ON THIS PAGE
Example: Remarking Diffserv Code Points to MPLS EXPs to Carry CoS Profiles Across a Service Provider’s L3VPN MPLS Network
This example is an introduction in how to rewrite (remark) DSCP class-of-service (CoS) code point values at the network border of a customer network and a service provider’s MPLS network while maintaining the original CoS profile of the traffic so that the traffic can be remarked with the original DSCP code points when it exits the MPLS network.
Requirements
To verify this procedure, this example uses a traffic generator. The traffic generator can be hardware-based or it can be software running on a server or host machine.
The functionality in this procedure is widely supported on devices that run Junos OS. The example shown here was tested and verified on MX Series routers running Junos OS Release 10.4.
Overview
The purpose of rewriting the IP DSCP code point values to MPLS EXP code point values is to carry the packet’s CoS profile across the service provider’s MPLS network. The rewriting is performed by the provider edge (PE) routers at the borders of the service provider’s network. See Figure 2.
Junos OS contains several DSCP default rewrite rules that might
meet your requirements. You display them with the show class-of-service
rewrite-rule
command. A partial set of the default rewrite DSCP
code point rule mappings is shown in the following table.
You can also define your own custom rewrite-rules table, or use a mixture of the default rewrite-rules and a custom table that you create. This example uses default rewrite-rules.
Map from Forwarding Class |
PLP Value |
MAP to DSCP/DSCP IPv6/EXP/IP Code Point Aliases |
---|---|---|
expedited-forwarding |
low |
ef |
expedited-forwarding |
high |
ef |
assured-forwarding |
low |
af11 |
assured-forwarding |
high |
af12 (DSCP/DSCP IPv6/EXP) |
best-effort |
low |
be |
best-effort |
high |
be |
network-control |
low |
nc1/cs6 |
network-control |
high |
nc2/cs7 |
Junos OS uses the values shown in the following table for MPLS CoS in the EXP fields of the MPLS header.
Forwarding Class |
Loss Priority |
EXP Code Point |
---|---|---|
best-effort |
low |
000 |
best-effort |
high |
001 |
expedited-forwarding |
low |
010 |
expedited-forwarding |
high |
011 |
assured-forwarding |
low |
100 |
assured-forwarding |
high |
101 |
network-control |
low |
110 |
network-control |
high |
111 |
Figure 1 shows the MPLS packet structure.
In addition to providing the necessary information to complete the purpose of this example, this example also includes all of the commands required to re-create the Layer 3 VPN (L3VPN) network as shown in Figure 2. A full explanation of the tasks required to configure an L3VPN network is not included in this example. If you require more information regarding configuring an L3VPN network, refer to the Layer 3 VPNs User Guide for Routing Devices available at http://juniper.net/documentation .
A thorough explanation of the required CoS rewriting and the underlying algorithms used in this example is beyond the scope of this document. For more information, refer to QOS-Enabled Networks—Tools and Foundations by Miguel Barreiros and Peter Lundqvist. This book is available at many online booksellers and at www.juniper.net/books .
Topology
This example uses the topology in Figure 2.
Configuration
Procedure
- CLI Quick Configuration
- Step-by-Step Procedure
- Step-by-Step Procedure
- Step-by-Step Procedure
- Step-by-Step Procedure
- Step-by-Step Procedure
- Step-by-Step Procedure
- Results
CLI Quick Configuration
To quickly configure this example,
copy the following commands, paste them into a text file, remove any
line breaks, change any details necessary to match your network configuration,
and then copy and paste the commands into the CLI at the [edit]
hierarchy level.
