SRX Services Gateway
SRX Services Gateway

GRE header and DSCP

10.11.17   |  
a week ago

Hi everyone,

 

Does SRX copy DSCP value from inner packet ( payload) into GRE imposed IP header when encapsulating it?  If not , how can we tell SRX to copy DSCP value from inner packet into GRE header imposed IP header?

 

 

 

Thanks and have a nice day!!

5 REPLIES
SRX Services Gateway

Re: GRE header and DSCP

10.11.17   |  
a week ago
I see below option, never tested though.

root@Router-2# set interfaces gr-0/0/0 unit 0 copy-tos-to-outer-ip-header ?
Possible completions:
<[Enter]> Execute this command
accounting-profile Accounting profile name
+ apply-groups Groups from which to inherit configuration data
+ apply-groups-except Don't inherit configuration data from these groups
> backup-options Backup interface configuration options
bandwidth Logical unit bandwidth (informational only)
clear-dont-fragment-bit Clear DF bit in packet (AS PIC and J-series only)
copy-tos-to-outer-ip-header Copy IP payload header's ToS field to GRE delivery header
description Text description of interface
disable Disable this logical interface
encapsulation Logical link-layer encapsulation
> family Protocol family
no-traps Don't enable SNMP notifications on state changes
point-to-point Point-to-point connection
> ppp-options Point-to-Point Protocol interface-specific options
> radio-router Parameters for dynamic link cost management
traps Enable SNMP notifications on state changes
> tunnel Tunnel parameters
| Pipe through a command
Thanks,
Suraj
Please Mark My Solution Accepted if it Helped, Kudos are Appreciated too
SRX Services Gateway

Re: GRE header and DSCP

10.12.17   |  
a week ago

So I tested this is what i see:

 

All Trannsit traffic , DSCP is copied from inner packet to GRE imposed IP header.  This command has no impact on transit traffic.

 

 

All traffic locally sourced and routed over GRE will only copy DSCP from  inner pcket to GRE imposed IP header if this command is configured so this command only impact locally generated traffic ( host traffic) which is routed over GRE.

 

https://www.juniper.net/documentation/en_US/junos/topics/concept/cos-tos-value-security-understandin...

 

Highlighted
SRX Services Gateway

Re: GRE header and DSCP

10.12.17   |  
a week ago
For transit GRE traffic, SRX cannot see whats inside the GRE packet. So this has to be done on GRE end points
Thanks,
Suraj
Please Mark My Solution Accepted if it Helped, Kudos are Appreciated too
SRX Services Gateway

Re: GRE header and DSCP

10.12.17   |  
a week ago

I do not see that, I see DSCP bits are copied for transit traffic by default.

 

 

 

 

SRX Services Gateway

Re: GRE header and DSCP

10.12.17   |  
a week ago

I understood you , in my example SRX is GRE end point  so it can see DSCP in inner packet when performing GRE encapsulation.