How to Define Filters in the QoS Policy (IPQoS Administration Guide)

IPQoS Administration Guide

How to Define Filters in the QoS Policy

You create filters to identify packet flows as members of a particular class. Each filter contains selectors, which define the criteria for evaluating a packet flow. The IPQoS-enabled system then uses the criteria in the selectors to extract packets from a traffic flow and associate them with a class. (For an introduction to filters, see Filters.)

Before you can perform the next steps, you should have completed the procedure How to Define the Classes for Your QoS Policy.

Create at least one filter for each class in the QoS organizational table that you created in How to Define the Classes for Your QoS Policy.

Consider creating separate filters for incoming and outgoing traffic for each class, where applicable. For example, add an ftp-in filter and an ftp-out filter to the QoS policy of an IPQoS-enabled FTP server. Then you can define an appropriate direction selector in addition to the basic selectors.

Define at least one selector for each filter in a class.

The following table lists the most commonly used selectors. The first five selectors represent the IPQoS 5–tuple, which the IPQoS system uses to identify packets as members of a flow. For a complete list of selectors, see Table 6–1.

Note –

Be judicious in your choice of selectors. Use only as many selectors as you need to extract packets for a class. The more selectors you define, the greater the impact on IPQoS performance.

Table 2–4 Common IPQoS Selectors


Name	Definition
`saddr`	Source address.
`daddr`	Destination address.
`sport`	Source port number. You can use a well-known port number, as defined in `/etc/services`, or user-defined port number.
`dport`	Destination port number.
`protocol`	IP protocol number or protocol name that is assigned to the traffic flow type in `/etc/protocols`.
`ip_version`	Addressing style to use. Use either V4 or V6. V4 is the default.
`dsfield`	Contents of the DS field, that is, the DS codepoint. Use this selector for extracting incoming packets that are already marked with a particular DSCP.
`priority`	Priority level that is assigned to the class. For more information, see Prioritizing the Classes.
`user`	Either the UNIX userID or user name that is used when the upper-level application is executed.
`projid`	Project ID that is used when the upper-level application is executed.
`direction`	Direction of traffic flow. Value is either LOCAL_IN, LOCAL_OUT, FWD_IN, or FWD_OUT.

Use the template that was introduced in Table 2–2 to fill in filters for the classes you defined.

Class	Priority	Filters	Selectors
ftp-traffic	4	ftp-out	`saddr 10.190.17.44` `daddr 10.100.10.53` `sport 21` `direction LOCAL_OUT`

Class

Priority

Filters

Selectors

ftp-traffic

ftp-out

saddr 10.190.17.44

daddr 10.100.10.53

sport 21

direction LOCAL_OUT

Where to Go From Here

Task	For Information
Define a flow-control scheme	How to Plan Flow Control
Define forwarding behaviors for flows as they return to the network stream	How to Plan Forwarding Behavior
Plan for flow accounting of certain types of traffic	How to Plan for Flow Accounting
Add more classes to the QoS policy	How to Define the Classes for Your QoS Policy
Add more filters to the QoS policy	How to Define Filters in the QoS Policy