SRX Services Gateway
Highlighted
SRX Services Gateway

DSCP is being reset to 0

‎05-26-2011 08:48 AM

It appears that DSCP marking is being reset to 0 when it passes through my SRX650.. I have not eplicetly set an IDP policy to do this, nor have I added any firewall filters.

 

Is this normal default behaviour? or is something possibly set some where that would force a rewrite?

3 REPLIES 3
Highlighted
SRX Services Gateway

Re: DSCP is being reset to 0

‎05-26-2011 12:17 PM

1. DSCP is affected if traffic traverses VPN, ip fragmentation (except first packet) and if some QoS rewriting rules are defined ...

 

2. whereas, normal routing and policy lookups, l2 encapsulations (ATM, Frame Relay, SDH/SONET) never disturbs the QoS parameters ...

 

so please check whether you are facing any scenario in option-1, or post your config

 

regars

Hafiz Muhammad Farooq
JNCIE-SEC, JNCIP-SEC, JNCIS-SEC, JNCIS-FWV
JNCIS-SP, JNCIS-SA, JNCIA-JUNOS
IBM Qradar Deployment Professional

[Please mark it as Accepted Solution if it works, Kudos if you like]

Highlighted
SRX Services Gateway

Re: DSCP is being reset to 0

‎05-26-2011 12:23 PM

There is no VPN this is traffic moving from a physical trust interface to a wan zone interface.

 

I do not have any explicit firewall filter or rewrite rules defined.

 

I was looking at rewriting some traffic using IDP, however that rule is very specific and so is the firewall policy it is attached to.

 

I suppose fragmentation could be possible if there is something wrong somwhere interneally but that is the only listed case I can think of.

Highlighted
SRX Services Gateway

Re: DSCP is being reset to 0

‎06-07-2011 12:00 PM

Turned out to be a missconfigured switch, not the SRX.

Feedback