Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[SRX] SRX device behavior when packets are received with a special DSCP value

0

0

Article ID: KB33067 KB Last Updated: 08 Oct 2018Version: 1.0
Summary:

This article describes the behavior of an SRX device when it receives packets with a special Differentiated Services code point (DSCP) value, and explains what should be done to have them processed with higher priority.

 

Cause:

Customers may sometimes want to know how an SRX device processes pass-through packets with a special DSCP value, and may want to change the processing priority of these packets.

 

Solution:

By default, when packets with a special DSCP value pass through an SRX device, the device processes them as normal packets without any special actions.

For example, consider that some packets with DSCP af11 enter via ge-0/0/1 and exit via ge-0/0/0:

root@SRX345# run show interfaces ge-0/0/0 detail <<<Check in the egress interface.

   Input  packets:                  554                    0 pps
   Output packets:                  554                    0 pps
  Egress queues: 8 supported, 4 in use

  Queue counters:   Queued packets  Transmitted packets    Dropped packets
    0                          554                  554                  0  <<<<
    1                            0                    0                  0
    2                            0                    0                  0   
    3                            0                    0                  0

  Queue number:         Mapped forwarding classes
    0                   best-effort
    1                   expedited-forwarding
    2                   assured-forwarding
    3                   network-control
 

If these packets need to be processed with a higher priority, the following filter needs to be added:

set firewall family inet filter test1 term 1 from source-address 1.1.1.1/32  <<Change IP address as required.
set firewall family inet filter test1 term 1 from dscp af11  <<Change this based on your DSCP value.
set firewall family inet filter test1 term 1 then forwarding-class assured-forwarding  <<Or expedited-forwarding
set firewall family inet filter test1 term 2 then accept
set interfaces ge-0/0/1 unit 0 family inet filter input test1  <<Add the above filter into the ingress interface.
 

Verification

root@SRX345# run show interfaces ge-0/0/0 detail <<<Check in the egress interface.

   Input  packets:                  854                    0 pps
   Output packets:                  854                    0 pps
  Egress queues: 8 supported, 4 in use

  Queue counters:   Queued packets  Transmitted packets    Dropped packets
    0                          554                  554                  0
    1                            0                    0                  0
    2                          300                  300                  0   <<<here
    3                            0                    0                  0

  Queue number:         Mapped forwarding classes
    0                   best-effort
    1                   expedited-forwarding
    2                   assured-forwarding
    3                   network-control

 

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search