Type of service

Last updated December 30, 2023

The type of service (ToS) field is the second byte of the IPv4 header. It has had various purposes over the years, and has been defined in different ways by five RFCs.^[1]

Prior to the redefinition, the ToS field could specify a datagram's priority and request a route for low-latency, high-throughput, or highly-reliable service. Based on these ToS values, a packet would be placed in a prioritized outgoing queue,^[2] or take a route with appropriate latency, throughput, or reliability. In practice, the ToS field never saw widespread use outside of US Department of Defense networks. However, a great deal of experimental, research, and deployment work has focused on how to make use of these eight bits, resulting in the current DS field definition.

The modern redefinition of the ToS field, also used for the Traffic Class field in IPv6 packets, is an 8-bit differentiated services field (DS field) which consists of a 6-bit Differentiated Services Code Point (DSCP) field^[3] and a 2-bit Explicit Congestion Notification (ECN) field.^[4] While Differentiated Services is somewhat backwards compatible with ToS, ECN is not.

History

The Type of Service field in the IP header was originally defined in RFC 791, and has been interpreted for IP Precedence and ToS ever since. The definition was largely derived from a US DoD Specification JANAP-128, which defines message precedence. It defined a mechanism for assigning a precedence to each IP packet, as well as a mechanism to request specific treatment such as high throughput, high reliability or low latency, etc. In the RFC 1349 update, the Monetary Cost bit is introduced (this bit was previously marked "Reserved for Future Use"). Section 2.4 of RFC 1583 (OSPFv2) introduces a ToS-aware routing method.

In practice, only the IP Precedence part of the field was ever used outside US DoD networks: the higher the value of the IP Precedence field, the higher the priority of the IP packet. Some US DoD networks did use the delay bit for route selection between oceanic cable paths and Satellite Communication (SATCOM) paths when both paths existed. IPv6 has never had an IPv4-like "traditional" ToS field, partially because the authors were aware of DiffServ efforts at its drafting (RFC 2460 Section 7).

In RFC 2474 the definition of this entire field was changed. It is now called the "DS" (Differentiated Services, "DiffServ") field and the upper 6 bits contain a value called the "DSCP" (Differentiated Services Code Point). The upper 3 bits of DS maintains compatibility with IP Precedence. Since RFC 3168, the remaining two bits (the two least significant bits) are used for Explicit Congestion Notification.

RFC 8622 added lower-effort (LE) DS for traffic that may be pre-empted by other traffic (best-effort traffic). It is intended for background traffic of low precedence, such as bulk data transfers with low priority in time.

Allocation

Precedence and ToS

Prior to its deprecation, the Type of Service field was defined as follows from RFC 791:

7	6	5	4	3	2	1	0
Precedence			Type of Service			Unused (0)

Precedence was a 3 bit field which treats high priority packets as more important than other packets. If a router is congested and needs to discard some packets, it will discard packets having lowest priority first. Although precedence field was part of IP version 4, it was never used.

RFC 1349 introduced an additional "lowcost" field. The four available ToS bits now becomes:

7	6	5	4	3	2	1	0
(IP Precedence)			lowdelay	throughput	reliability	lowcost (RFC 1349)	(Must be zero)

The naming here follows the convention of Unix operating systems.^[5] RFC 1349 and RFC 1060 only show examples of one bit used at a time for application-default values, although RFC 791 mentions that at most two of the three indications it has should be set nominally. One such use is known from mod_iptos.^[6]

Because the last three bits went through many definitions prior to RFC 2474 (see below), documentation and implementations may be confusing and contradictory.

DSCP and ECN

RFC 2474 (which was released in December 1998) reserved the first six bits of the DS (or IPv4 ToS) field for the Differentiated Services Code Point (DSCP), and RFC 3168 reserved the last two bits for Explicit Congestion Notification.

7	6	5	4	3	2	1	0
DSCP						ECN

DSCP defines a Class Selector (CS) naming to each value it defines, mirroring what would have been interpreted as the IP Precedence if one follows the older specification:

DSCP/IP Precedence Conversion Table
DSCP Name	DS Field Value (Dec)	IP Precedence (Description)
CS0	0	0: Best Effort
LE	1	n/a
CS1, AF11-13	8,10,12,14	1: Priority
CS2, AF21-23	16,18,20,22	2: Immediate
CS3, AF31-33	24,26,28,30	3: Flash - mainly used for voice signaling
CS4, AF41-43	32,34,36,38	4: Flash Override
CS5, EF	40,46	5: Critical - mainly used for voice RTP
CS6	48	6: Internetwork Control
CS7	56	7: Network Control

DSCP Nomenclature:

CS: Class Selector (RFC 2474)
AFxy: Assured Forwarding (x=class, y=drop precedence) (RFC 2597)
EF: Expedited Forwarding (RFC 3246)
LE: Lower-Effort (RFC 8622)

The above table, with individual values written out for values of the entire ToS field (not to be confused with the little-used 5-bit part):

DSCP/ToS/IP Precedence Conversion Table
DSCP Dec	ToS value	IP Prec
0	0	0
8	32	1
10	40	1
14	56	1
18	72	2
22	88	2
24	96	3
28	112	3
34	136	4
36	144	4
38	152	4
40	160	5
46	184	5
48	192	6
56	224	7

Note: In the above table, ToS is shown in decimal format. However, many routers express ToS in hex format.

Example: mixed interpretation

Let's start with an IP precedence of 1, or 001 in binary. The entire ToS field would then be 001 00000, assuming that the unused 5 bits are zero. The DSCP can be interpreted by resegmenting to 001000 00, where 001000 = 8 is the DSCP value, corresponding to CS1.

Software support

Although not frequently used, IP ToS definitions are widely found in netinet/ip.h of Unix-like or Unix operating systems as IPTOS_FIELDNAME macros.^[5] The "lowcost" field is commented out in OpenBSD due to its newer use for indicating ECN support.^[5] Remnants of the old RFC 1349 terminology can be found in Transmission 2.93^[7] as well as other tools that support setting this field.

An old Apache module "mod_iptos", once packaged in Ubuntu, notes that a way to use multiple RFC 1349 option bits together emerged after some point.^[6]

Related Research Articles

An Internet Protocol address is a numerical label such as 192.0.2.1 that is connected to a computer network that uses the Internet Protocol for communication. An IP address serves two main functions: network interface identification, and location addressing.

Internet Protocol version 4 (IPv4) is the fourth version of the Internet Protocol (IP). It is one of the core protocols of standards-based internetworking methods in the Internet and other packet-switched networks. IPv4 was the first version deployed for production on SATNET in 1982 and on the ARPANET in January 1983. It is still used to route most Internet traffic today, even with the ongoing deployment of Internet Protocol version 6 (IPv6), its successor.

Internet Protocol version 6 (IPv6) is the most recent version of the Internet Protocol (IP), the communications protocol that provides an identification and location system for computers on networks and routes traffic across the Internet. IPv6 was developed by the Internet Engineering Task Force (IETF) to deal with the long-anticipated problem of IPv4 address exhaustion, and was intended to replace IPv4. In December 1998, IPv6 became a Draft Standard for the IETF, which subsequently ratified it as an Internet Standard on 14 July 2017.

The Internet Protocol (IP) is the network layer communications protocol in the Internet protocol suite for relaying datagrams across network boundaries. Its routing function enables internetworking, and essentially establishes the Internet.

Multiprotocol Label Switching (MPLS) is a routing technique in telecommunications networks that directs data from one node to the next based on labels rather than network addresses. Whereas network addresses identify endpoints, the labels identify established paths between endpoints. MPLS can encapsulate packets of various network protocols, hence the multiprotocol component of the name. MPLS supports a range of access technologies, including T1/E1, ATM, Frame Relay, and DSL.

Quality of service (QoS) is the description or measurement of the overall performance of a service, such as a telephony or computer network, or a cloud computing service, particularly the performance seen by the users of the network. To quantitatively measure quality of service, several related aspects of the network service are often considered, such as packet loss, bit rate, throughput, transmission delay, availability, jitter, etc.

The Transmission Control Protocol (TCP) is one of the main protocols of the Internet protocol suite. It originated in the initial network implementation in which it complemented the Internet Protocol (IP). Therefore, the entire suite is commonly referred to as TCP/IP. TCP provides reliable, ordered, and error-checked delivery of a stream of octets (bytes) between applications running on hosts communicating via an IP network. Major internet applications such as the World Wide Web, email, remote administration, and file transfer rely on TCP, which is part of the Transport Layer of the TCP/IP suite. SSL/TLS often runs on top of TCP.

Time to live (TTL) or hop limit is a mechanism which limits the lifespan or lifetime of data in a computer or network. TTL may be implemented as a counter or timestamp attached to or embedded in the data. Once the prescribed event count or timespan has elapsed, data is discarded or revalidated. In computer networking, TTL prevents a data packet from circulating indefinitely. In computing applications, TTL is commonly used to improve the performance and manage the caching of data.

In computer networking, the User Datagram Protocol (UDP) is one of the core communication protocols of the Internet protocol suite used to send messages to other hosts on an Internet Protocol (IP) network. Within an IP network, UDP does not require prior communication to set up communication channels or data paths.

