Iam using Multifield classifier using firewall filter to classify the incoming packets based on the source address and trying to mark the dscp for that packet. Iam using set dscp xx and applying the firewall filter to input of the interface, but when i try to sniff the packet from the outgoing interface i dont see the marked dscp values. I know we can use the rewrite rules at the egress to re-mark the packet, was wondering why set dscp is not working.
Any information on this greatly appreciated.
you can change the dscp only in the following ways:
Unfortunately for you ingress MF is not mentioned here
Thanks Alexander for the quick response.
Do you know why using dscp in the action field of filter doesnt work. When i commit, i dont see any warning/error message.
Could you try the below
set class-of-service rewrite-rules dscp VOICE-DSCP-REWRITE import defaultset class-of-service rewrite-rules dscp VOICE-DSCP-REWRITE forwarding-class VOICE-EF-CLASS loss-priority low code-point efset class-of-service rewrite-rules dscp VOICE-DSCP-REWRITE forwarding-class assured-forwarding loss-priority low code-point af32set class-of-service rewrite-rules dscp VOICE-DSCP-REWRITE forwarding-class assured-forwarding loss-priority high code-point af32set class-of-service rewrite-rules dscp VOICE-DSCP-REWRITE forwarding-class network-control loss-priority low code-point cs7set class-of-service rewrite-rules dscp VOICE-DSCP-REWRITE forwarding-class network-control loss-priority high code-point cs6set class-of-service rewrite-rules dscp VOICE-DSCP-REWRITE forwarding-class best-effort loss-priority low code-point be
set class-of-service interfaces ge-* unit 0 rewrite-rules dscp VOICE-DSCP-REWRITE
I have the rewrite dscp working as it is marking the desired dscp values on the outgoing interface, Iam trying to change the dscp values of the packet in the incoming interface using firewall filter. We have an option on the action modifier to set dscp values,here is what i have and trying to understand why this is not working.
set firewall family inet filter test term t1 from source-address 22.214.171.124/32
set firewall family inet filter test term t1 then dscp ef
set firewall family inet filter test term t1 then accept
set interfaces ge-0/0/0 unit 0 family inet filter input test
When i analyze the packet capture on the output interface, i dont see the dscp ef on the packets.
Multified classifier only classifies the traffic it does not manipulate the packet header You should check to see if it is being classified. You have not aded the following:
I have added the forwarding class and loss priority on the MF and could see the packets being classified. so the purpose of setting dscp action modifier on the firewall filter is only used for the classification ?
so, if we need to mark the packets header then it has to be done using the re-write dscp at the egress interface.
Are you saying you are just configuring MF without any COS profile?
Did you check this example