[j-nsp] CoS Marking/Rewrite Theory - Update!
Mark Tinka
mtinka at globaltransit.net
Wed Sep 1 19:13:13 EDT 2010
On Thursday, September 02, 2010 06:44:23 am Michel de
Nostredame wrote:
> It looks like can only perform the TOS bit to TOS bit
> translation.
Not quite.
My understanding (I can't test this yet) - and from my
discussions with Juniper - is that the Translation tables
actually rewrite the ToS field based on a user-defined
value.
So yes, ingress remarking is supported by this.
> However the most useful function will need
> to leverage firewall filter to perform the "TOS bit
> marking" on the ingress.
This is actually supported, but has a number of limitations:
- the JUNOS firewall filters support then 'then
dscp' action, but it's only works on the Trio-
based line cards.
- if your router has DPC-based line cards, you'd
need to apply this to the Loopback interface,
which means traffic is switched in software (not
good - but haven't tried it to prove).
- at this time, it looks like JUNOS only supports
DSCP for IPv4 in the firewall filters; I don't see
support for DSCP for IPv6 or EXP bits.
- I know the M320 or larger supports remarking of
ingress traffic, but only to DSCP 0; I'm uncertain
whether newer code provides similar support for
additional bit values as in the case of the Trio-
based cards, or more importantly, which PIC's are
supported with this enhancement.
> It is very difficult to perform all those sophisticated
> marking on the egress interface
> by only leverage lame rewrite function.
I agree - egress-based remarking (which is the classical way
JUNOS has historically implemented this) is not terribly
flexible.
For cases where we've deployed boxes in a P/PE role, egress
remarking is a real pain when interfaces act as transit
links for both customer-sourced/destined and core traffic.
Ingress remarking is more elegant here, as the different
interfaces in a P/PE-based router are uniquely independent
from a QoS marking and classification perspective.
> For example, depends on PIC we have today, there are only
> 4~8 forwarding-class can be used.
16 forwarding-classes, but yes, still 8 queues (can be a bit
confusing for the uninitiated, since forwarding-classes and
queues can many times be referred to as the same thing).
> However, there are
> more TOS type we can mark onto a packet. By leveraging
> the policy statement together with egress firewall
> filters, we can control
> the bandwidth consumptions; if under some criteria (ex,
> exceed usage), we can "re-mark" this packet to another
> TOS (or drop it, or something else.)
A lot of use-cases for being able to able to remark traffic
as early as possible, i.e., on ingress.
> What I requested to my Juniper SE is to make ingress
> firewall filter able to "mark"
> each packet TOS bit on the "then" section.
See my comments as above.
Beyond that, it doesn't look like Juniper are going to be
doing much more than this, particularly because of the new
Translation tables feature. I hope I'm wrong.
My beef with Juniper on this is making the cards so
"weirdly" that features that appear basic in nature can
easily NOT be supported by the hardware when much-needed
enhancements appear in later code. It boggles my mind, but
could lend itself - in explanation - to the Services modules
(MS-PIC, AS-PIC, MS-DPC) concept.
Aaarggh, I dunno...
> For those J series software router, it should be easy to
> roll out these functions
> compares to those hardware based box (theoretically...)
Yes, theoretically - but then we still have to deal with all
the Flow mode nonsense and all that, just to get new
features. It's always something :-\.
But I digress...
Cheers,
Mark.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part.
URL: <https://puck.nether.net/pipermail/juniper-nsp/attachments/20100902/19b72377/attachment.bin>
More information about the juniper-nsp
mailing list