DSCP Remarking Overview

Differentiated Services Code Point (DSCP) remarking can be configured using three main types of configuration with different levels of QoS precedence.

There is a debate between using the terms “marking” or “remarking.” Almost all devices initially mark the DSCP packets with a value. Every packet has one of 64 values, a decimal number from 0 to 63, in the DSCP field. Each of these values, including 0, is a legitimate DSCP. When the packet is processed by a DSCP marker, we can use the term "remarking" the packet, even though the DSCP may not change.

DSCP remarking is performed on ICX devices using three different types of configuration:

  • ACL—Traffic matching a specific pattern is remarked.
  • Interface (Physical, LAG, VE)—Traffic entering a physical, LAG, or VE interface (except traffic matched by an ACL) is remarked with a configured value.
  • Global Configuration—Traffic not affected by an ACL match or a logical interface is remarked with a configured value.

Please note that DSCP remarking configuration at the ACL level takes precedence over the DSCP remarking configuration at the interface level. That means if a packet matched an ACL filter that has DSCP remarking configuration while there is also a DSCP remarking configuration on the incoming interface, the packet is remarked with the DSCP value specified on the ACL filter it matched. Similarly, DSCP remarking configuration at the interface level takes precedence over the DSCP remarking configuration at the global level.

ACL Remarking

ACLs can be configured to match a specific pattern and remark DSCP values. When remarking is not enabled using ACLs, a rogue host that wants preferential treatment for all its traffic could mark the DSCP field for its requirements and send the traffic to the device. Packets matching an ACL takes a precedence if the traffic is to be marked with a DSCP value over logical interface remarking or global remarking configuration.

For configuration syntax, rules, and examples of QoS marking using ACLs, refer to the "QoS options for IP ACLs" section in the Ruckus FastIron Security Configuration Guide.

Interface (Physical, LAG, VE) Interface Remarking

Packets entering a physical, LAG, or VE interface can be remarked with a configured DSCP value. Remarking at the interface level can be referred to as Class of Service (CoS) remarking although the values set are DSCP values. Remember that DSCP remarking configuration at the ACL level takes precedence over the DSCP remarking configuration at the interface level. The configuration is entered through the command-line interface (CLI) at the interface level.

When DSCP marking is configured on a given port, the DSCP field of any IPv4 packet received on the port is re-marked to the configured value.

For a configuration example of QoS remarking at the interface level, see the Configuring DSCP and CoS remarking at the interface level task.

For information about the QoS remarking using physical, LAG, or VE interfaces in VXLANs, refer to the Quality of Service Support topic in the Ruckus FastIron Layer 2 Switching Configuration Guide.

Global Remarking Configuration

DSCP remarking can also be configured through the CLI at the global level. The global DSCP remarking can coexist with other security features configured on the same port.

DSCP global remarking can be configured on the ports of the modules that are configured, but not physically present. When the modules are hot-swapped, the marking is automatically applied or removed.

For a configuration example of QoS global remarking, see the Configuring global DSCP and CoS remarking task.