This chapter covers Quality of Service (QoS) concepts and traffic shaping mechanisms essential for managing network congestion and ensuring predictable performance for critical applications. On the N10-009 exam, QoS appears in roughly 5–10% of questions, often testing your ability to identify QoS tools, differentiate shaping from policing, and understand DSCP marking. Mastering this chapter will help you answer scenario-based questions about voice/video prioritization and bandwidth management.
Jump to a section
Imagine a busy international airport with a single security checkpoint. Passengers are like data packets, and the checkpoint is a network link. Without QoS, everyone queues in a single line—first-come, first-served. A VIP passenger (voice call) might miss their flight because of a family with many bags (large file download). QoS introduces multiple lanes: a dedicated fast-track lane for VIPs (strict priority), a business-class lane (expedited forwarding), and a general lane (best effort). The airport also uses traffic shaping: it limits the number of economy passengers allowed through per minute to prevent congestion, even if more show up. Policing drops excess passengers at the entrance if they exceed the limit. Marking is like issuing a boarding pass with a priority code (DSCP). The security scanner (classifier) reads the pass and directs the passenger to the correct lane. If the VIP lane is empty, the airport can let a few business-class passengers use it (weighted fair queuing). This ensures VIPs never wait, while everyone else gets a fair share. Without QoS, the airport would be chaotic—everyone equal, but nobody important gets through on time.
What is QoS and Why Does It Exist?
Quality of Service (QoS) is a set of technologies that manage network resources to provide different levels of service to different types of traffic. The fundamental problem QoS solves is congestion. When traffic exceeds link capacity, packets are delayed or dropped. Without QoS, all packets are treated equally—a bulk file transfer can flood a link, causing a real-time voice call to break up. QoS ensures that critical traffic (voice, video, critical business apps) gets preferential treatment.
On the N10-009 exam, you must understand that QoS does NOT increase bandwidth; it manages existing bandwidth to meet performance objectives. The core mechanisms are:
Classification and Marking
Queuing and Scheduling
Congestion Avoidance
Traffic Shaping and Policing
Classification and Marking
Classification identifies packets based on criteria like source/destination IP, protocol, port number, or even deep packet inspection. Marking then sets a priority tag in the packet header so downstream devices can apply policy without re-classifying.
Common marking fields: - IP Precedence: 3-bit field in the IPv4 ToS byte, values 0–7 (RFC 791). - DSCP (Differentiated Services Code Point): 6-bit field in the ToS byte, values 0–63 (RFC 2474). DSCP supersedes IP Precedence. - CoS (Class of Service): 3-bit field in the 802.1Q VLAN tag (Ethernet layer 2). - MPLS EXP: 3-bit field in MPLS shim header.
On the exam, remember the standard DSCP values: - Default (DF): 0 (best effort) - Assured Forwarding (AF): 4 subclasses with 3 drop probabilities. E.g., AF41 = DSCP 34 (high priority, low drop), AF43 = DSCP 38 (high priority, high drop). - Expedited Forwarding (EF): DSCP 46 (low delay, low loss, low jitter—used for voice). - Class Selector (CS): Backward-compatible with IP Precedence, e.g., CS5 = DSCP 40.
Queuing and Scheduling
When a packet is classified, it is placed into an output queue. The scheduler decides which queue to service next. Common queuing disciplines tested on N10-009:
FIFO (First-In, First-Out): Single queue, no differentiation. Not true QoS.
Priority Queuing (PQ): Multiple strict priority queues. High-priority queue is always emptied first. Starvation possible if high-priority traffic is excessive.
Custom Queuing (CQ): Round-robin among queues, each gets a configured byte count. No strict priority.
Weighted Fair Queuing (WFQ): Flows are classified automatically (e.g., by source/dest IP and port). Each flow gets a weight; lower volume flows get more bandwidth. Not suitable for strict priority.
Class-Based Weighted Fair Queuing (CBWFQ): You define classes, each gets a guaranteed minimum bandwidth. No strict priority.
Low Latency Queuing (LLQ): Combines a strict priority queue (for voice/video) with CBWFQ for other classes. This is the most common on modern networks.
Congestion Avoidance
Weighted Random Early Detection (WRED) drops packets probabilistically before the queue is full to avoid tail drop and TCP global synchronization. WRED uses DSCP to determine drop probability: higher priority packets are less likely to be dropped. For example, with AF41 vs AF43, AF43 packets are dropped more aggressively.
Traffic Shaping and Policing
Both limit traffic rate, but differ in how they handle excess:
Policing: Drops or re-marks packets that exceed the configured rate. It does NOT buffer. Typically applied inbound. Example: police 1000000 200000 exceed-action drop.
