBSCRIBERS

Highest Rated Lessons

MPLS Layer 3 VPN Con guration

(35 votes)

Cisco Portfast Con guration

(27 votes)

Introduction to DMVPN
(21 votes)

EIGRP Router ID
 (20 votes)

How to con gure OSPF Virtual Link

(19 votes)

New Lessons

Voice VLAN
Introduction to Wireless LAN
Network Topologies
Broadcast Domain
Collision Domain

Disclaimer
Privacy Policy
Support

QoS Classi cation on Cisco IOS Router written by Rene Molenaar average rating 4.6/5 - 15 user ratings
© 2013 - 2016 NetworkLessons.com 7656