[j-nsp] CoS Marking/Rewrite Theory

Sat Oct 4 03:57:40 EDT 2008

Chris,
I believe that in Cisco world the Layer-2 CoS header information can be 
modified only on egress, see
http://www.cisco.com/en/US/docs/ios/12_1t/12_1t5/feature/guide/cbpmark2.html#wp1058304
"A CoS value marking can only be applied to output traffic policies (which 
are attached using the service-policy output command). "

In Juniper world the equivalent is "rewrite-rule". It can be defined 
selectively to a combination of "forwarding-class"+"loss-priority".
The "forwarding-class"/FC (for the purposes of this discussion) is roughly 
equivalent to the Cisco "qos-group" and "loss-priority"/LP - to the Cisco 
"discard-class".
The number of supported FC differs between Juniper platforms and currently 
stands at 16 (on T-series). With 2 LP, it gives you maximum 32 combinations 
to apply the rewrite-rules to.
Now back to your router example. The default behaviour is to preserve the 
TOS byte. To selectively remark previously unmarked (let's assume TOS==0x00 
here) packets to DSCP46, define a FW filter which classifies TOS==0x00 
packets into FC=="EF" and LP=="low". You also need to classify DSCP43, for 
instance, into FC=="ef"+LP="high" : you can do it in the same FW filter or 
you can do it with custom BA classifier. Then, define a DSCP rewrite-rule 
which rewrites FC=="ef"+LP="low" to DSCP46 and FC=="ef"+LP=="high" to 
DSCP43.
Finally, attach your FW filter and custom BA classifier to the ingress 
interface(s) and rewrite-rule to the egress interface(s).
Rgds
Alex

----- Original Message ----- 
From: "Chris Evans" <chrisccnpspam at gmail.com>
To: <juniper-nsp at puck.nether.net>
Sent: Saturday, October 04, 2008 3:45 AM
Subject: [j-nsp] CoS Marking/Rewrite Theory

> First of all please forgive me if I cause confusion on this and let me 
> know
> if I can clarify things more..
>
> I come from a Cisco world and am learning JUNOS. I have a question in
> regards to CoS markings on packets. In Cisco devices I can modify Layer2 
> or
> Layer3 CoS header information INGRESS an interface. From my reading in
> Juniper Devices you can only write that information EGRESS an interface 
> and
> it comes from the 'rewrite-map'.
>
> With Juniper devices you apply an input firewall filter that matches the
> traffic and then you define it to a forwarding class. Traffic is then
> forwarded through the device and once it reaches its egress interface 
> using
> the rewrite-map it marks the packet CoS information based on the
> forwarding-class the packet was defined to. Also as we know, if filters
> aren't applied to force traffic forwarding classification the 'classifier'
> map is used to correlate the CoS markings to forwarding classes by 
> default.
> We also know that if a rewrite-map isn't defined the traffic passes out 
> and
> interface unmodified.
>
>
> Here's my question. Say I have a router with 3 interfaces, 2 interfaces 
> are
> input and 1 output. Interface #1 and #2 are input and #3 would be output. 
> On
> interface #1 I want to mark the traffic as its currently unmarked and I 
> want
> it marked to DSCP EF(46). I have to apply the firewall filter and define
> this traffic into the expedited forwarding class. To make traffic egress 
> of
> the router have this marking I have to also apply the dscp rewrite-map on
> interface #3. On interface #2 the traffic is already marked to DSCP43. As 
> I
> do not have a firewall filter applied, the default classifer map kicks in
> and maps the DSCP 43 traffic to expedited forwarding class as well. Once
> this traffic exits the router out of interface #3, the rewrite map that 
> had
> to be defined for interface #1 will rewrite this traffic to DSCP 46,
> overwriting my original markets. Now I cannot differentiate the traffic
> further on in the network.
>
>
> I see this is as a big limitation. Are there workarounds that I'm missing?
>
>
> Thanks
>
> BuckWeet
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp 