DSCP rewrite-rule policy configuration for output traffic

When a DSCP rewrite-rule policy is applied to a subinterface, the policy attempts to match the forwarding class (and optionally the drop-probability) of outbound packets to one of its entries. If there is a match, the DSCP value of the outbound packet is changed to the value specified by the policy. If the forwarding class of the packet does not match a rule of the rewrite-rule policy, the DSCP value is changed to 0.

On 7220 IXR-D2/D2L, D3/D3L, D4, and D5 or 7220 IXR-H2, H3, and H4 systems, if no DSCP rewrite-rule policy is applied to a subinterface, the incoming packet's DSCP remains unchanged at egress.

Configuring DSCP rewrite-rule policies

To configure a DSCP rewrite-rule, define the policy name using the qos rewrite-rules dscp-policy command. Within the policy, configure one or more forwarding class (and optionally drop-probablity) match conditions and the associated DSCP value to apply to the matching packets.

The following example creates a rewrite-rule policy:

--{ candidate shared default }--[  ]--
# info qos rewrite-rules
    qos {
        rewrite-rules {
            dscp-policy normalize {
                map fc0 {
                    dscp 7
                }
                map fc1 {
                    dscp 10
                    drop-probability low {
                        dscp 11
                    }
                    drop-probability high {
                        dscp 13
                    }
                }
                map fc2 {
                    dscp 23
                }
                map fc3 {
                    dscp 31
                }
            }
        }
    }

Using a DSCP rewrite-rule for VXLAN traffic (7220 IXR-D4/D5)

You can configure policies to modify the outer IP DSCP for VXLAN traffic as follows:

  • 7220 IXR-D2/D2L/D3/D3L

    On 7220 IXR-D2/D2L/D3/D3L, if you configure a DSCP rewrite rule policy on the egress routed subinterface, this same policy modifies the outer IP DSCP value for the VXLAN traffic also.

    If no DSCP rewrite policy is configured on the subinterface, by default, the inner header IP DSCP value is not modified, and the outer header IP DSCP is copied from the inner header IP DSCP.

  • 7220 IXR-D4/D5

    On 7220 IXR-D4/D5, if a DSCP rewrite rule policy is applied to a subinterface, it has no effect on the VXLAN originated traffic. On these platforms, you must use the qos rewrite-rules vxlan-outer-header-dscp-policy command to explicitly associate a rewrite policy to the VXLAN originated traffic.

    If no VXLAN DSCP policy is configured on the subinterface, by default, the inner header IP DSCP value is not modified, and the following platform-specific behavior applies:

    • On 7220 IXR-D4: the outer header IP DSCP is copied from the inner header IP DSCP.
    • On 7220 IXR-D5: the outer header IP DSCP is marked 0.

On 7220 IXR D4/D5 systems, use the qos rewrite-rules vxlan-outer-header-dscp-policy command to apply a rewrite-rule policy for all VXLAN traffic, as shown in the following example:

Apply a DSCP rewrite-rule for VXLAN traffic on 7220 IXR-D4/D5

--{ candidate shared default }--[  ]--
# info qos rewrite-rules vxlan-outer-header-dscp-policy 
    qos {
        rewrite-rules {
            vxlan-outer-header-dscp-policy vxlan-rewrite-test
            dscp-policy vxlan-rewrite-test {
                map fc1 {
                    dscp 10
                    drop-probability low {
                        dscp 11
                        }
                    }
                }
            }
        }

Rewrite-rule policy application to subinterfaces

When a rewrite-rule policy is applied to output traffic on a subinterface, outbound packets are evaluated against the policy. The policy subjects all packets to remarking, with some exceptions. If no rewrite-rule policy is applied to the subinterface, the DSCP marking of the traffic leaving the subinterface is unchanged, unless it is ECN-capable traffic forwarded by a 7250 IXR system or VXLAN traffic originated by a 7220 IXR-D2/D2L, D3/D3L, D4, and D5 or 7220 IXR- system. For these exceptions, DSCP may be remarked even in the absence of a rewrite-rule policy applied to the egress subinterface.

On all platforms, rewrite-rule policies do not affect DSCP marking of self-generated traffic.

Applying a rewrite-rule policy to output traffic (7250 IXR)

On the 7250 IXR, to apply a DSCP rewrite-rule to output traffic on a subinterface, specify an IPv4 or IPv6 policy (or both) using the qos output rewrite-rules command.

Note: 7250 IXR systems support separate rewrite policies for IPv4 and IPv6 egress traffic.

The following example applies a rewrite-rule policy to outbound IPv4 traffic on a subinterface with a 7250 IXR system:

--{ candidate shared default }--[  ]--
# info interface ethernet-1/1 subinterface 1 qos
    interface ethernet-1/1 {
        subinterface 1 {
            qos {
                output {
                    rewrite-rules {
                        ipv4-dscp-policy new-rule
                    }
                }
            }
        }
    }

Applying a rewrite-rule policy to output traffic (7220 IXR)

On the 7220 IXR, to apply a DSCP rewrite-rule for both IPv4 and IPv6 output traffic on a subinterface, specify a policy using the qos output rewrite-rules command.

Note: Common rewrite policies that apply to both IPv4 and IPv6 traffic are supported on 7220 IXR-D2/D2L, D3/D3L, D4, and D5 or 7220 IXR-H2, H3, and H4 systems.

The following example applies a rewrite-rule policy to outbound traffic on a subinterface with a 7220 IXR-D2/D2L, D3/D3L, D4, and D5 or 7220 IXR-H2, H3, and H4 system:

--{ candidate shared default }--[  ]--
# info interface ethernet-1/1 subinterface 1 qos
    interface ethernet-1/1 {
        subinterface 1 {
            qos {
                output {
                    rewrite-rules {
                        dscp-policy new-rule
                    }
                }
            }
        }
    }