[j-nsp] Assigning Forwarding Class and DSCP Value for Routing Engine-Generated Traffic

david.roy at orange.com david.roy at orange.com
Wed Oct 10 08:25:25 EDT 2012


Hi 

I do Not use that. Why you do not using host-outbound-traffic feature ? http://www.juniper.net/techpubs/en_US/junos10.0/information-products/topic-collections/config-guide-cos/changing-fc-dscp.html#changing-fc-dscp 

David   


 
David Roy 
IP/MPLS Support engineer - Orange France
Ph. +33 2 99 87 64 72 - Mob. +33 6 85 52 22 13
david.roy at orange.com
 
JNCIE-M&T/SP #703 - JNCIE-ENT #305 - JNCIP-SEC

-----Message d'origine-----
De : juniper-nsp-bounces at puck.nether.net [mailto:juniper-nsp-bounces at puck.nether.net] De la part de Huan Pham
Envoyé : mercredi 10 octobre 2012 14:18
À : juniper-nsp at puck.nether.net
Objet : [j-nsp] Assigning Forwarding Class and DSCP Value for Routing Engine-Generated Traffic

Hi all,


There seems to be a bug with this feature.

http://www.juniper.net/techpubs/en_US/junos10.0/information-products/topic-collections/config-guide-cos/cos-assigning-fc-dscp-to-re-pkts.html

Once I apply the Firewall Filter with QoS term on loopback interface, it does not seem to change the default behaviour.

I tried  host-outbound-traffic  feature, which assign a forwarding class, and I can set DSCP for all traffic generated by RE, which works as it says, but I want a finer control.


Here's the config I have:




[edit firewall family inet]

lab at MX5# show

filter RE-Protection-And-CoS {

    term OSPF {

        from {

            protocol ospf;

        }

        then {

            forwarding-class Network-Control;

            dscp cs7;

        }

    }

    term TELNET {

        from {

            protocol tcp;

            port telnet;

        }

        /* Demonstration purpose - Put on another queue */

        then {

            forwarding-class Gold;

            dscp cs3;

        }

    }

    /* Keep default behaviour */

    term OTHERS {

        then accept;

    }

}



[edit interfaces lo0]

lab at MX5# show

unit 0 {

    family inet {

        filter {

            output RE-Protection-And-CoS;

        }

    }

}



/* Forwarding class definition, etc are not shown */



lab at MX5# commit



*This does not seem to do anything. CoS marking is the same as the default
behaviour.*



lab at MX5> monitor traffic interface ge-1/0/0 no-resolve detail



*OSPF*


11:18:53.217416  In IP (*tos 0xc0*, ttl   1, id 55089, offset 0, flags
[none], proto: OSPF (89), length: 80) 10.1.1.2 > 224.0.0.5: OSPFv2, Hello, length 60 [len 48]

        Router-ID 10.1.1.2, Backbone Area, Authentication Type: none (0)

        Options [External, LLS]

          Hello Timer 10s, Dead Timer 40s, Mask 255.255.255.0, Priority 128

          Designated Router 10.1.1.1, Backup Designated Router 10.1.1.2

          Neighbor List:

            10.1.1.1

          LLS: checksum: 0xfff6, length: 3

            Extended Options (1), length: 4

              Options: 0x00000001 [LSDB resync]

11:18:53.968184 Out IP (*tos 0xc0*, ttl   1, id 55102, offset 0, flags
[none], proto: OSPF (89), length: 80) 10.1.1.1 > 224.0.0.5: OSPFv2, Hello, length 60 [len 48]

        Router-ID 10.1.1.1, Backbone Area, Authentication Type: none (0)

        Options [External, LLS]

          Hello Timer 10s, Dead Timer 40s, Mask 255.255.255.0, Priority 128

          Designated Router 10.1.1.1, Backup Designated Router 10.1.1.2

          Neighbor List:

            10.1.1.2

          LLS: checksum: 0xfff6, length: 3

            Extended Options (1), length: 4

              Options: 0x00000001 [LSDB resync]



*PING*


11:21:39.110220 Out IP (*tos 0x0*, ttl  64, id 57119, offset 0, flags [none], proto: ICMP (1), length: 84) 10.1.1.1 > 10.1.1.2: ICMP echo request, id 19937, seq 0, length 64

11:21:39.110684  In IP (*tos 0x0*, ttl  64, id 57122, offset 0, flags [none], proto: ICMP (1), length: 84) 10.1.1.2 > 10.1.1.1: ICMP echo reply, id 19937, seq 0, length 64



*TELNET*



11:41:10.988010  In IP (tos 0x10, ttl  64, id 8376, offset 0, flags [DF],
proto: TCP (6), length: 54) 10.1.1.2.61468 > 10.1.1.1.telnet: P
3181355086:3181355088(2) ack 436609309 win 33304 <nop,nop,timestamp
976623188 976594278>

11:41:10.988944 Out IP (tos 0x10, ttl  64, id 8379, offset 0, flags [DF],
proto: TCP (6), length: 56) 10.1.1.1.telnet > 10.1.1.2.61468: P 1:5(4) ack
2 win 33304 <nop,nop,timestamp 976623190 976623188>

11:41:11.067600  In IP (tos 0x10, ttl  64, id 8383, offset 0, flags [DF],
proto: TCP (6), length: 54) 10.1.1.2.61468 > 10.1.1.1.telnet: P 2:4(2) ack
5 win 33304 <nop,nop,timestamp 976623268 976623190>

11:41:11.067635 Out IP (tos 0x10, ttl  64, id 8386, offset 0, flags [DF],
proto: TCP (6), length: 63) 10.1.1.1.telnet > 10.1.1.2.61468: P 5:16(11) ack 4 win 33303 <nop,nop,timestamp 976623268 976623268>




*This behaviour is not what I expected. Does anyone experience the same issue, please?* _______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp

_________________________________________________________________________________________________________________________

Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
France Telecom - Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.

This message and its attachments may contain confidential or privileged information that may be protected by law;
they should not be distributed, used or copied without authorisation.
If you have received this email in error, please notify the sender and delete this message and its attachments.
As emails may be altered, France Telecom - Orange is not liable for messages that have been modified, changed or falsified.
Thank you.




More information about the juniper-nsp mailing list