Device CE1
set interfaces ge-1/0/1 unit 0 description to-host set interfaces ge-1/0/1 unit 0 family inet address 172.16.50.2/30 set interfaces ge-1/0/1 unit 0 family inet filter input ip-v4 set interfaces ge-1/0/5 unit 0 description to_Provider set interfaces ge-1/0/5 unit 0 family inet address 10.80.0.1/30 set interfaces lo0 unit 1 description loopback-interface set interfaces lo0 unit 1 family inet address 192.168.0.1/32 set protocols bgp group to_Provider type external set protocols bgp group to_Provider export send-direct set protocols bgp group to_Provider peer-as 64511 set protocols bgp group to_Provider neighbor 10.80.0.2 set policy-options policy-statement send-direct from protocol direct set policy-options policy-statement send-direct then accept set routing-options router-id 192.168.0.1 set routing-options autonomous-system 64510 set firewall family inet filter ip-v4 term tcp80 from port 80 set firewall family inet filter ip-v4 term tcp80 then dscp ef set firewall family inet filter ip-v4 term 12345 from port 12345 set firewall family inet filter ip-v4 term 12345 then dscp be set firewall family inet filter ip-v4 term accept then accept
Device PE1
set interfaces ge-1/0/6 description to_vpna set interfaces ge-1/0/6 unit 0 family inet address 10.80.0.2/30 set interfaces ge-1/0/7 description to_P1 set interfaces ge-1/0/7 unit 0 family inet address 10.30.0.1/30 set interfaces ge-1/0/7 unit 0 family mpls set interfaces lo0 unit 0 description loopback-interface set interfaces lo0 unit 0 family inet address 10.255.70.31/32 set routing-options router-id 10.255.70.31 set routing-options autonomous-system 64511 set protocols mpls interface ge-1/0/7.0 set protocols bgp group to_PE2 type internal set protocols bgp group to_PE2 local-address 10.255.70.31 set protocols bgp group to_PE2 family inet-vpn unicast set protocols bgp group to_PE2 neighbor 172.30.14.1 set protocols ospf area 0.0.0.0 interface lo0.0 passive set protocols ospf area 0.0.0.0 interface ge-1/0/7.0 set protocols ldp interface ge-1/0/7.0 set protocols ldp interface lo0.0 set routing-instances vpna instance-type vrf set routing-instances vpna interface ge-1/0/6.0 set routing-instances vpna route-distinguisher 64511:1 set routing-instances vpna vrf-target target:64511:1 set routing-instances vpna protocols bgp group to_vpna type external set routing-instances vpna protocols bgp group to_vpna peer-as 64510 set routing-instances vpna protocols bgp group to_vpna neighbor 10.80.0.1 set class-of-service classifiers dscp dscpv4 forwarding-class expedited-forwarding loss-priority low code-points ef set class-of-service classifiers dscp dscpv4 forwarding-class best-effort loss-priority low code-points be set class-of-service classifiers exp exp-in forwarding-class expedited-forwarding loss-priority low code-points 010 set class-of-service classifiers exp exp-in forwarding-class best-effort loss-priority low code-points 000 set class-of-service interfaces ge-1/0/6 unit 0 classifiers dscp dscpv4 set class-of-service interfaces ge-1/0/6 unit 0 rewrite-rules dscp dscpv4-rw set class-of-service interfaces ge-1/0/7 unit 0 classifiers exp exp-in set class-of-service interfaces ge-1/0/7 unit 0 rewrite-rules exp exp-out set class-of-service rewrite-rules dscp dscpv4-rw forwarding-class expedited-forwarding loss-priority low code-point ef set class-of-service rewrite-rules dscp dscpv4-rw forwarding-class best-effort loss-priority low code-point be set class-of-service rewrite-rules exp exp-out forwarding-class expedited-forwarding loss-priority low code-point 010 set class-of-service rewrite-rules exp exp-out forwarding-class best-effort loss-priority low code-point 000
Device P1
set interfaces ge-1/0/3 description to_P2 set interfaces ge-1/0/3 unit 0 family inet address 10.40.0.1/30 set interfaces ge-1/0/3 unit 0 family mpls set interfaces ge-1/0/7 description to_PE1 set interfaces ge-1/0/7 unit 0 family inet address 10.30.0.2/30 set interfaces ge-1/0/7 unit 0 family mpls set interfaces lo0 unit 0 description loopback-interface set interfaces lo0 unit 0 family inet address 192.168.16.1/32 set routing-options router-id 10.255.187.32 set protocols mpls interface ge-1/0/7.0 set protocols mpls interface ge-1/0/3.0 set protocols ospf area 0.0.0.0 interface ge-1/0/3.0 set protocols ospf area 0.0.0.0 interface ge-1/0/7.0 set protocols ospf area 0.0.0.0 interface lo0.0 passive set protocols ldp interface ge-1/0/3.0 set protocols ldp interface ge-1/0/7.0 set protocols ldp interface lo0.0
Device P2
