Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[SRX] How to apply class-of-service in transparent mode?

0

0
Article ID: KB23234 KB Last Updated: 04 May 2012Version: 2.0 Summary:
This article provides information on how to setup the class-of-service on a SRX device, which is configured in the transparent (Bridge) mode.


Symptoms:
  • This case study is about BGP protocol control packets.

  • These packets should be placed in the network-control (NC) queue, as they are already coming in as tagged.

  • All SRX has to do is to honor the tag and place them in the NC DSCP queue to get higher priority.
  • In the end a general summary of what is currently supported in transparent mode is listed along with references.
Cause:

Solution:
Take an example of BGP packets. The goal is to honor BGP control packets, as they come marked with high priority; that is the Network Control queue in DSCP. SRX should place them in the NC queue, so that they get high priority.

The following output is taken from a chassis cluster; but it is valid for a standalone device as well. The packets are coming in from the reth0 interface and going out of the reth1 interface. The following output is before the configuration change:
SRX# run show class-of-service rewrite-rule
Rewrite rule: dscp-default, Code point type: dscp, Index: 31
  Forwarding class                    Loss priority       Code point
  best-effort                         low                 000000
  best-effort                         high                000000
  expedited-forwarding                low                 101110
  expedited-forwarding                high                101110
  assured-forwarding                  low                 001010
  assured-forwarding                  high                001100
  network-control                     low                 110000
  network-control                     high                111000

  Rewrite rule: dscp-ipv6-default, Code point type: dscp-ipv6, Index: 32
  Forwarding class                    Loss priority       Code point
  best-effort                         low                 000000
  best-effort                         high                000000
  expedited-forwarding                low                 101110
  expedited-forwarding                high                101110
  assured-forwarding                  low                 001010
  assured-forwarding                  high                001100
  network-control                     low                 110000
  network-control                     high                111000

SRX# run show interfaces reth0 extensive | match "Queue|3 network"
  Egress queues: 8 supported, 4 in use
  Queue counters:       Queued packets  Transmitted packets      Dropped packets
    3 network-cont                   0                    0         0 < packets not shown
  Queue number:         Mapped forwarding classes


SRX# run show interfaces xe-1/0/0 extensive | match "Q
  CoS queues     : 8 supported, 4 maximum usable queues
  Egress queues: 8 supported, 4 in use
  Queue counters:       Queued packets  Transmitted packets      Dropped packets
    3 network-cont                   0                    0         0 < packets not shown
  Queue number:         Mapped forwarding classes
    CoS transmit queue               Bandwidth               Buffer Priority   Limit
    3 network-control         5      500000000     5              0      low    none
  



SRX# run show interfaces reth1 extensive | match "Queue|3 network"
  Egress queues: 8 supported, 4 in use
  Queue counters:       Queued packets  Transmitted packets      Dropped packets
    3 network-cont            0               0                      0 < packets not shown
  Queue number:         Mapped forwarding classes
  


SRX# run show interfaces xe-1/0/1 extensive | match "Queue|3 network"
  CoS queues     : 8 supported, 4 maximum usable queues
  Egress queues: 8 supported, 4 in use
  Queue counters:       Queued packets  Transmitted packets      Dropped packets
  3 network-cont              0                0                     0 < packets not shown
  Queue number:         Mapped forwarding classes
    CoS transmit queue               Bandwidth               Buffer Priority   Limit
    3 network-control         5      500000000     5              0      low    none

After making the following configuration change, you can see that the packets are marked in the correct queue.  
SRX3400# show class-of-service
interfaces {
    reth0 {
        unit 0 {
            classifiers {
                ieee-802.1 default; < Apply classifier to interface
            }
            rewrite-rules {
                dscp default;       < Apply the default dscp rewrite rule
            }
        }
    }
    reth1 {
        unit 0 {
            classifiers {
                ieee-802.1 default;
            }
            rewrite-rules {
                dscp default;
            }
        }
    }
}


SRX# ...s reth0 extensive | match "Queue counter|3 net
  Queue counters:       Queued packets  Transmitted packets      Dropped packets
    3 network-cont                 758                  758         0 < packets queued correctly


SRX# ...ow interfaces reth1 extensive | match "Queue c
  Queue counters:       Queued packets  Transmitted packets      Dropped packets
    3 network-cont                 394                  394        0 < packets queued correctly 

=====================================================================================================
Devices operating in Layer 2 transparent mode support the following Class-of-Service (CoS) functions:
=====================================================================================================

IEEE 802.1p behavior aggregate (BA) classifiers to determine the forwarding treatment for packets entering the device.

Note that only IEEE 802.1p BA classifier types are supported on devices operating in transparent mode.

Rewrite rules to redefine IEEE 802.1 CoS values in outgoing packets.

Note that rewrite rules that redefine IP precedence CoS values and Differentiated Services Code Point (DSCP) CoS values are not supported on devices operating in transparent mode.

-Shapers to apply rate limiting to an interface.
-Schedulers that define the properties of an output queue.

For more information about CoS components and configuring CoS on SRX Series devices, see "Junos OS Class of Service Configuration Guide" for Security Devices. Here is the link;

http://www.juniper.net/techpubs/en_US/junos12.1/information-products/topic-collections/security/software-all/class-of-service/index.html?book-junos-security-swconfig-cos.html


You configure BA classifiers and rewrite rules on transparent mode devices in the same way as on devices operating in Layer 3 mode. 

For transparent mode devices, however, you apply BA classifiers and rewrite rules only to logical interfaces configured with the family bridge configuration statement. 

For more information about configuring Layer 2 logical interfaces, see Configuring Layer 2 Logical Interfaces.

http://www.juniper.net/techpubs/software/junos-security/junos-security10.2/junos-security-swconfig-interfaces-and-routing/transparent-mode-cos-overview-section.html
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search