Communicating DSCP markers to other network equipment to prioritize traffic
DSCP (DiffServ type of service field) markers in the traffic are a standard way to indicate priorities in network traffic. You and your ISP might have routers that decide how to handle packets based on the priority of the traffic.
- If a value is specified in the DSCP Match cell, the engine considers all incoming traffic matching the DSCP Match cell to belong to the QoS Class that is mentioned in the QoS Class cell.
- If a value is specified in the DSCP Mark cell, the engine marks all traffic matching the defined QoS Class with the value specified in the DSCP Mark cell.
The markers allow you to:
- Communicate the priority of this traffic to other devices that support QoS.
- Convert the packet to use a different classification scheme, if the QoS Class was originally assigned to matching traffic by a DSCP match in the source interface’s QoS Policy.
- Remove the DSCP classification set by other devices by entering 0 as the value (shown in the policy as 0x00).
In the illustration, the packets arrive at Physical Interface 1. The engine reads the existing DSCP value and compares it to the QoS Policy assigned to Physical Interface 1. The policy has a DSCP Match rule for the DSCP marker with an associated QoS Class, which is then assigned to this traffic.
When the packets are sent out through Physical Interface 2, the Engine checks the QoS Policy assigned to this Physical Interface. In this QoS Policy, a DSCP Match/Mark rule defines that traffic with the assigned QoS Class is marked with a DSCP marker specified in the rule. The engine overwrites the original DSCP marker before sending the packets onwards.
- By default, the DSCP mark for the encrypted ESP packet in VPN traffic is inherited from the plaintext packet. Selecting a QoS Policy in the properties of the policy-based VPN makes it possible to mark the ESP packet after encryption.
- Priorities, limits, and guarantees are applied. DSCP codes are written to outgoing packets on the interface that the traffic uses to exit the Secure SD-WAN Engine according to the QoS Policy and interface speed defined for that interface.
- For packets entering the Secure SD-WAN Engine, the QoS Policy on that interface is only used for reading DSCP codes and matching them to QoS
Classes for further use. It is the only QoS operation that is done on the interface that the traffic uses to enter the Secure SD-WAN Engine.
Example: A new packet enters a Engine through interface A and leaves the Engine through interface B. The priorities, guarantees, and limits configured on interface A are ignored for packets in this direction. Any priorities, guarantees, and limits are configured and applied on interface B. If the packet contains a DSCP code when entering the Engine, the DSCP code is read and matched to a QoS Class on interface A. If a new DSCP code is (over)written in the packet, the new code is written on interface B.