Classification is the job of marking packets so that the routing and switching infrastructure can recognize those packets as needing high priority. This is like sticking those 'Priority' stickers on your boxes at the Post Office. They immediately mark the package as needing special treatment. Postal workers who handle the packages enroute don't need to look at the postage or decode the bar codes or sniff the boxes for perishible goods, they just spot the red priority stickers and move them into the right bin for priority treatment.
The most logical place to mark packets is in the endpoint (the computer, phone or video device) that creates the packet stream. Because the endpoint is running the application, it knows exactly which packets should be given high priority treatment. An IP phone knows which packets contain voice and which contain management statistics, and it can mark them high and low priority respectively. Sounds simple enough! Make sure your endpoints can mark packets, and provision them accordingly. Problem solved?
Unfortunately, no. And the reason is because the network can't necessarily trust the endpoint to have its best interest in mind. Remember I said before that every user wants his application to run at high priority? Interactive multi-player online games work really well using high priority QoS classes, but consuming this bandwidth with games may not be the right priority for the enterprise network.
So routers are designed by default to not trust the markings that an endpoint puts on its packets, and it will rewrite those markings to zero (best effort) when they appear. The network team prefers that they make the decision about which applications are given high priority, so they can manage the demand on the network and ensure adequate resources are available to meet the needs of those applications that the corporation has blessed.
Unfortunately this task is also not easy, because the packets don't necessarily carry labels that say 'I am a voice packet' or 'I am a background data task' to help the router decide. This is especially true for voice and video because their protocols use ephemeral ports, UDP ports that are assigned dynamically when the voice call starts. These ports may be used for voice during this minute and for some data task during another minute, making it difficult to determine how to classify them.
So a compromise must be struck. There are various mechinisms available today to allow the endpoint to be verified by the network. If the network can determine that the device on a specific IP address really is an IP-phone from the vendor of choice, then the router can trust the markings that phone provides. With this compromise the network protects itself from inappropriate use, and the endpoint gets to determine which of its own packets are high priority and which only need best effort support.
There are proprietary protocols like Cisco Skinny, and standards like IEEE 802.1x that support authentication of an endpoint to verify it can be trusted by the network. Small deployments, such as a limited room-based or telepresence video environment can just use static IP addresses for the trusted endpoint devices. Larger deployments need the automation provided by the authentication protocols. Figure out the right strategy for your enterprise to ensure priority is given, but only to those packets that really need it to support their applications.
