DSCP rewrite on an SRX without IDP

04.27.10   |  
‎04-27-2010 09:39 AM

I am looking for a complete example of rewriting DSCP values on traffic in JUNOS without IDP enabled... It appears ScreenOS had several ways to do this but JUNOS only has IDP rules (easy + $$$) or building a complete set of firewall filters, queues, schedulers, scheduler maps and rewrite rules if I am correct?


My SRX is acting as a default gateway between my location LAN and my MPLS WAN.. The MPLS is already configured to shape traffic based on DSCP classification / queues. I would like to keep the SRX configuration as simple as possible, just to classify the traffic before it is sent to the MPLS.


I don't trust the existing classification of traffic on the LAN so I want to classify it my self. Without IDP it appears I need to use a multi-filed filter rule for this, direct the traffic into a queue, with priority, then rewrite the output of the queues traffic with a DSCP value. Is this correct? Or am I missing a simpler method?


If I am correct could someone provide a simple example of the complete minimum configuration statements to link everything? I am confused by some of the documentation that states that the default queues are not linked to schedulers.. Also there seems to be bandwidth shaping examples that act on schedulers and others that are policies linked to filters..