set interfaces ge-2/0/6 description to_P1 set interfaces ge-2/0/6 unit 0 family inet address 10.40.0.2/30 set interfaces ge-2/0/6 unit 0 family mpls set interfaces ge-2/0/8 description to_PE2 set interfaces ge-2/0/8 unit 0 family inet address 10.50.0.1/30 set interfaces ge-2/0/8 unit 0 family mpls set interfaces lo0 unit 0 description loopback-interface set interfaces lo0 unit 0 family inet address 192.168.13.1/32 set routing-options router-id 192.168.187.3 set protocols mpls interface ge-2/0/6.0 set protocols mpls interface ge-2/0/8.0 set protocols ospf area 0.0.0.0 interface ge-2/0/6.0 set protocols ospf area 0.0.0.0 interface ge-2/0/8.0 set protocols ospf area 0.0.0.0 interface lo0.0 passive set protocols ldp interface ge-2/0/6.0 set protocols ldp interface ge-2/0/8.0 set protocols ldp interface lo0.0
Device PE2
set interfaces ge-2/0/8 description to-R1 set interfaces ge-2/0/8 unit 0 family inet address 10.50.0.2/30 set interfaces ge-2/0/8 unit 0 family mpls set interfaces ge-2/1/1 unit 0 description to-vpna set interfaces ge-2/1/1 unit 0 family inet address 10.90.0.1/30 set interfaces ge-2/1/7 unit 0 family inet address 10.0.31.2/30 set interfaces lo0 unit 0 description loopback-interface set interfaces lo0 unit 0 family inet address 172.30.14.1 set routing-options router-id 172.30.14.1 set routing-options autonomous-system 64511 set protocols mpls interface ge-2/0/8.0 set protocols bgp group to_PE2 type internal set protocols bgp group to_PE2 local-address 172.30.14.1 set protocols bgp group to_PE2 family inet-vpn unicast set protocols bgp group to_PE2 neighbor 10.255.70.31 set protocols ospf area 0.0.0.0 interface ge-2/0/8.0 set protocols ospf area 0.0.0.0 interface lo0.0 passive set protocols ldp interface ge-2/0/8.0 set protocols ldp interface lo0.0 set routing-instances vpna instance-type vrf set routing-instances vpna interface ge-2/1/1.0 set routing-instances vpna route-distinguisher 64511:1 set routing-instances vpna vrf-target target:64511:1 set routing-instances vpna protocols bgp group to_vpna type external set routing-instances vpna protocols bgp group to_vpna peer-as 64512 set routing-instances vpna protocols bgp group to_vpna neighbor 10.90.0.2 set class-of-service classifiers dscp dscpv4 forwarding-class expedited-forwarding loss-priority low code-points ef set class-of-service classifiers dscp dscpv4 forwarding-class best-effort loss-priority low code-points be set class-of-service classifiers exp exp-in forwarding-class expedited-forwarding loss-priority low code-points 010 set class-of-service classifiers exp exp-in forwarding-class best-effort loss-priority low code-points 000 set class-of-service interfaces ge-2/0/8 unit 0 classifiers exp exp-in set class-of-service interfaces ge-2/0/8 unit 0 rewrite-rules exp exp-out set class-of-service interfaces ge-2/1/1 unit 0 classifiers dscp dscpv4 set class-of-service interfaces ge-2/1/1 unit 0 rewrite-rules dscp dscpv4-rw set class-of-service rewrite-rules dscp dscpv4-rw forwarding-class expedited-forwarding loss-priority low code-point ef set class-of-service rewrite-rules dscp dscpv4-rw forwarding-class best-effort loss-priority low code-point be set class-of-service rewrite-rules exp exp-out forwarding-class expedited-forwarding loss-priority low code-point 010 set class-of-service rewrite-rules exp exp-out forwarding-class best-effort loss-priority low code-point 000
Device CE2
set interfaces ge-2/0/7 unit 0 description to-host set interfaces ge-2/0/7 unit 0 family inet address 172.16.80.2/30 set interfaces ge-2/0/7 unit 0 family inet filter input ip-v4 set interfaces ge-2/1/2 unit 0 description to-Provider set interfaces ge-2/1/2 unit 0 family inet address 10.90.0.2/30 set interfaces lo0 unit 1 description loopback-interface set interfaces lo0 unit 1 family inet address 192.168.0.2/32 set protocols bgp group to_Provider type external set protocols bgp group to_Provider export send-direct set protocols bgp group to_Provider peer-as 64511 set protocols bgp group to_Provider neighbor 10.90.0.1 set policy-options policy-statement send-direct from protocol direct set policy-options policy-statement send-direct then accept set routing-options router-id 192.168.0.2 set routing-options autonomous-system 64512 set firewall family inet filter ip-v4 term tcp80 from port 80 set firewall family inet filter ip-v4 term tcp80 then dscp ef set firewall family inet filter ip-v4 term 12345 from port 12345 set firewall family inet filter ip-v4 term 12345 then dscp be set firewall family inet filter ip-v4 term accept then accept
Step-by-Step Procedure
The following example requires you to navigate various levels in the configuration hierarchy. For information about navigating the CLI, see Using the CLI Editor in Configuration Mode in the Junos OS CLI User Guide.
To configure Device CE1:
Configure the device interfaces.
