[j-nsp] MX ping - ToS overrided
Hi, I'm experiencing issues when initating ToS ping from MX devices. The specified ToS argument just seems to be overrided to dec 192 when leaving the interface. I verified this with the traffic monitor on the egress interface: user@node ping 8.8.8.8 tos 96 64 bytes from 8.8.8.8: icmp_seq=0 ttl=246 time=15.675 ms 64 bytes from 8.8.8.8: icmp_seq=1 ttl=246 time=15.385 ms user@node monitor traffic interface xe-0/0/0.0 extensive matching icmp PFE proto 2 (ipv4): (tos 0xc0, ttl 255, id 16332, offset 0, flags [none], proto: ICMP (1), length: 84) x.x.x.x 8.8.8.8: ICMP echo reply, id 47826, seq 0, length 64 14:06:58.721197 Out I've tried this on 11.4R6.6 and 12.3R4-S2 (ppc and 64-bit) boxes with the same result. Did anyone else ran into this issue? Any input is appriciated. Regards, Arash ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] MX ping - ToS overrided
Not the case with 12.3R4 for me : ping 8.8.8.8 tos 96 15:37:03.950763 Out IP (tos 0x60, ttl 64, id 64980, offset 0, flags [none], proto: ICMP (1), length: 84) X.X.X.X 8.8.8.8: ICMP echo request, id 34658, seq 3, length 64 Do you have host-inbound-traffic knob or Output FWF on lo0 that rewrites control plane ? David Roy IP/MPLS NOC engineer - Orange France Ph. : +33 2 99 87 64 72 Mob. : +33 6 85 52 22 13 SkypeID : davidroy.35 david@orange.com JNCIE x3 (SP #703 ; ENT #305 ; SEC #143) -Message d'origine- De : juniper-nsp [mailto:juniper-nsp-boun...@puck.nether.net] De la part de Arash Alizadeh Envoyé : mercredi 22 janvier 2014 15:22 À : juniper-nsp@puck.nether.net Objet : [j-nsp] MX ping - ToS overrided Hi, I'm experiencing issues when initating ToS ping from MX devices. The specified ToS argument just seems to be overrided to dec 192 when leaving the interface. I verified this with the traffic monitor on the egress interface: user@node ping 8.8.8.8 tos 96 64 bytes from 8.8.8.8: icmp_seq=0 ttl=246 time=15.675 ms 64 bytes from 8.8.8.8: icmp_seq=1 ttl=246 time=15.385 ms user@node monitor traffic interface xe-0/0/0.0 extensive matching icmp PFE proto 2 (ipv4): (tos 0xc0, ttl 255, id 16332, offset 0, flags [none], proto: ICMP (1), length: 84) x.x.x.x 8.8.8.8: ICMP echo reply, id 47826, seq 0, length 64 14:06:58.721197 Out I've tried this on 11.4R6.6 and 12.3R4-S2 (ppc and 64-bit) boxes with the same result. Did anyone else ran into this issue? Any input is appriciated. Regards, Arash ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp _ Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration, Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci. This message and its attachments may contain confidential or privileged information that may be protected by law; they should not be distributed, used or copied without authorisation. If you have received this email in error, please notify the sender and delete this message and its attachments. As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified. Thank you. ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] MX ping - ToS overrided
I meant host-outbound-traffic ;) David Roy IP/MPLS NOC engineer - Orange France Ph. : +33 2 99 87 64 72 Mob. : +33 6 85 52 22 13 SkypeID : davidroy.35 david@orange.com JNCIE x3 (SP #703 ; ENT #305 ; SEC #143) -Message d'origine- De : juniper-nsp [mailto:juniper-nsp-boun...@puck.nether.net] De la part de david@orange.com Envoyé : mercredi 22 janvier 2014 15:39 À : 'Arash Alizadeh'; juniper-nsp@puck.nether.net Objet : Re: [j-nsp] MX ping - ToS overrided Not the case with 12.3R4 for me : ping 8.8.8.8 tos 96 15:37:03.950763 Out IP (tos 0x60, ttl 64, id 64980, offset 0, flags [none], proto: ICMP (1), length: 84) X.X.X.X 8.8.8.8: ICMP echo request, id 34658, seq 3, length 64 Do you have host-inbound-traffic knob or Output FWF on lo0 that rewrites control plane ? David Roy IP/MPLS NOC engineer - Orange France Ph. : +33 2 99 87 64 72 Mob. : +33 6 85 52 22 13 SkypeID : davidroy.35 david@orange.com JNCIE x3 (SP #703 ; ENT #305 ; SEC #143) -Message d'origine- De : juniper-nsp [mailto:juniper-nsp-boun...