Confusion over AF priorities

a1111 · ‎04-12-2025

Hello,

Can someone please help me shed some light on AF classes?

RFC2597 does not seem to dictate prioritized treatment of one class over any of the others:

"This memo does not specify that any particular relationship hold between AF PHB groups and other implemented PHB groups; it requires only that whatever relationship is chosen be documented. Implementations MAY allow either or both of these relationships to be configurable. It is expected that this level of configuration flexibility will prove valuable to many network administrators."

https://www.rfc-editor.org/rfc/rfc2597.txt

So AF41 traffic is NOT prioritized over AF13 traffic, or any traffic that has another AF value. Prioritization applies only WITHIN a given class. Eg AF41 is prioritized over AF43, and AF11 over AF13 etc.

But that's not what some materials seem to say.

The CCNA OCG has a table with the possible AF values, and the Y-axis puts the AF4x class in the "Best Queue" (although the text doesn't explicitly say AF4x has the best treatment):

The ENCOR OCG seems to be more in line with the RFC:

...while a CBT Nuggets article says "Drop Precedence One are IP packets with the lowest possibility of being dropped, meaning they have the highest priority. Drop precedence four means they are the most likely to be dropped. "

https://www.cbtnuggets.com/blog/technology/networking/what-is-differentiated-services-code-point-dscp

...and an Oracle documentation also states that the classes have different priorities, except: it's in reverse order. In AFxy, if x is lower, it has higher priority: "For example, suppose your QoS policy assigns DSCPs of AF31 and AF13 to two different traffic classes. When packets that are marked AF31 (011010) leave the IPQoS system, they receive lower forwarding probability than the packets with AF13 (001110). "

https://docs.oracle.com/cd/E19683-01/816-4094/ipqos-reference-150/index.html

The QoS Design Principles and Best Practices cisco book also seems to say that it's up to the organization to determine if one class should be prioritized over another:

"RFC 4594 is the recommendation but not the standard; it resides in the category of draft proposal RFCs. It recommends guidelines on how to configure 14 traffic classes that are associated with 28 different code-point marking values"

https://www.ciscopress.com/articles/article.asp?p=2756478&seqNum=7

I'm confused -- what's going on here? With Oracle, I could explain this away by saying that it's an Oracle-specific configuration. Oracle just chose this setup. But what about the CCNA OCG and the CBT Nuggets article?

Thanks.

Joseph W. Doherty · ‎04-12-2025

The RFC, as you note, isn't a standard, but a recommendation. It's also what initially redefined usage of the ToS byte.

Per the RFC, the four AF classes do not have any implied service distinctions. Each though has a drop precedence, from low to high, AF#1, AF#2 and AF#3.

To the documentation that is contrary, either it's in error, or it decided to do something different (the latter being, IMO, unwise). (If you want to go contrary to expected/recommended DSCP markings, that's the reason DSCP recommendations increment by 2.)

BTW, there was also a recommendation to allow for network equipment still using the earlier RFC ToS priority scheme, i.e. a CS4/AF4# could be treated as priority 4, having priority over lower priority numbers, and similar for the other AFs and their matching CSs.

The latter is why DSCP EF maps into priority 5, and usage of priorities 6 and 7 haven't been changed.

Also with the less than BE RFC, its usage of CS1 directly conflicts with the earlier priority RFC.

If the above is unclear, please post follow-up questions.

a1111 · ‎04-13-2025

Thank you very much!

I've looked in the ENCOR OCG again and found something that might be relevant:

Doesn't this imply that because of the cisco implementation of WRED, the AF PHBs on cisco devices DO have inherent priorities? Since (for example) AF4x WILL have a higher IPP -- by definition -- than AF1x, or 2x or 3x?

As a side note, isn't it a bit strange that the book gives AFx2 and x1 as examples, rather than AF2x and 1x? Since the RFC itself dictates that x1 have better treatment than x2, etc. So that better treatment would not be due to a cisco-specific implementation of WRED, rather an RFC-mandated behavior.

What do you think?

Have a nice week

Joseph W. Doherty · ‎04-13-2025

Yes, Cisco's WRED does generally, by default (and AutoQoS too), provides less drop probability for higher precedence values (again, supporting the prior ToS RFC 791 IP precedence), and also higher drop probability for the second AF numeric.

If I remember correctly, the usual Cisco deltas are very small for the differences and often overlap between AF classes.

So, also correct, a Cisco-specific implementation (actual values also sometimes vary between platforms and/or bandwidth of port).

BTW, when it comes to WRED, I recommend it NOT be used unless you're a QoS expert.

From RFC 791:

Type of Service:  8 bits

    The Type of Service provides an indication of the abstract
    parameters of the quality of service desired.  These parameters are
    to be used to guide the selection of the actual service parameters
    when transmitting a datagram through a particular network.  Several
    networks offer service precedence, which somehow treats high
    precedence traffic as more important than other traffic (generally
    by accepting only traffic above a certain precedence at time of high
    load).  The major choice is a three way tradeoff between low-delay,
    high-reliability, and high-throughput.

      Bits 0-2:  Precedence.
      Bit    3:  0 = Normal Delay,      1 = Low Delay.
      Bits   4:  0 = Normal Throughput, 1 = High Throughput.
      Bits   5:  0 = Normal Relibility, 1 = High Relibility.
      Bit  6-7:  Reserved for Future Use.

         0     1     2     3     4     5     6     7
      +-----+-----+-----+-----+-----+-----+-----+-----+
      |                 |     |     |     |     |     |
      |   PRECEDENCE    |  D  |  T  |  R  |  0  |  0  |
      |                 |     |     |     |     |     |
      +-----+-----+-----+-----+-----+-----+-----+-----+

        Precedence

          111 - Network Control
          110 - Internetwork Control
          101 - CRITIC/ECP
          100 - Flash Override
          011 - Flash
          010 - Immediate
          001 - Priority
          000 - Routine

    The use of the Delay, Throughput, and Reliability indications may
    increase the cost (in some sense) of the service.  In many networks
    better performance for one of these parameters is coupled with worse
    performance on another.  Except for very unusual cases at most two
    of these three indications should be set.

    The type of service is used to specify the treatment of the datagram
    during its transmission through the internet system.  Example
    mappings of the internet type of service to the actual service
    provided on networks such as AUTODIN II, ARPANET, SATNET, and PRNET
    is given in "Service Mappings" [8].

    The Network Control precedence designation is intended to be used
    within a network only.  The actual use and control of that
    designation is up to each network. The Internetwork Control
    designation is intended for use by gateway control originators only.
    If the actual use of these precedence designations is of concern to
    a particular network, it is the responsibility of that network to
    control the access to, and use of, those precedence designations.