What is DSCP (Differentiated Services Code Point) and how does it work?

Last update: 17/12/2025
Author Isaac
  • DSCP is a 6-bit field in the IP header that defines the per-hop behavior (PHB) and allows traffic prioritization using the DiffServ architecture.
  • The CS, AF, EF, and BE groups provide different classes and discard probabilities, with EF intended for highly sensitive traffic such as VoIP.
  • Proper classification and marking at the network edge, along with consistent queuing and QoS policies across all devices, is key to effective QoS.
  • DSCP remains essential in modern networks, SD-WAN, 5G and IoTserving as a common priority language across different domains and technologies.

DSCP field in IP header

In the day-to-day operation of a modern network, these elements are mixed together video calls, VoIP, downloads, streaming and control trafficEverything competes for the same bandwidth, and if nothing is done, the packets are treated equally (for example, you can change the network adapter priorityThat's where DSCP comes in, a mechanism that allows you to tell the network which traffic is most important and how to treat it at each hop.

When we talk about DSCP (Differentiated Services Code Point) We're referring to bits within the IP header that determine the priority and handling of each packet. This is the foundation of the DiffServ architecture defined by the IETF, and it's key to delivering Actual Quality of Service (QoS) in networks with voice, video, cloud services, or mission-critical applications. A solid understanding of DSCP is almost mandatory for anyone who manages or designs networks today.

What is DSCP and why is it so important?

Illustration by DSCP and DiffServ

El DSCP (Differentiated Services Code Point) It is a 6-bit field located in the IP header (in both IPv4 and IPv6) that indicates the level of service a packet should receive as it traverses the network. In other words, it tells each router and switch how it should classify, queue, prioritize and, if necessary, discard that package.

This DSCP field is part of the old Type of Service (ToS) byte described in RFCs 791 and 1349, which was later renamed DS (Differentiated Services) field according to RFC 2474. In the current model, the The 6 most significant bits are used for DSCP and the 2 least significant bits are reserved for other uses, mainly ECN (Explicit Congestion Notification)which allows congestion to be reported without discarding packages.

The use of DSCP allows traffic with strict requirements—for example, VoIP, videoconferencing, or interactive streaming— receive preferential treatment: less latency, less jitter, and less packet loss. At the same time, less sensitive traffic, such as email, backups, or bulk downloads, is kept in lower priority classes or simply on best effort.

DSCP does not work alone: ​​it is one of the pillars of the DiffServ architecture (RFC 2475)The idea is very simple but powerful: the core routers don't perform deep inspection, they only look at the DSCP value and apply a PHB (Per-Hop Behavior) which is already defined. This makes the system highly scalable even on large networks.

From ToS and IP Precedence to DSCP: Evolution of the Service Field

In the early days of IP, the header defined an 8-bit field called Type of Service (ToS), detailed in RFC 791. Within that octet, the The first 3 bits indicated IP Precedence and the following bits marked preferences for delay, performance and reliability.

In the original model, the values ​​of IP Precedence ranged from 000 (Routine) to 111 (Network Control)offering only eight priority levels. The remaining bits allowed indicating whether it was desired low latency, high performance, or high reliabilityHowever, in practice this scheme was used little and very inconsistently on the Internet.

RFC 1349 refined this ToS field by defining a structure with PRECEDENCE, TOS and MBZ (must be zero). Combinations such as “minimize delay”, “maximize performance” or “minimize cost” were introduced, but the same key limitation remained: only 3 precedence bitsThat is, eight priority levels in total.

With the explosive growth of IP services (especially real-time services), that granularity fell short. That's why the RFC 2474 redefines the ToS octet as a DS field and creates the concept of DSCP: now 6 bits are used for the differentiated services code point, resulting in 64 different values (from 0 to 63), more than enough to define many classes of traffic and different hop behaviors.

  What to do if Windows assigns an APIPA IP: complete guide and solutions

Furthermore, RFC 2474 introduces the concept of Class Selector (CS)where the three most significant bits of DSCP correspond exactly to the old IP Precedence and the remaining three bits are set to zero (format xxx000Thus, older equipment that only understands IP Precedence continues to correctly interpret the priority of those packets.

DSCP field structure and relationship to the IP header

The service octet in the IP header, formerly called ToS, is now called DS field (Differentiated Services field)Its current format, according to RFC 2474, is:

0 1 2 3 4 5 6 7
+—+—+—+—+—+—+—+—+
| DSCP | CU |
+—+—+—+—+—+—+—+—+

Los 6-bit DSCP They allow encoding up to 64 points of code, and the 2 bits CU (Currently Unused) They are used today mainly for ECN, which explicitly indicates congestion without needing to discard the packet.

Each DSCP value is tied to a Per-Hop Behavior (PHB) which specifies how routers should handle that traffic: relative priority, bandwidth allocation, discard probability, etc. This translates into very specific decisions about queuing, scheduling, and selective discarding in each interface.

