Just to add to Rezas post if traffic is marking at the source say like an IP phone like Cisco or Lync application etc if you add mls qos trust dscp to the access and uplink ports it should carry the EF marking as an example right through to your layer 3 router or edge device where you wopuld contine to mark but using probabaly MQS rather than  L2 qos depebnding on the setup , you can check this by running wireshark and capturing the traffic on each switch, you will see the packets marked with EF as they pass through if its voice , or you can do the same  if video traffic etc just look out for af41

Please see the below topology. 

Phone1---router1---router2---router3---phone2

 

All devices are configured normally except router2 where mls qos is enabled but no confiuring for trust. This will set all marks dscp or cos to 0 then the traffic go through router2. and then all marks for the whole call process will not take effect. but if we do not enable mls qos for router2, the mark in traffic will lose when the traffic go through router2. Am I right? 

Are you asking about Cisco "real"routers or Cisco (smart L2 and) L3 switches. The MLS QoS command is, I recall, only a command found on some Cisco switches.

On many prior generations of Cisco switches, if QoS is not enabled, there are no QoS features and ToS markings are not changed. On those switches, when you enable QoS, a "default" QoS policy is enabled, and ingress ports w/o some form of trust will reset the ToS. The latest generation of switches' QoS works more like Cisco routers, i.e. ToS is not reset unless you configure the device to change it.

"--- The latest generation of switches' QoS works more like Cisco routers, i.e. ToS is not reset unless you configure the device to change it."

 

In the latest generation of switches, since TOS does not change, if we do not configure trust, it would have difference? The trust is local behavior, so it should not difference, right? Thank you

Let me make it clear. Thank you

Phone1---router1---router2---router3---phone2

In the above topology, router1 and router3 are configured with normal trust, classification, mark etc. If on router2 does not have any Qos configuration, and we suppose router2 is very powerful, I think the voice traffic from phone1 to phone2 still can work well, right? I want to know the trust is just local concept. it needs to be configured in every devices from end to end unless one of devices is very powerful like router2，right？ 

 

Again, with routers or latest switches, "trust" is implicit.

Also again, with "older" switches, "trust" determines whether ToS/CoS is reset or not.

What happens to traffic, on a device, depends on whether the device provides any special/different treatment based on frame/packet QoS tags.

As to "powerful" routers not needing QoS, that often has little to do with whether you need QoS or not. I.e. "powerful" routers, alone, often do not avoid the need for QoS.

Generally QoS is useful when a link or port is congested, and such congestion is adverse to the traffic, and there's something QoS can do to mitigate the impact of that congestion.

Understand, a link/port is "congested" as soon as any frame/packet cannot be transmitted immediately. Again, not all congestion is detrimental to the service needs of your traffic.

Some examples:

If a link has a bulk data transfer, and a VoIP is using the link too, the former may impact the service requirements of the latter. QoS might avoid any conflict by giving priority to VoIP packets over the bulk data packets.

If a link has only VoIP traffic, by more flows than the bandwidth of the link can support, QoS generally cannot help.

To your specific questions:

"If on router2 does not have any Qos configuration, and we suppose router2 is very powerful, I think the voice traffic from phone1 to phone2 still can work well, right?"

Unknown - again, how "powerful" the router is, may have little to do with the answer.

"I want to know the trust is just local concept."

Yes and no. Physically, generally QoS polices are per device, and can differ per device, but often there's a "higher level" logical policy that has concepts like "trust domains".

"it needs to be configured in every devices from end to end unless one of devices is very powerful like router2，right？"

Maybe, maybe not. Depends on multiple factors. Such as, features of the device and what you're trying to accomplish.

Generally, you don't "trust" QoS markings entering your "trust domain" until you've done some further analysis. Once you've verified (and perhaps reset) QoS markings, all devices interfaces within your "trust domain" boundary accept QoS markings without further analysis.

Thank you Joseph!

"mls qos is just a gloal commnad that enables qos. By enabling it nothing with change, meaning everything still will be best effort, which is like not enabling it at all."

BTW, not always. On older switches, enabling QoS, without "trust" will, by default, reset ToS. Also on some switches, like the 3750, by default, BE traffic will have less allocated buffers when QoS in activated. This often results in a higher rate of drops before QoS was enabled.