Shaping: Buffers excess packets and transmits them later at a smoothed rate. Typically applied outbound. Example: shape average 1000000.
Both use a token bucket model: - Committed Information Rate (CIR): Average rate allowed. - Committed Burst (Bc): Maximum number of tokens (bytes) per interval. The bucket refills at CIR per second. - Excess Burst (Be): Additional tokens allowed for short bursts, but may be dropped or shaped.
For policing, the algorithm is: 1. Arriving packet size is compared to available tokens. 2. If tokens >= packet size, packet is transmitted and tokens decremented. 3. If tokens < packet size, packet is dropped (or re-marked).
For shaping, excess packets are queued and transmitted when tokens become available.
Configuration Examples
On Cisco IOS, a simple LLQ configuration:
class-map match-any VOICE
match ip dscp ef
!
policy-map QOS_POLICY
class VOICE
priority 1000 ! strict priority queue, 1 Mbps max
class BUSINESS
bandwidth 2000 ! guarantees 2 Mbps
class class-default
fair-queue
!
interface GigabitEthernet0/1
service-policy output QOS_POLICYShaping example:
interface GigabitEthernet0/1
traffic-shape rate 1000000 200000 300000
! shape to 1 Mbps, Bc=200000 bits, Be=300000 bitsInteraction with Related Technologies
MPLS QoS: MPLS EXP bits can be mapped from IP DSCP.
Wireless QoS: WMM (Wi-Fi Multimedia) uses 802.11e to prioritize traffic.
SD-WAN: QoS policies can be applied per application over multiple links.
Exam-Specific Numbers
DSCP EF = 46 (decimal), 101110 (binary)
DSCP AF41 = 34, AF42 = 36, AF43 = 38
Default trust boundary: switch port trusts CoS or DSCP; usually untrusted by default.
Voice typically requires <150 ms one-way delay, <30 ms jitter, <1% packet loss.
Classify Incoming Traffic
The first step is identifying which packets belong to which traffic class. Classification can be based on Layer 2 (MAC, VLAN), Layer 3 (IP, DSCP), or Layer 4 (TCP/UDP port). For example, voice traffic uses UDP ports 16384–32767 (RTP) and DSCP EF. A network engineer can configure a class-map to match these criteria. On Cisco switches, classification is often done at the access layer using a trust boundary: the switch port either trusts the existing DSCP/CoS marking from the endpoint or re-marks it. If untrusted, the switch may set a default CoS (e.g., 0) for all traffic. Proper classification is critical because downstream devices rely on these marks.
Mark with DSCP or CoS
After classification, the packet is marked with a priority value. Marking typically happens as close to the source as possible. For IP traffic, DSCP is the primary marking used across networks. For example, a voice gateway marks RTP packets with DSCP EF (46). On a switch, marking can be done using a policy-map that sets the CoS or DSCP. Marking is a one-time operation; subsequent devices trust the marking. Common mistakes: marking too many applications as high priority (e.g., EF for all traffic) defeats QoS. The exam may ask about the difference between marking at Layer 2 (CoS) and Layer 3 (DSCP).
Apply Queuing Policy
Once packets are marked, they are placed into queues on the output interface. The queuing policy determines how many queues exist and their servicing order. In LLQ, a strict priority queue is reserved for voice/video. All other traffic goes into CBWFQ classes. The scheduler services the priority queue first. If the priority queue is empty, it services other queues according to their configured bandwidth weights. The exam may test that LLQ prevents starvation of other traffic by limiting the priority queue's maximum bandwidth (e.g., `priority 1000` limits to 1 Mbps). Without this limit, high-priority traffic could consume all bandwidth.
Shape or Police Traffic
If the link speed is higher than the contracted rate (e.g., a WAN link), shaping or policing is applied. Shaping buffers excess traffic and sends it at a regulated rate, which can absorb bursts but adds delay. Policing drops or re-marks excess traffic immediately, which may cause TCP retransmissions but lower latency. For example, a branch office with a 10 Mbps LAN connected to a 5 Mbps WAN link would shape outbound traffic to 5 Mbps to avoid drops at the provider edge. The token bucket parameters (CIR, Bc, Be) define burst tolerance. On the exam, you may be asked to calculate shaping rate given CIR and Bc.
