[j-nsp] Assigning IP PREC-6 for HTTP traffic of ae0.2 interface

[Mark Tinka]

On Sunday, April 17, 2011 09:59:25 PM Chris Evans wrote:

> On most juniper platforms you cannot mark on ingress. 
> You have to do the whole convaluded process of setting
> up forwarding classes and doing remark policies.
> 
> You have to apply these remark filters on all exit points
> of the box to get traffic marked.  IMHO this is an awful
> implementation and I've asked for this to be changes but
> they don't listen. All other vendors all ingress
> remarking...

Yes, this is most annoying on Juniper platforms. It's 
terrible when we have a P/PE node on a ring that needs to 
handle the PE-side of the traffic in one way, and the P-side 
of the traffic in another. Doing remarking on egress is such 
a pain, and this is the one area where Juniper continue to 
disappoint us. I wonder who thought that was a great 
architecture, more so after all the experience Juniper have 
gained in customer deployments.

Having said that, there is some hope:

1. The MX-series supports ingress DSCP marking/remarking via
   firewall filters. This works well, and we're quite happy
   with it. Both v4 and v6 are supported (v4 uses the 'dscp'
   command while v6 uses the 'traffic-class' command). The
   only problem with this (which is a huge issue for us)
   is that you can't mark the packets with an EXP value on
   ingress. So that means it will end up using the wrong
   queues as the default classifiers for DSCP and EXP differ
   in the 3 most significant bits. You could use a custom
   classifier, but we don't like these because they don't
   scale as well as the defaults for our QoS strategy.
   However, you're in luck if your MPLS network is based on
   RSVP - you can specify the 'class-of-service' command at
   the LSP and basically rewrite the EXP value that is using
   that LSP.

2. Before you jump on your DPC's, the above is only possible
   on the MPC's. DPC's don't support ingress marking via a
   firewall filter as above. I think you can still use the
   'class-of-service' feature on LSP's, but we haven't used
   it on non-MX chassis'. This is very frustrating because
   after spending tons of cash on the E-Q-R DPC's (which are
   meant to be the most advanced of their time), something
   as basic as this isn't supported!

3. There is a very nice feature in Junos called ToS
   Translation Tables. It basically performs rewrites on
   ingress for v4 and v6 packets, supporting IPP, DSCP and
   EXP. It's really, really cool. We love it! Unfortunately,
   it's only supported on the IQ/IQE and IQ2/IQ2E PIC's -
   which means not on the MX (Huh, what?!? This shiny new
   Trio chipset thingy is that useless for all that cash and
   hoo-hah?!?). We use it extensively on our M320's/T320's
   and it works like a dream. I wish Juniper could implement
   this on the MX. Details here:

http://www.juniper.net/techpubs/en_US/junos9.5/information-
products/topic-collections/config-guide-cos/cos-configuring-
tos-translation-tables.html

That's basically where Juniper are re: ingress 
marking/remarking.

Hope this helps.

Cheers,

Mark.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part.
URL: <https://puck.nether.net/pipermail/juniper-nsp/attachments/20110418/a3494a87/attachment.pgp>