[j-nsp] (Again) Rewriting IP precedence

Rafal Szarecki (WA/EPO) rafal.szarecki at ericsson.com
Tue Jan 10 09:25:10 EST 2006 

Be caryfull, I'm not sure if  "mpls-inet-both" do not breake non-ip
payload if they exist on given interface....
(L2 VPN frames)

> -----Original Message-----
> From: juniper-nsp-bounces at puck.nether.net 
> [mailto:juniper-nsp-bounces at puck.nether.net] On Behalf Of 
> Lars Erik Gullerud
> Sent: Tuesday, January 10, 2006 3:04 PM
> To: Sorin CONSTANTINESCU
> Cc: juniper-nsp at puck.nether.net
> Subject: Re: [j-nsp] (Again) Rewriting IP precedence
> 
> On Tue, 10 Jan 2006, Sorin CONSTANTINESCU wrote:
> 
> [snip]
> > On the ingress interface (dot1q gigabit subinterface), i have a 
> > firewall filter that changes the default forwarding-class
> > (best-effort) to assured-forwarding with plp low.
> >
> > Under [class-of-service], i've defined a rewrite rule for 
> inet-precedence:
> >
> > === cut here ===
> > rewrite-rules {
> >    inet-precedence clear-inet-precedence {
> >        forwarding-class assured-forwarding {
> >            loss-priority low code-point 000;
> >        }
> >    }
> > }
> > === and here ===
> >
> > If i ping Host C from Host A, the precedence is correctly 
> rewriten to 
> > 000. If i ping Host B from Host A, the precedence is not cleared.
> >
> > The difference is that traffic from A to B is 
> label-switched, and from 
> > A to C is not.
> >
> > I've also configured a rewrite-rule to clear exp precedence 
> , but the 
> > precedence of the IPV4 packet inside is not cleared to 0x00.
> 
> You are halfway there - you need to set up the rewrite-rule 
> to clear exp precedence as you have done, but you need to 
> apply it to the interfaces using the correct "protocol" 
> statement so it will rewrite the payload and not just the 
> label's EXP. Apply it under "class-of-service interfaces" 
> using "protocol mpls-inet-both" or "mpls-inet-both-non-vpn" 
> (the latter if you only want to rewrite internet traffic, not 
> VPN/VRF traffic). Example shown below:
> 
> class-of-service {
>      interfaces {
>          ge-0/0/0 {
>              unit 0 {
>                  rewrite-rules {
>                      exp clear-both-precedence protocol 
> mpls-inet-both;
>                  }
>               }
>           }
>       }
> }
> 
> Note - for M-series platforms you will only be able to write 
> 000 codepoint to the payload, you need T-series or M320 if 
> you want to write a non-zero codepoint on the payload, if I'm 
> not mistaken.
> 
> See JunOS docs for more info:
> http://www.juniper.net/techpubs/software/junos/junos73/swconfi
> g73-interfaces/html/cos-summary71.html#1103506
> 
> HTH,
> /leg
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net 
> http://puck.nether.net/mailman/listinfo/juniper-nsp
>

More information about the juniper-nsp mailing list