@puck.nether.net] De la part de Arash Alizadeh Envoyé : mercredi 22 janvier 2014 15:22 À : juniper-nsp@puck.nether.net Objet : [j-nsp] MX ping - ToS overrided Hi, I'm experiencing issues when initating ToS ping from MX devices. The specified ToS argument just seems to be overrided to dec 192 when leaving the interface. I verified this with the traffic monitor on the egress interface: user@node ping 8.8.8.8 tos 96 64 bytes from 8.8.8.8: icmp_seq=0 ttl=246 time=15.675 ms 64 bytes from 8.8.8.8: icmp_seq=1 ttl=246 time=15.385 ms user@node monitor traffic interface xe-0/0/0.0 extensive matching icmp PFE proto 2 (ipv4): (tos 0xc0, ttl 255, id 16332, offset 0, flags [none], proto: ICMP (1), length: 84) x.x.x.x 8.8.8.8: ICMP echo reply, id 47826, seq 0, length 64 14:06:58.721197 Out I've tried this on 11.4R6.6 and 12.3R4-S2 (ppc and 64-bit) boxes with the same result. Did anyone else ran into this issue? Any input is appriciated. Regards, Arash ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp _ Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration, Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci. This message and its attachments may contain confidential or privileged information that may be protected by law; they should not be distributed, used or copied without authorisation. If you have received this email in error, please notify the sender and delete this message and its attachments. As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified. Thank you. ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp _ Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration, Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci. This message and its attachments may contain confidential or privileged information that may be protected by law; they should not be distributed, used or copied without authorisation. If you have received this email in error, please notify the sender and delete this message and its attachments. As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified. Thank you. ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] MX ping - ToS overrided
Hi David, Thank's for this input. Appears that host-outbound-traffic is active in the boxes which causes the rewrite. One could argue if this is reasonable to use, but it is infact the case at the moment. Thanks again. Regards, Arash From: david@orange.com To: david@orange.com; aras...@hotmail.se; juniper-nsp@puck.nether.net Date: Wed, 22 Jan 2014 15:40:50 +0100 Subject: RE: [j-nsp] MX ping - ToS overrided I meant host-outbound-traffic ;) David Roy IP/MPLS NOC engineer - Orange France Ph. : +33 2 99 87 64 72 Mob. : +33 6 85 52 22 13 SkypeID : davidroy.35 david@orange.com JNCIE x3 (SP #703 ; ENT #305 ; SEC #143) -Message d'origine- De : juniper-nsp [mailto:juniper-nsp-boun...@puck.nether.net] De la part de david@orange.com Envoyé : mercredi 22 janvier 2014 15:39 À : 'Arash Alizadeh'; juniper-nsp@puck.nether.net Objet : Re: [j-nsp] MX ping - ToS overrided Not the case with 12.3R4 for me : ping 8.8.8.8 tos 96 15:37:03.950763 Out IP (tos 0x60, ttl 64, id 64980, offset 0, flags [none], proto: ICMP (1), length: 84) X.X.X.X 8.8.8.8: ICMP echo request, id 34658, seq 3, length 64 Do you have host-inbound-traffic knob or Output FWF on lo0 that rewrites control plane ? David Roy IP/MPLS NOC engineer - Orange France Ph. : +33 2 99 87 64 72 Mob. : +33 6 85 52 22 13 SkypeID : davidroy.35 david@orange.com JNCIE x3 (SP #703 ; ENT #305 ; SEC #143) -Message d'origine- De : juniper-nsp [mailto:juniper-nsp-boun...