Hi John,
You shouldn't need to go to the trouble of (re)marking your Corp and Guest traffic with DSCP - Junos CoS configuration will allow you to just place all traffic from a particular interface into a forwarding-class, then handle the scheduling/queuing appropriately.
Create yourself a firewall filter like so:
family inet {
filter CORP-TRAFFIC {
term ALL-TRAFFIC {
then forwarding-class CORP-TRAFFIC;
}
}
}
then apply it on the inbound direction to ge-0/0/4:
ge-0/0/4 {
unit 0 {
family inet {
filter {
input CORP-TRAFFIC;
}
address 10.1.1.1/24;
}
}
}
Do the same for the guest traffic and then it's just a matter of configuring your Class of Service settings for the ISP B interface to actually use with appropriate schedulers. Make sure you shape your ISP-B interface to the actual speed you're being delivered, otherwise the percentage will be of the detected link speed (eg: 1G or 100Mbps):
forwarding-classes {
queue 4 GUEST-TRAFFIC;
queue 5 CORP-TRAFFIC;
}
interfaces {
ge-0/0/1 {
unit 0 {
scheduler-map ISP-B-SCHEDULER;
shaping-rate 10m;
}
}
}
scheduler-maps {
ISP-B-SCHEDULER {
forwarding-class GUEST-TRAFFIC scheduler GUEST-SCHEDULER;
forwarding-class CORP-TRAFFIC scheduler CORP-SCHEDULER;
}
}
schedulers {
CORP-SCHEDULER {
transmit-rate percent 75;
buffer-size percent 50;
priority high;
}
GUEST-SCHEDULER {
transmit-rate {
remainder;
}
buffer-size {
remainder;
}
priority low;
}
}
Dealing with the inbound flow (probably the bigger issue here since it is Internet traffic) will be a bit harder though. You would expect your firewall filter would need to match on destination addresses (maybe your entire Guest range for GUEST-TRAFFIC, then assume everything else is CORP-TRAFFIC) but because they apply before any security flow, the destination address will be the outside NAT interface when it hits the firewall filter.
Nothing super-obvious springs to mind on how to get around this, but I'll let you know ; )