Remapping DSCP Values Gateway/Switches?
I have been trying to figure out how to remap DSCP values. Example: AT&T VoWiFi uses IPSec and creates a tunnel over protocal ESP port 4500 UDP. Obviously can't tell the encapsulated DSCP value, but the outer packet is marked BE. At least we can remark the packet EF.
I created a "Switch DSCP 802.1p Mapping" that changes DSCP 0 to CoS 4 and DSCP 46 (EF). but I don't see how I can apply this to ONLY to packets that are ESP., UDP, port 4500. I looked in the ACL and didn't find anyway to "re-tag".
Or this is another feature that needs to be added?
Thank you for your post. Gateway QoS supports changing the DSCP value for each service. The configuration steps are as follows:
- Create a new Gateway QoS service under Settings → Network Profile → Network Profile → Create New Gateway QoS Service. For example, create a service for ESP with protocol number 50.
- Create a new class rule under Settings → Transmission → Gateway QoS → Class Rule → Create New Class Rule. For instance, assign it to Class1.
- Tag outbound traffic with the desired DSCP value under Settings → Transmission → Gateway QoS → Tag Outbound Traffic for the corresponding class.
A configuration example is shown in the attached screenshot.
Thank you for your post. Gateway QoS supports changing the DSCP value for each service. The configuration steps are as follows:
- Create a new Gateway QoS service under Settings → Network Profile → Network Profile → Create New Gateway QoS Service. For example, create a service for ESP with protocol number 50.
- Create a new class rule under Settings → Transmission → Gateway QoS → Class Rule → Create New Class Rule. For instance, assign it to Class1.
- Tag outbound traffic with the desired DSCP value under Settings → Transmission → Gateway QoS → Tag Outbound Traffic for the corresponding class.
A configuration example is shown in the attached screenshot.
that does fine for sending out traffic to the internet.... BUT, nothing with LAN or WAN->LAN inbound. We need to be able to move packets through the LAN switches at higher priority. We can't just tag ALL CoS 0/ BE traffic to EF.
Oh and btw, according to the wordings in the help menu..... it's MATCH the DSCP value of the traffic. In my case the traffic that I captured were all tos 0x0 (cos 0). The "match" should be BE. Unless I am reading it wrong. So it doesn't actually change the DSCP value.
Thank you for the suggestion—what you’re referring to is indeed a rewrite. I’ll pass your feedback about the translation wording along.
As for the ER8411, it does support port mirroring, so you can capture packets via a mirror port. Please see the guide below:
I am 80% sure is NOT a rewrite. because I tested this today. I have set it to go to Class Rule to use Class 2 queue. if I set DSCP to CS1, CS2, or any AFxx it will NOT show any traffic going into the Class 2 queue. if I match the packet BE, then I see traffic moving in Class 2 queue. (when monitoring in Insights -> QoS Data).
I then used Plex VM in vshpere DVswitch to rewrite all packets src and dst with port 32400 AF43 to test the Class Rule. Class Rule set to match the ip of the Plex VM, if I use anything BUT AF43 in the DSCP it will not move traffic to Class 3 queue as I defined in the Class Rule.
but I will try to find some time to actually get to the physical location of the switch to capture packets from WAN2. For me WAN1 has no option to mirror.
