Re: [j-nsp] Re-write rule for GRE interface
Hi All, Thanks for the reply... Dale, I'm classifying packet on the ingress interface by matching all the packets and associating it with forwarding-class EF and loss-priority low. When I do a packet capture I can see the inner-most IP packet and upper label are carrying appropiate DSCP and EXP valuesWhen this MPLS packet is encapsulated in a GRE packet, that is when TOS byte is to 00.. Diogo, Yes, copy-tos-to-outer-ip-header doesn't work as the header following the GRE header is a MPLS packet...I had tired simple output-firewall filters too, but it didn't work either..I would try your suggestion of matching GRE packets + ipsrc + ipdst in the output filter.. output-forwading-class-map seems to be an option for M320/T series routers, here its M7i... Cheers On Tue, Jan 18, 2011 at 2:16 AM, Diogo Montagner wrote: > Hi, > > You can also try to apply an output firewall filter in the gre > interface to rewrite the DSCP of the packet. > > I think the option copy-tos-to-outer-ip-header will not work because > your inner packet is not an IP packet and this option only works for > inner IP packet. > > If this does not work, you can apply an outbound firewall filter in > the output direction of your interfaces matching GRE packets + ipsrc + > ipdst of your tunnel and then applying the right dscp values. > > Another option you can give it a try is the output-forwarding-class-map: > > http://www.juniper.net/techpubs/en_US/junos9.6/information-products/topic-collections/config-guide-cos/cos-classifying-packets-by-egress-interface.html > > HTH > ./diogo -montagner > > > > On Tue, Jan 18, 2011 at 4:59 AM, Dale Shaw > > > wrote: > > Hi Shiva, > > > > On Monday, January 17, 2011, Shiva Shankar wrote: > >> Hi All, Thanks for the reply. Platform is M7i, and the junos is 9.3 > >> > > [...] > > > > How are you classifying traffic into the forwarding classes in the > > first place? The rewrite-rule assumes traffic has been classified > > already. For example, for the 'ef' rewrite-rule to work, you must have > > already mapped your voice RTP traffic into the 'ef' forwarding-class. > > > > You need a Behaviour Aggregate (BA) classifier, Multi-Field (MF) > > classifier or static classifier applied on the ingress interface(s) > > under the class-of-service stanza. > > > > Cheers, > > Dale > > ___ > > juniper-nsp mailing list juniper-nsp@puck.nether.net > > https://puck.nether.net/mailman/listinfo/juniper-nsp > > > ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Re-write rule for GRE interface
Hi, You can also try to apply an output firewall filter in the gre interface to rewrite the DSCP of the packet. I think the option copy-tos-to-outer-ip-header will not work because your inner packet is not an IP packet and this option only works for inner IP packet. If this does not work, you can apply an outbound firewall filter in the output direction of your interfaces matching GRE packets + ipsrc + ipdst of your tunnel and then applying the right dscp values. Another option you can give it a try is the output-forwarding-class-map: http://www.juniper.net/techpubs/en_US/junos9.6/information-products/topic-collections/config-guide-cos/cos-classifying-packets-by-egress-interface.html HTH ./diogo -montagner On Tue, Jan 18, 2011 at 4:59 AM, Dale Shaw wrote: > Hi Shiva, > > On Monday, January 17, 2011, Shiva Shankar wrote: >> Hi All, Thanks for the reply. Platform is M7i, and the junos is 9.3 >> > [...] > > How are you classifying traffic into the forwarding classes in the > first place? The rewrite-rule assumes traffic has been classified > already. For example, for the 'ef' rewrite-rule to work, you must have > already mapped your voice RTP traffic into the 'ef' forwarding-class. > > You need a Behaviour Aggregate (BA) classifier, Multi-Field (MF) > classifier or static classifier applied on the ingress interface(s) > under the class-of-service stanza. > > Cheers, > Dale > ___ > juniper-nsp mailing list juniper-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/juniper-nsp > ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Re-write rule for GRE interface
Hi Shiva, On Monday, January 17, 2011, Shiva Shankar wrote: > Hi All, Thanks for the reply. Platform is M7i, and the junos is 9.3 > [...] How are you classifying traffic into the forwarding classes in the first place? The rewrite-rule assumes traffic has been classified already. For example, for the 'ef' rewrite-rule to work, you must have already mapped your voice RTP traffic into the 'ef' forwarding-class. You need a Behaviour Aggregate (BA) classifier, Multi-Field (MF) classifier or static classifier applied on the ingress interface(s) under the class-of-service stanza. Cheers, Dale ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Re-write rule for GRE interface
