Overview of traffic prioritization

When communication between the branch office and the main office varies in importance, packets can be differentiated based on their priority and accorded preferential use of the limited bandwidth accordingly. Forefront TMG supports the bandwidth control that is managed by corporate routers by providing packet prioritization using the differentiated services (DiffServ) protocol. The DiffServ protocol provides a framework that enables deployment of scalable service discrimination over the Internet. DiffServ uses a tab in the IP header of each packet to label its priority.

This document describes how Forefront TMG supports packet prioritization using DiffServ.

For information about DiffServ, see "Definition of the Differentiated Services Field (DS Field) in the IPv4 and IPv6 Headers" at the ietf.org Web site.


  • Packet prioritization using DiffServ works in networks whose routers support Quality of Service (QoS) functionality.
  • DiffServ does not provide per-user bandwidth control.

Packet prioritization is a global Hypertext Transfer Protocol (HTTP) policy setting. It applies to all browser traffic that passes through Forefront TMG, rather than to traffic handled by a specific rule. The packet prioritization functionality is provided by the DiffServ Web filter, which scans the URL or domain and assigns the packet priority using DiffServ bits. You can create priorities in Forefront TMG whose DiffServ bits match those of the priorities on your corporate routers, thereby enabling the corporate routers to transmit the packets according to their priority.

This filter has a high priority and is high in the ordered list of Web filters. This is because this filter has to be aware of the size of the request or response that is actually being sent, and therefore it has to inspect the data at the point that it is sent or received by Forefront TMG.

Do not change the default priority and order settings of this filter.
Forefront TMG does not add DiffServ bits to traffic on protocols other than HTTP or Secure HTTP (HTTPS). Forefront TMG may not transmit existing DiffServ bits for traffic on other protocols. (That information may be removed from the packets.)
After you enable DiffServ, you configure the URLs and domains that will be subject to prioritization. You can configure packet prioritization for specific URLs or domains. When Forefront TMG forwards requests for URLs or domains to a router that supports QoS, it also forwards the DiffServ value that you specify for the priority assigned to the specific URL or domain. For instructions, see Forefront TMG Help.