IP Services Foundational

QoS Basics

How routers and switches handle congestion — classifying packets, marking them with DSCP, queueing by priority, and shaping/policing traffic. Why VoIP and video deserve special treatment over file downloads.

TL;DR

Quality of Service is about prioritizing important traffic when the link gets congested.
Pipeline: classify → mark (DSCP) → queue → schedule. Mark once at the edge, trust marking elsewhere.
VoIP wants low latency + jitter. Video wants bandwidth. File transfers don't care — they take what's left.

Mental model

A network link has finite bandwidth. When more traffic wants to go through than fits, somebody has to wait. Without QoS, packets are processed first-in-first-out — your VoIP call gets stuck behind someone’s 4K Netflix stream, the call degrades, the call gets dropped.

QoS gives the network rules for who waits and who goes first. It’s traffic management for the moment when the pipe is full.

QoS doesn’t create bandwidth. It manages it under congestion. When the link has plenty of headroom, QoS does nothing — all packets pass freely.

The four-stage pipeline

[ packet arrives ] → CLASSIFY → MARK → QUEUE → SCHEDULE → [ out the wire ]

Stage	What it does
Classify	Identify what kind of traffic this is. By port (TCP/5060=SIP), by ACL match, by source, by DPI.
Mark	Stamp the packet with a priority value (DSCP for IP, CoS for Ethernet).
Queue	Drop into the appropriate priority queue. High-priority queues drain first.
Schedule	Decide which queue to service next when the wire has room.

Critical principle: mark once, trust elsewhere. Mark at the edge of your network (closest to the source). Internal routers and switches just read the existing marks and act on them. Re-classifying at every hop is expensive and error-prone.

DSCP — the IP-layer marking

DSCP (Differentiated Services Code Point) is 6 bits in the IP header — 64 possible values. Common ones:

DSCP	Decimal	Name	Used for
EF	46	Expedited Forwarding	VoIP (low latency, low jitter)
AF41	34	Assured Forwarding 4-1	Interactive video
AF31	26	Assured Forwarding 3-1	Streaming video
AF21	18	Assured Forwarding 2-1	Transactional / business apps
CS6	48	Class Selector 6	Routing protocols (OSPF Hellos, etc.)
BE	0	Best Effort	Default — everything unmarked

For CCNA, focus on:

EF (46) — VoIP. Memorize this one.
AF classes — Assured Forwarding, 4 levels (1-4) with 3 drop-precedences each.
CS6 (48) — network control plane (don’t drop these or routing breaks).
BE (0) — default.

Queue scheduling — the actual prioritization

Once packets are marked and dropped into priority queues, the scheduler decides which queue’s packet goes out next. Common algorithms:

Priority Queue (PQ / LLQ) — high-priority queue is ALWAYS serviced first. If it has traffic, lower queues wait. Used for VoIP because even a tiny delay degrades calls.
Weighted Fair Queueing (WFQ) — divide bandwidth proportionally among queues based on weight. Fair, but no strict priority.
CBWFQ (Class-Based WFQ) — modern hybrid: explicit bandwidth guarantees per class.

The standard production config: LLQ for VoIP (strict priority, with a policer to prevent starving everyone else) + CBWFQ for everything else (guaranteed minimums for each class).

Shaping vs policing — two ways to limit traffic

Both restrict throughput. The difference is what happens to the excess:

	Shaping	Policing
Action on excess	Queue (delay)	Drop or remark
TCP behavior	Good — TCP slows down, no drops	Aggressive — TCP retransmits
Where used	Customer edge (outgoing)	Provider edge (incoming)
Memory	Needs a queue	Stateless

Rule of thumb: shape what you send (be a good citizen), police what you receive (protect your network).

Commands — modular QoS (the modern way)

Cisco’s MQC (Modular QoS CLI) uses three steps: define the class-map, build the policy-map, attach with service-policy.

