On the plane ride back from Cisco Live 2009 I thought about John Chambers (CEO of Cisco) and thought about his views on video media and that it will become an important part of the traffic on our networks.

johnChambersI think he is right. Look how much we use YouTube.com to post our NetFlow training videos on how to use our software. How many of you use Skype to call family and friends? It’s awesome and most of these tools are FREE!!!  Hence, it is becoming more and more popular.

And the more I thought about it, the more I kept coming back to Cisco NetFlow, sFlow and this little 1-byte field called ToS (type of service). I became so inspired that I thought I’d write a white paper that would dive into the guts of this often-ignored topic. After reading various RFCs, I decided that my white paper wouldn’t get read because this topic can be boring, but a blog, if written well, can be exciting!  So, I challenged myself to forget about the white paper and to blog about it. Here goes…part 1 of at least a 4-part blog.

ToS is becoming increasingly important as voice and video gain popularity on today’s networks. How do you prioritize this traffic? How do you ensure that the prioritization is working the way you want using NetFlow or sFlow? What is this 8-bit field? Let’s bust out WireShark and capture it!

tos1byte_02

Notice: In WireShark above, the ToS above is called the “Differentiated Services Field”.   Do you know why?  If not, you might want to read this series.

Well as it goes with understanding anything fairly complex (which this really isn’t), let’s start with just a bit of homework… Come on, don’t roll your eyes. This is awesome stuff and if you pick up on what follows, you can participate in routing VoIP traffic conversations and sound smart among your peers!  🙂

ToS part 1
It all started back in 1981 with RFC 791, but before I dig into that, I reviewed some other RFCs and found that the following from July 1992 in RFC 1349 is very good at highlighting why we have this 8 bit field in every IP frame:

The Internet today has no direct knowledge of how to optimize the path for a particular application or user, the IP protocol provides a (rather limited) 8 bit (i.e. 1 byte) facility for upper layer protocols to convey hints to the Internet Layer about how the tradeoffs should be made for the particular packet.  This 1 byte facility is the “Type of Service” facility, abbreviated as the “TOS facility”.

The TOS facility has been a part of the IP specification since the beginning, it has been little used in the past.  However, the Internet host specification [1,2] now mandates that hosts use the TOS facility.  Additionally, routing protocols (including OSPF [10] and Integrated IS-IS [7]) have been developed which can compute routes separately for each type of service.  These new routing protocols make it practical for routers to consider the requested type of service when making routing decisions.

Now, let’s go back to 1981 when RFC 791 outlined that the Type of Service provides an indication of the abstract parameters of the quality of service desired. These parameters are to be used to guide the selection of the actual service parameters when transmitting a datagram through a particular network. Several networks offer service precedence, which somehow treats high precedence traffic as more important than other traffic (generally by accepting only traffic above a certain precedence at time of high load). The major choice is a three-way tradeoff between low-delay, high-reliability, and high-throughput.

Bits 0-2:  Precedence.
Bit    3:  0 = Normal Delay,      1 = Low Delay.
Bits   4:  0 = Normal Throughput, 1 = High Throughput.
Bits   5:  0 = Normal Reliability, 1 = High Reliability.
Bit  6-7:  Reserved for Future Use.


0      1      2       3      4      5      6      7
+—–+—–+—–+—–+—–+—–+—–+—–+
|                          |       |       |        |        |       |
|PRECEDENCE|  D  |  T   |  R   |   0   |   0  |
|                          |       |       |        |        |       |
+—–+—–+—–+—–+—–+—–+—–+—–+

Precedence

111 – Network Control
110 – Internetwork Control
101 – CRITIC/ECP
100 – Flash Override
011 – Flash
010 – Immediate
001 – Priority
000 – Routine

The use of the Delay, Throughput, and Reliability indications may increase the cost (in some sense) of the service. In many networks better performance for one of these parameters is coupled with worse performance on another.  Except for very unusual cases at most two of these three indications should be set. In short, just try to remember that the type of service is used to specify the treatment of the datagram during its transmission through the Internet system.

Don’t study the above too hard as it changes a few years later. Watch what happens to bit 6 in the next blog. So, go to sleep for 11 years until RFC 1349 which is the topic of my next blog: Part 2.

Mike Patterson author pic

Michael

Michael is one of the Co-founders and the former product manager for Scrutinizer. He enjoys many outdoor winter sports and often takes videos when he is snowmobiling, ice fishing or sledding with his kids. Cold weather and lots of snow make the best winters as far as he is concerned. Prior to starting Somix and Plixer, Mike worked in technical support at Cabletron Systems, acquired his Novell CNE and then moved to the training department for a few years. While in training he finished his Masters in Computer Information Systems from Southern New Hampshire University and then left technical training to pursue a new skill set in Professional Services. In 1998 he left the 'Tron' to start Somix which later became Plixer.

Related

Leave a Reply