Understanding How Behavior Aggregate Classifiers Prioritize Trusted Traffic
The idea behind class of service (CoS) is that packets are not treated identically by the routers or switches on the network. In order to selectively apply service classes to specific packets, the packets of interest must be classified in some fashion.
The simplest way to classify a packet is to use behavior aggregate (BA) classification, also called the CoS value in this document. The DSCP, DSCP IPv6, or IP precedence bits of the IP header convey the behavior aggregate class information. The information might also be found in the MPLS EXP bits, IEEE 802.1ad, or IEEE 802.1p CoS bits.
Support was added for filtering on Differentiated Services Code Point (DSCP) and forwarding class for Routing Engine sourced packets, including IS-IS packets encapsulated in generic routing encapsulation (GRE). Subsequently, when upgrading from a previous version of Junos OS where you have both a class of service (CoS) and firewall filter, and both include DSCP or forwarding class filter actions, the criteria in the firewall filter automatically takes precedence over the CoS settings. The same is true when creating new configurations; that is, where the same settings exist, the firewall filter takes precedence over the CoS, regardless of which was created first.
BA classification is useful if the traffic comes from a trusted source and the CoS value in the packet header is trusted. If the traffic is untrusted, multifield classifiers (see Overview of Assigning Service Levels to Packets Based on Multiple Packet Header Fields) are used to classify packets based on multiple packet fields. It is common to use multifield classifiers to classify traffic at the ingress of a network, rewrite the packet headers (see Rewriting Packet Headers to Ensure Forwarding Behavior), then use the more efficient BA classification for transversing the network.
The BA classifier maps a CoS value in the packet header to a forwarding class and loss priority. The forwarding class determines the output queue. The loss priority is used by schedulers in conjunction with the random early detection (RED) algorithm to control packet discard during periods of congestion.
Figure 1 provides a high-level illustration of how a classifier works.
The types of BA classifiers are based on which part of the incoming packet the classifier examines:
-
DSCP, DSCP IPv6, or IP precedence—IP packet classification (Layer 3 headers)
-
MPLS EXP—MPLS packet classification (Layer 2 headers)
-
IEEE 802.1p—Packet classification (Layer 2 headers)
-
IEEE 802.1ad—Packet classification for IEEE 802.1ad formats (including DEI bit)
Unlike multifield classifiers (which are discussed in Overview of Assigning Service Levels to Packets Based on Multiple Packet Header Fields), BA classifiers are based on fixed-length fields, which makes them computationally more efficient than multifield classifiers. For this reason, core devices are normally configured to perform BA classification, because of the higher traffic volumes they handle.
In most cases, you need to rewrite a given marker (IP precedence, DSCP, IEEE 802.1p, IEEE 802.1ad, or MPLS EXP settings) at the ingress node to accommodate BA classification by core and egress devices. For more information about rewrite markers, see Rewriting Packet Headers to Ensure Forwarding Behavior.
If you apply an IEEE 802.1 classifier to a logical interface, this classifier takes precedence over any other classifier type. Classifiers for IEEE 802.1, IP (DSCP or IP precedence), and MPLS (EXP) can coexist on a logical interface.
If you carry more classes of traffic than the device can forward independently, you must configure the additional classes to be aggregated into one of the available classes. You use the BA classifier to configure class aggregation.
For a specified interface, you can configure both a multifield classifier and a BA classifier without conflicts. Because the classifiers are applied in sequential order if they are both either protocol specific or protocol independent, the BA classifier followed by the multifield classifier, any BA classification result is overridden by a multifield classifier if they conflict.
If you apply both a protocol-specific BA classifier and a protocol-independent
firewall filter together, the protocol-independent filter is processed before the
protocol-specific BA classifier, regardless or protocol family. firewall
family any filter
is protocol independent and will be always processed
before protocol-specific BA classifiers.
Fixed classification is protocol independent as well, hence, it is executed before any firewall filter.
For more information about multifield classifiers, see Overview of Assigning Service Levels to Packets Based on Multiple Packet Header Fields. For more information about protocol-independent filters, see Guidelines for Configuring Firewall Filters. For more information about fixed classification, see Applying Forwarding Classes to Interfaces.
If you do nothing to configure or assign classifiers, Junos OS automatically assigns an
implicit default IP precedence classifier to all logical interfaces that maps IP
precedence code points to best-effort
and
network-control
forwarding classes (mapped to queue 0 and queue 3
on routing devices, respectively). The default Junos OS CoS policy reserves 5 percent of
available bandwidth for network-control
traffic and 95 percent for
best-effort
traffic. Junos OS provides a range of default BA
classifiers that you can apply to logical interfaces and that map various CoS values to
assured-forwarding
and expedited-forwarding
forwarding classes as well as to the best-effort
and
network-control
forwarding classes. You can also define custom BA
classifiers that map any CoS value to any classifier you define.
The default Junos OS CoS policy, 95 percent of the bandwidth for queue 0 and 5 percent for queue 3 on routing devices (see Default Schedulers Overview), is in effect regardless of any custom BA classifier or forwarding class definitions, until you configure a custom scheduler (see Configuring Schedulers).
If you enable the MPLS protocol family on a logical interface, a default MPLS EXP classifier is automatically applied to that logical interface. This default EXP classifier (see Default MPLS EXP Classifier) maps the eight possible EXP code point values into a combination of the four default forwarding classes and loss priority values to be directly compatible with the default EXP rewrite rule (see Rewriting MPLS and IPv4 Packet Headers).
Other default classifiers (such as those for IEEE 802.1p bits and DSCP) require that you explicitly associate a default classification table with a logical interface. When you explicitly associate a default classifier with a logical interface, you are in effect overriding the implicit default classifier with an explicit default classifier.
Only the IEEE 802.1p classifier is supported in Layer 2-only interfaces. You must explicitly apply this classifier to the interface as shown in Default IEEE 802.1p Classifier.
Although several CoS values map to the expedited-forwarding (ef
) and
assured-forwarding (af
) classes, by default no resources are
assigned to these forwarding classes. All af
classes other than
af1x
are mapped to best-effort, because RFC 2597, Assured
Forwarding PHB Group, prohibits a node from aggregating classes.
You can apply IEEE 802.1p classifiers to interfaces that are part of VPLS routing instances.
Change History Table
Feature support is determined by the platform and release you are using. Use Feature Explorer to determine if a feature is supported on your platform.