I have a few questions regarding DSCP behavior on the 7600 platform. We are currently running into an issue where DSCP bits are being cleared as they traverse an FWSM module which is not ideal. Below is a simple diagram of the network in question.
Internet -> 7600 -> FWSM -> MPLS cloud
If a layer 3 interface is configured on the 7600 for the inside interface of the FWSM it appears that DSCP is overwritten as it passes through the FWSM. In other words
DSCP tagged traffic->public vlan on 7600->outside FWSM->inside FWSM->private VRF vlan on 7600->remote site = untagged DSCP traffic.
Turning DSCP rewrite off on the 7600 via "no mls qos rewrite ip dscp" seems to "fix" this behavior and allows the DSCP tagged traffic to traverse the entire path. However disabling dscp rewrite globally will have other adverse side effects as I understand it. We don't want to "trust" every DSCP value coming through this router and would prefer the standard "clear everything to zero" behavior.
We are running mls qos vlan-mode on all dot1q trunks. We require vlan-mode to support input tagging policies on several VLANs.
Is there an alternate way to trust DSCP values from the FWSM? Is it possible this behavior is a bug?
Internet Group Management Protocol (IGMP) packets classified by QoS to map the DSCP value and the class of service (CoS) value in a QoS policy map might modify only the DSCP property and leave the CoS value at zero
Introduction: The "external-out enable" command is available for
configuration under the "router ospf process" in case of the IOS-XR
operating system. This command basically enables advertisement of
intra-area routes on the device as external routes in th...
Introduction Basic configuration for netflow Scale parameters for
netflow Netflow support Architecture Packet flow for netflow Inside the
LC CPU Netflow Cache size, maintenance and memory Sample usage Cache
Size Aging Permanent cache Characteristics Which...