SRX

Expand all | Collapse all

GRE header and DSCP

Jump to Best Answer
  • 1.  GRE header and DSCP

    Posted 10-11-2017 06:55

    Hi everyone,

     

    Does SRX copy DSCP value from inner packet ( payload) into GRE imposed IP header when encapsulating it?  If not , how can we tell SRX to copy DSCP value from inner packet into GRE header imposed IP header?

     

     

     

    Thanks and have a nice day!!



  • 2.  RE: GRE header and DSCP
    Best Answer

     
    Posted 10-11-2017 09:27
    I see below option, never tested though.

    root@Router-2# set interfaces gr-0/0/0 unit 0 copy-tos-to-outer-ip-header ?
    Possible completions:
    <[Enter]> Execute this command
    accounting-profile Accounting profile name
    + apply-groups Groups from which to inherit configuration data
    + apply-groups-except Don't inherit configuration data from these groups
    > backup-options Backup interface configuration options
    bandwidth Logical unit bandwidth (informational only)
    clear-dont-fragment-bit Clear DF bit in packet (AS PIC and J-series only)
    copy-tos-to-outer-ip-header Copy IP payload header's ToS field to GRE delivery header
    description Text description of interface
    disable Disable this logical interface
    encapsulation Logical link-layer encapsulation
    > family Protocol family
    no-traps Don't enable SNMP notifications on state changes
    point-to-point Point-to-point connection
    > ppp-options Point-to-Point Protocol interface-specific options
    > radio-router Parameters for dynamic link cost management
    traps Enable SNMP notifications on state changes
    > tunnel Tunnel parameters
    | Pipe through a command


  • 3.  RE: GRE header and DSCP

    Posted 10-12-2017 06:46

    So I tested this is what i see:

     

    All Trannsit traffic , DSCP is copied from inner packet to GRE imposed IP header.  This command has no impact on transit traffic.

     

     

    All traffic locally sourced and routed over GRE will only copy DSCP from  inner pcket to GRE imposed IP header if this command is configured so this command only impact locally generated traffic ( host traffic) which is routed over GRE.

     

    https://www.juniper.net/documentation/en_US/junos/topics/concept/cos-tos-value-security-understanding.html

     



  • 4.  RE: GRE header and DSCP

     
    Posted 10-12-2017 07:04
    For transit GRE traffic, SRX cannot see whats inside the GRE packet. So this has to be done on GRE end points


  • 5.  RE: GRE header and DSCP

    Posted 10-12-2017 15:37

    I do not see that, I see DSCP bits are copied for transit traffic by default.

     

     

     

     



  • 6.  RE: GRE header and DSCP

    Posted 10-12-2017 15:39

    I understood you , in my example SRX is GRE end point  so it can see DSCP in inner packet when performing GRE encapsulation.