Hi All, Thanks for the reply. Platform is M7i, and the junos is 9.3 What i want to achieve is marking all the traffic leaving this GRE interface with a particular DSCP value, say EF. The content of the GRE packet is a layer 3 vpn datagram (IP datagram inside a MPLS packet)... here's the o/p: (i've tried using dscp marking for the GRE interface, but its always set as 00) Router > show class-of-service interface gr-1/2/0 Physical interface: gr-1/2/0, Index: 132 Queues supported: 4, Queues in use: 4 Scheduler map: bfin-cos, Index: 22125 Chassis scheduler map: bfin-cos, Index: 22125 Logical interface: gr-1/2/0.0, Index: 66 Object Name Type Index Rewrite mark-dscp dscp 55103 Rewrite exp-defaultexp (mpls-any) 33 Classifier exp-default exp10 Classifier ipprec-compatibility ip 13 Here's the config of the interface: Manager@head-end-PE1> ...s-of-service interfaces gr-1/2/0 scheduler-map smap-cos; unit 0 { rewrite-rules { dscp mark-dscp; } } Router > ...-service rewrite-rules dscp mark-dscp forwarding-class be { loss-priority low code-point be; loss-priority high code-point cs3; } forwarding-class test1 { loss-priority high code-point cs1; loss-priority low code-point cs2; } forwarding-class ef { loss-priority high code-point cs4; loss-priority low code-point cs5; } forwarding-class nc { loss-priority high code-point cs6; loss-priority low code-point cs7; } Thanks On Mon, Jan 17, 2011 at 1:04 AM, Diogo Montagner wrote: > Hi Shiva, > > could you please post the command "show class-of-service interface > gr-x/y/z.abc" ? > > Regards > ./diogo -montagner > > > > On Fri, Jan 14, 2011 at 10:59 PM, Shiva Shankar > wrote: > > Hi All, I'm trying to mark the DSCP value on a GRE packet, so that the > telco > > can handle as per our contracted services. I've tried > > 'copy-tos-to-outer-ip-header', but it doesn't work as the inner datagram > of > > a GRE packet is a MPLS datagram. > > Here, how it looks on the wire (found using packet capture) > > > > Frame>>>Ethernet II header >>> IP packet >>> GRE header >>> MPLS header > >>> > > origianl IP packet with data > > > > A Layer 3 VPN packet while leaving the local PE to remote PE, uses GRE > > interface which has LDP enabled. > > > > I've tried even applying dscp rewrite rules, but it doesn't work. Any > ideas. > > > > Thanks > > Shiva > > ___ > > juniper-nsp mailing list juniper-nsp@puck.nether.net > > https://puck.nether.net/mailman/listinfo/juniper-nsp > > > ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Re-write rule for GRE interface
Hi Shiva, could you please post the command "show class-of-service interface gr-x/y/z.abc" ? Regards ./diogo -montagner On Fri, Jan 14, 2011 at 10:59 PM, Shiva Shankar wrote: > Hi All, I'm trying to mark the DSCP value on a GRE packet, so that the telco > can handle as per our contracted services. I've tried > 'copy-tos-to-outer-ip-header', but it doesn't work as the inner datagram of > a GRE packet is a MPLS datagram. > Here, how it looks on the wire (found using packet capture) > > Frame>>>Ethernet II header >>> IP packet >>> GRE header >>> MPLS header >>> > origianl IP packet with data > > A Layer 3 VPN packet while leaving the local PE to remote PE, uses GRE > interface which has LDP enabled. > > I've tried even applying dscp rewrite rules, but it doesn't work. Any ideas. > > Thanks > Shiva > ___ > juniper-nsp mailing list juniper-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/juniper-nsp > ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Re-write rule for GRE interface
On 1/14/11 9:59 AM, Shiva Shankar wrote: Hi All, I'm trying to mark the DSCP value on a GRE packet, so that the telco can handle as per our contracted services. I've tried 'copy-tos-to-outer-ip-header', but it doesn't work as the inner datagram of a GRE packet is a MPLS datagram. Here, how it looks on the wire (found using packet capture) Frame>>>Ethernet II header>>> IP packet>>> GRE header>>> MPLS header>>> origianl IP packet with data A Layer 3 VPN packet while leaving the local PE to remote PE, uses GRE interface which has LDP enabled. I've tried even applying dscp rewrite rules, but it doesn't work. Any ideas. Thanks Shiva ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp Platform and software version? -- Mark Radabaugh Amplex m...@amplex.net 419.837.5015 ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] Re-write rule for GRE interface
Hi All, I'm trying to mark the DSCP value on a GRE packet, so that the telco can handle as per our contracted services. I've tried 'copy-tos-to-outer-ip-header', but it doesn't work as the inner datagram of a GRE packet is a MPLS datagram. Here, how it looks on the wire (found using packet capture) Frame>>>Ethernet II header >>> IP packet >>> GRE header >>> MPLS header >>> origianl IP packet with data A Layer 3 VPN packet while leaving the local PE to remote PE, uses GRE interface which has LDP enabled. I've tried even applying dscp rewrite rules, but it doesn't work. Any ideas. Thanks Shiva ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp