Junos
Reply
Contributor
asad747
Posts: 19
Registered: ‎07-21-2009
0

marking DSCP not working

Dear friends,

 

I have Juniper M10i running 8.5R3.4 & i am trying to mark DSCP by matching DSCP value X  and then marking it to value Y.. But i am not getting any option of dscp in 'then' of firewall options.

 

http://www.juniper.net/techpubs/software/junos/junos85/swconfig85-policy/id-10871215.html#jN1CC64

 

 

 

Documentation available on juniper website shows that dscp option is available in 'then' . Can someone suggest why my router is not showing this option???

 

 



The options i m getting are following;
router-1# set firewall filter testing term 1 then ?
Possible completions:
  accept               Accept the packet
+ apply-groups         Groups from which to inherit configuration data
+ apply-groups-except  Don't inherit configuration data from these groups
  count                Count the packet in the named counter
> discard              Discard the packet
  forwarding-class     Classify packet to forwarding class
  ipsec-sa             Use specified IPSec security association
  load-balance         Use specified load balancing group
  log                  Log the packet
> logical-router       Packets are directed to specified logical router
  loss-priority        Packet's loss priority
  next                 Continue to next term in a filter
  next-hop-group       Use specified next-hop group
  policer              Name of policer to use to rate-limit traffic
  port-mirror          Port-mirror the packet
  prefix-action        Police or count packets using named prefix action
> reject               Reject the packet
  routing-instance     Packets are directed to specified routing instance
  sample               Sample the packet
  syslog               System log (syslog) information about the packet
> three-color-policer  Police the packet using a three-color-policer
[edit]



Regards,
Asad

 

Distinguished Expert
aarseniev
Posts: 1,631
Registered: ‎08-21-2009
0

Re: marking DSCP not working

Hello,

 

"then dscp" is available in FW filters since JUNOS 10.0 for packets generated by Routing Engine

http://www.juniper.net/techpubs/en_US/junos10.0/information-products/topic-collections/release-notes...

 

HTH

Regards

Alex

___________________________________
Accept as Solution = cool !
Accept as Solution+Kudo = You are a Star !
Super Contributor
jwparks
Posts: 157
Registered: ‎04-20-2009
0

Re: marking DSCP not working

If I'm understanding your question correctly, you are trying to change the DSCP marking for transit traffic.  This is actually a two step process.

 

First, you must place the packet in the forwarding class (in ingress) that has the DSCP marking you want the final packet to have.

Your then action:

 

then forwarding-class <blah>

 

Second, you need to have rewrite rules to change the DSCP value of the packets egressing the M10i.

 

http://www.juniper.net/techpubs/en_US/junos10.0/information-products/topic-collections/config-guide-...

 

Note:  By default, M-series do not change the DSCP/IP Prec values for transit traffic - you need rewrite rules.  Additionally, IP Prec is the default for the classifier - you need to specifiy DSCP. 

 

I'm attching an old dipiction of QOS operation in M-series, but it is still relevent and my favorite :smileyhappy:

Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.