[j-nsp] Setting forwarding-class in firewall filter, non-match behaviour

Brad Fleming bdflemin at gmail.com
Mon Jun 21 09:54:34 EDT 2010


> I
>> would use a rewrite rule to modify DSCP on egress, so
>> that its consistent across platforms.
>
> I still prefer the IOS way, where TOS byte values are re-
> written on ingress (I believe we began a small petition for
> this capability a year or more back, but it didn't gain any
> traction). However, it works just as well in JUNOS, just on
> egress.

I actually prefer the Junos method for at least some scenarios.

In my case, we connect to several other QoS-aware networks that all  
use different values for different things (ie: AF41 = EF = AF42 = AF21  
= me going crazy). Using Junos's method its very simple to do a  
different rewrite map on the egress interface toward the other  
networks. So there's basically a single piece of configuration to make  
everything function.. and a single place that things could get broken.

However, I would agree that for smaller sites (ie: J-series, SRX, etc)  
the ingress method is much easier. Having a FULL CoS stanza just to  
mark some traffic EF is kind of annoying. And I can see the arguments  
for ingress methods in other networks as well.

Of course this is just my opinion and I certainly don't run a huge  
network like some of you guys!


More information about the juniper-nsp mailing list