Forum Discussion
NimbostratusDSCP / ToS in UDP Profile not working
Hi,
When we assign a custom UDP profile to the server side on a Virtual Server, the custom profile has no effect to the outgoing packet. Here we apply a specific value to the ToS :
root@(bigip)(cfg-sync Standalone)(Active)(/NWP)(tmos) list ltm profile udp udp_dscp
ltm profile udp udp_dscp {
app-service none
defaults-from /Common/udp
ip-tos-to-client 42
}
Here is the VS :
root@(bigip)(cfg-sync Standalone)(Active)(/NWP)(tmos) list ltm virtual vs_dns
ltm virtual vs_dns {
destination 10.10.1.100:domain
ip-protocol udp
mask 255.255.255.255
partition NWP
pool dns_pool
profiles {
/Common/udp {
context clientside
}
udp_dscp {
context serverside
}
}
source 0.0.0.0/0
source-address-translation {
type automap
}
translate-address enabled
translate-port enabled
vlans {
/Common/VLAN1010
}
vlans-enabled
vs-index 2
}
If client send DNS query (UDP port 53), the VS proxy the query to the backend DNS server. But the value of ToS is still zero [00, the second byte that is after 45] as shown below :
[root@bigip:Active:Standalone] tmp tcpdump -X -nni VLAN172 port 53
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on VLAN172, link-type EN10MB (Ethernet), capture size 65535 bytes
12:11:21.568618 IP 172.16.1.33.53144 > 172.16.20.1.53: 63798+ A? f5trn.lab. (27) out slot1/tmm1 lis=/NWP/vs_dns
0x0000: 4500 0037 5025 4000 ff11 be4d ac10 0121 E..7P%@....M...!
0x0010: ac10 1401 cf98 0035 0023 6d77 f936 0100 .......5.mw.6..
0x0020: 0001 0000 0000 0000 0566 3574 726e 036c .........f5trn.l
0x0030: 6162 0000 0100 0101 1001 0000 010b 2f4e ab............/N
0x0040: 5750 2f76 735f 646e 73 WP/vs_dns
12:11:21.570893 IP 172.16.20.1.53 > 172.16.1.33.53144: 63798 NXDomain 0/1/0 (68) in slot1/tmm1 lis=/NWP/vs_dns
0x0000: 4500 0060 2c00 0000 4011 e14a ac10 1401 E..`,...@..J....
0x0010: ac10 0121 0035 cf98 004c 5ca1 f936 8183 ...!.5...L\..6..
0x0020: 0001 0000 0001 0000 0566 3574 726e 036c .........f5trn.l
0x0030: 6162 0000 0100 01c0 1200 0600 0100 0010 ab..............
0x0040: 6700 1dc0 1204 726f 6f74 c012 0000 0006 g.....root......
0x0050: 0001 5180 0000 0e10 0024 ea00 0009 3a80 ..Q......$....:.
0x0060: 0110 0101 0001 0b2f 4e57 502f 7673 5f64 ......./NWP/vs_d
0x0070: 6e73 ns
^C
2 packets captured
2 packets received by filter
0 packets dropped by kernel
What am I doing wrong in the configuration ? or is it really the custom UDP profile was not used for this type of traffic ?
Thank you for your input and regards.
1 Reply
nwputra_225841There is another option to set DSCP, that is in pool parameter :
By setting Pool Advanced Parameter, ToS to Server, we are able to mark the outgoing packet :
[root@bigip:Active:Standalone] tmp tmsh list ltm pool /NWP/dns_pool ltm pool /NWP/dns_pool { ip-tos-to-server 42 members { /NWP/server1:domain { address 172.16.20.1 } } partition NWP }Using the parameter, I can apply DSCP to the outgoing packet.
09:08:00.312106 IP 172.16.1.33.51840 > 172.16.20.1.53: 44978+ A? f5trn.lab. (27) out slot1/tmm1 lis=/NWP/vs_dns 0x0000: 452a 0037 ed5e 4000 ff11 20ea ac10 0121 E*.7.^@........! 0x0010: ac10 1401 ca80 0035 0023 6d77 afb2 0100 .......5.mw.... 0x0020: 0001 0000 0000 0000 0566 3574 726e 036c .........f5trn.l 0x0030: 6162 0000 0100 0101 1001 0000 010b 2f4e ab............/N 0x0040: 5750 2f76 735f 646e 73 WP/vs_dns 09:08:00.317369 IP 172.16.20.1.53 > 172.16.1.33.51840: 44978 NXDomain 0/1/0 (68) in slot1/tmm1 lis=/NWP/vs_dns 0x0000: 4500 0060 2c00 0000 4011 e14a ac10 1401 E..`,...@..J.... 0x0010: ac10 0121 0035 ca80 004c 2624 afb2 8183 ...!.5...L&$.... 0x0020: 0001 0000 0001 0000 0566 3574 726e 036c .........f5trn.l 0x0030: 6162 0000 0100 01c0 1200 0600 0100 0029 ab.............) 0x0040: ec00 1dc0 1204 726f 6f74 c012 0000 0006 ......root...... 0x0050: 0001 5180 0000 0e10 0024 ea00 0009 3a80 ..Q......$....:. 0x0060: 0110 0101 0001 0b2f 4e57 502f 7673 5f64 ......./NWP/vs_d 0x0070: 6e73 nsStill it did not answer the question about why protocol profile does not have any effect to the VS.
