Dear All Thanks a lot for your valuable information.
BR, Mohamed Edrees -----Original Message----- From: Mark Tinka [mailto:mti...@globaltransit.net] Sent: Monday, April 18, 2011 6:37 AM To: juniper-nsp@puck.nether.net Cc: Chris Evans; medrees Subject: Re: [j-nsp] Assigning IP PREC-6 for HTTP traffic of ae0.2 interface On Sunday, April 17, 2011 09:59:25 PM Chris Evans wrote: > On most juniper platforms you cannot mark on ingress. > You have to do the whole convaluded process of setting up forwarding > classes and doing remark policies. > > You have to apply these remark filters on all exit points of the box > to get traffic marked. IMHO this is an awful implementation and I've > asked for this to be changes but they don't listen. All other vendors > all ingress remarking... Yes, this is most annoying on Juniper platforms. It's terrible when we have a P/PE node on a ring that needs to handle the PE-side of the traffic in one way, and the P-side of the traffic in another. Doing remarking on egress is such a pain, and this is the one area where Juniper continue to disappoint us. I wonder who thought that was a great architecture, more so after all the experience Juniper have gained in customer deployments. Having said that, there is some hope: 1. The MX-series supports ingress DSCP marking/remarking via firewall filters. This works well, and we're quite happy with it. Both v4 and v6 are supported (v4 uses the 'dscp' command while v6 uses the 'traffic-class' command). The only problem with this (which is a huge issue for us) is that you can't mark the packets with an EXP value on ingress. So that means it will end up using the wrong queues as the default classifiers for DSCP and EXP differ in the 3 most significant bits. You could use a custom classifier, but we don't like these because they don't scale as well as the defaults for our QoS strategy. However, you're in luck if your MPLS network is based on RSVP - you can specify the 'class-of-service' command at the LSP and basically rewrite the EXP value that is using that LSP. 2. Before you jump on your DPC's, the above is only possible on the MPC's. DPC's don't support ingress marking via a firewall filter as above. I think you can still use the 'class-of-service' feature on LSP's, but we haven't used it on non-MX chassis'. This is very frustrating because after spending tons of cash on the E-Q-R DPC's (which are meant to be the most advanced of their time), something as basic as this isn't supported! 3. There is a very nice feature in Junos called ToS Translation Tables. It basically performs rewrites on ingress for v4 and v6 packets, supporting IPP, DSCP and EXP. It's really, really cool. We love it! Unfortunately, it's only supported on the IQ/IQE and IQ2/IQ2E PIC's - which means not on the MX (Huh, what?!? This shiny new Trio chipset thingy is that useless for all that cash and hoo-hah?!?). We use it extensively on our M320's/T320's and it works like a dream. I wish Juniper could implement this on the MX. Details here: http://www.juniper.net/techpubs/en_US/junos9.5/information- products/topic-collections/config-guide-cos/cos-configuring- tos-translation-tables.html That's basically where Juniper are re: ingress marking/remarking. Hope this helps. Cheers, Mark. _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp