06-22-2010 01:50 AM
I have Juniper M10i running 8.5R3.4 & i am trying to mark DSCP by matching DSCP value X and then marking it to value Y.. But i am not getting any option of dscp in 'then' of firewall options.
Documentation available on juniper website shows that dscp option is available in 'then' . Can someone suggest why my router is not showing this option???
The options i m getting are following;
router-1# set firewall filter testing term 1 then ?
accept Accept the packet
+ apply-groups Groups from which to inherit configuration data
+ apply-groups-except Don't inherit configuration data from these groups
count Count the packet in the named counter
> discard Discard the packet
forwarding-class Classify packet to forwarding class
ipsec-sa Use specified IPSec security association
load-balance Use specified load balancing group
log Log the packet
> logical-router Packets are directed to specified logical router
loss-priority Packet's loss priority
next Continue to next term in a filter
next-hop-group Use specified next-hop group
policer Name of policer to use to rate-limit traffic
port-mirror Port-mirror the packet
prefix-action Police or count packets using named prefix action
> reject Reject the packet
routing-instance Packets are directed to specified routing instance
sample Sample the packet
syslog System log (syslog) information about the packet
> three-color-policer Police the packet using a three-color-policer
06-22-2010 02:28 AM
"then dscp" is available in FW filters since JUNOS 10.0 for packets generated by Routing Engine
Please ask Your Juniper account team about Juniper Professional Services offerings.
Juniper PS can design, test & build the network/part of the network as per Your requirements
Accept as Solution = cool !
Accept as Solution+Kudo = You are a Star !
06-30-2010 06:30 AM
If I'm understanding your question correctly, you are trying to change the DSCP marking for transit traffic. This is actually a two step process.
First, you must place the packet in the forwarding class (in ingress) that has the DSCP marking you want the final packet to have.
Your then action:
then forwarding-class <blah>
Second, you need to have rewrite rules to change the DSCP value of the packets egressing the M10i.
Note: By default, M-series do not change the DSCP/IP Prec values for transit traffic - you need rewrite rules. Additionally, IP Prec is the default for the classifier - you need to specifiy DSCP.
I'm attching an old dipiction of QOS operation in M-series, but it is still relevent and my favorite