Monitor and Adjust
After deployment, monitoring is essential. Use commands like `show policy-map interface` to see queue statistics, drops, and shaping/policing counters. On Cisco devices, `show interface` can show output drops. If drops occur in the priority queue, voice quality will suffer. Adjustments may include increasing priority queue bandwidth, reclassifying traffic, or increasing shaping burst sizes. The exam may present a scenario where voice quality is poor and ask which QoS parameter to adjust (e.g., increase LLQ priority bandwidth or ensure proper DSCP marking).
Enterprise VoIP Deployment
A large enterprise with 10,000 employees deploys Cisco IP phones across multiple sites. The WAN links are 100 Mbps MPLS circuits. Without QoS, a single user downloading a large file can cause voice jitter. The solution: mark all RTP traffic with DSCP EF at the access switch (trusted from IP phones). On each WAN router, apply an LLQ policy that reserves 30% of bandwidth for voice (strict priority), 40% for critical data (e.g., ERP), and 30% for best effort. Additionally, shape outbound traffic to 95% of the link speed to avoid provider policing. Common pitfall: forgetting to trust the DSCP marking from the IP phone, causing the phone's marking to be overwritten to best effort. In production, this is often caught by monitoring call quality scores (MOS).
Cloud Connectivity with SD-WAN
A retail chain uses SD-WAN to connect 500 stores to a cloud data center. Each store has a 50 Mbps broadband link. QoS is applied per application: voice and video get priority over web browsing. Traffic shaping is used to limit bulk downloads (like software updates) to 10 Mbps during business hours. Policing is applied at the cloud edge to ensure no single store exceeds its committed rate. Misconfiguration: setting the shaping rate too low causes TCP timeouts; too high causes drops at the ISP. The engineer must monitor link utilization and adjust shaping parameters.
Data Center QoS for Storage Traffic
In a data center, iSCSI storage traffic requires low latency and no drops. QoS is configured on converged network adapters (CNAs) using DCB (Data Center Bridging). Priority Flow Control (PFC) ensures no-drop for storage traffic. Traffic shaping is applied on uplinks to prevent congestion. Misconfiguring PFC can cause head-of-line blocking, affecting all traffic. Engineers use show qos statistics to verify no-drop behavior. On the exam, this scenario may test the difference between QoS for LAN vs. data center (e.g., PFC vs. standard queuing).
N10-009 Objective 1.6: QoS Concepts and Traffic Shaping
The exam tests your ability to:
Identify QoS components: classification, marking, queuing, shaping, policing.
Differentiate between shaping and policing.
Recognize standard DSCP values (EF, AF41, AF43, CS0).
Understand queuing methods: FIFO, PQ, CQ, WFQ, CBWFQ, LLQ.
Apply QoS in a given scenario (e.g., prioritize voice over data).
Common Wrong Answers
Choosing policing over shaping for outbound traffic: Candidates often think policing is better because it drops excess immediately, but for outbound traffic on a slower link, shaping is preferred to avoid drops. The exam may ask: "Which QoS tool should be used on the LAN-facing interface of a WAN router to prevent drops?" Answer: Shaping.
Confusing DSCP EF with AF41: EF (46) is for voice; AF41 (34) is for high-priority data. A question might ask: "Which DSCP value is used for voice traffic?" Wrong answers include 34 or 0.
Thinking QoS increases bandwidth: QoS does not increase speed; it prioritizes traffic. A question might describe link saturation and ask how to fix it—candidates might choose "increase bandwidth" instead of "apply QoS".
Misidentifying LLQ vs. CBWFQ: LLQ includes a strict priority queue; CBWFQ does not. A scenario with voice traffic should use LLQ, not plain CBWFQ.
Specific Values and Terms
DSCP EF = 46, AF41 = 34, AF43 = 38
CoS values: 0 (best effort), 5 (voice), 4 (video)
Shaping uses a token bucket; policing uses a token bucket with drop.
Default queuing on Cisco routers is WFQ for interfaces below 2 Mbps, FIFO for above.
Edge Cases
Trust boundary: If a switch port is set to "trust DSCP", it passes the marking unchanged. If "untrusted", it sets DSCP to 0. The exam may test where to trust: at the access layer for IP phones, not for PCs.
Policing inbound vs. outbound: Policing is typically inbound; shaping outbound. A question might ask: "Where should you apply policing to limit traffic from a customer?" Answer: Inbound on the provider edge.
Eliminating Wrong Answers
Focus on the mechanism: if the scenario mentions buffering, it's shaping; if it mentions dropping, it's policing. If voice is involved, look for LLQ or priority queue. If the question gives DSCP values, match them to the application (EF=voice, AF=video/data).
QoS manages traffic during congestion; it does not increase bandwidth.
Classification identifies traffic; marking sets priority (DSCP, CoS).
