[j-nsp] Assigning Forwarding Class and DSCP Value for Routing Engine–Generated Traffic
Huan Pham
drie.huanpham at gmail.com
Wed Oct 10 08:18:19 EDT 2012
Hi all,
There seems to be a bug with this feature.
http://www.juniper.net/techpubs/en_US/junos10.0/information-products/topic-collections/config-guide-cos/cos-assigning-fc-dscp-to-re-pkts.html
Once I apply the Firewall Filter with QoS term on loopback interface, it
does not seem to change the default behaviour.
I tried host-outbound-traffic feature, which assign a forwarding class,
and I can set DSCP for all traffic generated by RE, which works as it says,
but I want a finer control.
Here's the config I have:
[edit firewall family inet]
lab at MX5# show
filter RE-Protection-And-CoS {
term OSPF {
from {
protocol ospf;
}
then {
forwarding-class Network-Control;
dscp cs7;
}
}
term TELNET {
from {
protocol tcp;
port telnet;
}
/* Demonstration purpose - Put on another queue */
then {
forwarding-class Gold;
dscp cs3;
}
}
/* Keep default behaviour */
term OTHERS {
then accept;
}
}
[edit interfaces lo0]
lab at MX5# show
unit 0 {
family inet {
filter {
output RE-Protection-And-CoS;
}
}
}
/* Forwarding class definition, etc are not shown */
lab at MX5# commit
*This does not seem to do anything. CoS marking is the same as the default
behaviour.*
lab at MX5> monitor traffic interface ge-1/0/0 no-resolve detail
*OSPF*
11:18:53.217416 In IP (*tos 0xc0*, ttl 1, id 55089, offset 0, flags
[none], proto: OSPF (89), length: 80) 10.1.1.2 > 224.0.0.5: OSPFv2, Hello,
length 60 [len 48]
Router-ID 10.1.1.2, Backbone Area, Authentication Type: none (0)
Options [External, LLS]
Hello Timer 10s, Dead Timer 40s, Mask 255.255.255.0, Priority 128
Designated Router 10.1.1.1, Backup Designated Router 10.1.1.2
Neighbor List:
10.1.1.1
LLS: checksum: 0xfff6, length: 3
Extended Options (1), length: 4
Options: 0x00000001 [LSDB resync]
11:18:53.968184 Out IP (*tos 0xc0*, ttl 1, id 55102, offset 0, flags
[none], proto: OSPF (89), length: 80) 10.1.1.1 > 224.0.0.5: OSPFv2, Hello,
length 60 [len 48]
Router-ID 10.1.1.1, Backbone Area, Authentication Type: none (0)
Options [External, LLS]
Hello Timer 10s, Dead Timer 40s, Mask 255.255.255.0, Priority 128
Designated Router 10.1.1.1, Backup Designated Router 10.1.1.2
Neighbor List:
10.1.1.2
LLS: checksum: 0xfff6, length: 3
Extended Options (1), length: 4
Options: 0x00000001 [LSDB resync]
*PING*
11:21:39.110220 Out IP (*tos 0x0*, ttl 64, id 57119, offset 0, flags
[none], proto: ICMP (1), length: 84) 10.1.1.1 > 10.1.1.2: ICMP echo
request, id 19937, seq 0, length 64
11:21:39.110684 In IP (*tos 0x0*, ttl 64, id 57122, offset 0, flags
[none], proto: ICMP (1), length: 84) 10.1.1.2 > 10.1.1.1: ICMP echo reply,
id 19937, seq 0, length 64
*TELNET*
11:41:10.988010 In IP (tos 0x10, ttl 64, id 8376, offset 0, flags [DF],
proto: TCP (6), length: 54) 10.1.1.2.61468 > 10.1.1.1.telnet: P
3181355086:3181355088(2) ack 436609309 win 33304 <nop,nop,timestamp
976623188 976594278>
11:41:10.988944 Out IP (tos 0x10, ttl 64, id 8379, offset 0, flags [DF],
proto: TCP (6), length: 56) 10.1.1.1.telnet > 10.1.1.2.61468: P 1:5(4) ack
2 win 33304 <nop,nop,timestamp 976623190 976623188>
11:41:11.067600 In IP (tos 0x10, ttl 64, id 8383, offset 0, flags [DF],
proto: TCP (6), length: 54) 10.1.1.2.61468 > 10.1.1.1.telnet: P 2:4(2) ack
5 win 33304 <nop,nop,timestamp 976623268 976623190>
11:41:11.067635 Out IP (tos 0x10, ttl 64, id 8386, offset 0, flags [DF],
proto: TCP (6), length: 63) 10.1.1.1.telnet > 10.1.1.2.61468: P 5:16(11)
ack 4 win 33303 <nop,nop,timestamp 976623268 976623268>
*This behaviour is not what I expected. Does anyone experience the same
issue, please?*
More information about the juniper-nsp
mailing list