Cover V09, I10
Figure 1
Figure 2
Figure 3
Figure 4


Layer 2 Quality of Service

Gilbert Held

In the International Standards Organization (ISO) Open System Interconnection (OSI) Reference Model, layer 2 is the Data Link Layer. That layer is responsible for the creation of frames to include applicable addressing and the computation of a cyclic redundancy check, as well as the transmission of such frames. Other functions performed at layer 2 include error detection and correction, as well as acknowledgments to indicate whether the destination received frames error free. One function omitted from the original OSI Reference Model for layer 2 operations is the topic of this article -- Quality of Service (QoS).

In this second article in a series on Quality of Service, I will cover layer 2 in the OSI Reference Model, which is the Data Link Layer. Although the OSI Reference Model does not define QoS as a layer 2 function, the efforts of the Institute of Electrical and Electronic Engineers (IEEE) resulted in the development of a traffic expediting standard for layer 2 operations. Thus, the primary focus of this article will be upon the standard, which is referred to as the 802.1p standard.


Many years ago, the IEEE was tasked by the American National Standards Institute (ANSI) with developing LAN-related standards. While the series of Ethernet (IEEE 802.3) and Token Ring (IEEE 802.5) standards are well known, the IEEE also developed many additional standards, since its original tasking that are equally important. Some of those standards include the use of the spanning tree algorithm for bridging, flow control as a mechanism to regulate the flow of data devices, virtual LANs, and traffic expediting.

Conventional LAN Dataflow

We can appreciate the problems associated with obtaining QoS on a LAN by examining the dataflow on a conventional, shared-media LAN. Figure 1 illustrates a shared-media Ethernet LAN that I will use to examine dataflow.

In Figure 1, assume station 1 is performing a file transfer to the local server while station 2 is in the process of conducting a Voice over IP (VoIP) call via the router to a destination on the Internet or on a corporate intranet. Because the LAN is a shared media network, this means that each station must contend for access to the media. If station 1 just began transmitting when station 2 “listens” to the LAN, the latter station will note the network is busy and will wait. In this example, the wait will probably be the time required to transmit a frame with a maximum length Information field of 1500 bytes (since we assumed station 1 was performing a file transfer operation). That type of operation uses a maximum length Information field for all frames but the last. Note that there is no method to prioritize access to the media among stations in this example. Thus, this precludes the ability to obtain a true quality of service that would require bandwidth to be allocated on a shared-media network. The preceding is also true for shared-media Ethernet networks.

In a Token Ring networking environment, the Control field of a frame contains three priority bits that enable certain types of applications to gain access to the media ahead of other types of applications. While the priority scheme expedites traffic (and forms the basis for subsequent efforts by the IEEE), the priority scheme does not reserve bandwidth and represents a limitation carried over into the LAN switch environment. However, while the Token Ring standard does not define the mapping of frames with different priority values into queues, the IEEE 802.1p standard does. It can be considered a more sophisticated evolution resulting from the Token Ring effort.

LAN Switching

In an Ethernet shared-media environment, it is not possible to favor access to the media. Recognizing this limitation, the IEEE focused its traffic expediting efforts upon the LAN switch environment.

A LAN switch can be considered as a contention device similar to a telephone switch. When two persons dial the same number, one will receive a busy signal while the other party will make a connection through the switch, allowing the dialed phone to ring. If we view a LAN switch as making connections on a frame-by-frame basis, a similar analogy can be made, with frames routed towards the same destination causing blockage. However, unlike a telephone company switch that does not hold calls, a LAN switch includes buffer storage that can be used to temporarily hold frames when two or more input ports have data destined to the same output port.

Figure 2 illustrates the general flow of data through a layer 2 LAN switch when two input port data sources contend for access to the same destination port. In this example, two clients are shown attempting to access a switch port connected to a server. Many layer 2 switches allocate buffer storage for queuing frames destined to a common output port. Thus, the switch contention example in Figure 2 shows two frames in a queue in memory, with one frame in the process of exiting the queue, while new frames are shown flowing toward the queue.

