[j-nsp] (Again) Rewriting IP precedence
Lars Erik Gullerud
lerik at nolink.net
Tue Jan 10 09:03:46 EST 2006
On Tue, 10 Jan 2006, Sorin CONSTANTINESCU wrote:
[snip]
> On the ingress interface (dot1q gigabit subinterface), i have a
> firewall filter that changes the default forwarding-class
> (best-effort) to assured-forwarding with plp low.
>
> Under [class-of-service], i've defined a rewrite rule for inet-precedence:
>
> === cut here ===
> rewrite-rules {
> inet-precedence clear-inet-precedence {
> forwarding-class assured-forwarding {
> loss-priority low code-point 000;
> }
> }
> }
> === and here ===
>
> If i ping Host C from Host A, the precedence is correctly rewriten to
> 000. If i ping Host B from Host A, the precedence is not cleared.
>
> The difference is that traffic from A to B is label-switched, and from
> A to C is not.
>
> I've also configured a rewrite-rule to clear exp precedence , but the
> precedence of the IPV4 packet inside is not cleared to 0x00.
You are halfway there - you need to set up the rewrite-rule to clear exp
precedence as you have done, but you need to apply it to the interfaces
using the correct "protocol" statement so it will rewrite the payload and
not just the label's EXP. Apply it under "class-of-service
interfaces" using "protocol mpls-inet-both" or "mpls-inet-both-non-vpn"
(the latter if you only want to rewrite internet traffic, not VPN/VRF
traffic). Example shown below:
class-of-service {
interfaces {
ge-0/0/0 {
unit 0 {
rewrite-rules {
exp clear-both-precedence protocol mpls-inet-both;
}
}
}
}
}
Note - for M-series platforms you will only be able to write 000 codepoint
to the payload, you need T-series or M320 if you want to write a
non-zero codepoint on the payload, if I'm not mistaken.
See JunOS docs for more info:
http://www.juniper.net/techpubs/software/junos/junos73/swconfig73-interfaces/html/cos-summary71.html#1103506
HTH,
/leg
More information about the juniper-nsp
mailing list