ON THIS PAGE
Example: Configure Different Queuing and Marking Defaults for Outbound Routing Engine and Distributed Protocol Handler Traffic
This example shows how to configure a supported router in an IPv4 network so that traffic generated by the Routing Engine and traffic generated by the distributed protocol handler are assigned to different non-default queues and marked with different non-default DiffServ code point (DSCP) bits on all egress interfaces.
This configuration enables you to configure network-wide prioritization to control plane protocol hello packets and keep-alive packets generated by the router. This feature is supported for egress interfaces.
Requirements
This example uses the following hardware and software components:
Two MX80 routers, R1 and R2, each with a 20-port Gigabit Ethernet MIC with SFP. The two routers are directly connected over an IPv4 network.
Junos OS Release 13.2 or later.
Before you configure this example, configure a Bidirectional Forwarding Detection (BFD) session from port ge-1/0/19 on Router R1 and port ge-1/1/0 on Router R2.
Overview
In this example, you configure an MX80 router in an IPv4 network so that traffic generated by the Routing Engine and traffic generated by the distributed protocol handler are assigned to different non-default queues and marked with different non-default DSCP bits.
Distributed protocol handler sourced traffic is placed in queue 7 on all egress interfaces. Of those packets, Layer 3 packets are marked at egress with DSCP bits 001010.
Routing Engine sourced traffic is placed in queue 6 on all egress interfaces. Of those packets, Layer 3 packets are marked at egress with DSCP bits 000011.
Because the MX80 router in this example has interfaces hosted
on a 20-port Gigabit Ethernet MIC with SFP, you can override the default
queuing and DSCP marking behavior of host outbound traffic by including
configuration statements at the [edit class-of-service host-outbound-traffic] hierarchy level. In this example, you use the forwarding-class and dscp-code-point statements to specify the override
values for traffic generated by the distributed protocol handler.
This configuration also affects traffic generated by the Routing Engine.
To configure different queuing and DSCP marking of Routing Engine
sourced traffic, you must apply a second override configuration. You
configure an IPv4 firewall filter that uses the forwarding-class and dscp actions to specify the override values, and
you attach that filter to the egress of the router loopback address.
This configuration affects the Routing Engine sourced traffic but
not the distributed protocol handler sourced traffic.
Configuration
To configure different queuing and DSCP marking defaults for egress Routing Engine and distributed protocol handler traffic, perform these tasks:
- CLI Quick Configuration
- Configuring R1 Packet Counting
- Configuring R2 Queuing and Re-Marking of Host Outbound Traffic
- Configuring R2 Queuing and Re-Marking of Routing Engine Sourced Traffic
CLI Quick Configuration
To quickly configure this example, copy the
following commands, paste them into a text file, remove any line breaks,
change any details necessary to match your network configuration,
and then copy and paste the commands into the CLI at the [edit] hierarchy level.
Router R1
set firewall family inet filter f_bfd_source term 1 from forwarding-class control-traffic then count c_sent_bfd set firewall family inet filter f_bfd_source term 1 then accept set firewall family inet filter f_bfd_source term 2 from forwarding-class-except control-traffic then count c_sent_other set firewall family inet filter f_bfd_source term 2 then accept set forwarding-options family inet filter output bfd_source
Router R2
set class-of-service forwarding-classes queue-num 7 bfd_keepalive set class-of-service host-outbound-traffic forwarding-class bfd_keepalive set class-of-service host-outbound-traffic dscp-code-point 110000 set class-of-service forwarding-classes queue-num 6 re_control set firewall family inet filter f_out_loopback term 1 then forwarding-class re_control set firewall family inet filter f_out_loopback term 1 then dscp 001010 set firewall family inet filter f_out_loopback term 1 then accept set interfaces lo0 unit 0 family inet filter output f_out_loopback
Configuring R1 Packet Counting
Step-by-Step Procedure
To configure Router R1 to count packets that arrive marked
for the network-control forwarding class:
Configure the IPv4 firewall filter term that counts packets marked for the
network-controlforwarding class.[edit] user@R1# set firewall family inet filter f_bfd_source term 1 from forwarding-class control-traffic then count c_sent_bfd user@R1# set firewall family inet filter f_bfd_source term 1 then accept
Configure the IPv4 firewall filter term that counts all other packets.
