[j-nsp] CoS and ingress traffic with DSCP markings

John Neiberger jneiberger at gmail.com
Fri Jan 24 12:29:58 EST 2014 

On Thu, Jan 23, 2014 at 2:41 AM, Alexandre Snarskii <snar at snar.spb.ru> wrote:
> On Wed, Jan 22, 2014 at 09:20:36AM -0700, John Neiberger wrote:
>> I ran into an issue yesterday that confused me, which seems to be a
>> weekly occurrence lately regarding Juniper CoS.. We had an interface
>> that was receiving traffic marked as EF. The interface only had the
>> default CoS configuration. For some reason, the traffic was arriving
>> at the destination marked as CS0. After I applied the CoS group to the
>> interface, which included classifiers, the packets started arriving at
>> the destination as EF like they were supposed to be.
>>
>> I don't understand why a lack of CoS config would reset DSCP markings
>> for traffic that is already marked when it hits the router. Could it
>> be that since there were no ingress classifiers, the traffic was not
>> put into a forwarding class, so the rewrite rules on egress re-marked
>> it?
>
> When there are no explicit classifiers configured for interface, there
> are implicit "default ones" applied:
>
> snar at LAB.SPB> show class-of-service interface ge-1/0/0.13 detail
>   Logical interface: ge-1/0/0.13, Index: 336
> Object                  Name                   Type                    Index
> Classifier              ipprec-compatibility   ip                         13
>
> and yes, this classifier maps EF (DSCP 101110 = IPPREC 101) traffic
> to BE forwarding class:
>
> snar at LAB.SPB> show class-of-service classifier name ipprec-compatibility
> Classifier: ipprec-compatibility, Code point type: inet-precedence, Index: 13
>   Code point         Forwarding class                    Loss priority
>   000                best-effort                         low
>   001                best-effort                         high
>   010                best-effort                         low
>   011                best-effort                         high
>   100                best-effort                         low
>   101                best-effort                         high
>   110                network-control                     low
>   111                network-control                     high
>
> so rewrite-rule configured on outbound interface will rewrite dscp/ipprec
> to all-zeros (default for BE).

I have a follow-up to make sure I understand this. Let's say we have
egress rewrite rules that look purely at forwarding class. If we have
an ingress firewall filter on another interface that sets the
forwarding class correctly, that will override the default classifiers
on the ingress interface, right? I think it's starting to click. The
classifier applied in the class-of-service config is a Behavior
Aggregate classifer, but if we use a firewall filter for this purpose,
it's called a multifield classifier, right? As long as one or the
other is setting the forwarding class correctly, we're okay, but we
run into problems if ingress traffic has DSCP markings already but
doesn't match against a BA or MF classifier. In that case, the egress
rewrite rules will re-mark the traffic unexpectedly.

Do I finally have this straight in my head? lol

Thanks,
John

More information about the juniper-nsp mailing list