@puck.nether.net] De la part de Arash Alizadeh Envoyé : mercredi 22 janvier 2014 15:22 À : juniper-nsp@puck.nether.net Objet : [j-nsp] MX ping - ToS overrided Hi, I'm experiencing issues when initating ToS ping from MX devices. The specified ToS argument just seems to be overrided to dec 192 when leaving the interface. I verified this with the traffic monitor on the egress interface: user@node ping 8.8.8.8 tos 96 64 bytes from 8.8.8.8: icmp_seq=0 ttl=246 time=15.675 ms 64 bytes from 8.8.8.8: icmp_seq=1 ttl=246 time=15.385 ms user@node monitor traffic interface xe-0/0/0.0 extensive matching icmp PFE proto 2 (ipv4): (tos 0xc0, ttl 255, id 16332, offset 0, flags [none], proto: ICMP (1), length: 84) x.x.x.x 8.8.8.8: ICMP echo reply, id 47826, seq 0, length 64 14:06:58.721197 Out I've tried this on 11.4R6.6 and 12.3R4-S2 (ppc and 64-bit) boxes with the same result. Did anyone else ran into this issue? Any input is appriciated. Regards, Arash ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp _ Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration, Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci. This message and its attachments may contain confidential or privileged information that may be protected by law; they should not be distributed, used or copied without authorisation. If you have received this email in error, please notify the sender and delete this message and its attachments. As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified. Thank you. ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp _ Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration, Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci. This message and its attachments may contain confidential or privileged information that may be protected by law; they should not be distributed, used or copied without authorisation. If you have received this email in error, please notify the sender and delete this message and its attachments. As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified. Thank you
Re: [j-nsp] MX ping - ToS overrided
You are monitoring ToS in ICMP ECHO REPLY, not request. And that can be set/overridden anywhere by QoS policies, i.e. - on Google DNS server 8.8.8.8 itself - on any transit network HTH Thanks Alex On 22/01/2014 14:21, Arash Alizadeh wrote: Hi, I'm experiencing issues when initating ToS ping from MX devices. The specified ToS argument just seems to be overrided to dec 192 when leaving the interface. I verified this with the traffic monitor on the egress interface: user@node ping 8.8.8.8 tos 96 64 bytes from 8.8.8.8: icmp_seq=0 ttl=246 time=15.675 ms 64 bytes from 8.8.8.8: icmp_seq=1 ttl=246 time=15.385 ms user@node monitor traffic interface xe-0/0/0.0 extensive matching icmp PFE proto 2 (ipv4): (tos 0xc0, ttl 255, id 16332, offset 0, flags [none], proto: ICMP (1), length: 84) x.x.x.x 8.8.8.8: ICMP echo reply, id 47826, seq 0, length 64 14:06:58.721197 Out I've tried this on 11.4R6.6 and 12.3R4-S2 (ppc and 64-bit) boxes with the same result. Did anyone else ran into this issue? Any input is appriciated. Regards, Arash ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] MX ping - ToS overrided
If you're capturing your outbound ping packet, why does the capture show echo reply? Shouldn't you be capturing the echo request? Serge From: Arash Alizadeh aras...@hotmail.se To: juniper-nsp@puck.nether.net juniper-nsp@puck.nether.net Sent: Wednesday, January 22, 2014 10:21:44 AM Subject: [j-nsp] MX ping - ToS overrided Hi, I'm experiencing issues when initating ToS ping from MX devices. The specified ToS argument just seems to be overrided to dec 192 when leaving the interface. I verified this with the traffic monitor on the egress interface: user@node ping 8.8.8.8 tos 96 64 bytes from 8.8.8.8: icmp_seq=0 ttl=246 time=15.675 ms 64 bytes from 8.8.8.8: icmp_seq=1 ttl=246 time=15.385 ms user@node monitor traffic interface xe-0/0/0.0 extensive matching icmp PFE proto 2 (ipv4): (tos 0xc0, ttl 255, id 16332, offset 0, flags [none], proto: ICMP (1), length: 84) x.x.x.x 8.8.8.8: ICMP echo reply, id 47826, seq 0, length 64 14:06:58.721197 Out I've tried this on 11.4R6.6 and 12.3R4-S2 (ppc and 64-bit) boxes with the same result. Did anyone else ran into this issue? Any input is appriciated. Regards, Arash ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp