SonicWALL 5.8.1 Microscope & Magnifier User Manual


  Open as PDF
of 1490
 
Firewall Settings > QoS Mapping
754
SonicOS 5.8.1 Administrator Guide
such as DSCP. SonicOS Enhanced has the ability to DSCP mark traffic after classification, as
well as the ability to map 802.1p tags to DSCP tags for external network traversal and CoS
preservation. For VPN traffic, SonicOS can DSCP mark not only the internal (payload) packets,
but the external (encapsulating) packets as well so that QoS capable service providers can
offer QoS even on encrypted VPN traffic.
The actual conditioning method employed by service providers varies from one to the next, but
it generally involves a class-based queuing method such as Weighted Fair Queuing for
prioritizing traffic, as well a congestion avoidance method, such as tail-drop or Random Early
Detection.
802.1p and DSCP QoS
The following sections detail the 802.1p standard and DSCP QoS. These features are
supported on SonicWALL NSA platforms.
Enabling 802.1p
SonicOS Enhanced supports layer 2 and layer 3 CoS methods for broad interoperability with
external systems participating in QoS enabled environments. The layer 2 method is the IEEE
802.1p standard wherein 3-bits of an additional 16-bits inserted into the header of the Ethernet
frame can be used to designate the priority of the frame, as illustrated in the following figure:
.
TPID: Tag Protocol Identifier begins at byte 12 (after the 6 byte destination and source
fields), is 2 bytes long, and has an Ethertype of 0x8100 for tagged traffic.
802.1p: The first three bits of the TCI (Tag Control Information – beginning at byte 14, and
spanning 2 bytes) define user priority, giving eight (2^3) priority levels. IEEE 802.1p defines
the operation for these 3 user priority bits.
CFI: Canonical Format Indicator is a single-bit flag, always set to zero for Ethernet
switches. CFI is used for compatibility reasons between Ethernet networks and Token Ring
networks. If a frame received at an Ethernet port has a CFI set to 1, then that frame should
not be forwarded as it is to an untagged port.
VLAN ID: VLAN ID (starts at bit 5 of byte 14) is the identification of the VLAN. It has 12-bits
and allows for the identification of 4,096 (2^12) unique VLAN ID’s. Of the 4,096 possible
IDs, an ID of 0 is used to identify priority frames, and an ID of 4,095 (FFF) is reserved, so
the maximum possible VLAN configurations are 4,094.
802.1p support begins by enabling 802.1p marking on the interfaces which you wish to have
process 802.1p tags. 802.1p can be enabled on any Ethernet interface on any SonicWALL
appliance.
Bytes
802.11q VLAN Tag
Ethernet Data Frame
Protocol ID
(x8100 for 802.1q tags)
Bits
802.1p VLAN ID
CFI
preamble DA
SFD
SA VPID TCI Len LLC Data FCS
716 6
16 3 1 12
2 2 2 46-1500 4