Quality of Service - ToS DSCP WMM
2014-06-01 (updated: 2020-06-15) by Philip
This article explains in detail the different commonly used network QoS packet prioritization methods. It should be noted that QoS and ToS/DSCP across the internet is not a 100% reliable means. Internet Service Providers (ISPs) do not have to honor client DSCP markups, they can, and many do reclassify traffic by remarking ToS/DSCP bits in packets.
Quality of Service (QoS)
In general, QoS defines standard ways to prioritize traffic in a network where different types of packets should be assigned different priorities, based on their type. It is often used to classify VoIP, SIP, Video Streaming, gaming, and other types of priority traffic to improve user experience. By implementing QoS policies, network administrators can use existing resources more efficiently to ensure the required level of service for critical applications without over-provisioning networks.
Traditionally, when there is no set QoS policy, all network traffic is treated equally using the network's "best effort", with no guarantees for reliability, delay, throughput, or any other performance characteristics. With this type of best-effort delivery, any bandwidth-intensive application can use the majority of the network capacity, causing unacceptable or poor performance for all other time-critical applications. The QoS model, on the other hand allows for prioritizing some type of traffic (VoIP, gaming, etc.), or some users, to be treated with higher priority. There are also mechanisms that allow for prioritizing and shaping different types of traffic in a different way (high throughput vs. low delay, for example).
The goal of QoS is to provide preferential delivery to mission-critical and time-sensitive applications by controlling four main network characteristics:
bandwidth - throughput
latency - delay, rtt, ping
jitter - variation in latency
reliability - the percentage of packets discarded by the router
Latency and jitter are important for voice communications, and gaming for example, while bandwidth and reliability are important for bulk transfers.
QoS depends on support throughout the network - all devices from the sender network adapter, routers, and all the way to the receiving end must support QoS mechanisms. It is sometimes helpful to use QoS policies on a local network, however, to be able to pass QoS tagged packets through an ISP is not always possible, as it may conflict with their QoS policies. Many residential ISPs can ignore (or zero out) QoS/ToS/DSCP tagging in packets.
The SG TCP Analyzer can detect and display ToS/DSCP tagged packets, it can be used to determine whether the desired tagging is able to pass all the way to our server.
The sections below explain the different standard ways of marking packets with different priorities. The ToS/DSCP field is a part of IP packet headers used to classify and prioritize different types of traffic.
IP Type of Service (ToS)
The Type of Service (TOS) field in IP packet headers defines how packets should be routed, e.g. delay, precedence, reliability, etc. This ToS field is now redefined and more commonly used by Differentiated Services, a.k.a. the Diffserv Code Point (DSCP).
The TOS field consists of 8 bits that mark packets as follows:
| Precedence (3 bits) || Delay (1 bit)|| Throughput (1 bit)|| Reliability (1 bit)|| Cost (1 bit)|| MBZ check bit (1 bit)|
|000 (0) - Routine (best effort, default)|
001 (1) - Priority
010 (2) - Immediate
011 (3) - Flash
100 (4) - Flash Override
101 (5) - Critical
110 (6) - Internetwork Control
111 (7) - Network Control
|0 - normal|
1 - low delay
0 - normal
1 - high throughput
0 - normal
1 - high reliability
0 - normal
1 - low cost
should be zero
Type of Service is described in RFC 791 and RFC 1583. The newer Differentiated Services Code Point (DSCP) variant consists of the first 6 bits, and the last two are left unused (or used for explicit congestion notification - ECN).
Notes: The TOS Precedence field is also detailed in 802.1p/802.1q, Layer 2 Class of Service (CoS). Layer 2 switches can use the Class of Service (CoS) values of packets to classify them and put them into appropriate queues.
