[j-nsp] Assigning IP PREC-6 for HTTP traffic of ae0.2 interface

medrees medrees at isu.net.sa
Mon Apr 18 04:34:45 EDT 2011 

Dear All

    Thanks a lot for your valuable information.

BR,
Mohamed Edrees

-----Original Message-----
From: Mark Tinka [mailto:mtinka at globaltransit.net] 
Sent: Monday, April 18, 2011 6:37 AM
To: juniper-nsp at puck.nether.net
Cc: Chris Evans; medrees
Subject: Re: [j-nsp] Assigning IP PREC-6 for HTTP traffic of ae0.2 interface

On Sunday, April 17, 2011 09:59:25 PM Chris Evans wrote:

> On most juniper platforms you cannot mark on ingress. 
> You have to do the whole convaluded process of setting up forwarding 
> classes and doing remark policies.
> 
> You have to apply these remark filters on all exit points of the box 
> to get traffic marked.  IMHO this is an awful implementation and I've 
> asked for this to be changes but they don't listen. All other vendors 
> all ingress remarking...

Yes, this is most annoying on Juniper platforms. It's terrible when we have
a P/PE node on a ring that needs to handle the PE-side of the traffic in one
way, and the P-side of the traffic in another. Doing remarking on egress is
such a pain, and this is the one area where Juniper continue to disappoint
us. I wonder who thought that was a great architecture, more so after all
the experience Juniper have gained in customer deployments.

Having said that, there is some hope:

1. The MX-series supports ingress DSCP marking/remarking via
   firewall filters. This works well, and we're quite happy
   with it. Both v4 and v6 are supported (v4 uses the 'dscp'
   command while v6 uses the 'traffic-class' command). The
   only problem with this (which is a huge issue for us)
   is that you can't mark the packets with an EXP value on
   ingress. So that means it will end up using the wrong
   queues as the default classifiers for DSCP and EXP differ
   in the 3 most significant bits. You could use a custom
   classifier, but we don't like these because they don't
   scale as well as the defaults for our QoS strategy.
   However, you're in luck if your MPLS network is based on
   RSVP - you can specify the 'class-of-service' command at
   the LSP and basically rewrite the EXP value that is using
   that LSP.

2. Before you jump on your DPC's, the above is only possible
   on the MPC's. DPC's don't support ingress marking via a
   firewall filter as above. I think you can still use the
   'class-of-service' feature on LSP's, but we haven't used
   it on non-MX chassis'. This is very frustrating because
   after spending tons of cash on the E-Q-R DPC's (which are
   meant to be the most advanced of their time), something
   as basic as this isn't supported!

3. There is a very nice feature in Junos called ToS
   Translation Tables. It basically performs rewrites on
   ingress for v4 and v6 packets, supporting IPP, DSCP and
   EXP. It's really, really cool. We love it! Unfortunately,
   it's only supported on the IQ/IQE and IQ2/IQ2E PIC's -
   which means not on the MX (Huh, what?!? This shiny new
   Trio chipset thingy is that useless for all that cash and
   hoo-hah?!?). We use it extensively on our M320's/T320's
   and it works like a dream. I wish Juniper could implement
   this on the MX. Details here:

http://www.juniper.net/techpubs/en_US/junos9.5/information-
products/topic-collections/config-guide-cos/cos-configuring-
tos-translation-tables.html

That's basically where Juniper are re: ingress marking/remarking.

Hope this helps.

Cheers,

Mark.

More information about the juniper-nsp mailing list