DSCP EF (46) is used for voice; AF41 (34) for premium data; AF43 (38) for high-drop data.
LLQ provides a strict priority queue for real-time traffic; CBWFQ provides guaranteed bandwidth.
Shaping buffers excess traffic; policing drops excess traffic.
Shaping is applied outbound; policing is typically inbound.
Default queuing on Cisco routers: WFQ for links <2 Mbps, FIFO for faster links.
Trust boundary: mark traffic as close to source as possible; untrusted ports overwrite markings.
WRED drops packets based on DSCP to avoid TCP synchronization.
Voice requirements: <150 ms one-way delay, <30 ms jitter, <1% loss.
These come up on the exam all the time. Here's how to tell them apart.
Traffic Shaping
Buffers excess packets in a queue.
Applied outbound on an interface.
Adds delay (buffering) but reduces drops.
Uses a token bucket with a queue.
Smooths traffic to a configured rate.
Traffic Policing
Drops or re-marks excess packets immediately.
Applied inbound or outbound (typically inbound).
Minimizes delay but causes drops.
Uses a token bucket without buffering.
Enforces a hard rate limit.
Mistake
QoS increases the total bandwidth of a link.
Correct
QoS does not increase bandwidth; it prioritizes certain traffic over others during congestion. The total throughput remains limited by the link speed.
Mistake
DSCP EF (46) and IP Precedence 5 are the same.
Correct
They are different markings. DSCP EF is 46 decimal (101110 binary), while IP Precedence 5 is 101000 binary (DSCP 40). They are not interchangeable; backwards compatibility is via Class Selector codes.
Mistake
Policing is always better than shaping because it reduces delay.
Correct
Policing drops excess packets, which can cause TCP retransmissions and overall performance degradation. Shaping buffers excess traffic, adding delay but avoiding drops, which is often better for TCP traffic.
Mistake
LLQ and CBWFQ are the same thing.
Correct
CBWFQ provides guaranteed bandwidth to classes but no strict priority queue. LLQ adds a strict priority queue for real-time traffic, making it suitable for voice/video.
Mistake
QoS is only needed on WAN links.
Correct
QoS is also crucial in data centers (e.g., for storage traffic) and wireless networks (WMM). Any link that can experience congestion benefits from QoS.
Reveal each answer, then mark whether you got it right. Score 60%+ to unlock the next chapter.
Traffic shaping buffers excess packets and transmits them later at a regulated rate, smoothing traffic bursts. It adds delay but reduces packet loss. Traffic policing drops or re-marks packets that exceed the configured rate, without buffering. Policing minimizes delay but can cause high packet loss. On the N10-009 exam, remember that shaping is typically applied outbound, while policing is often applied inbound.
Voice traffic uses DSCP EF (Expedited Forwarding), which has a decimal value of 46. This value ensures low latency, low jitter, and low loss. On the exam, you may also see AF41 (34) for video or premium data, and AF43 (38) for data with higher drop preference.
LLQ (Low Latency Queuing) combines a strict priority queue with CBWFQ. The strict priority queue ensures that voice packets are sent before any other traffic, minimizing delay and jitter. Without LLQ, voice packets could be delayed by data traffic, causing poor call quality. The priority queue is typically limited to a percentage of bandwidth to prevent starvation.
Marking should be done as close to the source as possible, ideally at the access layer. For example, IP phones mark their own RTP packets with DSCP EF. The switch port should trust this marking. For data traffic, marking can be done at the distribution layer based on application. Untrusted ports overwrite markings to default (DSCP 0).
On Cisco routers, the default queuing method depends on the interface speed. For interfaces with bandwidth below 2 Mbps, Weighted Fair Queuing (WFQ) is used by default. For interfaces with bandwidth 2 Mbps or higher, FIFO is the default. This is important for the exam because you may need to configure QoS explicitly on high-speed links.
WRED (Weighted Random Early Detection) drops packets probabilistically before the queue is full. It uses DSCP values to determine drop probability: higher priority packets (e.g., AF41) are dropped less often than lower priority ones (e.g., AF43). This prevents TCP global synchronization and improves overall throughput.
A trust boundary defines where the network trusts the QoS markings from the endpoint. For example, a switch port connected to an IP phone is typically configured to trust the DSCP marking from the phone. A port connected to a PC is usually untrusted, so the switch overwrites any markings to default. The exam may test that trusting should be applied only to known devices.
You've just covered QoS Concepts and Traffic Shaping — now see how well it sticks with free N10-009 practice questions. Full explanations included, no account needed.
Done with this chapter?