ON THIS PAGE
Example: Configuring and Verifying Two-Rate Tricolor Marking
This topic provides several examples of how you can configure and verify two-rate tricolor marking policers and includes the following sections:
Requirements
No special configuration beyond device initialization is required before configuring this example.
Overview
This example configures a two-rate tricolor marking policer on an input Gigabit Ethernet interface and shows commands to verify its operation.
Traffic enters the Gigabit Ethernet interface and exits a SONET/SDH OC12 interface. Oversubscription occurs when you send line-rate traffic from the Gigabit Ethernet interface out the OC12 interface.
Configuration
To configure two-rate tricolor marking policers, perform these tasks:
- CLI Quick Configuration
- Example: Applying a Policer to an Input Interface
- Example: Applying Profiles to an Output Interface
- Example: Marking Packets with Medium-Low Loss Priority
- Results
CLI Quick Configuration
To quickly configure this example, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, and then copy and paste the commands into the CLI at the [edit] hierarchy level.
Applying a Policer to an Input Interface
set interfaces ge-1/2/1 unit 0 family inet filter input trtcm-filter set firewall three-color-policer trtcm1 two-rate color-aware set firewall three-color-policer trtcm1 two-rate committed-information-rate 100m set firewall three-color-policer trtcm1 two-rate committed-burst-size 65536 set firewall three-color-policer trtcm1 two-rate peak-information-rate 200m set firewall three-color-policer trtcm1 two-rate peak-burst-size 131072 set firewall filter trtcm-filter term one then three-color-policer two-rate trtcm1
Applying Profiles to an Output Interface
set class-of-service drop-profiles low-tcm fill-level 80 drop-probability 100 set class-of-service drop-profiles med-tcm fill-level 40 drop-probability 100 set class-of-service drop-profiles high-tcm fill-level 10 drop-probability 100 set class-of-service tri-color set class-of-service interfaces so-1/1/0 scheduler-map tcm-sched set class-of-service scheduler-maps tcm-sched forwarding-class queue-0 scheduler q0-sched set class-of-service scheduler-maps tcm-sched forwarding-class queue-3 scheduler q3-sched set class-of-service schedulers q0-sched transmit-rate percent 50 set class-of-service schedulers q0-sched buffer-size percent 50 set class-of-service schedulers q0-sched drop-profile-map loss-priority low protocol any drop-profile low-tcm set class-of-service schedulers q0-sched drop-profile-map loss-priority medium-high protocol any drop-profile med-tcm set class-of-service schedulers q0-sched drop-profile-map loss-priority high protocol any drop-profile high-tcm set class-of-service schedulers q3-sched transmit-rate percent 50 set class-of-service schedulers q3-sched buffer-size percent 50
Marking Packets with Medium-Low Loss Priority
set interfaces ge-1/2/1 unit 0 family inet filter input 4PLP set interfaces ge-1/2/1 unit 0 family inet policer input 4PLP set interfaces ge-1/2/1 unit 0 family inet address 10.45.10.2/30 set firewall three-color-policer trTCM two-rate color-blind set firewall three-color-policer trTCM two-rate committed-information-rate 400m set firewall three-color-policer trTCM two-rate committed-burst-size 100m set firewall three-color-policer trTCM two-rate peak-information-rate 1g set firewall three-color-policer trTCM two-rate peak-burst-size 500m set firewall policer 4PLP if-exceeding bandwidth-limit 40k set firewall policer 4PLP if-exceeding burst-size-limit 4k set firewall policer 4PLP then loss-priority medium-low set firewall family inet filter 4PLP term 0 from precedence 1 set firewall family inet filter 4PLP term 0 then loss-priority medium-low set firewall family inet filter filter_trTCM term default then three-color-policer two-rate trTCM
Example: Applying a Policer to an Input Interface
Step-by-Step Procedure
In the following example, the tricolor marking and policer are applied on the ingress Gigabit Ethernet interface. Incoming packets are metered. Packets that do not exceed the CIR are marked with low loss priority. Packets that exceed the CIR, but do not exceed the PIR, are marked with medium-high loss priority. Packets that exceed the PIR are marked with high loss priority.
The following example requires that you navigate various levels in the configuration hierarchy. For information about navigating the CLI, see Using the CLI Editor in Configuration Mode in the Junos OS CLI User Guide.
Configure the three-color policer.
[edit] user@host# edit firewall three-color-policer trtcm1 two-rate user@host# set committed-information-rate 100m user@host# set committed-burst-size 65536 user@host# set peak-information-rate 200m user@host# set peak-burst-size 131072
Configure the policer in a firewall filter.
[edit] user@host# set firewall filter trtcm-filter term one then three-color-policer two-rate trtcm1
Apply the firewall filter (policer) as an input filter on the logical interface.
[edit] user@host# edit interfaces ge-1/2/1 unit 0 family inet user@host# set filter input trtcm-filter
Confirm the configuration.
[edit] user@host# show
interfaces { ge-1/2/1 { unit 0 { family inet { filter { input trtcm-filter; } } } } firewall { three-color-policer trtcm1 { two-rate { color-aware; committed-information-rate 100m; committed-burst-size 65536; peak-information-rate 200m; peak-burst-size 131072; } } filter trtcm-filter { term one { then { three-color-policer { two-rate trtcm1; } } } } }Save the configuration.
