Solved

Confirm DSCP markings are passing end to end

Posted on 2009-05-14
5
730 Views
Last Modified: 2013-11-16
We're using AT&T MIS routers connected to Juniper SSG Firewalls.  The sites are connected using IPSEC tunnels so AT&T has no visibility into the DSCP markings on the packets in the VPN.  

Are there any utilities that I can use to monitor if the DSCP markings are traveling from end to end?
0
Comment
Question by:hh_techservices
  • 3
  • 2
5 Comments
 
LVL 3

Accepted Solution

by:
johnpitt earned 500 total points
ID: 24386605
You should be able to connect a sniffer on each end and compare the packets.
I would recommend using ATT MPLS as an alternative to doing your own encryption. They have COS built in.
Just my opinion on that.

For a sniffer, I use STD.
0
 
LVL 3

Expert Comment

by:johnpitt
ID: 24386622
Sorry, I meant to say I use Ethereal on the STD boot CD.
0
 
LVL 1

Author Closing Comment

by:hh_techservices
ID: 31581543
I think having AT&T manage the internal network might have been a better idea... at this point, we're just using MIS and our Juniper devices are handling the encryption between the sites, but since the traffic is encapsulated in a IPSEC VPN, AT&T has no visibility into the packets, so essentially all the DSCP markings we send out (in the VPN tunnel) are useless.

Thanks for your suggestion on Ethereal.... I've been using that with mixed results so far.

0
 
LVL 3

Expert Comment

by:johnpitt
ID: 24394590
I ran into the same thing. There was no way of making ATT prioritize traffic since they could not see any of the QOS stuff on my packets. I had poor VOIP quality to say the least. I dropped the Cisco encryption and allowed ATT to manage the QOS and all works really well now.
Good luck.
0
 
LVL 1

Author Comment

by:hh_techservices
ID: 24395248
Thanks for the advice, we'll look into that route.  
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Suggested Solutions

Creating an OSPF network that automatically (dynamically) reroutes network traffic over other connections to prevent network downtime.
Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now