[edit ] user@CE1# set interfaces ge-1/0/1 unit 0 description to-host user@CE1# set interfaces ge-1/0/1 unit 0 family inet address 172.16.50.2/30 user@CE1# set interfaces ge-1/0/1 unit 0 family inet filter input ip-v4 user@CE1# set interfaces ge-1/0/5 unit 0 description to_Provider user@CE1# set interfaces ge-1/0/5 unit 0 family inet address 10.80.0.1/30 user@CE1# set interfaces lo0 unit 1 description loopback-interface user@CE1# set interfaces lo0 unit 1 family inet address 192.168.0.1/32
Configure the BGP parameters
[edit ] user@CE1# set protocols bgp group to_Provider type external user@CE1# set protocols bgp group to_Provider export send-direct user@CE1# set protocols bgp group to_Provider peer-as 64511 user@CE1# set protocols bgp group to_Provider neighbor 10.80.0.2
Configure the policy option parameters.
[edit ] user@CE1# set policy-options policy-statement send-direct from protocol direct user@CE1# set policy-options policy-statement send-direct then accept
Configure the routing option parameters.
[edit ] user@CE1# set routing-options router-id 192.168.0.1 user@CE1# set routing-options autonomous-system 64510
Configure the DSCP code point rewrite parameters.
[edit ] user@CE1# set firewall family inet filter ip-v4 term tcp80 from port 80 user@CE1# set firewall family inet filter ip-v4 term tcp80 then dscp ef user@CE1# set firewall family inet filter ip-v4 term 12345 from port 12345 user@CE1# set firewall family inet filter ip-v4 term 12345 then dscp be user@CE1# set firewall family inet filter ip-v4 term accept then accept
Step-by-Step Procedure
To configure Device PE1:
Configure the device interfaces.
[edit ] user@PE1# set interfaces ge-1/0/6 description to_vpna user@PE1# set interfaces ge-1/0/6 unit 0 family inet address 10.80.0.2/30 user@PE1# set interfaces ge-1/0/7 description to_P1 user@PE1# set interfaces ge-1/0/7 unit 0 family inet address 10.30.0.1/30 user@PE1# set interfaces ge-1/0/7 unit 0 family mpls user@PE1# set interfaces lo0 unit 0 description loopback-interface user@PE1# set interfaces lo0 unit 0 family inet address 10.255.70.31/32
Configure the routing option parameters.
[edit ] user@PE1# set routing-options router-id 10.255.70.31 user@PE1# set routing-options autonomous-system 64511
Configure the protocol parameters.
user@PE1# set protocols mpls interface ge-1/0/7.0 user@PE1# set protocols bgp group to_PE2 type internal user@PE1# set protocols bgp group to_PE2 local-address 10.255.70.31 user@PE1# set protocols bgp group to_PE2 family inet-vpn unicast user@PE1# set protocols bgp group to_PE2 neighbor 172.30.14.1 user@PE1# set protocols ospf area 0.0.0.0 interface lo0.0 passive user@PE1# set protocols ospf area 0.0.0.0 interface ge-1/0/7.0 user@PE1# set protocols ldp interface ge-1/0/7.0 user@PE1# set protocols ldp interface lo0.0
Configure the routing instance parameters.
[edit ] user@PE1# set routing-instances vpna instance-type vrf user@PE1# set routing-instances vpna interface ge-1/0/6.0 user@PE1# set routing-instances vpna route-distinguisher 64511:1 user@PE1# set routing-instances vpna vrf-target target:64511:1 user@PE1# set routing-instances vpna protocols bgp group to_vpna type external user@PE1# set routing-instances vpna protocols bgp group to_vpna peer-as 64510 user@PE1# set routing-instances vpna protocols bgp group to_vpna neighbor 10.80.0.1
Configure the class-of-service parameters that perform the DSCP code point to MPLS EXP rewriting.
user@PE1# set class-of-service classifiers dscp dscpv4 forwarding-class expedited-forwarding loss-priority low code-points ef user@PE1# set class-of-service classifiers dscp dscpv4 forwarding-class best-effort loss-priority low code-points be user@PE1# set class-of-service classifiers exp exp-in forwarding-class expedited-forwarding loss-priority low code-points 010 user@PE1# set class-of-service classifiers exp exp-in forwarding-class best-effort loss-priority low code-points 000 user@PE1# set class-of-service interfaces ge-1/0/6 unit 0 classifiers dscp dscpv4 user@PE1# set class-of-service interfaces ge-1/0/6 unit 0 rewrite-rules dscp dscpv4-rw user@PE1# set class-of-service interfaces ge-1/0/7 unit 0 classifiers exp exp-in user@PE1# set class-of-service interfaces ge-1/0/7 unit 0 rewrite-rules exp exp-out user@PE1# set class-of-service rewrite-rules dscp dscpv4-rw forwarding-class expedited-forwarding loss-priority low code-point ef user@PE1# set class-of-service rewrite-rules dscp dscpv4-rw forwarding-class best-effort loss-priority low code-point be user@PE1# set class-of-service rewrite-rules exp exp-out forwarding-class expedited-forwarding loss-priority low code-point 010 user@PE1# set class-of-service rewrite-rules exp exp-out forwarding-class best-effort loss-priority low code-point 000
Step-by-Step Procedure
To configure Device P1:
Configure the device interfaces.
