QoS - Trusting DSCP or CoS

ross.wiggins · ‎02-08-2016

In terms of using 'mls qos trust dscp' over 'mls qos trust cos', are there any specific rules that dictate where to use one over the other?

So for example, is it simply a case of it depends on the switch capability, i.e. a L2 switch would only be able to read/recognise or trust the 'cos' setting?

What if a switch was L3 capable but was operating at L2?

Mark Malone · ‎02-08-2016

Hi

mls qos trust dscp is in the layer 3 header , layer 2 header is cos , where possible i always use dscp instead of cos even at the access layer ports as phones mark voice traffic EF DSCP 46 and COS 5 , if the phones mark at 46 and the port is set to trust it there is no requirement then for the switch to re-map cos-dscp before it hits the uplinks , sometimes on older switches I have had to use cos but then also use the command mls qos map cos-dscp

some switches may only use cos but nearly all new switches support dscp , and even 3650s and 3850s and Nexus devices will trust DSCP by default without any config.

people will have different variations of how they got it working right , I found wireshark is best to use to confirm exactly your packets are being marked with correct values

Some docs will say use cos at access port and dscp at uplink , I have had no issues on newer kit using dscp everywhere , main thing with qos is cover source to destination right through layer 2/3.

that's my experience from it anyway im sure other users may have set it up differently

ross.wiggins · ‎02-08-2016

Thanks mark for your response.

To confirm then, a L3 switch operating at L2 would only be able to read the CoS value?

Mark Malone · ‎02-08-2016

Im not sure exactly which part its able to read I would presume both but from what I know the cos value gets ripped out at layer 2 anyway on the trunk and the dscp part is sent for upstream trust so if the port at access layer is able to already trust by dscp and phone can send value as dscp you can trust as dscp without issues , if your unsure you can just trust cos at layer 2 access ports and trust dscp at uplinks that's in most docs but don't forget your mappings cos-dscp if you do it that way

Joseph W. Doherty · ‎02-08-2016

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages wha2tsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

As DSCP is carried in the IP header, while L2 Cos is only found in VLAN headers, the former is generally a better choice. Which to use, though, depends on what the equipment supports (and whether you have VLAN tagged traffic).

L3 switches, operating in L2 mode, generally can process IP ToS; however, many L2 switches that are smart/enhanced/intelligent, can also process L3 ToS.

ross.wiggins · ‎02-08-2016

Joseph - with regards to your last sentence, is there anyway to find out what model of switches or versions of IOS would be able to do that?

Jon Marshall · ‎02-08-2016

You just need to check the configuration guides for each switch.

Just because the switch is L2 only or a L3 switch that is not routing does not mean it cannot trust DSCP and in fact most do as far as I know.

As Joe points out if the DSCP markings are there then it is usually better to use that marking because it means you don't then need to worry about translating the CoS to DSCP values on your switches.

Jon