From a practical point of view, engineers map certain DSCP values ​​to output queues on routers and switches. For example, traffic with DSCP EF typically goes to a strict priority queuewhile the AF and CS classes are distributed among queues with mechanisms such as RED/WRED (Random Early Detection) to control congestion.

Main classes and DSCP values: CS, AF, EF and others

Within the range of 64 possible codepoints, the IETF has standardized a series of commonly used values, documented in several RFCs (2474, 2597, 3246, among others). The main groups are: CS, AF, EF, BE and some special classes like LE.

The CS (Class Selector) It maintains compatibility with the old IP Precedence. Its typical values ​​are:

  • 000000 → CS0: best effort, base priority.
  • 001000 → CS1
  • 010000 → CS2
  • 011000 → CS3
  • 100000 → CS4
  • 101000 → CS5
  • 110000 → CS6
  • 111000 → CS7

Then we have the group AF (Assured Forwarding), defined in RFC 2597. Its objective is to provide a “guaranteed” bandwidth with different discard probabilities. Each AF class is identified as AFxy, where x is the class (1 to 4) and yy is the discard probability (1 = low, 3 = high). Some examples:

  • AF11 (001010), AF12 (001100), AF13 (001110)
  • AF21 (010010), AF22 (010100), AF23 (010110)
  • AF31 (011010), AF32 (011100), AF33 (011110)
  • AF41 (100010), AF42 (100100), AF43 (100110)

Another well-known value is EF (Expedited Forwarding), defined in RFC 3246. Its standard codepoint is 101110 (DSCP 46)This PHB is designed for traffic that needs Low latency, low jitter, and very little loss, such as VoIP or highly sensitive real-time communications.

The value DSCP 0 corresponds to Best Effort (BE)The default service without special guarantees. This is the traffic sent when nothing is explicitly selected, and it usually goes to queues without priority.

Some deployments also use a class of Low Effort (LE), designed for very low priority traffic (mass backups, background tasks, etc.), which can be sacrificed first in case of congestion in exchange for protecting the rest of the classes.

Traffic classification and marking with DSCP

The first phase of using DSCP is the package sortingEdge devices (routers, firewalls, access switches) analyze each flow and determine which traffic class it belongs to: Voice, video, interactive data, control traffic, best effort, backups, etc.

This classification can be based on multiple criteria: source/destination IP addresses, TCP/UDP portsprotocols, VLANs, ingress interfaces, or even layer 7 information If more advanced inspection is used. Once the class is identified, it Mark the package with the corresponding DSCP value.

There are two main approaches to marking: the static marking and the dynamic markingIn static DSCP, fixed DSCP values ​​are associated with known applications or ports (for example, assigning EF to the RTP ports of the IP PBX). In dynamic DSCP, you can Adjust the flags based on network load or temporary policiesraising or lowering priorities depending on the time of day or the origin of the traffic.

It is a good practice that the DSCP marking should be done as close to the origin as possibleoften on the user's equipment, the access switch, or the perimeter firewall. From there, all devices along the path must respect and maintain those brandsunless there are very clear reasons to rewrite them.

  How to Fix Err_Quic_Protocol_Error in Google Chrome

A common problem in networks that pass through operators is that the carrier erases or overwrites DSCP valuesIf that happens, end-to-end QoS is lost. That's why it's essential to know the provider's dialing policy and, if necessary, whether you can replace the ISP router or renegotiate or adapt the brands to the classes that the operator does transport.

Quality of Service (QoS) and Per-Hop Behavior (PHB)

La QoS It seeks to guarantee measurable parameters such as minimum bandwidth, maximum delay, controlled jitter, and limited packet loss for specific flows. DSCP is one of the main mechanisms for Implement QoS in a scalable way.

In DiffServ architecture, instead of defining circuits by flow, one works by aggregated traffic classesEach class is associated with a PH extension, which describes the treatment the packet will receive at each hop in the network: relative queue priority, bandwidth limits, discard policies, etc.

Among the best-known PHBs are EF (for traffic that is very sensitive to delay), AF (several classes with different probabilities of discarding) and BE (best effort). By combining DSCP with priority queues and scheduling mechanisms, administrators can to ensure that critical services remain stable even in congested situations.

The beauty of this design is that the core routers only need to look at the DSCP field and apply the corresponding PHB, without inspecting ports or the entire flow. This reduces the processing load and makes the solution easier. very efficient in large backbones.

In parallel with tail processing, mechanisms can be used to policing and shapingPolicing limits the rate of a class, and if that limit is exceeded, it can lower the DSCP flag or drop packets. Shaping, on the other hand, smooths bursts by temporarily storing packets, which helps queues behave more predictably.

Implementing DSCP in routers and enterprise networks

The actual implementation of DSCP is mainly done in routers, firewalls and manageable switchesIn the case of equipment from manufacturers such as Cisco, Juniper, etc., the following are defined: traffic classes, QoS policies, and DSCP mappings to queues via the CLI or advanced web interfaces.

