Sign in Subscribe
Telco

How to set DSCP/COS in FreeBSD and use it in Telco environment

Jordan Ostreff

2 min read

Preserving QoS parameters in Telco environment, where part of the equipment is following 3gpp rules and other part is followin ietf rfcs rules is really chalenging. And of course there is allways need to add some additional freeware equipment ...

Reference (recomendation) table

In above table is used information from Ericsson excelent documentation/recomendations and information published already here.

Imagine the scenario that you must mark ( with dscp cs6, cos 6 ) all DNS related conversations of your machine. This means you should mark all incomming packets via tcp and udp on port 53 and also all outgoing tcp and udp packets to port 53.

Last days I've made some research what can be done with FreeBSD. I have found that it's possible to do such marking on the OS level, if programmers doesn't made such marking to be possible via specific configuration, in his application configuration.

It looks that COS and DSCP values can be set in two different places.

COS value is part of Layer 2 interface configuraton on vlan level in vlanpcp parameter as it's visible bellow it is set to COS=6:

vlanXXXX: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=403<RXCSUM,TXCSUM,LRO>
ether 4a:4f:52:44:41:4e
inet 10.0.0.1 netmask 0xfffffffe broadcast 255.255.255.255
groups: vlan
vlan: XXXX vlanpcp: 6 parent interface: lagg0
fib: 5
media: Ethernet autoselect
status: active
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>

Wireshark check of 802.1q

So the only solution I have found is to design your DNS servers to use dedicated interfaces on your server.

DSCP value is more complicated to be set. It looks that it can be modified/set in the firewall. Using IPFW the job can be done using following rules inside your ruleset:

    ${fwcmd} add setdscp cs6 { tcp or udp } from any 53 to any
    ${fwcmd} add setdscp cs6 { tcp or udp } from any to any 53
Wireshark check of DSCP in IPv4 headers

It looks that it's not possible same thing to be done via my favorite firewall PF.

For linux implementations - for dscp look in iptables examples already published in Internet, for cos research begin from this article.

Share with Me via Nextcloud