4.4 QoS Fundamentals

Why QoS Exists

Quality of Service (QoS) is the set of tools that prioritizes traffic when a link is congested. With no QoS, every packet is best-effort and drops are indiscriminate during congestion — fine for a file download that simply retransmits, fatal for a phone call that cannot wait. QoS does not create bandwidth; it decides who suffers first when bandwidth runs out.

The four impairments QoS controls

Application requirements

The headline numbers to memorize are the voice trio: 150 ms delay, 30 ms jitter, 1% loss — interactive video uses the same targets because a human is in the conversation.

Classification and Marking

QoS first classifies traffic (identifies what it is) then marks it so every downstream hop can act without re-inspecting deep into the packet.

• CoS (Class of Service) — a 3-bit field (values 0-7) inside the 802.1Q VLAN tag. Because it lives in the tag, it survives only on trunk links and is lost the moment a frame leaves a trunk.
• DSCP (Differentiated Services Code Point) — a 6-bit field (values 0-63) in the IP header's ToS byte. Being Layer 3, it travels end-to-end across routed networks, which is why CCNA treats DSCP as the preferred marking.

Per-Hop Behaviors (PHB) and DSCP Values

A Per-Hop Behavior is the forwarding treatment a router gives a packet based on its DSCP mark.

Reading an AF name

Assured Forwarding values are written AFxy: x = class (1-4, higher is more important) and y = drop precedence (1-3, higher drops first under congestion). So AF43 is high class but most-droppable; AF11 is low class, drop-last within its class.

Queuing and Trust Boundary

After marking, the egress interface sorts traffic into queues:

• LLQ (Low Latency Queuing) — a strict priority queue, the proper home for EF voice; it is serviced first but policed so it cannot starve everything else.
• CBWFQ (Class-Based Weighted Fair Queuing) — guarantees a minimum bandwidth share per traffic class.
• WFQ — proportionally fair sharing for unclassified flows.

The trust boundary is the point where the network starts believing a device's QoS marks. A PC could set DSCP 46 to cheat its way into the voice queue, so PC markings are not trusted; a Cisco IP phone is trusted, and the access switch is the usual boundary — re-marking or trusting at the first managed port.

Congestion Tools: Shaping, Policing, and Drop

QoS has two ways to handle traffic that exceeds a rate. Policing measures the rate and immediately drops (or re-marks down) anything over the limit — it is harsh but adds no delay, suited to enforcing a contract at a network edge. Shaping instead buffers the excess and releases it later at the allowed rate, smoothing bursts at the cost of added delay and the risk of buffering. The exam-level takeaway: policing drops, shaping delays; policing is typically applied inbound and shaping outbound.

When queues fill, the default behavior is tail drop — once the queue is full, every new packet is discarded regardless of importance. Tail drop can cause TCP global synchronization, where many flows back off and ramp up in lockstep, wasting capacity. Weighted Random Early Detection (WRED) counters this by dropping lower-priority (higher AF drop-precedence) packets probabilistically before the queue is completely full, signaling a few TCP senders to slow down early and keeping the link smoothly utilized. This is the practical reason AF drop precedence exists: under WRED, AF13 is discarded before AF11 within the same class.

Putting Voice Through the Network End to End

Trace a VoIP packet to see every concept connect. The IP phone marks its voice RTP stream EF (DSCP 46) and its signaling CS3, sending them on a dedicated voice VLAN. The access switch, sitting at the trust boundary, trusts the phone's markings but re-marks any traffic from the daisy-chained PC down to best-effort. Each router along the path reads the DSCP value, applies the EF Per-Hop Behavior, and places the packet in its LLQ strict-priority queue so it jumps ahead of bulk data.

Because every hop honors the same Layer 3 DSCP mark, the call meets its under-150 ms / under-30 ms / under-1% budget end to end — something CoS alone could never guarantee, since CoS evaporates the moment the frame leaves a trunk.

On the exam: CCNA tests QoS concepts, not full config. Lock in EF = voice = DSCP 46, BE = DSCP 0, CoS is Layer 2 / trunk-only while DSCP is Layer 3 / end-to-end, the voice 150/30/1 targets, that policing drops while shaping delays, and what a trust boundary is.