QoS Tagging and Traffic Filtering on vDS

There are two types of QoS Marking/Tagging common in networking are 802.1p (COS) applied on Ethernet(Layer 2) packets and Differentiated Service Code Point (DSCP) Marking applied on IP packets. The physical network devices use these tags to identify important traffic types and provide Quality of Service based on the value of the tag. As business critical and latency sensitive applications are virtualized and run in parallel with other applications on ESXi hosts, it is important to enable traffic management and tagging features on the VDS.

The traffic management feature on the vDS helps reserve bandwidth for important traffic types, and the tagging feature allows the external physical network to understand the level of importance of each traffic type. It is a best practice to tag the traffic near the source to help achieve end-to-end Quality of Service (QoS). During network congestion scenarios, the tagged traffic doesn’t get dropped which translates to a higher Quality of Service (QoS) for the tagged traffic.

Once the packets are classified based on the qualifiers described in the traffic filtering section, users can choose to perform Ethernet (layer2) or IP (layer 3) header level marking. The markings can be configured at the port group level.

Lets Configure this , so that i can ensure that my business critical VMs are getting higher priority at physical layer…

Login to the Web Client and  click on dvSwitch and choose Port Group on which you want to apply TAG:

  1. Click on Manage tab
  2. Select the Settings option
  3. Select Policies
  4. Click on Edit


  1. Click on Traffic filtering and marking
  2. In the Status drop down box choose Enabled
  3. Click the Green + to add a New Network Traffic Rule


  1. In the Action: drop down box select Tag (default)
  2. Check the box to the right of DSCP value
  3. In the drop down box for the DSCP value select Maximum 63
  4. In the Traffic direction drop down box select Ingress
  5. Click the Green +


New Network Traffic Rule – Qualifier

Now that you have decided to tag the traffic the next question is which traffic you would like to tag.There are three options available while defining the qualifier:

  • System Traffic Qualifier
  • New MAC qualifier
  • New IP Qualifier

This means you have options to select packets based on system traffic types, MAC header or IP header fields. here we will create qualifier based on system traffic.

Select New System Traffic Qualifier from the drop down menu qos4.gif

  1. Select Virtual Machine
  2. Click OK


Check that your rule matches Name: Network Traffic Rule 1

  1. Action: Tag
  2. DSCP Value: Checked
  3. DSCP Value: 63 Traffic
  4. Direction: Ingress
  5. System traffic: Virtual Machine
  6. Click OK


Same way you can also allow/block the traffic:

Again go to dvPort – Settings – Policies –  Edit – Traffic Filtering and Marking and edit the existing rule that we have created above and change Action to Drop.


  1. Click the Green + to add a new qualifier.
  2. Select New IP Qualifier… from the drop down list.


  1. Select ICMP from the Protocol drop down menu.
  2.  Select Source address IP address is of your VM , in my case it is
  3. Click OK


  1. and finally Click OK , this will drop the ping for that particular VM.

So same way you can write many rules with various permutation and combinations to help your organisation to achive QoS and traffic filtering on dVS. I hope this helps you in your environments. Happy Learning 🙂


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s