RE: Set Router Telnet Traffic to DSCP EF

From: Scott Morris (swm@emanon.com)
Date: Wed Dec 10 2003 - 09:50:32 GMT-3

It's already sent with Prec 6 (DSCP 48, ToS C0).

:)

But it's something you could play with anyway! The idea of where to
manipulate things (e.g. policy vs. interface-oriented command) is good
to think about!

Scott

-----Original Message-----
From: Michael Snyder [mailto:msnyder@revolutioncomputer.com]
Sent: Wednesday, December 10, 2003 2:38 AM
To: ccielab@groupstudy.com
Cc: swm@emanon.com
Subject: Set Router Telnet Traffic to DSCP EF

One of the first things that came up after I learned the relationship
between (Precedence TOS) and DSCP, was Scott Morris asking me what I
would use it for. After thinking about it, I came up with a lab
requirement that has a real world use!

Requirement - Router originated telnet traffic should have a dscp of EF.

Kicker - Do this without using any interface commands.

Solution -

R7

ip local policy route-map setdscp
!
access-list 100 permit tcp any any eq telnet

route-map setdscp permit 10
 description EF bit pattern 101 110 = P5 T12
 match ip address 100
 set ip precedence critical
 set ip tos 12

Proof of Working Solution

R8 (with dscp acl I have posted at end of email.)

interface Serial0
 ip address 150.50.101.2 255.255.255.252
 ip access-group 110 in
 ip router isis
 encapsulation ppp
 no peer neighbor-route
 no fair-queue
 service-module 56k clock source internal

R8#clear access-list counters

R8#show access-lists
Extended IP access list 110
    permit ip any any dscp default
    permit ip any any dscp 1
    permit ip any any dscp 2
    permit ip any any dscp 3
    permit ip any any dscp 4
    permit ip any any dscp 5
    permit ip any any dscp 6
    permit ip any any dscp 7
    permit ip any any dscp cs1
    permit ip any any dscp 9
    permit ip any any dscp af11
    permit ip any any dscp 11
    permit ip any any dscp af12
    permit ip any any dscp 13
    permit ip any any dscp af13
    permit ip any any dscp 15
    permit ip any any dscp cs2
    permit ip any any dscp 17
    permit ip any any dscp af21
    permit ip any any dscp 19
    permit ip any any dscp af22
    permit ip any any dscp 21
    permit ip any any dscp af23
    permit ip any any dscp 23
    permit ip any any dscp cs3
    permit ip any any dscp 25
    permit ip any any dscp af31
    permit ip any any dscp 27
    permit ip any any dscp af32
    permit ip any any dscp 29
    permit ip any any dscp af33
    permit ip any any dscp 31
    permit ip any any dscp cs4
    permit ip any any dscp 33
    permit ip any any dscp af41
    permit ip any any dscp 35
    permit ip any any dscp af42
    permit ip any any dscp 37
    permit ip any any dscp af43
    permit ip any any dscp 39
    permit ip any any dscp cs5
    permit ip any any dscp 41
    permit ip any any dscp 42
    permit ip any any dscp 43
    permit ip any any dscp 44
    permit ip any any dscp 45
    permit ip any any dscp ef (42 matches)
    permit ip any any dscp 47
    permit ip any any dscp cs6
    permit ip any any dscp 49
    permit ip any any dscp 50
    permit ip any any dscp 51
    permit ip any any dscp 52
    permit ip any any dscp 53
    permit ip any any dscp 54
    permit ip any any dscp 55
    permit ip any any dscp cs7
    permit ip any any dscp 57
    permit ip any any dscp 58
    permit ip any any dscp 59
    permit ip any any dscp 60
    permit ip any any dscp 61
    permit ip any any dscp 62
    permit ip any any dscp 63
R8#
 

So using a route-map with the ip local policy, we can set any dcsp for
router traffic as we wish. VPN, Voice, Rip, Ping all comes to mind. Not
sure all those protocols have DSCP bits, but if they do, we can set
them.

What is the relation ship between DSCP and Precedence-TOS?

Well, dscp is a 6 bit value, to covert it we need to pad it with a
leading zero and ending zero to the value. I'll do it step by step.

1) ef expedited forwarding bit pattern 101110

Prepend and append a zero to bring it to eight bits.

2) 0101 1100

Now read the first four bits in hex, that's the Precedence. Read the
second four bits in hex, that is the TOS.

3) 0x5= decimal 5, 0xC= decimal 12

Now just plug them into the route-map

R7(config)#route-map setdscp permit 10
R7(config-route-map)#set ip pr
R7(config-route-map)#set ip precedence 5 R7(config-route-map)#set ip tos
12 R7(config-route-map)#

Show run
route-map setdscp permit 10
 set ip precedence critical
 set ip tos 12

That's it. It's a very simple relationship; if you can read hex. If
you can't read hex, I've posted the basic table at the end of this
email. Anybody that tells you that you can't set dscp in a route-map is
mistaken. It can be done, and there's some places where's it's the only
choice (such as in `ip local policy`).

BTW, thanks Scott for pointing me in the right direction.

From: Scott Morris [mailto:swm@emanon.com]
Sent: Sunday, November 16, 2003 1:59 PM
To: 'Michael Snyder'; ccielab@groupstudy.com
Subject: RE: routemap to set dcsp

Ok, that would likely to something there, but why not just set ip dscp?
You can't do this in a route-map, but in the policy-map you could do
that.

But otherwise, yet... 101 and 1100 would suffice to set the appropriate
bits.

For others wondering where the heck that all came from, RFC 1349 breaks
things down a little differently for the 8-bit ToS field where the first
three bits are still IP Precedence, then the next four bits are called
tos bits and the last bit is called MBZ (Must Be Zero). Who ever said
engineers didn't have a sense of humor? :)

As for viewing them, not really... Other than setting up an access-list
that permits things with a dscp value of EF and looking at the number of
matches.
 
Scott Morris, CCIE4 (R&S/ISP-Dial/Security/Service Provider) #4713,
CISSP, JNCIS, et al. IPExpert CCIE Program Manager IPExpert Sr.
Technical Instructor swm@emanon.com/smorris@ipexpert.net
http://www.ipexpert.net

access-list 110 permit ip any any dscp default
access-list 110 permit ip any any dscp 1
access-list 110 permit ip any any dscp 2
access-list 110 permit ip any any dscp 3
access-list 110 permit ip any any dscp 4
access-list 110 permit ip any any dscp 5
access-list 110 permit ip any any dscp 6
access-list 110 permit ip any any dscp 7
access-list 110 permit ip any any dscp cs1
access-list 110 permit ip any any dscp 9
access-list 110 permit ip any any dscp af11
access-list 110 permit ip any any dscp 11
access-list 110 permit ip any any dscp af12
access-list 110 permit ip any any dscp 13
access-list 110 permit ip any any dscp af13
access-list 110 permit ip any any dscp 15
access-list 110 permit ip any any dscp cs2
access-list 110 permit ip any any dscp 17
access-list 110 permit ip any any dscp af21
access-list 110 permit ip any any dscp 19
access-list 110 permit ip any any dscp af22
access-list 110 permit ip any any dscp 21
access-list 110 permit ip any any dscp af23
access-list 110 permit ip any any dscp 23
access-list 110 permit ip any any dscp cs3
access-list 110 permit ip any any dscp 25
access-list 110 permit ip any any dscp af31
access-list 110 permit ip any any dscp 27
access-list 110 permit ip any any dscp af32
access-list 110 permit ip any any dscp 29
access-list 110 permit ip any any dscp af33
access-list 110 permit ip any any dscp 31
access-list 110 permit ip any any dscp cs4
access-list 110 permit ip any any dscp 33
access-list 110 permit ip any any dscp af41
access-list 110 permit ip any any dscp 35
access-list 110 permit ip any any dscp af42
access-list 110 permit ip any any dscp 37
access-list 110 permit ip any any dscp af43
access-list 110 permit ip any any dscp 39
access-list 110 permit ip any any dscp cs5
access-list 110 permit ip any any dscp 41
access-list 110 permit ip any any dscp 42
access-list 110 permit ip any any dscp 43
access-list 110 permit ip any any dscp 44
access-list 110 permit ip any any dscp 45
access-list 110 permit ip any any dscp ef
access-list 110 permit ip any any dscp 47
access-list 110 permit ip any any dscp cs6
access-list 110 permit ip any any dscp 49
access-list 110 permit ip any any dscp 50
access-list 110 permit ip any any dscp 51
access-list 110 permit ip any any dscp 52
access-list 110 permit ip any any dscp 53
access-list 110 permit ip any any dscp 54
access-list 110 permit ip any any dscp 55
access-list 110 permit ip any any dscp cs7
access-list 110 permit ip any any dscp 57
access-list 110 permit ip any any dscp 58
access-list 110 permit ip any any dscp 59
access-list 110 permit ip any any dscp 60
access-list 110 permit ip any any dscp 61
access-list 110 permit ip any any dscp 62
access-list 110 permit ip any any dscp 63

  af11 assured forwarding (af11) bit pattern 001 010 = P1 T4
  af12 assured forwarding (af12) bit pattern 001 100 = P1 T8
  af13 assured forwarding (af13) bit pattern 001 110 = P1 T12

  af21 assured forwarding (af21) bit pattern 010 010 = P2 T4
  af22 assured forwarding (af22) bit pattern 010 100 = P2 T8
  af23 assured forwarding (af23) bit pattern 010 110 = P2 T12

  af31 assured forwarding (af31) bit pattern 011 010 = P3 T4
  af32 assured forwarding (af32) bit pattern 011 100 = P3 T8
  af33 assured forwarding (af33) bit pattern 011 110 = P3 T12

  af41 assured forwarding (af41) bit pattern 100 010 = P4 T4
  af42 assured forwarding (af42) bit pattern 100 100 = P4 T8
  af43 assured forwarding (af43) bit pattern 100 110 = P4 T12

  cs1 class selector codepoint 1 (precedence 1) 001 = P1 T0
  cs2 class selector codepoint 2 (precedence 2) 010 = P2 T0
  cs3 class selector codepoint 3 (precedence 3) 011 = P3 T0
  cs4 class selector codepoint 4 (precedence 4) 100 = P4 T0
  cs5 class selector codepoint 5 (precedence 5) 101 = P5 T0
  cs6 class selector codepoint 6 (precedence 6) 110 = P6 T0
  cs7 class selector codepoint 7 (precedence 7) 111 = P7 T0
 
  ef expedited forwarding bit pattern 101 110 = P 5 T 12

This archive was generated by hypermail 2.1.4 : Sat Jan 03 2004 - 08:25:38 GMT-3