The IEEE 802.1q broad recommendation for the 8 possible precedence traffic classes are as follows:
0 (BK) - Background traffic
1 (BE) - Best Effort
2 (EE) - Excellent Effort
3 (CA) - Critical Applications
4 (VI) - Video, 5 (VO) - Voice, 6 (IC) - Internetwork Control
7 (NC) - Network Control
Differentiated Services Code Point (DSCP)
DiffServ/DSCP uses the first 6 bits of the above ToS field, giving 2^6 = 64 different possible values. It leaves the remaining two bits available for use by Explicit Congestion Notification (ECN). In practice, not all 64 different traffic classes are used. Most networks use the following commonly defined per-hop behaviors (PHBs):
Default PHB (per hop behavior) - typically best effort traffic, the default behavior for all traffic that does not fit any other defined class. DSCP is 000000 (0).
Expedited Forwarding (EF) [RFC 3246] - low-loss, low-latency, low-jitter traffic, suitable for voice, video and other real time services. EF is often given strict priority queuing above all other traffic classes. Typical networks will limit EF traffic to no more than 20-30% of the capacity of a link. The recommended DSCP for EF is 101110 (46).
Voice Admit (VA) [RFC 5865] - low loss, low-latency, low-jitter traffic. Newer standard with identical characteristics to Expedited Forwarding (EF), with added Call Admission Control (CAC) by the network to prevent congestion. Recommended DHCP for VA is 101100 (44).
Assured Forwarding (AF) [RFC 2597, RFC 3260] - gives assurance of delivery under prescribed conditions. AF allows the operator to provide assurance of delivery as long as the traffic does not exceed some subscribed rate. Traffic that exceeds the subscription rate faces a higher probability of being dropped if congestion occurs. The AF behavior group defines four separate AF classes, where higher classes often (but not always) have higher priority. Within each class, packets are given a "drop precedence" of high, medium or low (where higher precedence means more dropped packets). The combination of classes and drop precedence allows for twelve separate DSCP encodings from AF11 through AF43 as follows:
| Class 1 || Class 2 || Class 3 || Class 4 |
|low drop||AF11 (DSCP 10)||AF21 (DSCP 18)||AF31 (DSCP 26)||AF41 (DSCP 34)|
|medium drop||AF12 (DSCP 12)||AF22 (DSCP 20)||AF32 (DSCP 28)||AF42 (DSCP 36)|
|high drop||AF13 (DSCP 14)||AF23 (DSCP 22)||AF33 (DSCP 30)||AF43 (DSCP 38)|
Note from the above table that within the same class, higher DSCP numbers may have lower priority (higher packet drops). For example, DSCP 34 will take precedence with less packet loss over DSCP 38.
Class Slectors (CS) - maintains backward compatibility with the IP precedence field (the IP TOS value, as described above). The CS code points are of the form "nnn 000" where the first three bits are the IP precedence bits, and the remaining three are zeroes. Each IP precedence value can be mapped into a DiffServ class. If a packet is received from a non-DiffServ router that used IP TOS markings, the DiffServ router can still understand the encoding as a Class Selector code point. CS codepoint values are as follows:
The table below combines all the above PHB methods in a single table that lists all common DSCP field values. The DSCP value in the IP header is used to select appropriate QoS treatment for packets.