[edit ] user@P1# set interfaces ge-1/0/3 description to_P2 user@P1# set interfaces ge-1/0/3 unit 0 family inet address 10.40.0.1/30 user@P1# set interfaces ge-1/0/3 unit 0 family mpls user@P1# set interfaces ge-1/0/7 description to_PE1 user@P1# set interfaces ge-1/0/7 unit 0 family inet address 10.30.0.2/30 user@P1# set interfaces ge-1/0/7 unit 0 family mpls user@P1# set interfaces lo0 unit 0 description loopback-interface user@P1# set interfaces lo0 unit 0 family inet address 192.168.16.1/32
Configure the routing option parameters.
[edit ] user@P1# set routing-options router-id 10.255.187.32
Configure the protocol parameters.
[edit ] user@P1# set protocols mpls interface ge-1/0/7.0 user@P1# set protocols mpls interface ge-1/0/3.0 user@P1# set protocols ospf area 0.0.0.0 interface ge-1/0/3.0 user@P1# set protocols ospf area 0.0.0.0 interface ge-1/0/7.0 user@P1# set protocols ospf area 0.0.0.0 interface lo0.0 passive user@P1# set protocols ldp interface ge-1/0/3.0 user@P1# set protocols ldp interface ge-1/0/7.0 user@P1# set protocols ldp interface lo0.0
Step-by-Step Procedure
To configure Device P2:
Configure the device interfaces.
[edit ] user@P2# set interfaces ge-2/0/6 description to_P1 user@P2# set interfaces ge-2/0/6 unit 0 family inet address 10.40.0.2/30 user@P2# set interfaces ge-2/0/6 unit 0 family mpls user@P2# set interfaces ge-2/0/8 description to_PE2 user@P2# set interfaces ge-2/0/8 unit 0 family inet address 10.50.0.1/30 user@P2# set interfaces ge-2/0/8 unit 0 family mpls user@P2# set interfaces lo0 unit 0 description loopback-interface user@P2# set interfaces lo0 unit 0 family inet address 192.168.13.1/32
Configure the routing option parameters.
[edit ] user@P2# set routing-options router-id 192.168.187.3
Configure the protocol parameters.
[edit ] user@P2# set protocols mpls interface ge-2/0/6.0 user@P2# set protocols mpls interface ge-2/0/8.0 user@P2# set protocols ospf area 0.0.0.0 interface ge-2/0/6.0 user@P2# set protocols ospf area 0.0.0.0 interface ge-2/0/8.0 user@P2# set protocols ospf area 0.0.0.0 interface lo0.0 passive user@P2# set protocols ldp interface ge-2/0/6.0 user@P2# set protocols ldp interface ge-2/0/8.0 user@P2# set protocols ldp interface lo0.0
Step-by-Step Procedure
To configure Device PE2:
Configure the device interfaces.
[edit ] user@PE2# set interfaces ge-2/0/8 description to-R1 user@PE2# set interfaces ge-2/0/8 unit 0 family inet address 10.50.0.2/30 user@PE2# set interfaces ge-2/0/8 unit 0 family mpls user@PE2# set interfaces ge-2/1/1 unit 0 description to-vpna user@PE2# set interfaces ge-2/1/1 unit 0 family inet address 10.90.0.1/30 user@PE2# set interfaces lo0 unit 0 description loopback-interface user@PE2# set interfaces lo0 unit 0 family inet address 172.30.14.1/32
Configure the routing option parameters.
[edit ] user@PE2# set routing-options router-id 172.30.14.1 user@PE2# set routing-options autonomous-system 64511
Configure the protocol parameters.
[edit ] user@PE2# set protocols mpls interface ge-2/0/8.0 user@PE2# set protocols bgp group to_PE2 type internal user@PE2# set protocols bgp group to_PE2 local-address 172.30.14.1 user@PE2# set protocols bgp group to_PE2 family inet-vpn unicast user@PE2# set protocols bgp group to_PE2 neighbor 10.255.70.31 user@PE2# set protocols ospf area 0.0.0.0 interface ge-2/0/8.0 user@PE2# set protocols ospf area 0.0.0.0 interface lo0.0 passive user@PE2# set protocols ldp interface ge-2/0/8.0 user@PE2# set protocols ldp interface lo0.0
Configure the routing instance parameters.
