Rewrite rules - Junos Class of service
By Aravind
Class of service has multiple parts
- Behavioural Aggregate Classifier
- Policing
- Multifield Classifier
- Shaping
- Rewrite rules
In this section, we talk about rewrite rules in specific. This is needed if we need to mark traffic so that following nodes can place the packets in the right queue accordingly. The rewrite rules will do a rewrite on the packet header based on the type chosen (DSCP, EXP, IP preference bits). The rewrite rule helps in mapping the traffic to the right forwarding classes and PLP.
Configuration
Method1: Using forwarding classes and queues
Set up forwarding class
set class-of-service forwarding-classes queue 1 DEFAULT
set class-of-service forwarding-classes queue 1 priority low
Create EXP rules
set class-of-service rewrite-rules exp EXP-REWRITE import EXP-REWRITE
set class-of-service rewrite-rules exp EXP-REWRITE forwarding-class DEFAULT loss-priority low code-point 011
Mark rewrite rules to interface
set class-of-service interfaces ge-0/0/0 unit 0 rewrite-rules exp EXP-REWRITE protocol mpls-any
set class-of-service interfaces ge-0/0/0 unit 0 rewrite-rules exp EXP-REWRITE protocol mpls-inet-both
If traffic is transit traffic. Classify them to the queue
set firewall family inet filter CLASSIFY interface-specific
set firewall family inet filter CLASSIFY term default then count CLASSIFY
set firewall family inet filter CLASSIFY term default then forwarding-class exp3
set firewall family inet filter CLASSIFY term default then next term
set firewall family inet filter CLASSIFY term last then accept
Apply filter on the ingress traffic to classify
set interfaces ge-0/0/1 unit 0 family inet filter input CLASSIFY
If traffic generated by Host (optional. Such as lo0)
set class-of-service host-outbound-traffic forwarding-class DEFAULT
Verification
Notice that traffic is on queue 1
root@vsrx# run show interfaces queue
Physical interface: ge-0/0/0, Enabled, Physical link is Up
Interface index: 135, SNMP ifIndex: 508
Forwarding classes: 8 supported, 4 in use
Egress queues: 8 supported, 4 in use
Queue: 0, Forwarding classes: best-effort
Queued:
Packets : 73519 0 pps
Bytes : 5547714 0 bps
Transmitted:
Packets : 73519 0 pps
Bytes : 5547714 0 bps
Tail-dropped packets : 0 0 pps
RL-dropped packets : 0 0 pps
RL-dropped bytes : 0 0 bps
RED-dropped packets : 0 0 pps
Low : 0 0 pps
Medium-low : 0 0 pps
Medium-high : 0 0 pps
High : 0 0 pps
RED-dropped bytes : 0 0 bps
Low : 0 0 bps
Medium-low : 0 0 bps
Medium-high : 0 0 bps
High : 0 0 bps
Queue Buffer Usage:
Reserved buffer : 118750000 bytes
Queue-depth bytes :
Current : 0
Queue: 1, Forwarding classes: DEFAULT
Queued:
Packets : 213 0 pps
Bytes : 19847 808 bps
Transmitted:
Packets : 213 0 pps
Bytes : 19847 808 bps
Tail-dropped packets : 0 0 pps
RL-dropped packets : 0 0 pps
RL-dropped bytes : 0 0 bps
RED-dropped packets : 0 0 pps
Low : 0 0 pps
Medium-low : 0 0 pps
Medium-high : 0 0 pps
High : 0 0 pps
RED-dropped bytes : 0 0 bps
Low : 0 0 bps
Medium-low : 0 0 bps
Medium-high : 0 0 bps
High : 0 0 bps
Queue Buffer Usage:
Reserved buffer : 9192 bytes
Queue-depth bytes :
Current : 0
Queue: 2, Forwarding classes: assured-forwarding
Queued:
Packets : 0 0 pps
Bytes : 0 0 bps
Transmitted:
Packets : 0 0 pps
Bytes : 0 0 bps
Tail-dropped packets : 0 0 pps
RL-dropped packets : 0 0 pps
RL-dropped bytes : 0 0 bps
RED-dropped packets : 0 0 pps
Low : 0 0 pps
Medium-low : 0 0 pps
Medium-high : 0 0 pps
High : 0 0 pps
RED-dropped bytes : 0 0 bps
Low : 0 0 bps
Medium-low : 0 0 bps
Medium-high : 0 0 bps
High : 0 0 bps
Queue Buffer Usage:
Reserved buffer : 9192 bytes
Queue-depth bytes :
Current : 0
Queue: 3, Forwarding classes: network-control
Queued:
Packets : 0 0 pps
Bytes : 0 0 bps
Transmitted:
Packets : 0 0 pps
Bytes : 0 0 bps
Tail-dropped packets : 0 0 pps
RL-dropped packets : 0 0 pps
RL-dropped bytes : 0 0 bps
RED-dropped packets : 0 0 pps
Low : 0 0 pps
Medium-low : 0 0 pps
Medium-high : 0 0 pps
High : 0 0 pps
RED-dropped bytes : 0 0 bps
Low : 0 0 bps
Medium-low : 0 0 bps
Medium-high : 0 0 bps
High : 0 0 bps
Queue Buffer Usage:
Reserved buffer : 6250000 bytes
Queue-depth bytes :
Current : 0
Verify rewrite rules
Rewrite rule: exp-default, Code point type: exp, Index: 33
Forwarding class Loss priority Code point
best-effort low 000
best-effort high 001
DEFAULT low 010
DEFAULT high 011
assured-forwarding low 100
assured-forwarding high 101
network-control low 110
network-control high 111
Tcpdump captures
root@vmx1> ping 4.10.1.1 routing-instance VPN-1 source 1.10.1.1
PING 4.10.1.1 (4.10.1.1): 56 data bytes
64 bytes from 4.10.1.1: icmp_seq=0 ttl=62 time=4.580 ms
64 bytes from 4.10.1.1: icmp_seq=1 ttl=62 time=2.787 ms
tcpdump -nei ge-0.0.0-vsrx
14:24:02.899937 02:aa:01:10:03:01 > 02:aa:01:30:04:00, ethertype MPLS unicast (0x8847), length 102: MPLS (label 16, exp 0, [S], ttl 62) 1.10.1.1 > 4.10.1.1: ICMP echo request, id 47707, seq 1, length 64
14:24:02.900854 02:aa:01:30:04:00 > 02:aa:01:10:03:01, ethertype MPLS unicast (0x8847), length 102: MPLS (label 299808, exp 3, [S], ttl 64) 4.10.1.1 > 1.10.1.1: ICMP echo reply, id 47707, seq 1, length 64
Method2: use firewall filters and Policy maps
An alternative way mark packets is by using policy maps. This knob may not be available on some platforms . ex: vsrx This was tested on vMX/MX
Create the policy map
set class-of-service policy-map MAP-EXP exp all-label code-point 011
Create the firewall filter
set firewall family mpls filter mark-exp term 10 then policy-map MAP-EXP
set firewall family mpls filter mark-exp term 10 then accept
Map the filter to the interface
set interfaces ge-0/0/0 unit 0 family mpls filter output mark-exp
junos