1st a little background, there's 8 bits allowed in ip_header for QoS, but the 8th bit is unused. So this leaves us really with 7 bits. This 8th bit should always be "0" btw.
So in IP_Precedence the 1st 3 bits are used for classification of traffic and setting traffic in one of the 8 precedences.
With DSCP you now have 6 bits total that can be used for classification, with 3 levels & with 4 drop-class.
So this gives you more room with fine tuning your QoS classifications and markups.
BTW: The 1st 3 bits in DSCP are class-selectors and reflects the classes of 1-thru-4 in the above snapshot
Now for DSCP on a fortigate, you needs to 1st enabled it for the firewall-policy and in the direction.
e.g enabling a dscp value of 3F binary 111 111
Here's I'm demonstrating a DSCP value of 63 0x3F which is not a common DSCP value. And will use the diagnostic sessions to validate my fwpolicy by id#.
If you want to know the real values for DSCP use a cheat-sheet, similar to the following link.
http://www.netcontractor.pl/download/QoS%20Values%20Calculator%20v3.pdf
Tip I marked off a few of the common values used everyday by VoIP solutions. 0x0 is BE ( best effort ) or simply known as the default.
I've seem various QoS agreements from ATT, Paetec and Sprint,but they all work about the same. A QoS policy could be similar to the below xls snapshot with any traffic exceeding the limits reclassified to Best Effort or drop if bandwidth is not available. Your provider should explain the terms of the QoS contract and any re-classifications.
http://en.wikipedia.org/wiki/Differentiated_services
Ken Felix
Freelance Network/Security Engineer
kfelix -----a----t---- socpuppets ---dot---com
^ ^
=( # # )=
@
/ \
Hi!
ReplyDeleteI Would like to know if is it possible to classify/priorize traffic on GRE Tunnel?