ON THIS PAGE
Example: Configuring and Applying Rewrite Rules on a Security Device
This example shows how to configure and apply rewrite rules for a device.
Requirements
Before you begin, create and configure the forwarding classes.
Overview
You can configure rewrite rules to replace CoS values on packets received from the customer or host with the values expected by other devices. You do not have to configure rewrite rules if the received packets already contain valid CoS values. Rewrite rules apply the forwarding class information and packet loss priority used internally by the device to establish the CoS value on outbound packets. After you configure rewrite rules, you must apply them to the correct interfaces.
In this example, you configure the rewrite rule for DiffServ CoS as rewrite-dscps. You specify the best-effort forwarding class as be-class, expedited forwarding class as ef-class, an assured forwarding class as af-class, and a network control class as nc-class. Finally, you apply the rewrite rule to an IRB interface.
You can apply one rewrite rule to each logical interface.
Table 1 shows how the rewrite rules replace the DSCPs on packets in the four forwarding classes.
mf-classifier Forwarding Class |
For CoS Traffic Type |
rewrite-dscps Rewrite Rules |
---|---|---|
be-class |
Best-effort traffic—Provides no special CoS handling of packets. Typically, RED drop profile is aggressive and no loss priority is defined. |
Low-priority code point: 000000 High-priority code point: 000001 |
ef-class |
Expedited forwarding traffic—Provides low loss, low delay, low jitter, assured bandwidth, and end-to-end service. Packets can be forwarded out of sequence or dropped. |
Low-priority code point: 101110 High-priority code point: 101111 |
af-class |
Assured forwarding traffic—Provides high assurance for packets within the specified service profile. Excess packets are dropped. |
Low-priority code point: 001010 High-priority code point: 001100 |
nc-class |
Network control traffic—Packets can be delayed, but not dropped. |
Low-priority code point: 110000 High-priority code point: 110001 |
Forwarding classes can be configured in a DSCP rewriter and also as an action of an IDP policy to rewrite DSCP code points. To ensure that the forwarding class is used as an action in an IDP policy, it is important that you do not configure an IDP policy and interface-based rewrite rules with the same forwarding class.
Configuration
Procedure
CLI Quick Configuration
To quickly configure this example, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, copy and paste the commands into the CLI at the [edit]
hierarchy level, and then enter commit
from the configuration mode.
set class-of-service rewrite-rules dscp rewrite-dscps forwarding-class be-class loss-priority low code-point 000000 set class-of-service rewrite-rules dscp rewrite-dscps forwarding-class be-class loss-priority high code-point 000001 set class-of-service rewrite-rules dscp rewrite-dscps forwarding-class ef-class loss-priority low code-point 101110 set class-of-service rewrite-rules dscp rewrite-dscps forwarding-class ef-class loss-priority high code-point 101111 set class-of-service rewrite-rules dscp rewrite-dscps forwarding-class af-class loss-priority low code-point 001010 set class-of-service rewrite-rules dscp rewrite-dscps forwarding-class af-class loss-priority high code-point 001100 set class-of-service rewrite-rules dscp rewrite-dscps forwarding-class nc-class loss-priority low code-point 110000 set class-of-service rewrite-rules dscp rewrite-dscps forwarding-class nc-class loss-priority high code-point 110001 set class-of-service interfaces irb unit 0 rewrite-rules dscp rewrite-dscps
Step-by-Step Procedure
The following example requires you to navigate various levels in the configuration hierarchy. For instructions on how to do that, see Using the CLI Editor in Configuration Mode in the CLI User Guide.
To configure and apply rewrite rules for a device:
Configure rewrite rules for DiffServ CoS.
[edit] user@host# edit class-of-service user@host# edit rewrite-rules dscp rewrite-dscps
Configure best-effort forwarding class rewrite rules.
[edit class-of-service rewrite-rules dscp rewrite-dscps] user@host# set forwarding-class be-class loss-priority low code-point 000000 user@host# set forwarding-class be-class loss-priority high code-point 000001
Configure expedited forwarding class rewrite rules.
[edit class-of-service rewrite-rules dscp rewrite-dscps] user@host# set forwarding-class ef-class loss-priority low code-point 101110 user@host# set forwarding-class ef-class loss-priority high code-point 101111
Configure assured forwarding class rewrite rules.
[edit class-of-service rewrite-rules dscp rewrite-dscps] user@host# set forwarding-class af-class loss-priority low code-point 001010 user@host# set forwarding-class af-class loss-priority high code-point 001100
Configure network control class rewrite rules.
[edit class-of-service rewrite-rules dscp rewrite-dscps] user@host# set forwarding-class nc-class loss-priority low code-point 110000 user@host# set forwarding-class nc-class loss-priority high code-point 110001
Apply rewrite rules to an IRB interface.
[edit class-of-service] user@host# set interfaces irb unit 0 rewrite-rules dscp rewrite-dscps
Results
From configuration mode, confirm your configuration by entering the show class-of-service
command. If the output does not display the intended configuration, repeat the configuration instructions in this example to correct it.
[edit]
user@host# show class-of-service
interfaces {
irb {
unit 0 {
rewrite-rules {
dscp rewrite-dscps;
}
}
}
}
rewrite-rules {
dscp rewrite-dscps {
forwarding-class be-class {
loss-priority low code-point 000000;
loss-priority high code-point 000001;
}
forwarding-class ef-class {
loss-priority low code-point 101110;
loss-priority high code-point 101111;
}
forwarding-class af-class {
loss-priority low code-point 001010;
loss-priority high code-point 001100;
}
forwarding-class nc-class {
loss-priority low code-point 110000;
loss-priority high code-point 110001;
}
}
}
If you are done configuring the device, enter commit
from configuration mode.
Verification
Verifying Rewrite Rules Configuration
Purpose
Verify that rewrite rules are configured properly.
Action
From operational mode, enter the show class-of-service interface irb
command.
user@host> show class-of-service interface irb Physical interface: irb, Index: 130 Maximum usable queues: 8, Queues in use: 4 Scheduler map: <default> , Index: 2 Congestion-notification: Disabled Logical interface: irb.10, Index: 71 Object Name Type Index Rewrite-Output rewrite-dscps dscp 17599 Classifier ipprec-compatibility ip 13
Meaning
Rewrite rules are configured on IRB interface as expected.