In a previous post, I discussed traffic coloring. Modifications to a data packet such that the packet itself informs your network equipment that it requires handling different from normal packets such as best effort traffic. In other words, if you looked at your Ethernet frame or at the IPv4 header, you'd notice a few bits different on these packets than on normal packets.


What does this look like on Ethernet? Here's a capture of two almost identical packets. Take a look at the bytes of the raw data in the first image. The first 6 bytes (in green) are for the MAC address of the receiving NIC. The second 6 bytes (in red) are for the MAC address of the source NIC. The next 2 bytes (in black) are for the Ethernet type. This tells the receiving host that the data after the Ethernet header is IPv4 traffic.


Netmon capture of an Ethernet Frame without 802.1Q
On this second image Netmon's been kind enough to tell us that this packet has a special tag in the Ethernet header. It calls it an 802.1q tag. Compare the raw data of the payload and you'll find this tag. It's the additional 4 bytes highlighted in purple. It's placed right before the Ethernet type.


Netmon capture of an Ethernet Frame with 802.1Q
This 4 byte tag is defined as part of the IEEE 802.1Q standard for Virtual Bridged Local Area Networks (aka VLAN). The tag has 3 parts: a fixed tag protocol identifier (81-00), a user priority value ranging from 0 to 7 (called an 802.1p value) and VLAN information (e.g. VLAN id). Note that if the VLAN id is 0, the tag contains only user priority information. Rephrased: you can use an 802.1q tag without deploying VLANs on your networks.


So how do you map these 802.1p values? Which priority value should you use when? That's also defined (or buried depending on your perspective) in another IEEE standard. If you scanned the end of the 1998 IEEE 802.1D standard, in Annex H, you'd find a discussion of user priorities and traffic classes. For the sake of simplicy, this is the important table from this annex:

Table H-15 — Traffic type acronyms
 
user_priority Acronym   Traffic type
 
1             BK        Background
2             —         Spare
0 (Default)   BE        Best Effort
3             EE        Excellent Effort
4             CL        Controlled Load
5             VI        “Video,” < 100 ms latency and jitter
6             VO        “Voice,” < 10 ms latency and jitter
7             NC        Network Control

Now we know how to color our Ethernet frames and which values to select for our packets. If only it was this easy…

- Mathias