The typical process involves several steps: first, define the classes (for example, VoIP, video, critical data, best effort), then it assign specific DSCP values to each class (EF, AF4x, AF3x, CS0, etc.) and finally They link those values ​​to queues and priorities on each output interface.

It is also very common to use ACLs (Access Control Lists) or classification rules to identify traffic that should be marked or reclassified. For example, all traffic destined for a telephony server can be captured and marked with EF, or corporate video streams can be detected and assigned AF41.

In large business networks, it is almost indispensable centralize DSCP policyDefine a common class schema for the entire organization and document which values ​​are used for each service. This prevents the chaos of each team marking things differently, which would lead to unpredictable results.

A well-designed network with DSCP allows that, even with traffic spikes or occasional congestion, the voice calls, video conferencing, and critical applications continue to function with acceptable quality, sacrificing if necessary less priority traffic such as nightly backups or one-off downloads.

Legacy hardware compatibility and use of Class Selector

Many networks still drag Older equipment that only understands the IP Precedence field and they don't fully implement DiffServ. To avoid breaking anything, DSCP was designed with a strong focus on the backwards compatibility.

The values Class Selector (CS) They have been defined precisely for this purpose. By using codepoints in the form xxx000The three most significant bits coincide with the old precedence bits, so legacy devices still correctly interpret traffic priority, even though they ignore the rest of DiffServ's capabilities.

For example, a package marked with CS3 (011000) This will be seen as precedence 3, which in classic definitions corresponded to "Flash". This allows network control traffic, critical multicast, or certain management services to continue to have priority in mixed infrastructures.

  6 Types of Phones Released to Date

The coexistence of DSCP with MPLS It is also common practice: in many designs, DSCP marks on the edge are mapped to EXP bits in the MPLS tag to maintain priority within the operator's backbone. While this MPLS detail is not explained in detail here, it is yet another example of how DSCP serves as common language of priorities between domains.

DSCP Markup Troubleshooting and Validation

When QoS isn't working properly, it's almost always necessary to check if the DSCP marking is being applied and respected correctlyTo achieve this, it is very useful to capture traffic with tools such as Wireshark and check which DSCP values ​​actually appear in the packets at different points in the network.

A typical problem is that an intermediate router resets the DSCP field to 0 due to default configuration or poorly implemented policy, killing QoS from that hop onward. Another common problem is the class inconsistencyFor example, VoIP might be marked as EF on one firewall and reclassified as AF11 on another router, resulting in contradictory treatment.

In laboratory or testing environments, it is quite common to use commands extended from ping with ToS/DSCP In routers (such as Cisco), this is used to generate packets with a specific codepoint and verify which queues they use and how they behave under load. This helps validate the design of queues and policer/shaper policies.

Continuous monitoring of queues and QoS classes on routers and switches is another key tool. Reviewing metrics of Drops per class, queue occupancy, delays, and bandwidth usage It allows you to quickly detect if any class is undersized or if the marking does not correspond to the reality of the traffic.

If problems are detected, it is usually necessary Adjust classification ACLs, correctly map DSCP to queues, and verify that all devices share the same class "dictionary".A small mismatch in a single hop can ruin the entire end-to-end QoS.

DSCP in modern networks, SD-WAN, 5G and IoT

Modern networks are no longer just a LAN and a couple of routers connecting to the internet. cloud, SD-WAN, 5G, advanced WiFi and IoTThe scenario has become considerably more complex, and DSCP remains a central piece in maintaining the quality of services.

In solutions SD WANFor example, it's very common to use DSCP values ​​to decide which link each type of traffic uses or what priority it has in encrypted tunnels. SD-WAN can Recalculate routes in real time based on delays, loss, and jitterHowever, it relies on DSCP markings to determine which flows cannot be allowed to degrade.

In environments 5G and edge computing, the promise of ultra-low latency It requires careful prioritization of critical flows: industrial control, connected vehicles, augmented reality, etc. DSCP is a convenient mechanism for indicating which traffic needs almost "VIP" treatment throughout the network chain.

With the rise of Internet of Things (IoT)This generates a huge volume of data, much of it non-critical. DSCP allows differentiation between, for example, security alarms or real-time control signals (which are marked with high priority) and massive telemetry traffic or logs which can perfectly well go in better effort or even in low effort classes.

Looking ahead, the IETF continues to work on New PHBs and usage recommendations of the DSCP codepoints, and it is possible that we will see even closer integration with mechanisms of automation and machine learning that dynamically adjust the brands based on the actual behavior of the network.

DSCP remains as the de facto standard for prioritizing IP traffic Thanks to its simplicity, compatibility, and flexibility, when well-designed and intelligently implemented, it allows highly complex networks to manage traffic in an "unfair but controlled" way, always prioritizing what truly matters without disproportionately over-provisioning the infrastructure.

What is a network access point (AP)?
Related article:
What is a network access point (AP), how does it work, and what is it used for?