A classful network is an obsolete network addressing architecture used in the Internet from 1981 until the introduction of Classless Inter-Domain Routing (CIDR) in 1993. The method divides the IP address space for Internet Protocol version 4 (IPv4) into five address classes based on the leading four address bits. Classes A, B, and C provide unicast addresses for networks of three different network sizes. Class D is for multicast networking and the class E address range is reserved for future or experimental purposes.

Differentiated services or DiffServ is a computer networking architecture that specifies a mechanism for classifying and managing network traffic and providing quality of service (QoS) on modern IP networks. DiffServ can, for example, be used to provide low-latency to critical network traffic such as voice or streaming media while providing best-effort service to non-critical services such as web traffic or file transfers.

Explicit Congestion Notification (ECN) is an extension to the Internet Protocol and to the Transmission Control Protocol and is defined in RFC 3168 (2001). ECN allows end-to-end notification of network congestion without dropping packets. ECN is an optional feature that may be used between two ECN-enabled endpoints when the underlying network infrastructure also supports it.

Network congestion in data networking and queueing theory is the reduced quality of service that occurs when a network node or link is carrying more data than it can handle. Typical effects include queueing delay, packet loss or the blocking of new connections. A consequence of congestion is that an incremental increase in offered load leads either only to a small increase or even a decrease in network throughput.

Class of service is a parameter used in data and voice protocols to differentiate the types of payloads contained in the packet being transmitted. The objective of such differentiation is generally associated with assigning priorities to the data payload or access levels to the telephone call.

A ping of death is a type of attack on a computer system that involves sending a malformed or otherwise malicious ping to a computer.

In computing, Microsoft's Windows Vista and Windows Server 2008 introduced in 2007/2008 a new networking stack named Next Generation TCP/IP stack, to improve on the previous stack in several ways. The stack includes native implementation of IPv6, as well as a complete overhaul of IPv4. The new TCP/IP stack uses a new method to store configuration settings that enables more dynamic control and does not require a computer restart after a change in settings. The new stack, implemented as a dual-stack model, depends on a strong host-model and features an infrastructure to enable more modular components that one can dynamically insert and remove.

A forwarding information base (FIB), also known as a forwarding table or MAC table, is most commonly used in network bridging, routing, and similar functions to find the proper output network interface controller to which the input interface should forward a packet. It is a dynamic table that maps MAC addresses to ports. It is the essential mechanism that separates network switches from Ethernet hubs. Content-addressable memory (CAM) is typically used to efficiently implement the FIB, thus it is sometimes called a CAM table.

The Internet checksum, also called the IPv4 header checksum is a checksum used in version 4 of the Internet Protocol (IPv4) to detect corruption in the header of IPv4 packets. It is carried in the IP packet header, and represents the 16-bit result of summation of the header words.

An IPv6 packet is the smallest message entity exchanged using Internet Protocol version 6 (IPv6). Packets consist of control information for addressing and routing and a payload of user data. The control information in IPv6 packets is subdivided into a mandatory fixed header and optional extension headers. The payload of an IPv6 packet is typically a datagram or segment of the higher-level transport layer protocol, but may be data for an internet layer or link layer instead.

References

↑ RFC 791, RFC 1122, RFC 349, RFC 2474, and RFC 3168. For a full history of the ToS field, see section 22 of RFC 3168.
↑ http://www.tldp.org/HOWTO/Adv-Routing-HOWTO/lartc.qdisc.classless.html Linux Advanced Routing & Traffic Control
↑ RFC 3260 Section 4
↑ RFC 3168 Section 5
1 2 3 "openbsd/src:sys/netinet/ip.h". GitHub. Retrieved 10 October 2018.
1 2 Gaudet, Dean. "mod_iptos.c (mod_iptos 1.0)". Archived from the original on 10 October 2018. Retrieved 10 October 2018.
↑ "transmission 2.93:libtransmission/session.c". GitHub. Retrieved 10 October 2018.

External links

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[1] RFC 791, RFC 1122, RFC 349, RFC 2474, and RFC 3168. For a full history of the ToS field, see section 22 of RFC 3168.

[2] ttp://www.tldp.org/HOWTO/Adv-Routing-HOWTO/lartc.qdisc.classless.html Linux Advanced Routing & Traffic Control

[3] RFC 3260 Section 4

[4] RFC 3168 Section 5

[obsd-ip-5] 1 2 3 "openbsd/src:sys/netinet/ip.h". GitHub. Retrieved 10 October 2018.

[mod_iptos-6] 1 2 Gaudet, Dean. "mod_iptos.c (mod_iptos 1.0)". Archived from the original on 10 October 2018. Retrieved 10 October 2018.

[7] "transmission 2.93:libtransmission/session.c". GitHub. Retrieved 10 October 2018.

[1]

[2]

[3]

[4]

[5]

[6]

[7]