DSCP, DiffServ and ToS values
|DSCP Name||DSCP Binary||DSCP Decimal||IP Precedence||ToS Hex||ToS Decimal||Notes|
|CS0||000 000||0||000 (0) - best effort||0x00||0|
|CS1||001 000||8||001 (1) - priority||0x20||32||CS1 has lower wireless priority than zero with WMM|
|AF11||001 010||10||001 (1) - priority||0x28||40|
|AF12||001 100||12||001 (1) - priority||0x30||48|
|AF13||001 110||14||001 (1) - priority||0x38||56|
|CS2||010 000||16||010 (2) - immediate||0x40||64|
|AF21||010 010||18||010 (2) - immediate||0x48||72|
|AF22||010 100||20||010 (2) - immediate||0x50||80|
|AF23||010 110||22||010 (2) - immediate||0x58||88|
|CS3||011 000||24||011 (3) - flash||0x60||96|
|AF31||011 010||26||011 (3) - flash||0x68||104||call signalling RFC 2597|
|AF32||011 100||28||011 (3) - flash||0x70||112|
|AF33||011 110||30||011 (3) - flash||0x78||120|
|CS4||100 000||32||100 (4) - flash override||0x80||128|
|AF41||100 010||34||100 (4) - flash override||0x88||136||Video RFC 4594|
|AF42||100 100||36||100 (4) - flash override||0x90||144|
|AF43||100 110||38||100 (4) - flash override||0x98||152|
|CS5||101 000||40||101 (5) - critical||0xa0||160||call signaling RFC 4594|
|VA||101 100||44||101 (5) - critical||0xb0||176||Voice Admit (VA) RFC 5865|
|EF||101 110||46||101 (5) - critical||0xb8||184||Expedited Forwarding (EF)|
Audio RFC 3246, RFC 4594
|CS6||110 000||48||110 (6) - internetwork control||0xc0||192|
|CS7||111 000||56||111 (7) - network control||0xe0|
CS = Class Selector
AF = Assured Forwarding
EF = Expedited Forwarding
The IP Precedence fields in the above table are listed in decimal notation, refer to the ToS section for the corresponding binary values.
The DiffServ Code Point (DSCP) is described in RFC 2474
With Assured Forwarding (AF), higher DSCP is not always better (higher class with lower drop precedence is better).
How to Apply DSCP under Windows 7/8/10
QoS Policy settings under Windows 7/8/10 can be edited using Powershell cmdlets, or the Group Policy Editor (gpedit.msc): Computer Configuration -> Windows Settings -> Policy-based QoS
In order to define DiffServ (DSCP) values, according to Microsoft the machine needs to have joined a domain, and interfaces have to see the domain controller. To overcome this limitation, so that you can tag DSCP values even for adapters that do not have access to a domain, use the following hidden registry key:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\QoS (you may have to create the QoS key)
"Do not use NLA"="1" (REG_SZ string value, not DWORD, not present by default, recommended: 1 if you plan to edit DSCP values via gpedit.msc)
Note: This registry key may also be needed in systems with multiple network adapters present. Rebooting after setting the value is required.
PowerShell Cmdlet to change DSCP values
In Windows 10, 8, and Server 2012 it is possible to use PowerShell to configure the DSCP values with the NetQosPolicy Cmdlet. Below are a few examples of setting the DSCP value for an app called "MyApp":
New-NetQosPolicy -Name "MyApp HTTP" -DSCPAction 26 -NetworkProfile All -AppPathNameMatchCondition "%programfiles(x86)%\MyAppFolder\MyApp.exe" -IPProtocolMatchCondition TCP -IPDstPortMatchCondition 80
New-NetQosPolicy -Name "MyApp Audio RTP" -DSCPAction 46 -NetworkProfile All -AppPathNameMatchCondition "%programfiles(x86)%\MyAppFolder\MyApp.exe" -IPProtocolMatchCondition UDP -IPSrcPortStartMatchCondition 2050 -IPSrcPortEndMatchCondition 3000
New-NetQosPolicy -Name "MyApp Video RTP" -DSCPAction 34 -NetworkProfile All -AppPathNameMatchCondition "%programfiles(x86)%\MyAppFolder\MyApp.exe" -IPProtocolMatchCondition UDP -IPSrcPortStartMatchCondition 50000 -IPSrcPortEndMatchCondition 50100
New-NetQosPolicy -Name "MyApp Signalling H323/TLS" -DSCPAction 26 -NetworkProfile All -AppPathNameMatchCondition "%programfiles(x86)%\MyAppFolder\MyApp.exe" -IPProtocolMatchCondition TCP -IPDstPortMatchCondition 1300
In the above examples, the "-DSCPAction ..." parameter determines the DSCP value, and the "IPProtocolMatchCondition" defines the protocol and port number. Note that for a range of ports, you'd have to use "IPSrcPortStartMatchCondition" and "IPSrcPortEndMatchCondition".
