Meraki

Community

DSCP/MX marking question

Solved
Aaron_Wilson
A model citizen
‎Mar 6 2019 2:46 PM
‎Mar 6 2019 2:46 PM

DSCP/MX marking question

Hardware setup:

 

DX80#1<>MX68W==tunnel==MX400<>Cisco switches<>DX80#2

 

I currently have the layer 7 rule enabled on the MX68W to mark voice/video traffic as DSCP 34. This appears to be working because on DX80#2 a pcap extract shows the DSCP 34 marking. If I disable the layer 7 rule, the DX80#2 shows CS0. This proves out the entire flow supports markings. I believe it see the SIP video call and marks it.

 

Now, my question....

 

Will the MXs respect markings on their LAN ports, or can I create an expression to read the mark and remark it with that same marking?

 

Ideally I do not want to involve a MS, but if I have to I will. I'm looking to recreate our DSCP trust we have in the office out in the field at locations with a Meraki MX.

0 Kudos
1 Accepted Solution
NolanHerring
Kind of a big deal
‎Mar 7 2019 7:21 AM
‎Mar 7 2019 7:21 AM

I'm like 99% certain that the LAN ports on the MX will respect/observe/maintain/not-mess-with the QoS markings for any packet coming/going.

As far as remarking them, I was always under the impression that it was something would only apply to the WAN interfaces (for VPN/MPLS tunnels etc.).

There is a good blog on it here you can review as well:

https://www.willette.works/mx-qos-and-traffic-shaping/
Nolan Herring | nolanwifi.com
TwitterLinkedIn

View solution in original post

0 Kudos
7 Replies 7
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Mar 6 2019 4:26 PM
‎Mar 6 2019 4:26 PM

AutoVPN preserves the DSCP markings of packets end to end.

https://documentation.meraki.com/MX/Firewall_and_Traffic_Shaping/QoS_over_a_Site-to-site_VPN

 

I don't know for sure, but I would be very surprised if the MX LAN ports have hardware queses capable of respecting QoS.

 

You can also check out the MX section of the QoS design guide.

https://documentation.meraki.com/MC/MC_Network_Administrator_Guides/Other_Topics/Ensuring_VoIP_Readi...

0 Kudos
NolanHerring
Kind of a big deal
‎Mar 7 2019 7:21 AM
‎Mar 7 2019 7:21 AM

I'm like 99% certain that the LAN ports on the MX will respect/observe/maintain/not-mess-with the QoS markings for any packet coming/going.

As far as remarking them, I was always under the impression that it was something would only apply to the WAN interfaces (for VPN/MPLS tunnels etc.).

There is a good blog on it here you can review as well:

https://www.willette.works/mx-qos-and-traffic-shaping/
Nolan Herring | nolanwifi.com
TwitterLinkedIn
0 Kudos
Aaron_Wilson
A model citizen
‎Mar 7 2019 8:33 AM
‎Mar 7 2019 8:33 AM

Hey guys, thanks for the responses, but I'm not sure that answer the core question. I'm not looking for the MX to do QoS necessarily, but for it to trust and pass DSCP markings.

 

I know the MX can remark and preserve markings, I have seen this in the pcap on the receiving end of the tunnel. The problem is this is something being written on the MX based on protocols/signatures, destinations, subnets, etc.

 

What I would really like to know is, can the MX maintain markings it receives on the LAN and preserve them through the tunnel?

 

My Cisco video endpoints apply DSCP 24 and 34 markings, and Cisco phones apply EF (DSCP 46), but I'm not seeing this on the far end of the tunnel. If I create the rule for SIP traffic to receive DSCP 34 this is received on the far end of the tunnel, but thats a signature/protocol based rule, and its applying DSCP 34 rather than preserving the existing markings the devices apply.

0 Kudos
In response to Aaron_Wilson
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Mar 7 2019 2:05 PM
‎Mar 7 2019 2:05 PM

"What I would really like to know is, can the MX maintain markings it receives on the LAN and preserve them through the tunnel?"

 

Yes.

0 Kudos
In response to PhilipDAth
Aaron_Wilson
A model citizen
‎Mar 7 2019 2:11 PM
‎Mar 7 2019 2:11 PM

Next question......how? LOL

 

I can't seem to find any documentation on trusting DSCP on the ports.

0 Kudos
In response to Aaron_Wilson
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Mar 7 2019 2:15 PM
‎Mar 7 2019 2:15 PM

The DSCP marking are not trusted (to the best of my knowledge).  They are only preserved and passed on.

0 Kudos
In response to PhilipDAth
Aaron_Wilson
A model citizen
‎Mar 7 2019 2:41 PM
‎Mar 7 2019 2:41 PM

Wow, I'm a total n00b. My test device on the Meraki network had the DSCP markings defined, but I wasn't seeing anything on the Cisco network side when inspecting. Apparently it helps if you select the "enabled" option located right above the markings.

 

Literally every other of my 140+ video units have it enabled, but some how my personal test device got flipped to disabled...lol

 

So I have confirmed that the MX will trust DSCP and pass it over the tunnel problem free with all other traffic shaping rules/features disabled.

 

Thanks everyone...LOL. I'm going to go hide in my corner now.....

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.