On Monday, October 15, 2012 07:09:19 AM Huan Pham wrote: > Hi Caillin, > > I can see your points. You think that it is logical to > mark traffic as it comes to the router, and leave it > untouched, as it leaves your router. This is what I used > to think of QoS (as I come from the Cisco world). > However, I need to rethink when getting to know Juniper. > > With Juniper way, you can still leave the trusted traffic > untouched by "remarking" to the same EXP, or DSCP > scheme, as traffic leave your router. I mean, we are not > stuffed. > > I do however see a good point in the Juniper way, which > marks traffic as it LEAVES the router! > > If you have a managed CE with one LAN connection > (connected to customer LAN), and two WAN connections > going to two carriers with 2 different CoS schemes. You > do need to mark traffic differently to match the ISP > ones, depending on which interface it take to exit your > router (i.e. depending on routing). > > If you do mark the traffic as it comes to your router, > you are stuffed. > > Surely, you can say that, you can still remark your > "trusted" traffic as it leaves your router, but it is > double marking (you have to do it twice), isn't it?
I have raised this issue before on this list, a couple of years back: https://puck.nether.net/pipermail/juniper-nsp/2010- September/017800.html I don't mind that Juniper mark/re-mark on egress. I only mind that you don't get the same option for ingress. Fair point, the MX MPC/MIC line cards allow you to mark/re- mark in ingress using a firewall filter, but this does not support IPv6 or EXP. Moreover, after spending tons of cash on the DPC-E-Q-R line cards, not being able to support ingress marking/re-marking was a shocker! The most elegant method, which I've mentioned a couple of times before on this list, is the ToS Translation Tables. This a really nice feature, and a clean way to discretely mark/re-mark IPv4, IPv6 and MPLS traffic as it enters the router. Unfortunately, this method is limited to IQ2 and IQ2E PIC's, which means only M- and T-series routers. It's a shame that Juniper could not make this consistent across platforms. Cisco will let you mark on ingress and egress. Whether the Junos method is more efficient is beside the point. I'd like to have both options as well. Caillin hit the nail on the head for me; in Metro-E networks where a router can serve as both a P and PE device simultaneously on a ring, it's very tricky when you're trying to mark/re-mark and pass traffic through the same router with different QoS values, and egress marking/re- marking is your only option. This was a nightmare for us (particularly with some advanced products we were offering together with DCU + QoS that needed this to work perfectly), and after years of trying to find a reasonable solution with Juniper and JTAC on this, we just swapped the box out to an ASR9010 and were done with it. Mark.
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp