Ethernet Switching
Ethernet Switching

DSCP trusted, untrusted and rewrites

‎12-22-2014 05:23 AM

Hi all,


I need assistance with CoS “trusted” and “untrusted” interfaces on my QFX5100.


  • On untrusted interfaces I need to map all DSCP values to the BE forwarding class. On egress the DSCP needs to be reset to zero.


  • On trusted interfaces I need to map traffic to EF/AF/BE forwarding-classes based on DSCP values. On egress the original DSCP values must be preserved.


My original plan was to configure two classifiers:


CLASSIFIER_TRUSTED – maps traffic to EF/AF/BE forwarding-classes based on DSCP values
CLASSIFIER_UNTRUSTED – maps all traffic to BE forwarding-class


On egress I would have a single rewrite rule to catch traffic in the BE forwarding-class and reset it to zero as it leaves the switch.


rewrite-rules {
dscp REWRITE {
forwarding-class BE {
loss-priority low code-point 000000;


Now the problem! I found the following in the config guide:


“When you assign a rewrite rule to a subset of forwarding classes, the commit does not fail, and the subset of forwarding classes works as expected. However, the forwarding classes to which the rewrite rule is not assigned are rewritten to all zeros”.


So now the switch is resetting everything to zero!


My next plan was to create rewrite rules for all DSCP values – effectivity to rewrite the original value so it is preserved through the switch. Unfortunately it seems rewite rules are attached to a forwarding-class + loss priority which leaves limited options (the QFX5100 only supports low, medium-high and high). There is no way to preserve all 64 possible DSCP values through the switch if you want to rewrite traffic in the BE forwarding class.


Is there a better way to reset untrusted traffic to DSCP zero while preserving DSCP values for trusted interfaces?


Many thanks

Ethernet Switching

Re: DSCP trusted, untrusted and rewrites

‎12-31-2014 12:09 AM
Hi all,

Can anyone help with this please?