[j-nsp] WAN input prioritization on MX

[Mark Tinka]

On Monday, October 15, 2012 07:09:19 AM Huan Pham wrote:

> Hi Caillin,
> 
> I can see your points. You think that it is logical to
> mark traffic as it comes to the router, and leave it
> untouched, as it leaves your router. This is what I used
> to think of QoS (as I come from the Cisco world).
> However, I need to rethink when getting to know Juniper.
> 
> With Juniper way, you can still leave the trusted traffic
> untouched by "remarking" to the same EXP, or DSCP
> scheme, as traffic leave your router. I mean, we are not
> stuffed.
> 
> I do however see a good point in the Juniper way, which
> marks traffic as it LEAVES the router!
> 
> If you have a managed CE with one LAN connection
> (connected to customer LAN), and two WAN connections
> going to two carriers with 2 different CoS schemes. You
> do need to mark traffic differently to match the ISP
> ones, depending on which interface it take to exit your
> router (i.e. depending on routing).
> 
> If you do mark the traffic as it comes to your router,
> you are stuffed.
> 
> Surely, you can say that, you can still remark your
> "trusted" traffic as it leaves your router, but it is
> double marking (you have to do it twice), isn't it?

I have raised this issue before on this list, a couple of 
years back:

https://puck.nether.net/pipermail/juniper-nsp/2010-
September/017800.html

I don't mind that Juniper mark/re-mark on egress. I only 
mind that you don't get the same option for ingress.

Fair point, the MX MPC/MIC line cards allow you to mark/re-
mark in ingress using a firewall filter, but this does not 
support IPv6 or EXP. Moreover, after spending tons of cash 
on the DPC-E-Q-R line cards, not being able to support 
ingress marking/re-marking was a shocker!

The most elegant method, which I've mentioned a couple of 
times before on this list, is the ToS Translation Tables. 
This a really nice feature, and a clean way to discretely 
mark/re-mark IPv4, IPv6 and MPLS traffic as it enters the 
router. Unfortunately, this method is limited to IQ2 and 
IQ2E PIC's, which means only M- and T-series routers. It's a 
shame that Juniper could not make this consistent across 
platforms.

Cisco will let you mark on ingress and egress. Whether the 
Junos method is more efficient is beside the point. I'd like 
to have both options as well.

Caillin hit the nail on the head for me; in Metro-E networks 
where a router can serve as both a P and PE device 
simultaneously on a ring, it's very tricky when you're 
trying to mark/re-mark and pass traffic through the same 
router with different QoS values, and egress marking/re-
marking is your only option. This was a nightmare for us 
(particularly with some advanced products we were offering 
together with DCU + QoS that needed this to work perfectly), 
and after years of trying to find a reasonable solution with 
Juniper and JTAC on this, we just swapped the box out to an 
ASR9010 and were done with it.

Mark.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part.
URL: <https://puck.nether.net/pipermail/juniper-nsp/attachments/20130218/9591e176/attachment.sig>