7600 SUP720 + FWSM rewriting DSCP

Unanswered Question
Aug 17th, 2007


I have a few questions regarding DSCP behavior on the 7600 platform. We are currently running into an issue where DSCP bits are being cleared as they traverse an FWSM module which is not ideal. Below is a simple diagram of the network in question.

Internet -> 7600 -> FWSM -> MPLS cloud

If a layer 3 interface is configured on the 7600 for the inside interface of the FWSM it appears that DSCP is overwritten as it passes through the FWSM. In other words

DSCP tagged traffic->public vlan on 7600->outside FWSM->inside FWSM->private VRF vlan on 7600->remote site = untagged DSCP traffic.

Turning DSCP rewrite off on the 7600 via "no mls qos rewrite ip dscp" seems to "fix" this behavior and allows the DSCP tagged traffic to traverse the entire path. However disabling dscp rewrite globally will have other adverse side effects as I understand it. We don't want to "trust" every DSCP value coming through this router and would prefer the standard "clear everything to zero" behavior.

We are running mls qos vlan-mode on all dot1q trunks. We require vlan-mode to support input tagging policies on several VLANs.

Is there an alternate way to trust DSCP values from the FWSM? Is it possible this behavior is a bug?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Anonymous (not verified) Thu, 08/23/2007 - 11:22

Internet Group Management Protocol (IGMP) packets classified by QoS to map the DSCP value and the class of service (CoS) value in a QoS policy map might modify only the DSCP property and leave the CoS value at zero


This Discussion