[edit] user@R1# set firewall family inet filter f_bfd_source term 2 from forwarding-class-except control-traffic then count c_sent_other user@R1# set firewall family inet filter f_bfd_source term 2 then accept
Apply the firewall filter to all egress packets.
[edit] user@R1# set forwarding-options family inet filter output bfd_source
Configuring R2 Queuing and Re-Marking of Host Outbound Traffic
Step-by-Step Procedure
To configure Router R2 to place host outbound traffic in queue 7 and re-mark Layer 3 packets with DSCP bits 110000:
Define the
bfd_keepaliveforwarding class and map it to queue 7.[edit] user@R2# set class-of-service forwarding-classes queue-num 7 bfd_keepalive
Configure the router to place distributed protocol handler sourced traffic (and also Routing Engine sourced traffic) in queue 7 on all egress interfaces.
[edit] user@R2# set class-of-service host-outbound-traffic forwarding-class bfd_keepalive
Configure the router to re-mark Layer 3 distributed protocol handler sourced traffic (and also Routing Engine sourced traffic) with DSCP bits 110000, which is compatible with ToS bits 1100 0000.
[edit] user@R2# set class-of-service host-outbound-traffic dscp-code-point 110000
Configuring R2 Queuing and Re-Marking of Routing Engine Sourced Traffic
Step-by-Step Procedure
To configure Router R2 to place Routing Engine sourced traffic only in queue 6 and re-mark Layer 3 packets with DSCP bits 001010:
Define the
re_controlforwarding class and map it to queue 6.[edit] user@R2# set class-of-service forwarding-classes queue-num 6 re_control
Define the IPv4 firewall filter
f_out_loopbackthat places matched packets in queue 6, re-marks matched Layer 3 packets with DSCP bits 001010, and accepts all matched packets.[edit] user@R2# set firewall family inet filter f_out_loopback term 1 then forwarding-class re_control user@R2# set firewall family inet filter f_out_loopback term 1 then dscp 001010 user@R2# set firewall family inet filter f_out_loopback term 1 then accept
Attach the filter to the output of the router’s loopback address so that the filter actions apply to Routing Engine sourced traffic only.
[edit] user@R2# set interfaces lo0 unit 0 family inet filter output f_out_loopback
If you are done configuring the device, commit the configuration.
[edit] user@R2# commit
Results
From configuration mode, confirm your configuration
by entering the show class-of-service, show firewall, show forwarding-options, and show interfaces commands. If the output does not display the intended configuration,
repeat the configuration instructions in this example to correct it.
Router R1
user@R1# show firewall
family inet {
filter f_bfd_source {
term 1 {
from {
forwarding-class control-traffic;
}
then {
count c_sent_bfd;
accept;
}
}
term 2 {
from {
forwarding-class-except control-traffic;
}
then {
count c_sent_other;
accept;
}
}
}
}
user@R1# show forwarding-options
family inet {
filter {
output bfd_source;
}
}
Router R2
user@R2# show class-of-service
forwarding-classes {
queue-num 6 re_control;
queue-num 7 bfd_keepalive;
}
host-outbound-traffic {
forwarding-class bfd_keepalive;
dscp-code-point 110000;
}
user@R2# show firewall
family inet {
filter f_out_loopback {
term 1 {
then {
forwarding-class re_control;
dscp 001010;
accept;
}
}
}
}
user@R2# show interfaces
lo0 {
unit 0 {
family inet {
filter {
output f_out_loopback;
}
}
}
}
Verification
Before you begin verification, enable BFD sessions on both routers.
Confirm that the configuration is working properly.
