Solved

Confirm DSCP markings are passing end to end

Posted on 2009-05-14
5
751 Views
Last Modified: 2013-11-16
We're using AT&T MIS routers connected to Juniper SSG Firewalls.  The sites are connected using IPSEC tunnels so AT&T has no visibility into the DSCP markings on the packets in the VPN.  

Are there any utilities that I can use to monitor if the DSCP markings are traveling from end to end?
0
Comment
Question by:hh_techservices
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 3

Accepted Solution

by:
johnpitt earned 500 total points
ID: 24386605
You should be able to connect a sniffer on each end and compare the packets.
I would recommend using ATT MPLS as an alternative to doing your own encryption. They have COS built in.
Just my opinion on that.

For a sniffer, I use STD.
0
 
LVL 3

Expert Comment

by:johnpitt
ID: 24386622
Sorry, I meant to say I use Ethereal on the STD boot CD.
0
 
LVL 1

Author Closing Comment

by:hh_techservices
ID: 31581543
I think having AT&T manage the internal network might have been a better idea... at this point, we're just using MIS and our Juniper devices are handling the encryption between the sites, but since the traffic is encapsulated in a IPSEC VPN, AT&T has no visibility into the packets, so essentially all the DSCP markings we send out (in the VPN tunnel) are useless.

Thanks for your suggestion on Ethereal.... I've been using that with mixed results so far.

0
 
LVL 3

Expert Comment

by:johnpitt
ID: 24394590
I ran into the same thing. There was no way of making ATT prioritize traffic since they could not see any of the QOS stuff on my packets. I had poor VOIP quality to say the least. I dropped the Cisco encryption and allowed ATT to manage the QOS and all works really well now.
Good luck.
0
 
LVL 1

Author Comment

by:hh_techservices
ID: 24395248
Thanks for the advice, we'll look into that route.  
0

Featured Post

NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question