The queue shown in Figure 1 is technically referred to as a first-in, first-out (FIFO) queue. Thus, frames that reach the queue are processed in the order in which they arrive. Also note that if the queue becomes full, succeeding frames that reach the queue are dropped. Thus, a single FIFO queue has no mechanism to distinguish the needs of different applications concerning their ability to flow through a switch with minimal delay or delay variation.

Although FIFO queuing was simple to implement and equitable in the allocation of switch resources, it failed the differentiation test, being incapable of distinguishing different application requirements. While some switch vendors began to develop proprietary, priority queuing techniques, the IEEE was developing virtual LAN standards and recognized the need for a common traffic expediting method. The initial IEEE effort, referred to as 802.1Q, was oriented toward developing a standard for virtual LANs. Here the term “virtual LAN” references a broadcast domain. The goal behind vLANs was to enable network administrators to position switches based upon organization, application, network protocol, or another criteria that enabled users to be grouped dynamically into a broadcast domain. Since one domain does not “hear” the broadcasts associated with other domains, the use of vLANs can boost switch performance while providing administrative flexibility.

As part of the IEEE 802.1Q effort, a tag was added to the layer 2 MAC frame as it enters a vLAN-compliant switch. The 32-bit tag is inserted after the frame's normal Destination and Source Address fields as illustrated in Figure 3. In examining Figure 3, note that the IEEE “killed two birds with one frame modification” by defining three bits within the 32-bit header as a priority field. As indicated in Figure 3, the three priority-field bits provide the ability to specify eight levels of priority per frame, with the default priority set to a value of 000. The two-byte Tag Protocol Identifier (TPID) identifies the frame as a tagged frame. The two-byte Tag Control Information (TCI) field contains three subfields to include the previously mentioned three-bit user priority field, a one-bit Token Ring encapsulation flag, and a vLAN Identifier (vID). The Token Ring encapsulation flag indicates whether the encapsulated frame is in a native Token Ring (802.5) format. The vID uniquely identifies the vLAN to which the frame belongs and is also referred to as the vLAN tag.

Regarding the priority subfield shown in Figure 3, note that priority levels range from 7 (highest priority) to 0 (lowest priority). As part of a revised 802.1D bridging standard, the IEEE ratified its 802.1p specification that provides a mechanism for layer 2 switches to prioritize traffic. Although network managers must determine actual mappings, the IEEE has made broad recommendations concerning priority settings. The following table indicates those broad recommendations:

111 (7) Network Critical

110 (6) Interactive Voice

101 (5) Interactive Multimedia

100 (4) Streaming Multimedia

011 (3) Business Critical

010 (2) Standard

001 (1) Background

000 (0) Best Effort (Default)

In the above table, network critical traffic (level 7) could represent Routing Information Protocol (RIP) and Open Shortest Path First (OSPF) table updates. Priority 6 could be used for VoIP applications, while priorities 5 and 4 would represent different multimedia applications. Business critical traffic could include Service Advertising Protocol (SAP) traffic, while a 0 value is used as a best-effort default. That is, if an application does not set the priority subfield, its default value is set to 0.

The priority bits are within the 802.1Q frame. Those bits can be set by desktop clients, servers, routers, and switches. In desktop clients and servers, 802.1p-compliant network adapter cards can form 802.1Q frames as well as set the bits in the priority subfield. The actual setting of the priority bits is commonly invoked by monitoring the network socket. Here the term socket references the IP address and upper layer port that identifies the application.

As 802.1Q frames reach switches and routers that are designed to act upon traffic priorities, such devices employ multiple queues. In fact, the 802.1p specification provides recommendations concerning how eight traffic classes can be assigned with 2, 3, 4, or more queues per port. As you might expect, higher priority frames are automatically assigned to higher priority queues, while lower priority frames are assigned to lower priority queues. Once a frame is in a queue, it will be selected for transmission only if the higher traffic class queue(s) supported by the port is empty when the selection process occurs.