- Verifying the Queue Assignment of the Traffic That R1 Is Sending in the BFD Session
- Verifying That Router R1 Is Sending BFD Traffic
- Verifying That Router R2 Is Receiving BFD Traffic
Verifying the Queue Assignment of the Traffic That R1 Is Sending in the BFD Session
Purpose
Verify the class of service (CoS) forwarding class assignments and type of traffic sent from the BFD source endpoint on Router R1.
Action
From operational mode on Router R1, check that BFD packets are sent out the session endpoint on Router R1. With no CoS configuration present, the command output displays statistics about queued and transmitted traffic for the four forwarding classes and four egress queues in use.
user@R1> show interfaces queue ge-1/0/19 egress
Physical interface: ge-1/0/19, Enabled, Physical link is Up
Interface index: 175, SNMP ifIndex: 121
Forwarding classes: 8 supported, 4 in use
Egress queues: 4 supported, 4 in use
Queue: 0, Forwarding classes: best-effort
Queued:
...
Transmitted:
...
Queue: 1, Forwarding classes: expedited-forwarding
Queued:
...
Transmitted:
...
Queue: 2, Forwarding classes: assured-forwarding
Queued:
...
Transmitted:
...
Queue: 3, Forwarding classes: network-control
Queued:
...
Transmitted:
...
Meaning
The statistics for egress queue 3 reflect BFD session traffic sent to Router R2.
Verifying That Router R1 Is Sending BFD Traffic
Purpose
Verify that Router R1 is sending BFD packets from its BFD session endpoint.
Action
From operational mode on Router R1, check that the count of BFD packets that R1 sends out the BFD session endpoint continues to increment.
user@R1> clear firewall filter f_bfd_source user@R1> show firewall filter f_bfd_source Filter: bfd_source Counters: Name Bytes Packets c_sent_bfd 2770 70 c_sent_other 0 0
user@R1> show firewall filter f_bfd_source Filter: bfd_source Counters: Name Bytes Packets c_sent_bfd 2182022 39482 c_sent_other 0 0
Verifying That Router R2 Is Receiving BFD Traffic
Purpose
Verify that Router R2 is receiving BFD packets at its BFD session endpoint.
Action
From operational mode on router R2, check that the BFD
session endpoint receives packets destined for the Routing Engine
with DSCP bits set to 110000, the default DSCP CoS value for the network-control forwarding class. The DSCP bits 110000 map
to ToS bits 1100 0000, or 0xC0.
user@R2> monitor traffic extensive ge-1/1/0 layer2-headers
Address resolution is ON. Use <no-resolve> to avoid any reverse lookup delay.
Address resolution timeout is 4s.
Listening on ge-1/1/0, capture size 1514 bytes
03:23:10.830472 bpf_flags 0x83, In
Juniper PCAP Flags [Ext, no-L2, In], PCAP Extension(s) total length 16
Device Media Type Extension TLV #3, length 1, value: Ethernet (1)
Logical Interface Encapsulation Extension TLV #6, length 1, value: Ethernet (14)
Device Interface Index Extension TLV #1, length 2, value: 132
Logical Interface Index Extension TLV #4, length 4, value: 68
-----original packet-----
PFE proto 2 (ipv4): (tos 0xc0, ttl 255, id 1511, offset 0, flags [none], proto: UDP (17), length: 52) 10.1.1.1.bfd-src > 10.1.1.2.bfd-ip: [udp sum ok]
BFDv1, length: 24
One-hop Control, State Up, Flags: [Control Plane Independent], Diagnostic: No Diagnostic (0x00)
Detection Timer Multiplier: 3 (30000 ms Detection time), BFD Length: 24
My Discriminator: 0x00000002, Your Discriminator: 0x00000001
Desired min Tx Interval: 10000 ms
Required min Rx Interval: 10000 ms
Required min Echo Interval: 0 ms
Meaning
The example input packet entry confirms that the original
packet was marked with tos 0xC0, which correlates
to the default forwarding class network-control.