[edit ] user@PE2# set routing-instances vpna instance-type vrf user@PE2# set routing-instances vpna interface ge-2/1/1.0 user@PE2# set routing-instances vpna route-distinguisher 64511:1 user@PE2# set routing-instances vpna vrf-target target:64511:1 user@PE2# set routing-instances vpna protocols bgp group to_vpna type external user@PE2# set routing-instances vpna protocols bgp group to_vpna peer-as 64512 user@PE2# set routing-instances vpna protocols bgp group to_vpna neighbor 10.90.0.2
Configure the class-of-service parameters that perform the DSCP code point to MPLS EXP rewriting.
[edit ] user@PE2# set class-of-service classifiers dscp dscpv4 forwarding-class expedited-forwarding loss-priority low code-points ef user@PE2# set class-of-service classifiers dscp dscpv4 forwarding-class best-effort loss-priority low code-points be user@PE2# set class-of-service classifiers exp exp-in forwarding-class expedited-forwarding loss-priority low code-points 010 user@PE2# set class-of-service classifiers exp exp-in forwarding-class best-effort loss-priority low code-points 000 user@PE2# set class-of-service interfaces ge-2/0/8 unit 0 classifiers exp exp-in user@PE2# set class-of-service interfaces ge-2/0/8 unit 0 rewrite-rules exp exp-out user@PE2# set class-of-service interfaces ge-2/1/1 unit 0 classifiers dscp dscpv4 user@PE2# set class-of-service interfaces ge-2/1/1 unit 0 rewrite-rules dscp dscpv4-rw user@PE2# set class-of-service rewrite-rules dscp dscpv4-rw forwarding-class expedited-forwarding loss-priority low code-point ef user@PE2# set class-of-service rewrite-rules dscp dscpv4-rw forwarding-class best-effort loss-priority low code-point be user@PE2# set class-of-service rewrite-rules exp exp-out forwarding-class expedited-forwarding loss-priority low code-point 010 user@PE2# set class-of-service rewrite-rules exp exp-out forwarding-class best-effort loss-priority low code-point 000
Step-by-Step Procedure
To configure Device CE2:
Configure the device interfaces.
[edit ] user@CE2# set interfaces ge-2/0/7 unit 0 description to-host user@CE2# set interfaces ge-2/0/7 unit 0 family inet address 172.16.80.2/30 user@CE2# set interfaces ge-2/0/7 unit 0 family inet filter input ip-v4 user@CE2# set interfaces ge-2/1/2 unit 0 description to-Provider user@CE2# set interfaces ge-2/1/2 unit 0 family inet address 10.90.0.2/30 set interfaces lo0 unit 1 description loopback-interface set interfaces lo0 unit 1 family inet address 192.168.0.2/32
Configure the protocol parameters.
[edit ] user@CE2# set protocols bgp group to_Provider type external user@CE2# set protocols bgp group to_Provider export send-direct user@CE2# set protocols bgp group to_Provider peer-as 64511 user@CE2# set protocols bgp group to_Provider neighbor 10.90.0.1
Configure the policy option parameters.
[edit ] user@CE2# set policy-options policy-statement send-direct from protocol direct user@CE2# set policy-options policy-statement send-direct then accept
Configure the routing option parameters.
[edit ] user@CE2# set routing-options router-id 192.168.0.2 user@CE2# set routing-options autonomous-system 64512
Configure the DSCP code point rewrite parameters.
[edit ] user@CE2# set firewall family inet filter ip-v4 term tcp80 from port 80 user@CE2# set firewall family inet filter ip-v4 term tcp80 then dscp ef user@CE2# set firewall family inet filter ip-v4 term 12345 from port 12345 user@CE2# set firewall family inet filter ip-v4 term 12345 then dscp be user@CE2# set firewall family inet filter ip-v4 term accept then accept
Results
From configuration mode, confirm your configuration
by entering the show interfaces
, show protocols
, show policy-options
, show routing-options
, show routing-instances
, show firewall
, and show class-of-service
commands. If the output does not display
the intended configuration, repeat the instructions in this example
to correct the configuration.
user@CE1# show interfaces ge-1/0/1 { unit 0 { description to-host; family inet { filter { input ip-v4; } address 172.16.50.2/30; } } } ge-1/0/5 { unit 0 { description to_Provider; family inet { address 10.80.0.1/30; } } } lo0 { unit 1 { description loopback-interface; family inet { address 192.168.0.1/32; } } }
user@CE1# show protocols bgp { group to_Provider { type external; export send-direct; peer-as 64511; neighbor 10.80.0.2; } }
user@CE1# show policy-options policy-statement send-direct { from protocol direct; then accept; }
user@CE1# show routing-options router-id 192.168.0.1; autonomous-system 64510;
user@CE1# show firewall family inet { filter ip-v4 { term tcp80 { from { port 80; } then dscp ef; } term 12345 { from { port 12345; } then dscp be; } term accept { then accept; } } }
If you are done configuring Device CE1, enter commit
from configuration mode.
