Type of Service (ToS) and DSCP Values
Internet Protocol network packets can have one byte in the IP header defining what kind of service (and priority) the packet contains. The same one byte is used for both Type of Service (ToS) classifications and differentiated services code point (DSCP) values.
The Type of Service byte was defined in 1981. The differentiated services code point (DSCP) byte was later defined in December 1998. Both share the same byte in the IP packet header so they are the exact same field even though the byte is interpenetrated as meaning different things depending on how you look at the byte.
Type of Service (ToS)[edit]
The ToS (Type of Service) byte inside the IP header can be used for prioritization of packets inside a network. The field was defined in the RFC 791 IP protocol specification published in September 1981.
The Type of Service octet consists of three fields (RFC 1349):
0 1 2 3 4 5 6 7 +-----+-----+-----+-----+-----+-----+-----+-----+ | | | | | PRECEDENCE | TOS | MBZ | | | | | +-----+-----+-----+-----+-----+-----+-----+-----+
The first 3 bits of the ToS octet indicate precedence.
- The 4th bit is used to signal if low delay is desired and required
- The 5th bit indicates if high throughput is desired.
- The 6th bit indicates if high reliability is desired.
- The 7th and 8th bits are reserved
Differentiated services fields (DS field)[edit]
Everyone was happy with good old simple Type of Service codes until RFC 2474 defined a Differentiated Services Field (DS Field) using the IP protocols Type of Service byte in December 1998.
The differentiated services code point (DSCP) values are defined by the first six bits of the DSCP/ToS byte. The last two bits can and are being used for ECN (Explicit Congestion Notification) as defined in RFC 3168.
DSCP defines several traffic classes. The primary DSCP classes are, per RFC 4594, and RFC 8622:
- Lower-Effort (LE)
- Default Forwarding (DF)
- Assured Forwarding (AF)
- Expedited Forwarding (EF)
- Class Selector (CS)
Higher numbered queues within the "Assured Forwarding" sub-classes have lower priority. (AF41 has a higher priority than AF42). However, AF21-AF23 will have a higher priority than AF11-AF13.
The "Class Selector" values select class types, not priority.
The DSCP and The ToS Byte Values[edit]
Service class names are defined in RFC 4594, RFC 5865, and RFC 8622.
| DSCP Name | DS Field Binary | DS Field Decimal | DS Hex | TOS Prec-edence (dec) | ToS Hex-adecimal | ToS Decimal | ToS Binary | iptables ToS name | Service Class Name |
|---|---|---|---|---|---|---|---|---|---|
| DF / CS0 | 000 000 | 0 | 0x00 | 0 | 0x00 | 0 | 0000 0000 | Normal-Service | Standard |
| none | - | - | - | 0 | 0x02 | 2 | 0000 0010 | Minimize-Cost | |
| none | 000 001 | 1 | 0x01 | 0 | 0x04 | 4 | 0000 0100 | Maximize-Reliability | |
| LE | 000 001 | 1 | 0x01 | 0 | 0x04 | 4 | 0000 0100 | Lower-Effort | |
| none | 000 010 | 2 | 0x02 | 0 | 0x08 | 8 | 0000 1000 | Maximize-Throughput | |
| none | 000 100 | 4 | 0x04 | 0 | 0x10 | 16 | 0001 0000 | Minimize-Delay | |
| CS1 | 001 000 | 8 | 0x08 | 1 | 0x20 | 32 | 0010 0000 | Low-Priority Data | |
| AF11 | 001 010 | 10 | 0x0a | 1 | 0x28 | 40 | 0010 1000 | High-Throughput Data | |
| AF12 | 001 100 | 12 | 0x0c | 1 | 0x30 | 48 | 0011 0000 | High-Throughput Data | |
| AF13 | 001 110 | 14 | 0x0e | 1 | 0x38 | 56 | 0011 1000 | High-Throughput Data | |
| CS2 | 010 000 | 16 | 0x10 | 2 | 0x40 | 64 | 0100 0000 | OAM | |
| AF21 | 010 010 | 18 | 0x12 | 2 | 0x48 | 72 | 0100 1000 | Low-Latency Data | |
| AF22 | 010 100 | 20 | 0x14 | 2 | 0x50 | 80 | 0101 0000 | Low-Latency Data | |
| AF23 | 010 110 | 22 | 0x16 | 2 | 0x58 | 88 | 0101 1000 | Low-Latency Data | |
| CS3 | 011 000 | 24 | 0x18 | 3 | 0x60 | 96 | 0110 0000 | Broadcast Video | |
| AF31 | 011 010 | 26 | 0x1a | 3 | 0x68 | 104 | 0110 1000 | Multimedia Streaming | |
| AF32 | 011 100 | 28 | 0x1c | 3 | 0x70 | 112 | 0111 0000 | Multimedia Streaming | |
| AF33 | 011 110 | 30 | 0x1e | 3 | 0x78 | 120 | 0111 1000 | Multimedia Streaming | |
| CS4 | 100 000 | 32 | 0x20 | 4 | 0x80 | 128 | 1000 0000 | Real-Time Interactive | |
| AF41 | 100 010 | 34 | 0x22 | 4 | 0x88 | 136 | 1000 1000 | Multimedia Conferencing | |
| AF42 | 100 100 | 36 | 0x24 | 4 | 0x90 | 144 | 1001 0000 | Multimedia Conferencing | |
| AF43 | 100 110 | 38 | 0x26 | 4 | 0x98 | 152 | 1001 1000 | Multimedia Conferencing | |
| CS5 | 101 000 | 40 | 0x28 | 5 | 0xa0 | 160 | 1010 0000 | Signaling (IP Telephony, etc) | |
| voice-admit | 101 100 | 44 | 0x2c | 5 | 0xb0 | 176 | 1011 0000 | ||
| EF | 101 110 | 46 | 0x2e | 5 | 0xb8 | 184 | 1011 1000 | Telephony | |
| CS6 | 110 000 | 48 | 0x30 | 6 | 0xc0 | 192 | 1100 0000 | Network Routing Control | |
| CS7 | 111 000 | 56 | 0x38 | 7 | 0xe0 | 224 | 1110 0000 | "Reserved" |
Home users who want to set the DSCP fields (even though the ISP will likely not care) may want to use these classes for QoS queues:
| QoS queue | Traffic Type | DSCP Class |
|---|---|---|
| 1 | SYN, ACK, immediate delivery | AF21 |
| 2 | SSH, VOIP, DNS | AF22 |
| 3 | Default queue, WWW server(s) | AF23 |
| 4 | Tor node | AF11 |
| 5 | Bitcoin node | LE |
| 6 | Bulk (BitTorrent etc) | LE |
Iptables & ToS & DSCP Values[edit]
Iptables and some older routers, notably from Cisco, use an old older ToS scheme defined in RFC 1349 where bits 0 to 2 are "precedence" and 3 to 6 define Type of Service (4 bytes). It lets you use 5 pre-defined ToS named (aliases) to set the ToS byte using its --set-tos option. You can also use hex values 0x00-0xFF or a decimal numbes between 0-255. The names you can use with Iptables are:
| name | decimal | hex | bin |
|---|---|---|---|
| Minimize-Delay | 16 | 0x10 | 1000 |
| Maximize-Throughput | 8 | 0x08 | 0100 |
| Maximize-Reliability | 4 | 0x04 | 0010 |
| Minimize-Cost | 2 | 0x02 | 0001 |
| Normal-Service | 0 | 0x00 | 0000 |
You can print the above list with iptables -j TOS -h.
Changing the ToS field will also change the Differentiated Services Fields (DS field) since they are the same field.
Setting the ToS field to Minimize-Cost will change bit 6. Bit 6 and 7 are are DSCP ECN bits! Be aware of this side-effect when you -j TOS --set-tos using iptables! A precedence of 3 with the Minimize-Cost value will look like this:
0 1 2 3 4 5 6 7 +-----+-----+-----+-----+-----+-----+-----+-----+ | | | | | PRECEDENCE | TOS | MBZ | | | | | +-----+-----+-----+-----+-----+-----+-----+-----+ 1 1 0 0 0 0 1 0
That's not good since the last two bytes are defined as ECN (Explicit Congestion Notification) bits within the Differentiated services specification.
You should avoid using -j TOS --set-tos using the outdated ToS values. However, you can if you really want to, you have our permission:
IF=br0
iptables -t mangle -N MYSHAPER-OUT
iptables -t mangle -I POSTROUTING -o ${IF} -j MYSHAPER-OUT
iptables -t mangle -A MYSHAPER-OUT -p tcp --sport 32680 -j TOS --set-tos Maximize-Throughput
iptables -t mangle -A MYSHAPER-OUT -p udp --sport 32680 -j TOS --set-tos Maximize-Throughput
The above example would mark all traffic from the source-port 32680 going out of br0 as Maximize-Throughput (0x08).
iptables can also set the DSCP field. This is what you want to set even if Type-of-service is what you think you want.
The DSCP field can be set with either -j DSCP --set-dscp decimal-or-hex-value or -j DSCP --set-dscp-class DiffServ-class-value. See the table below for possible --set-dscp-class values. iptables will accept BE, EF and any of the CSxx and AFxx classes.
IF=br0
iptables -t mangle -N MYSHAPER-OUT
iptables -t mangle -I POSTROUTING -o ${IF} -j MYSHAPER-OUT
iptables -t mangle -A MYSHAPER-OUT -p tcp --sport 32680 -j DSCP --set-dscp-class AF13
iptables -t mangle -A MYSHAPER-OUT -p udp --sport 32680 -j DSCP --set-dscp-class AF13
Enable comment auto-refresher