Firewall Settings > QoS Mapping
758
SonicOS 5.8.1 Administrator Guide
The following table shows the commonly used code points, as well as their mapping to the
legacy Precedence and ToS settings.
DSCP marking can be performed on traffic to/from any interface and to/from any zone type,
without exception. DSCP marking is controlled by Access Rules, from the QoS tab, and can be
used in conjunction with 802.1p marking, as well as with SonicOS’ internal bandwidth
management.
DSCP Marking and Mixed VPN Traffic
Among their many security measures and characteristics, IPsec VPNs employ anti-replay
mechanisms based upon monotonically incrementing sequence numbers added to the ESP
header. Packets with duplicate sequence numbers are dropped, as are packets that do not
adhere to sequence criteria. One such criterion governs the handling of out-of-order packets.
SonicOS Enhanced provides a replay window of 64 packets, i.e. if an ESP packet for a Security
Association (SA) is delayed by more than 64 packets, the packet will be dropped.
This should be considered when using DSCP marking to provide layer 3 QoS to traffic
traversing a VPN. If you have a VPN tunnel that is transporting a diversity of traffic, some that
is being DSCP tagged high priority (e.g. VoIP), and some that is DSCP tagged low-priority, or
untagged/best-effort (e.g. FTP), your service provider will prioritize the handling and delivery of
the high-priority ESP packets over the best-effort ESP packets. Under certain traffic conditions,
this can result in the best-effort packets being delayed for more than 64 packets, causing them
to be dropped by the receiving SonicWALL’s anti-replay defenses.
DSCP DSCP Description Legacy IP Precedence Legacy IP ToS (D, T, R)
0 Best effort 0 (Routine – 000) -
8 Class 1 1 (Priority – 001) -
10 Class 1, gold (AF11) 1 (Priority – 001) T
12 Class 1, silver (AF12) 1 (Priority – 001) D
14 Class 1, bronze (AF13) 1 (Priority – 001) D, T
16 Class 2 2 (Immediate – 010) -
18 Class 2, gold (AF21) 2 (Immediate – 010) T
20 Class 2, silver (AF22) 2 (Immediate – 010) D
22 Class 2, bronze (AF23) 2 (Immediate – 010) D, T
24 Class 3 3 (Flash – 011) -
26 Class 3, gold (AF31) 3 (Flash – 011) T
27 Class 3, silver (AF32) 3 (Flash – 011) D
30 Class 3, bronze (AF33) 3 (Flash – 011) D, T
32 Class 4 4 (Flash Override – 100) -
34 Class 4, gold (AF41) 4 (Flash Override – 100) T
36 Class 4, silver (AF42) 4 (Flash Override – 100) D
38 Class 4, bronze (AF43) 4 (Flash Override – 100) D, T
40 Express forwarding 5 (CRITIC/ECP – 101) -
46 Expedited forwarding (EF) 5 (CRITIC/ECP – 101) D, T
48 Control 6 (Internet Control – 110) -
56 Control 7 (Network Control – 111) -