Assign a DSCP to an incoming packet In Digi TransPort routers, the classification of incoming IP packets for the purposes of Quality of Service (QoS) takes place within the firewall. The firewall allows the system administrator to assign a DSCP code to a packet with any combination of source/destination IP address/port and protocol. The DSCP value of a packet indicates the type of service required and is used in conjunction with QOS (Quality of Service) functions. The syntax of a rule for assigning a DSCP value is: dscp <value> [in-out] [options] [proto][ip-range] [inspect-state]where <value> is the value (A decimal or hex number) of DSCP that you want to assign to a packet that match the next fields of the rule (please see the User Manual for details about the filter fields). Re-write the DSCP on an incoming packet: In some cases is required to change the DSCP value already set on an incoming packet rewriting it to a new one. As well as the DSCP assignment, also the remapping is performed with a firewall rule. In that case, the firewall rule should look at the inbound traffic with the specified TOS value that relates directly to the DSCP value.Here is a table that shows the relationship between TOS and DSCP values:So, having an incoming packet with a DSCP-IN already assigned, follow the steps below in order to rewrite it to a desired DSCP-OUT value:
- Create a label (for example “main”) in the firewall that include all the fw rules except the DSCP rules (see User Manual for more details on using labels). An example below:
dscp <value> [in-out] [options] [tos] [proto][ip-range] [inspect-state]where <value> is the value (A decimal or hex number) of DSCP-OUT that you want to assign to a packet that match the next fields of the rule, in particular the [tos] field, that is the TOS-IN of step 2. An example below: dscp 46 in break main on eth 0 tos 224 proto 4
- Find the TOS-IN corresponding to the DSCP-IN: for example a DSCP-IN of 56 corresponds to a TOS-IN of 224
- Basing on TOS-IN and on the desired DSCP-OUT, write the rule in the firewall following the syntax below:
In that case, a packet with TOS-IN of 224 (DSCP-IN of 56) is remapped with a DSCP –OUT of 46.NB: Please note that we have used the label to skip to a new section (MAIN) once a re-map is complete so it can continue processing further rules. So, the other rules in your firewall should be positioned in the “main” section.
Feb 27, 2019