[j-nsp] Setting IP precedence on ingress
Harry Reynolds
harry at juniper.net
Tue Jun 14 10:51:02 EDT 2005
Dude, I would not wish that on anyone. ;)
Some sample configs below. San-Jose is ingress with MF/egress rewrite
while Denver is BA based.
[san jose/ingress]
system {
host-name San_Jose;
ports {
console type vt100;
}
. . .
interfaces {
fe-0/0/0 {
unit 0 {
family inet {
filter {
input mf-classify;
}
address 10.222.29.2/24;
}
}
}
fe-0/0/1 {
unit 0 {
family inet {
address 10.222.2.1/24;
}
}
}
fxp0 {
description "MGMT INTERFACE - DO NOT DELETE";
unit 0 {
family inet {
address 10.250.0.116/16;
}
}
}
lo0 {
unit 0 {
family inet {
address 192.168.20.1/32;
}
}
}
}
protocols {
ospf {
area 0.0.0.0 {
interface all;
interface fxp0.0 {
disable;
}
}
}
}
class-of-service {
drop-profiles {
low-red {
fill-level 80 drop-probability 10;
}
high-red {
fill-level 50 drop-probability 10;
}
}
interfaces {
fe-0/0/1 {
scheduler-map voip-case;
unit 0 {
rewrite-rules {
dscp voip-dscp-rewrite;
}
}
}
}
rewrite-rules {
dscp voip-dscp-rewrite {
import default;
forwarding-class best-effort {
loss-priority high code-point 000001;
}
}
}
scheduler-maps {
voip-case {
forwarding-class best-effort scheduler be-scheduler;
forwarding-class expedited-forwarding scheduler
ef-scheduler;
forwarding-class network-control scheduler nc-scheduler;
}
}
schedulers {
be-scheduler {
transmit-rate 1m exact;
priority low;
drop-profile-map loss-priority low protocol tcp drop-profile
low-red;
drop-profile-map loss-priority high protocol tcp
drop-profile high-red;
}
ef-scheduler {
transmit-rate 20m;
buffer-size temporal 200;
priority high;
}
nc-scheduler {
transmit-rate percent 5;
priority low;
}
}
}
firewall {
policer police-be {
if-exceeding {
bandwidth-limit 1m;
burst-size-limit 3k;
}
then loss-priority high;
}
family inet {
filter mf-classify {
term 1 {
from {
protocol [ udp tcp ];
port 5060;
}
then forwarding-class expedited-forwarding;
}
term 2 {
from {
protocol udp;
port 16000-16500;
}
then forwarding-class expedited-forwarding;
}
term 3 {
from {
precedence routine;
}
then {
policer police-be;
forwarding-class best-effort;
}
}
term 4 {
then accept;
}
}
}
}
[Denver/transit]
system {
host-name Denver;
ports {
console type vt100;
}
. . .
interfaces {
fe-0/0/1 {
unit 0 {
family inet {
address 10.222.2.2/24;
}
}
}
so-0/1/1 {
unit 0 {
family inet {
address 10.222.3.1/24;
}
}
}
fxp0 {
description "MGMT INTERFACE - DO NOT DELETE";
unit 0 {
family inet {
address 10.250.0.117/16;
}
}
}
lo0 {
unit 0 {
family inet {
address 192.168.56.1/32;
}
}
}
}
protocols {
ospf {
area 0.0.0.0 {
interface all;
interface fxp0.0 {
disable;
}
}
}
}
class-of-service {
classifiers {
dscp voip-dscp-classifier {
import default;
forwarding-class best-effort {
loss-priority high code-points 000001;
}
}
}
drop-profiles {
low-red {
fill-level 80 drop-probability 10;
}
high-red {
fill-level 50 drop-probability 10;
}
}
interfaces {
fe-0/0/1 {
unit 0 {
classifiers {
dscp voip-dscp-classifier;
}
}
}
so-0/1/1 {
scheduler-map voip-case;
unit 0 {
rewrite-rules {
dscp voip-dscp-rewrite;
}
}
}
}
rewrite-rules {
dscp voip-dscp-rewrite {
import default;
forwarding-class best-effort {
loss-priority high code-point 000001;
}
}
}
scheduler-maps {
voip-case {
forwarding-class best-effort scheduler be-scheduler;
forwarding-class expedited-forwarding scheduler
ef-scheduler;
forwarding-class network-control scheduler nc-scheduler;
}
}
schedulers {
be-scheduler {
transmit-rate 1m exact;
priority low;
drop-profile-map loss-priority low protocol tcp drop-profile
low-red;
drop-profile-map loss-priority high protocol tcp
drop-profile high-red;
}
ef-scheduler {
transmit-rate 20m;
buffer-size temporal 200;
priority high;
}
nc-scheduler {
transmit-rate percent 5;
priority low;
}
}
}
> -----Original Message-----
> From: Sorin CONSTANTINESCU [mailto:consta at gmail.com]
> Sent: Tuesday, June 14, 2005 7:45 AM
> To: Harry Reynolds
> Cc: juniper-nsp at puck.nether.net
> Subject: Re: [j-nsp] Setting IP precedence on ingress
>
> Hi, Harry,
>
> Thanks for your answer. I will dig into the Junos
> documentation for class of service :)
>
> Regards,
>
> On 6/14/05, Harry Reynolds <harry at juniper.net> wrote:
> > AFAIK you cannot alter DSCP/precedence at ingress, but you can
> > re-classify to a given queue/forwarding class, and at
> egress you can
> > rewrite so that downstream devices can do behavior aggregate as
> > opposed to multi-field classification.
> >
> > Cheers
> >
> >
> > > -----Original Message-----
> > > From: juniper-nsp-bounces at puck.nether.net
> > > [mailto:juniper-nsp-bounces at puck.nether.net] On Behalf Of Sorin
> > > CONSTANTINESCU
> > > Sent: Tuesday, June 14, 2005 12:50 AM
> > > To: juniper-nsp at puck.nether.net
> > > Subject: [j-nsp] Setting IP precedence on ingress
> > >
> > > Hi, there,
> > >
> > > Is there any way of setting the IP precedence of an IP packet
> > > entering an interface? I saw that i can match the ip
> precedence in a
> > > firewall term, but i couldn't find the where to set it.
> > >
> > > Regards,
> > > --
> > > Sorin CONSTANTINESCU
> > > consta at gmail.com
> > > Linux Registered User #222086
> > >
> > > _______________________________________________
> > > juniper-nsp mailing list juniper-nsp at puck.nether.net
> > > http://puck.nether.net/mailman/listinfo/juniper-nsp
> > >
> >
>
>
> --
> Sorin CONSTANTINESCU
> consta at gmail.com
> Linux Registered User #222086
>
More information about the juniper-nsp
mailing list