Assign priority tags to traffic, such as VoIP and streaming video, that has higher networking requirements for bandwidth, low latency, and so on. You can mark the traffic with a CoS tag in Layer 2 of the network protocol stack or with a DSCP tag in Layer 3.

Priority tagging is a mechanism to mark traffic that has higher QoS demands. In this way, the network can recognize different classes of traffic. The network devices can handle the traffic from each class according to its priority and requirements.

You can also re-tag traffic to either raise or lower the importance of the flow. By using a low QoS tag, you can restrict data tagged in a guest operating system.

Procedure

  1. Locate a distributed port group or an uplink port group in the vSphere Web Client.
    1. Select a distributed switch and click the Networks tab.
    2. Click Distributed Port Groups to see the list of distributed port groups, or click Uplink Port Groups to see the list of uplink port groups.
  2. Right-click the port group and select Edit Settings.
  3. Select Traffic filtering and marking.
  4. If traffic filtering and marking is disabled, enable it from the Status drop-down menu.
  5. Click New to create a new rule, or select a rule and click Edit to edit it.
  6. In the network traffic rule dialog box, select the Tag option from the Action drop-down menu.
  7. Set the priority tag for the traffic within the scope of the rule.
    Option Description
    CoS value Mark the traffic matching the rule with a CoS priority tag in network Layer 2. Select Update CoS tag and type a value from 0 to 7.
    DSCP value Mark the traffic associated with the rule with a DSCP tag in network Layer 3. Select Update DSCP value and type a value from 0 to 63.
  8. Specify the kind of traffic that the rule is applicable to.
    To determine if a data flow is in the scope of a rule for marking or filtering, the vSphere distributed switch examines the direction of the traffic, and properties like source and destination, VLAN, next level protocol, infrastructure traffic type, and so on.
    1. From the Traffic direction drop-down menu, select whether the traffic must be ingress, egress, or both so that the rule recognizes it as matching.

      The direction also influences how you are going to identify the traffic source and destination.

    2. By using qualifiers for system data type, Layer 2 packet attributes, and Layer 3 packet attributes set the properties that packets must have to match the rule.

      A qualifier represents a set of matching criteria related to a networking layer. You can match traffic to system data type, Layer 2 traffic properties, and Layer 3 traffic properties. You can use the qualifier for a specific networking layer or can combine qualifiers to match packets more precisely.

      • Use the system traffic qualifier to match packets to the type of virtual infrastructure data that is flowing through the ports of the group . For example, you can select NFS for data transfers to network storage.
      • Use the MAC traffic qualifier to match packets by MAC address, VLAN ID, and next level protocol.

        Locating traffic with a VLAN ID on a distributed port group works with Virtual Guest Tagging (VGT). To match traffic to VLAN ID if Virtual Switch Tagging (VST) is active, use a rule on an uplink port group or uplink port.

      • Use the IP traffic qualifier to match packets by IP version, IP address, and next level protocol and port.
  9. In the rule dialog box, click OK to save the rule.

Example: Voice over IP Traffic Marking

Voice over IP (VoIP) flows have special requirements for QoS in terms of low loss and delay. The traffic related to the Session Initiation Protocol (SIP) for VoIP usually has a DSCP tag equal to 26, which stands for Assured Forwarding Class 3 with Low Drop Probability (AF31).

For example, to mark outgoing SIP UDP packets to a subnet 192.168.2.0/24, you can use the following rule:

Rule Parameter Parameter Value
Action Tag
DSCP value 26
Traffic direction Egress
Traffic qualifiers IP Qualifier
Protocol UDP
Destination port 5060
Source address IP address matches 192.168.2.0 with prefix length 24