user@PE1# show interfaces ge-1/0/6 { description to_vpna; unit 0 { family inet { address 10.80.0.2/30; } } } ge-1/0/7 { description to_P1; unit 0 { family inet { address 10.30.0.1/30; } family mpls; } } lo0 { unit 0 { description loopback-interface; family inet { address 10.255.70.31/32; } } }
user@PE1# show protocols mpls { interface ge-1/0/7.0; } bgp { group to_PE2 { type internal; local-address 10.255.70.31; family inet-vpn { unicast; } neighbor 172.30.14.1; } } ospf { area 0.0.0.0 { interface lo0.0 { passive; } interface ge-1/0/7.0; } } ldp { interface ge-1/0/7.0; interface lo0.0; }
user@PE1# show routing-options router-id 10.255.70.31; autonomous-system 64511;
user@PE1# show routing-instances vpna { instance-type vrf; interface ge-1/0/6.0; route-distinguisher 64511:1; vrf-target target:64511:1; protocols { bgp { group to_vpna { type external; peer-as 64510; neighbor 10.80.0.1; } } } }
user@PE1# show class-of-service classifiers { dscp dscpv4 { forwarding-class expedited-forwarding { loss-priority low code-points ef; } forwarding-class best-effort { loss-priority low code-points be; } } exp exp-in { forwarding-class expedited-forwarding { loss-priority low code-points 010; } forwarding-class best-effort { loss-priority low code-points 000; } } } interfaces { ge-1/0/6 { unit 0 { classifiers { dscp dscpv4; } rewrite-rules { dscp dscpv4-rw; } } } ge-1/0/7 { unit 0 { classifiers { exp exp-in; } rewrite-rules { exp exp-out; } } } } rewrite-rules { dscp dscpv4-rw { forwarding-class expedited-forwarding { loss-priority low code-point ef; } forwarding-class best-effort { loss-priority low code-point be; } } exp exp-out { forwarding-class expedited-forwarding { loss-priority low code-point 010; } forwarding-class best-effort { loss-priority low code-point 000; } } }
If you are done configuring Device PE1, enter commit
from configuration mode.
user@P1# show interfaces ge-1/0/3 { description to_P2; unit 0 { family inet { address 10.40.0.1/30; } family mpls; } } ge-1/0/7 { description to_PE1; unit 0 { family inet { address 10.30.0.2/30; } family mpls; } } lo0 { unit 0 { description loopback-interface; family inet { address 192.168.16.1/32; } } }
user@P1# show protocols mpls { interface ge-1/0/7.0; interface ge-1/0/3.0; } ospf { area 0.0.0.0 { interface ge-1/0/3.0; interface ge-1/0/7.0; interface lo0.0 { passive; } } } ldp { interface ge-1/0/3.0; interface ge-1/0/7.0; interface lo0.0; }
user@P1# show routing-options router-id 10.255.187.32;
If you are done configuring Device P1, enter commit
from configuration mode.
user@P2# show interfaces ge-2/0/6 { description to_P1; unit 0 { family inet { address 10.40.0.2/30; } family mpls; } } ge-2/0/8 { description to_PE2; unit 0 { family inet { address 10.50.0.1/30; } family mpls; } } lo0 { unit 0 { description loopback-interface; family inet { address 192.168.13.1/32; } } }
user@P2# show protocols mpls { interface ge-2/0/6.0; interface ge-2/0/8.0; } ospf { area 0.0.0.0 { interface ge-2/0/6.0; interface ge-2/0/8.0; interface lo0.0 { passive; } } } ldp { interface ge-2/0/6.0; interface ge-2/0/8.0; interface lo0.0; }
user@P2# show routing-options router-id 192.168.187.3;
If you are done configuring Device P2, enter commit
from configuration mode.
