Wouldn't you also have to mark this on the CPE device? (return path) I don't think the ping you send marked comes back as the *same* ping. The return ping has the entire IP header plus some of the data from the ICMP header in the datagram portion of the return ping which has a new TCP header thus removing the DSCP code on return.
On Nov 29, 2012, at 9:37 AM, Dylan Bouterse wrote: > Wouldn't that be a consistent thing or maybe change between firmware versions? > > Scott Reed wrote: >> There any many things that don't/can't get marked on switched interfaces >> because the packets stay on the switch chip rather than get handled by the >> OS. I don't know if that is you problem here or not, but it could be. >> >> On 11/29/2012 8:47 AM, Dylan Bouterse wrote: >>> This was working at one point but now is not. We are trying to identify >>> traffic inbound to the network and mark it with DSCP 46 so it will be >>> prioritized on our Canopy network. We are using an RB1100 on the >>> passthrough ports (bridge) and doing the following: >>> >>> add action=change-dscp chain=prerouting disabled=no >>> dst-address-list=sip_provider_servers new-dscp=46 passthrough=yes >>> src-address-list=sip_provider_customers >>> add action=change-dscp chain=prerouting disabled=no >>> dst-address-list=sip_provider_customers new-dscp=46 passthrough=yes >>> src-address-list=sip_provider_servers >>> add action=mark-connection chain=prerouting disabled=no >>> dst-address-list=sip_provider_servers new-connection-mark=sip_provider >>> passthrough=yes src-address-list=sip_provider_customers >>> add action=mark-connection chain=prerouting disabled=no >>> dst-address-list=sip_provider_customers new-connection-mark=sip_provider >>> passthrough=yes src-address-list=sip_provider_servers >>> >>> I can see the outbound counters on the Canopy SM (inbound on the AP) >>> increment but not the other way around. I test it by putting my IP in the >>> servers list and ping the public of the customer. This is how we tested it >>> when we implemented it and it was working. What am I missing? >>> >>> Dylan >>> _______________________________________________ >>> Mikrotik mailing list >>> [email protected] >>> http://www.butchevans.com/mailman/listinfo/mikrotik >>> >>> Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS >>> >>> >>> ----- >>> No virus found in this message. >>> Checked by AVG - www.avg.com >>> Version: 2013.0.2793 / Virus Database: 2624/5883 - Release Date: 11/08/12 >>> Internal Virus Database is out of date. >>> >>> >> > _______________________________________________ > Mikrotik mailing list > [email protected] > http://www.butchevans.com/mailman/listinfo/mikrotik > > Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS _______________________________________________ Mikrotik mailing list [email protected] http://www.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS
