Extreme Networks

Leo_Gu · ‎10-30-2015

Dear Experts,

I found if I define the remarking command first and then define a new ACL, then the new defined ACL will follow that remarking action and use the newly defined remarking value for outgoing traffic;
Yet, once I changed the remarking command, the previous defined ACL will not follow the new remarking value but still use the previous one.

The point is of the sequence of inputting commands.

Working one:
1- Define remarking command first prior to defining any ACL. Like:
configure diffserv replacement priority 6 code-point 40
2- Define ACL afterwards

Not working case:
No matter we define remarking command first or ACL first, as long as I want to change the remarking command to use a new value, only the upcoming ACL will follow the new value, those previously defined ACL will not even traffic is hitting the ACL.

The question is if above "Not working case" is normal as expected?
or it is a bug?

BrandonC · ‎10-30-2015

Hi Leo,

Can you give us an example of the ACL that you are using, as well as how it is applied?

-Brandon

Leo_Gu · ‎10-30-2015

Hi Grosjean,

-Version is ExtremeXOS version 15.6.3.1 v1563b1-patch1-3.
-I checked the "show diff replacement" for each case, the value in output is the same as defined in "config diffserv replacement qp7 code-point xx"
-Yes. The behavior is the same.

Stephane_Grosj1 · ‎10-30-2015

Hi,

- What version of EXOS are you running, btw?

- Can you check what is the result of "sh diffserv replacement" in each case?

- Is the behavior the same if you change the code-point associated to the QoS Profile?

config diffserv replacement qp7 code-point 48

Leo_Gu · ‎10-30-2015

Hi Bradon,

Many thanks for your reply. I attached some capture files and config.
http://pan.baidu.com/s/1pJKPEEf

Please also be noted that not all config is related with this case. The useful ones are as listed below:

1. Port 25(ingress traffic), port 51(egress traffic), port 9(port mirroring).

2. ACL: “test”, “test1”, “test2”, “test3”, “test4”

3. QoSprofile/dscp remarking related config

Steps used:

With acl “test”, “test1” to “test4”, I performed this dscp remarking several times. Take acl “test2” and “test4” for instance.

Step 1- Testbed dscp remarking config:

configure diffserv replacement priority 6 code-point 40

create access-list test2 " protocol tcp ; destination-port 3456 ;" " qosprofile qp7 ; count test2 ; replace-dscp ;" application "Cli"

configure access-list add test2 last priority 0 zone SYSTEM ports 25 ingress

Send traffic matching acl “test2”. Capture the traffic traversing port 25 and port 51 to port 9.

Step 2- Change the dscp remarking config:

configure diffserv replacement priority 6 code-point 48

Send traffic matching acl “test2”. Capture the traffic traversing port 25 and port 51 to port 9.

DSCP in Outgoing traffic was not changed.

Step 3- Define a new acl “test4”, now the config is as follows:

configure diffserv replacement priority 6 code-point 48

create access-list test4 " protocol tcp ; destination-port 5678 ;" " qosprofile qp7 ; count test4 ; replace-dscp ;" application "Cli"

configure access-list add test4 last priority 0 zone SYSTEM ports 25 ingress

Send traffic matching acl “test4”. Capture the traffic traversing port 25 and port 51 to port 9.

As per above, it seems that existing acl will not follow the dscp remarking value if the dscp remarking value is changed, only those acl defined AFTER dscp remarking value changed will follow the action modifier to do the remark using the new value.

Prashanth_KG · ‎10-30-2015

Hi Leo,

If you are using the ACL policy and not a dynamic ACL, what happens if you refresh the policy used after making the dscp-code-point change?

Looking forward to your response.

Extreme Networks

Summit ACL based QoS remarking issue

Summit ACL based QoS remarking issue