SRX Services Gateway
Highlighted
SRX Services Gateway

Control Plane Traffic PIM DSCP can not be modified

‎10-15-2017 08:42 PM

Hi everyone.

 

Please consider the folowing example:

 

SRX1--F0/0/3 -35.35.35.1----->Network

 

Both NTP and PIM traffic egresses fe0/0/3

Please ignore nay typo in the command as I typed these commands not copy and paste from the device.

All NTP and PIM must be marked with DSCP 38,  and placed in NETWORK CONTROL CLASS  on  eggress fe-0/0/3.

NTP set up:

set system ntp server 35.35.35.3

set protocol pim interface fe-0/0/3.0 mode dense

set firewall family inet filter NTP term NTP from protocol udp

set firewall family inet filter NTP term NTP from port 123

set firewall family inet filter NTP term NTP then forwarding-class NETWORK

set firewall family inet filter  NTP term NTP then accept

set firewall famiy inet filter NTP term ALL-ELSE then accept

set interface lo0.0 family inet filter output NTP

 

Forwarding class--NETWORK--Q7

Classifier TOM

DSCP 111000<--> Forwarding class  NETWORK

Rewrite rule  TOM NETWORK CLASS--> DSCPX38

interface fe-0/0/3 .0 rewrite rule TOM

 

I can see NTP DSCP is modified in capture and also NTP traffic  queued in right Network Class Queue  on fe-0/0/3

But when I do the same thing for PIM , the default value are not changed.

 

For example:

set firewall family inet filter PIM term PIM from protocol pim

set firewall family inet filter PIM term NTP then forwarding-class NETWORK

set firewall family inet filter  PIM  term NTP then accept

set firewall famiy inet filter PIM  term ALL-ELSE then accept

set interface lo0.0 family inet filter output PIM

When I look at capture, I do not see DSCP modified to x38 , it uses default x30.

I also tried Outbound filter on fe0/0/3 to send traffic PIM into NETWORK class, but it did not work. 

 

Is there some bug associated with this? because I can not understand ntp  traffic DSCP modified as desired but same can not be done for PIM.

 

 

Thanks

 

 

 

 

 

 

 

3 REPLIES 3
Highlighted
SRX Services Gateway
Solution
Accepted by topic author sarahr202
‎10-17-2017 03:20 PM

Re: Control Plane Traffic PIM DSCP can not be modified

[ Edited ]
‎10-16-2017 12:02 AM

Can you try set dscp in the firewall filter together with forwarding-class?

 

then dscp 38

 

Regards, Wojtek

Highlighted
SRX Services Gateway

Re: Control Plane Traffic PIM DSCP can not be modified

‎10-16-2017 06:47 AM

Good Morning !!

 

We can not use firewall filter to SET dscp value on SRX , we can only dircet traffic to a FORWARDING CLASS and use REWRITE rule on that FORWARDING class to encode desired DSCP which I am alreday doing it.

 

Thanks and have a nice day!!

Highlighted
SRX Services Gateway

Re: Control Plane Traffic PIM DSCP can not be modified

‎10-18-2017 04:03 AM

Did it work? I heve checked and confirmed that SRX doesn't support setting DSCP under firewall filter.
I'm a bit confused because you have accepted it as a solution.

 

Regards, Wojtek

Feedback