user@PE2# show interfaces
ge-2/0/8 { description to-R1; unit 0 { family inet { address 10.50.0.2/30; } family mpls; } } ge-2/1/1 { unit 0 { description to-vpna; family inet { address 10.90.0.1/30; } } } lo0 { unit 0 { description loopback-interface; family inet { address 172.30.14.1/32; } } }
user@PE2# show protocols mpls { interface ge-2/0/8.0; } bgp { group to_PE1 { type internal; local-address 172.30.14.1; family inet-vpn { unicast; } neighbor 10.255.70.31; } } ospf { area 0.0.0.0 { interface ge-2/0/8.0; interface lo0.0 { passive; } } } ldp { interface ge-2/0/8.0; interface lo0.0; }
user@PE2# show routing-options router-id 172.30.14.1; autonomous-system 64511;
user@PE2# show routing-instances vpna { instance-type vrf; interface ge-2/1/1.0; route-distinguisher 64511:1; vrf-target target:64511:1; protocols { bgp { group to_vpna { type external; peer-as 64512; neighbor 10.90.0.2; } } } }
user@PE2# show class-of-service classifiers { dscp dscpv4 { forwarding-class expedited-forwarding { loss-priority low code-points ef; } forwarding-class best-effort { loss-priority low code-points be; } } exp exp-in { forwarding-class expedited-forwarding { loss-priority low code-points 010; } forwarding-class best-effort { loss-priority low code-points 000; } } } interfaces { ge-2/0/8 { unit 0 { classifiers { exp exp-in; } rewrite-rules { exp exp-out; } } } ge-2/1/1 { unit 0 { classifiers { dscp dscpv4; } rewrite-rules { dscp dscpv4-rw; } } } } rewrite-rules { dscp dscpv4-rw { forwarding-class expedited-forwarding { loss-priority low code-point ef; } forwarding-class best-effort { loss-priority low code-point be; } } exp exp-out { forwarding-class expedited-forwarding { loss-priority low code-point 010; } forwarding-class best-effort { loss-priority low code-point 000; } } }
If you are done configuring Device PE2, enter commit
from configuration mode.
user@CE2# show interfaces ge-2/0/7 { unit 0 { description to-host; family inet { filter { input ip-v4; } address 172.16.80.2/30; } } } ge-2/1/2 { unit 0 { description to-Provider; family inet { address 10.90.0.2/30; } } } lo0 { unit 1 { description loopback-interface; family inet { address 192.168.0.2/32; } } }
user@CE2# show protocols bgp { group to_Provider { type external; export send-direct; peer-as 64511; neighbor 10.90.0.1; } }
user@CE2# show policy-options policy-statement send-direct { from protocol direct; then accept; }
user@CE2# show routing-options router-id 192.168.0.2; autonomous-system 64512;
user@CE2# show firewall family inet { filter ip-v4 { term tcp80 { from { port 80; } then dscp ef; } term 12345 { from { port 12345; } then dscp be; } term accept { then accept; } } }
If you are done configuring Device CE2, enter commit
from configuration mode.
Verification
Confirm that the configuration is working properly by verifying that the DSCP code points are maintained from CE1 to CE2.
- Clearing the Firewall Counters
- Sending Traffic into the Network from TCP HTTP Ports 80 and 12345 and Monitoring the Results
Clearing the Firewall Counters
Purpose
Confirm that the firewall counters are cleared.
Action
On Device CE2, run the clear firewall all
command to reset the firewall counters to 0.
user@CE2> clear firewall all
Sending Traffic into the Network from TCP HTTP Ports 80 and 12345 and Monitoring the Results
Purpose
Send traffic into the network from the host connected to Device CE1 so that it that can be monitored at Device CE2.
Action
A different firewall is required on interface ge-2/0/7 to count the traffic that is being transmitted outbound to the destination. The following commands apply the firewall filter that counts the marked traffic as it is transmitted to the destination.
To capture traffic at Device CE1, apply this command set interfaces ge-1/0/1 unit 0 family inet filter output count
, followed by the commands below.
To capture traffic at Device CE2, apply this command set interfaces ge-2/0/7 unit 0 family inet filter output count
, followed by the commands below.
set firewall family inet filter count term be from dscp be set firewall family inet filter count term be then count be set firewall family inet filter count term ef from dscp ef set firewall family inet filter count term ef then count ef set firewall family inet filter count term accept then accept set interfaces ge-2/0/7 unit 0 family inet filter output count
When you are done testing, you can leave the counting filter in place, or remove it.
On host 1 use a traffic generator to send 20 TCP packets with a source port of 80 into the network, and repeat the task using a source port of 12345.
[user@host]# hping 172.16.80.1 -s 80 -k -c 20 [user@host]# hping 172.16.80.1 -s 12345 -k -c 20
On Device CE2, check the firewall counters by using the
show firewall
command.user@CE2> show firewall Filter: __CE2/ip-v4 Filter: __CE2/count Counters: Name Bytes Packets be 800 20 ef 800 20
Meaning
The code point for TCP packets to port 12345 is maintained as be. The code point for TCP packets to port 80 is maintained as ef.