To illustrate the use of the 802.1p traffic-expediting standard, let's assume your organization uses 802.1p-compliant switches in a tier or hierarchical structure as illustrated in Figure 4. In this example, assume client 1 is performing a file transfer to the server attached to switch 3 (shown as a sequence of x's), while client 2 is in the process of transferring a file via switches 1 and 2 to a distant location (shown as a series of dots (.)). At the same time this activity is occurring, client 3 is conducting a videoconference via switches 3 and 2 to a distant party on the Internet or corporate intranet (shown as a sequence of dashes (-)).

In this figure, data from clients 2 and 3 flows over a common path from switch 2 to the router and then to the Internet or corporate intranet. However, the actual exiting of frame out of switch 2 to the router occurs based upon the priority bit settings of the applications forming the data flow from clients 2 and 3. That is, during periods of congestion, when frames from both sources arrive at the switch destined for the same output port, the priority queuing scheme governs which frames gain access to exiting the port. For example, assume frames from client 2 have a default priority setting of 0, while frames from client 3 have a priority setting of 6. When frames from clients 2 and 3 contend for output via switch 2 to the router, they would flow into different queues. The switch would empty frames from the high-priority queue before extracting frames from the lower priority queue, providing a traffic-expediting capability to the VoIP application being conducted by client 3.


While the 802.1p specification provides a method to expedite traffic, it has several key limitations. Those limitations include its layer 2 operation, method of tagging, and need for mapping to obtain an end-to-end QoS capability. As noted below, by itself 802.1p represents one piece of the QoS puzzle instead of a complete solution.

The first limitation of the 802.1p specification is that it is restricted to layer 2 operations. This means when frames cross a router boundary and are converted into network packets, they lose their priority tag. Thus, the 802.1p specification does not address true end-to-end network performance.

A second limitation associated with the 802.1p specification concerns the fact that the 802.1Q vLAN tag extends the MAC frame. When placed on the media, the maximum frame length is four bytes more than the 1526 associated with a maximum-length Ethernet frame. While 802.1Q-compliant equipment has no problem recognizing the extended frame, it is quite possible that “legacy” Ethernet equipment could treat such frames as jumbo frames, sending them to the great bit bucket in the sky. Thus, you need to examine the compatibility of equipment with respect to extended frames and may need to replace some equipment if its equipment is not compatible.

Another problem related to vLAN tags is the manner by which tagged and non-tagged frames are handled. Under the IEEE 802.1Q and 802.1p specifications, non-tagged frames are treated the same as frames tagged with a 0 user priority level. That is, the non-tagged frame is treated on a best-effort basis, which may not be your intention.

The third limitation associated with the 802.1p specification is related to the first limitation mentioned previously. Because the 802.1p specification is limited to layer 2 operations, one or more additional QoS mechanisms are required to provide QoS on an end-to-end basis. Those mechanisms can include the use of Differential Service (DiffServ) if communication via the router is over a TCP/IP-based network, or mapping applicable frames into constant Bit Rate (CBR) cells, if the router is connected to an ATM-based network. In the event DiffServ is not supported by the TCP/IP network and it is impractical or not cost effective to use an ATM infrastructure, it may be able to prioritize traffic through an existing router-based TCP/IP network infrastructure. In the next article in this series, I will examine each of these methods that can be used to extend QoS across a network.

About the Author

Gilbert Held is an award-winning author and lecturer. Gil is the author of over 40 books and 400 technical articles and represented the United States at technical conferences in Moscow and Jerusalem. Some of Gil's recent books include Cisco Router Performance, Voice and Data Internetworking, and Cisco Security Architecture, all published by McGraw Hill. Gil can be reached via email at: