Packet Classification and Packet marking

Published: 14th June 2011
Views: N/A

Packet classification can be simple classification, based on Layer 2 or Layer 3 information, and is, as the name implies, a set of mechanisms that can distinguish one type of packet from other.

An example of a simple packet classification mechanism is matching against an access list that looks for packets with a specific source and destination IP address. This packet classification can also be far more complex, looking at things such as destination URL ccie and MIME type. An example of a more complex packet classification mechanism available in Cisco routers is network-based application recognition (NBAR). NBAR is capable of matching on a variety of Layer 4 through Layer 7 characteristics, such as those listed previously. NBAR is also capable of stateful packet inspection, which dramatically increases the potential functionality. Whatever the actual classification capability of a specific mechanism, packet classification is typically performed as close as possible to the traffic source and is usually used in conjunction with packet marking. The words typically and usually were used intentionally here, because your particular setup may necessitate performing these functions at other places in your network.

Packet marking is a function that allows a networking device to mark packets differently, based on their classification, so that they may be distinguished more easily at future network devices. Consider this analogy: Many states have smoking-prohibited sections in restaurants, but restaurants in North Carolina (where all of this book's authors live and work) still have smoking sections. Therefore, every time we walk into a restaurant, we have to state our personal preference about whether we want to sit in the smoking or non-smoking section.

It seems like a lot of wasted time to ask and answer that question over and over againówouldn't life be easier if I could just walk into a restaurant and they knew where to seat me? This is a loose analogy to the function of packet marking in the sense that a packet only requires complex classification (Do you prefer smoking or nonsmoking, sir?) to happen once. After the packet has been classified at the first router hop, ccie sp a marking is applied so that all future network hops can just look at the marking and know what to do with that packet. Packet marking is, as previously mentioned, generally deployed in conjunction with packet classification as close to the source as possible. One of the reasons that the DiffServ model is so scalable is that the complex packet

classification and packet marking are both recommended for deployment on only the first-hop Layer 3-capable device.

In a typical enterprise network deployment, this means a branch office device (which serves a small subset of the total user community) performs the complex operations for that branch. Then that marking is carried with the packet throughout the network, limiting the burden on the core of the network to very simple classification of packets ccie routing and switching bootcamp (based on the markings that were applied at the edge of the network) and the switching of those packets to the appropriate egress interface.

Report this article Ask About This Article

More to Explore