[c-nsp] 7600s, DSCP, ASICs, Bollocks

[Lukas Tribus]

Hi James,



> Hi All,
>
> I have a TAC case open for this but it's not going anywhere. We have
> two remote 7606 chassis with a 10G link between them, we have two
> separate 10G transit feeds, one landing on each chassis and then
> downstream customers hanging off the chassis.
>
> R1 --10G-- R2
>
> The problem is that for love nor money, I can't stop DSCP markings
> coming in from the Internet on these remote PEs. Output from "show
> modules", LAN line cards here and no DFCs so fairly pony:
>
> Mod Ports Card Type Model
> --- ----- -------------------------------------- -----------------
> 1 48 CEF720 48 port 10/100/1000mb Ethernet WS-X6748-GE-TX
> 2 48 CEF720 48 port 1000mb SFP WS-X6748-SFP
> 3 48 CEF720 48 port 10/100/1000mb Ethernet WS-X6748-GE-TX
> 4 4 CEF720 4 port 10-Gigabit Ethernet WS-X6704-10GE
> 5 5 Route Switch Processor 720 10GE (Activ RSP720-3CXL-10GE
>
> On R1 Transit is via port Te4/3, Te4/1 is the link to R2 where my main
> testing customer is connected. Since these 7600s had some existing QoS
> configured via MQC so I simply added a policy-map (so there was no mls
> trust statement and mls QoS is enabled globally);

I don't think this is a supported configuration.

Also, DFC vs PFC switching is not supposed to cause any differences
from a feature perspective (PFC is supposed to clone the
configuration, including QoS settings as-is to any DFCs).



> I have removed the policy-map and since the port has no “mls qos trust
> xxx” statement it should by default remove all incoming DSCP markings
> (re-write to 0) however the customer is STILL seeing marked traffic
> from the Internet and I can still see it via ELAM and local SPAN to a
> Linux box in the PoP.

I think you have to enable mls qos globally, otherwise it will not do anything at all.

Be careful that you don't overload a specific queue when enabling mls qos.
Check the list for further informations.



Regards,

Lukas