Notes: QoS policies added via PowerShell are not visible in the Group Policies Editor.
Group Policies Editor (gpedit.msc)
To enter a DSCP value using local group policy:
1. Click the start button, type: gpedit.msc
2. In the left pane, navigate to: Computer Configuration -> Windows Settings -> Policy-based QoS
3. Right-click on Policy-based Qos and choose "Create a new Policy" -> add name -> enter appropriate decimal number between 0-56 for DSCP, use the above tables for reference -> click Next -> All applications / All source IPs / All destination IPs -> Select both TCP and UDP, From any source port / To any destination port -> Finish
gpedit.msc is only available in the professional/ultimate Windows variants, not in Home editions.
To apply changes without rebooting, you can run the following in command prompt: gpupdate /force
To manually edit an existing policy in the registry, see:
IEEE 802.1p (802.1q) value - QoS at the MAC level allowing values of 0 through 7.
gpedit.msc -> Administrative Templates -> Network -> QoS Packet Scheduler -> DSCP value of conforming packets / DSCP value of non-conforming packets.
For MS Communicator 2007, OSC, see also:
Hierarchical Token Bucket (HTB)
Some linux-based NAT routers use HTB to schedule packets. The HTB is a traffic shaping QoS packet scheduling algorithm included in stock Linux kernels since 2.4.20. It allows for traffic shaping in linux-based NAT routers as well, here is an example of DSCP based QoS with HTB in MikroTik devices:
|Traffic Type|| Precedence || DSCP Range || HTB Priority |
| Routine (default) || 000 (0) || 000000(0) – 000111 (7) || 8 |
| Priority || 001 (1) || 001000 (8) – 001111 (15) || 7 |
| Immediate || 010 (2) || 010000 (16) – 010111 (23) || 6 |
| Flash || 011 (3) || 011000 (24) – 011111 (31) || 5 |
| Flash Override || 100 (4) || 100000 (32) – 100111 (39) || 4 |
| Critical || 101 (5) || 101000 (40) – 101111 (47) || 3 |
| Internetwork Control || 110 (6) || 111000 (48) – 110111 (55) || 2 |
| Network Control || 111 (7) || 111000 (56) – 111111 (63) |
Wi-Fi Multimedia (WMM)Boost Network Performance: Windows 7 QOS — BizTech
Wi-Fi Multimedia (WMM), formerly known as Wireless Multimedia Extensions (WME), is part of the 802.11e WLAN specification that enhances quality of service (QoS) on a network by prioritizing data packets.
WMM has four access categories: background, best effort, video and voice. These are used to assign priority to traffic on wireless networks. WMM access categories are mapped to DSCP values as shown in the table. Windows automatically adds packets with DSCP values to the appropriate WMM access category; packets not assigned to a specific category are automatically tagged as "best effort."
Mapping WMM Access Categories to DSCP Marks
|WMM Access Categories||DSCP Value|
| Background (BG) || 8-23|
| Best Effort (BE) || 0-7 and 24-31 |
| Video (VI) || 32-47 |
| Voice (VO) || 48-63 |
Background: file downloads, print jobs, and other traffic that does not suffer from increased latency.
Best Effort: traffic from devices that lack QoS tagging, default for all legacy devices/applications.
Video: priority over all other data traffic.
Voice: highest priority allows for Voice over IP (VoIP) with minimal latency/jitter and the highest possible quality.
Note: The Wi-Fi Alliance has also added a Power Save Certification to WMM. PowerSave is designed to fine-tune power consumption, and to save power for battery-powered devices.
SpeedGuide TCP Optimizer
Windows 10 Registry Tweaks