QoS of Iptables

The Type Of Service (TOS) bits are a set of four-bit flags in the IP header. When any one of these bit flags is set, routers may handle the datagram differently than datagrams with no TOS bits set. Each of the four bits has a different purpose and only one of the TOS bits may be set at any time, so combinations are not allowed. The bit flags are called Type of Service bits because they enable the application transmitting the data to tell the network the type of network service it requires.

TOS Value

hexadecimal decimal name
0x10 16 Minimize-Delay
0x08 8 Maximize-Throughput
0x04 4 Maximize-Reliability
0x02 2 Minimize-Cost
0x00 0 Normal-Service

OS bit manipulation

The Type Of Service (TOS) bits are a set of four-bit flags in the IP header. When any one of these bit flags is set, routers may handle the datagram differently than datagrams with no TOS bits set. Each of the four bits has a different purpose and only one of the TOS bits may be set at any time, so combinations are not allowed. The bit flags are called Type of Service bits because they enable the application transmitting the data to tell the network the type of network service it requires.

The classes of network service available are:

minimum delay

Used when the time it takes for a datagram to travel from the source host to destination host (latency) is most important.
A network provider might, for example, use both optical fiber and satellite network connections. Data carried across satellite connections has farther to travel and their latency is generally therefore higher than for terrestrial-based network connections between the same endpoints.
A network provider might choose to ensure that datagrams with this type of service set are not carried by satellite.

maximum throughput

Used when the volume of data transmitted in any period of time is important.
There are many types of network applications for which latency is not particularly important but the network throughput is; for example, bulk-file transfers.
A network provider might choose to route datagrams with this type of service set via high-latency, high-bandwidth routes, such as satellite connections.

maximum reliability

Used when it is important that you have some certainty that the data will arrive at the destination without retransmission being required.
The IP protocol may be carried over any number of underlying transmission mediums.
While SLIP and PPP are adequate datalink protocols, they are not as reliable as carrying IP over some other network, such as an X.25 network. A network provider might make an alternate network available, offering high reliability, to carry IP that would be used if this type of service is selected.

minimum cost

Used when it is important to minimize the cost of data transmission. Leasing bandwidth on a satellite for a transpacific crossing is generally less costly than leasing space on a fiber-optical cable over the same distance, so network providers may choose to provide both and charge differently depending on which you use.
In this scenario, your “minimum cost” type of service bit may cause your datagrams to be routed via the lower-cost satellite route.

Suggested Uses for TOS Bitmasks

TOS ANDmask XORmask Suggested Use
Minimum Delay 0x01 0x10 ftp, telnet, ssh
Maximum Throughput 0x01 0x08 ftp-data, www
Maximum Reliability 0x01 0x04 snmp, dns
Minimum Cost 0x01 0x02 nntp, smtp

example

  • The general syntax used to match TOS bits looks like:
    1
    iptables -m tos --tos mnemonic [other-args] -j target
  • The general syntax used to set TOS bits looks like:
    1
    iptables [other-args] -j TOS --set mnemonic

Reference:

  • tos bit manipulation