[edit] user@host# commit
Example: Applying Profiles to an Output Interface
Step-by-Step Procedure
In the following example, transmission scheduling and weighted random early detection (WRED) profiles are applied on the output OC12 interface. The software drops traffic in the low, medium-high, and high drop priorities proportionally to the configured drop profiles.
Define the drop profile.
[edit] user@host# edit class-of-service user@host# set drop-profiles low-tcm fill-level 80 drop-probability 100 user@host# set drop-profiles med-tcm fill-level 40 drop-probability 100 user@host# set drop-profiles high-tcm fill-level 10 drop-probability 100 user@host# set tri-color
Specify the scheduler name and parameter values.
[edit class-of-service] user@host# set schedulers q0-sched transmit-rate percent 50 user@host# set schedulers q0-sched buffer-size percent 50 user@host# set schedulers q0-sched drop-profile-map loss-priority low protocol any drop-profile low-tcm user@host# set schedulers q0-sched drop-profile-map loss-priority medium-high protocol any drop-profile med-tcm user@host# set schedulers q0-sched drop-profile-map loss-priority high protocol any drop-profile high-tcm user@host# set schedulers q3-sched transmit-rate percent 50 user@host# set schedulers q3-sched buffer-size percent 50
Specify a scheduler map name and associate it with the scheduler configuration and forwarding class.
[edit class-of-service] user@host# set scheduler-maps tcm-sched forwarding-class queue-0 scheduler q0-sched user@host# set scheduler-maps tcm-sched forwarding-class queue-3 scheduler q3-sched
Apply the scheduler map to the interface.
[edit class-of-service] user@host# set interfaces so-1/1/0 scheduler-map tcm-sched
Verify the configuration.
[edit class-of-service]user@host showdrop-profiles { low-tcm { fill-level 80 drop-probability 100; } med-tcm { fill-level 40 drop-probability 100; } high-tcm { fill-level 10 drop-probability 100; } } tri-color; interfaces { so-1/1/0 { scheduler-map tcm-sched; } scheduler-maps { tcm-sched { forwarding-class queue-0 scheduler q0-sched; forwarding-class queue-3 scheduler q3-sched; } } schedulers { q0-sched { transmit-rate percent 50; buffer-size percent 50; drop-profile-map loss-priority low protocol any drop-profile low-tcm; drop-profile-map loss-priority medium-high protocol any drop-profile med-tcm; drop-profile-map loss-priority high protocol any drop-profile high-tcm; } q3-sched { transmit-rate percent 50; buffer-size percent 50; } }Save the configuration.
[edit] user@host# commit
Example: Marking Packets with Medium-Low Loss Priority
Step-by-Step Procedure
In the following example, the 4PLP filter and policer causes certain packets to be marked with medium-low loss priority.
The following example requires that you navigate various levels in the configuration hierarchy. For information about navigating the CLI, see Using the CLI Editor in Configuration Mode in the Junos OS CLI User Guide.
Configure the firewall filter.
Define the three-color policer.
[edit] user@host# edit firewall three-color-policer trTCM two-rate user@host# set color-blind user@host# set committed-information-rate 400m user@host# set committed-burst-size 100m user@host# set peak-information-rate 1g user@host# set peak-burst-size 500m
Configure policer rate limits and actions.
[edit] user@host# edit firewall policer 4PLP user@host# set if-exceeding bandwidth-limit 40k user@host# set if-exceeding burst-size-limit 4k user@host# set then loss-priority medium-low
Configure the IPv4 firewall filter.
[edit] user@host# edit firewall family inet filter 4PLP term 0 user@host# set from precedence 1 user@host# set then loss-priority medium-low
Define the terms of the IPv4 firewall filter.
[edit] user@host# edit firewall family inet filter filter_trTCM user@host# set term default then three-color-policer two-rate trTCM
Apply the filter to the interface.
[edit] user@host# edit interfaces ge-1/2/1 unit 0 family inet user@host# set filter input 4PLP user@host# set policer input 4PLP user@host# set address 10.45.10.2/30
Results
Confirm your configuration by entering the show
interfaces and show firewall commands. If the output
does not display the intended configuration, repeat the instructions
in this example to correct the configuration.
[edit] user@host# show
interfaces {
ge-1/2/1 {
unit 0 {
family inet {
filter {
input 4PLP;
}
policer {
input 4PLP;
}
address 10.45.10.2/30;
}
}
}
}
firewall {
three-color-policer trTCM {
two-rate {
color-blind;
committed-information-rate 400m;
committed-burst-size 100m;
peak-information-rate 1g;
peak-burst-size 500m;
}
}
policer 4PLP {
if-exceeding {
bandwidth-limit 40k;
burst-size-limit 4k;
}
then loss-priority medium-low;
}
family inet {
filter 4PLP {
term 0 {
from {
precedence 1;
}
then loss-priority medium-low;
}
}
filter trtcm-filter {
term one {
then {
three-color-policer {
two-rate trtcm1;
}
}
}
}
}
Verification
Confirm that the configuration is working properly.
Verifying Two-Rate Tricolor Marking Operation
Purpose
Action
The following operational mode commands are useful for checking the results of your configuration:
show class-of-service forwarding-table classifiersshow interfaces interface-name extensiveshow interfaces queue interface-name
For information about these commands, see the CLI Explorer.