DSCP rewrite-rule policy configuration for output traffic
When a DSCP rewrite-rule policy is applied to a subinterface, the policy attempts to match the forwarding class (and optionally the drop-probability) of outbound packets to one of its entries. If there is a match, the DSCP value of the outbound packet is changed to the value specified by the policy. If the forwarding class of the packet does not match a rule in the rewrite-rule policy, the DSCP value is changed to 0.
On 7220 IXR and 7250 IXR systems, if no DSCP rewrite-rule policy is applied to a subinterface, the incoming packet's DSCP remains unchanged at egress.
Configuring DSCP rewrite-rule policies
To configure a DSCP rewrite-rule, define the policy name using the qos rewrite-rules dscp-policy command. Within the policy, configure one or more forwarding class (and optionally drop-probability) match conditions and the associated DSCP value to apply to the matching packets.
The following example creates a rewrite-rule policy:
--{ candidate shared default }--[ ]--
# info qos rewrite-rules
qos {
rewrite-rules {
dscp-policy normalize {
map forwarding-class-0 {
dscp 7
}
map forwarding-class-1 {
dscp 10
drop-probability low {
dscp 11
}
drop-probability high {
dscp 13
}
}
map forwarding-class-2 {
dscp 23
}
map forwarding-class-3 {
dscp 31
}
}
}
}
Using a DSCP rewrite-rule for VXLAN traffic (7220 IXR-D2/D3/D4/D5)
You can configure policies to modify the outer IP DSCP for VXLAN traffic as follows:
-
7220 IXR-D2/D2L/D3/D3L
On 7220 IXR-D2/D2L/D3/D3L, if you configure a DSCP rewrite rule policy on the egress routed subinterface, this same policy modifies the outer IP DSCP value for the VXLAN traffic also.
If no DSCP rewrite policy is configured on the subinterface, then by default, the inner header IP DSCP value is not modified, and the outer header IP DSCP is copied from the inner header IP DSCP.
-
7220 IXR-D4/D5
On 7220 IXR-D4/D5, if a DSCP rewrite rule policy is applied to a subinterface, it has no effect on the VXLAN originated traffic. On these platforms, you must use the qos rewrite-rules vxlan-outer-header-dscp-policy command to explicitly associate a rewrite policy to the VXLAN originated traffic.
If no VXLAN DSCP policy is configured on the subinterface, then by default, the inner header IP DSCP value is not modified, and the following platform-specific behavior applies:
- on 7220 IXR-D4: the outer header IP DSCP is copied from the inner header IP DSCP
- on 7220 IXR-D5: the outer header IP DSCP is marked 0
On 7220 IXR D4/D5 systems, use the qos rewrite-rules vxlan-outer-header-dscp-policy command to apply a rewrite-rule policy for all VXLAN traffic, as shown in the following example:
Apply a DSCP rewrite-rule for VXLAN traffic on 7220 IXR-D4/D5
--{ candidate shared default }--[ ]--
# info qos rewrite-rules vxlan-outer-header-dscp-policy
qos {
rewrite-rules {
vxlan-outer-header-dscp-policy vxlan-rewrite-test
dscp-policy vxlan-rewrite-test
}
}
Rewrite-rule policy application to subinterfaces
When a rewrite-rule policy is applied to output traffic on a subinterface, outbound packets are evaluated against the policy. The policy subjects all packets to remarking, with some exceptions. If no rewrite-rule policy is applied to the subinterface, the DSCP marking of the traffic leaving the subinterface is unchanged, unless it is ECN-capable traffic forwarded by a 7250 IXR system or VXLAN traffic originated by a 7220 IXR-D2/D2L, D3/D3L, D4, and D5 system. For these exceptions, DSCP may be remarked even in the absence of a rewrite-rule policy applied to the egress subinterface.
On all platforms, rewrite-rule policies do not affect DSCP marking of self-generated traffic.
Applying a rewrite-rule policy to output traffic (7250 IXR)
On the 7250 IXR, to apply a DSCP rewrite-rule to output traffic on a subinterface, specify an IPv4 or IPv6 policy (or both) using the qos interfaces interface output rewrite-rules command.
The following example applies a rewrite-rule policy to outbound IPv4 traffic on a subinterface with a 7250 IXR system:
--{ candidate shared default }--[ ]--
# info qos interfaces interface ethernet-1/1
qos {
interfaces {
interface ethernet-1/1 {
interface-ref {
interface ethernet-1/1
subinterface 1
}
output {
rewrite-rules {
ipv4-dscp-policy new-rule
}
}
}
}
}
Applying a rewrite-rule policy to output traffic (7220 IXR)
On the 7220 IXR, to apply a DSCP rewrite-rule for both IPv4 and IPv6 output traffic on a subinterface, specify a policy using the qos output rewrite-rules command.
The following example applies a rewrite-rule policy to outbound traffic on a subinterface with a 7220 IXR system:
--{ candidate shared default }--[ ]--
# info qos interfaces interface ethernet-1/1
qos {
interfaces {
interface ethernet-1/1 {
interface-ref {
interface ethernet-1/1
subinterface 1
}
output {
rewrite-rules {
dscp-policy new-rule
}
}
}
}
}Configuring DSCP for management protocols
- DNS query
- FTP/TFTP
- gNMI
- gNOI
- gRIBI
- JSON RPC
- NTP
- P4RT
- RADIUS
- sFlow
- SNMP
- SSH
- Syslog
- TACACS+
This common default DSCP value is configurable.
To modify the common DSCP value for the router-originated management protocols listed above, use the system control-plane-traffic output qos management-protocols-dscp command.
Set the DSCP value for management protocols
--{ + candidate shared default }--[ ]--
# info system control-plane-traffic output qos
system {
control-plane-traffic {
output {
qos {
management-protocols-dscp 34
}
}
}
}