Class-map: identify the traffic

R1(config)# class-map match-any VOIP
R1(config-cmap)# match dscp ef                     ! already-marked VoIP
R1(config-cmap)# match protocol rtp                ! or by NBAR

R1(config)# class-map match-all WEB
R1(config-cmap)# match access-group name PERMIT-WEB

Policy-map: decide what to do

R1(config)# policy-map EDGE-OUT
R1(config-pmap)# class VOIP
R1(config-pmap-c)#   priority percent 10            ! strict priority, 10% of bandwidth max
R1(config-pmap)# class WEB
R1(config-pmap-c)#   bandwidth percent 30           ! guaranteed 30%
R1(config-pmap)# class class-default
R1(config-pmap-c)#   bandwidth percent 60           ! everything else
R1(config-pmap-c)#   fair-queue

Service-policy: attach to an interface

R1(config)# interface GigabitEthernet0/0
R1(config-if)# service-policy output EDGE-OUT

Verify

R1# show policy-map interface GigabitEthernet0/0

This shows real-time hit counters per class and any drops — the most useful single QoS troubleshooting command.

Common mistakes

Marking everywhere. Marking at every hop is wasteful and error-prone. Mark once at the trusted edge, then trust DSCP values elsewhere.
Trusting markings from untrusted devices. A user PC can mark its own outgoing packets as EF. If you trust user-side markings, the user’s BitTorrent becomes “priority” and starves your VoIP. Strip / remark at the access port.
Forgetting that QoS only matters under congestion. If your WAN is at 20% utilization, QoS does nothing. Test QoS by loading the link.
No policer on the priority queue. Strict priority means VoIP gets ALL the bandwidth if it has traffic. A misbehaving app marked as EF can starve everything. Always set priority percent N (which adds an implicit policer) instead of unbounded priority.
Mis-applying input vs output policies. Classification can happen on input. Shaping/queueing happens on output (where the bottleneck is). Apply policy-maps in the right direction.
Treating CS6 as “even higher than EF.” CS6 is for routing protocol traffic — don’t put user traffic in it. EF is the highest level for user traffic.

Lab to try tonight

Two routers connected by a slow serial / dialer link (artificially limit bandwidth to 1 Mbps if needed).
Generate two flows simultaneously: a UDP-echo flow simulating VoIP, and a TCP file transfer.
Without QoS: observe the VoIP latency / jitter increase as the file transfer saturates the link.
Configure MQC: classify VoIP via DSCP EF, give it priority queue, give file transfer the rest.
Re-run the test. VoIP latency stays low even under saturation.
Verify with show policy-map interface ... — observe the queue hit counts.
Bonus: try match protocol rtp (NBAR) instead of DSCP, to classify VoIP without trusting the source’s marking.

Cheat strip

Concept	Plain English
QoS	Manage who waits when the link is full
Classify	Identify traffic type
Mark	Stamp with DSCP (IP) or CoS (Ethernet)
Queue	Drop into a priority bucket
Schedule	Decide which queue drains next
DSCP EF (46)	VoIP — low latency, low jitter
DSCP AF classes	Various — bandwidth-guaranteed, can-drop tiers
DSCP BE (0)	Default — everything unmarked
LLQ	Low Latency Queue — strict priority + policer
Shape	Queue excess (good for outgoing)
Police	Drop or remark excess (good for incoming)
MQC	class-map → policy-map → service-policy

← Previous topic

Syslog

Send every device's log messages to a central server. Covers severity levels (0-7), facilities, message format, where to send logs (local buffer / console / monitor / server), and the eternal question of how much logging is too much.

Next topic →

SNMP — Simple Network Management Protocol

How monitoring systems pull metrics and receive alerts from network devices. Covers SNMPv1/v2c/v3, community strings, traps vs informs, MIB / OID navigation, and why SNMPv3 is the only one acceptable in 2026.

Master this on a real network

Want this drilled into reflex?

1:1 weekly sessions, live feedback on your labs, and US interview prep — built around the CCNA® exam blueprint. Free first session. No card on file until you decide.

Claim my free session →

One topic per email, every fortnight

VLANs, OSPF, ACLs, subnetting, automation — written like this. Unsubscribe in one click.

We respect your inbox. One email per week, max. Unsubscribe any time.