[j-nsp] Assigning Forwarding Class and DSCP Value for Routing Engine–Generated Traffic
Huan Pham
drie.huanpham at gmail.com
Wed Oct 10 23:06:18 EDT 2012
Hi Wayne et al,
Thanks for your responses. I am running the test on MX-5 version 11.4R5.5
The question came up, and I thought it was due to a bug was because I
tested this feature on two virtual routing instances, on one lab box.
Today, I tested the same feature on two different physical boxes, and it
works the way it is supposed to be. I also observed the same behaviour that
Wayne mentioned, that some traffic is not affected by this command (e.g.
BFD).
I can see RE generated traffic get marked correctly on both
- outbound interface of the sending router, as well as
- inbound interface of Receiving end.
I also managed to test the feature with ONE lab box with a little change
from my yesterday config. Since this feature affects RE generated traffic
on the Global routing instance only, I have to keep the global routing
instance as the sending device. The traffic generated on the Virtual
Routing Instance (OSPF, Telnet, ICMP) is not the subject of this feature.
That is the root cause for the issue I had yesterday.
Here's working config on one router (with the receiving end as a Virtual
Routing Instance)
Again, thanks all for your help.
Cheers,
Huan
lab at MX5> show configuration firewall
family inet {
filter RE-Protection-And-CoS {
term OSPF {
from {
protocol ospf;
}
then {
forwarding-class Network-Control;
dscp cs7;
}
}
term TELNET {
from {
protocol tcp;
port telnet;
}
/* Demonstration purpose - Put on another queue from NC */
then {
forwarding-class Gold;
dscp cs3;
}
}
term ICMP {
from {
protocol icmp;
}
then {
forwarding-class Bronze;
dscp cs1;
}
}
/* Keep default behaviour */
term OTHERS {
then accept;
}
}
}
lab at MX5> show configuration interfaces lo0
unit 0 {
family inet {
filter {
output RE-Protection-And-CoS;
}
}
}
lab at MX5> show configuration routing-instances
/* Move this OSPF routing config into Global routing instance */
inactive: R1 {
instance-type virtual-router;
interface ge-1/0/0.0;
routing-options {
router-id 10.1.1.1;
}
protocols {
ospf {
area 0.0.0.0 {
interface ge-1/0/0.0;
}
}
}
}
R2 {
instance-type virtual-router;
interface ge-1/1/0.0;
routing-options {
router-id 10.1.1.2;
}
protocols {
ospf {
area 0.0.0.0 {
interface ge-1/1/0.0;
}
}
}
}
lab at MX5> show configuration protocols ospf
area 0.0.0.0 {
interface ge-1/0/0.0;
}
*! Generating ICMP from R2 (virtual router) to MX global routing instance*
lab at MX5> ping 10.1.1.1 routing-instance R2 rapid count 100
PING 10.1.1.1 (10.1.1.1): 56 data bytes
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
--- 10.1.1.1 ping statistics ---
100 packets transmitted, 100 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.394/0.537/3.301/0.399 ms
*! Monitoring ICMP echo response from "sending" router (Ge-1/0/0 in global
routing instance)*
lab at MX5> monitor traffic interface ge-1/0/0 detail no-resolve
Address resolution is OFF.
Listening on ge-1/0/0, capture size 1514 bytes
02:44:19.936767 In IP (tos 0xc0, ttl 1, id 20499, offset 0, flags
[none], proto: OSPF (89), length: 80) 10.1.1.2 > 224.0.0.5: OSPFv2, Hello,
length 60 [len 48]
Router-ID 10.1.1.2, Backbone Area, Authentication Type: none (0)
Options [External, LLS]
Hello Timer 10s, Dead Timer 40s, Mask 255.255.255.0, Priority 128
Designated Router 10.1.1.2, Backup Designated Router 10.1.1.1
Neighbor List:
10.1.1.1
LLS: checksum: 0xfff6, length: 3
Extended Options (1), length: 4
Options: 0x00000001 [LSDB resync]
02:44:23.412455 *Out IP (tos 0xe0*, ttl 1, id 20543, offset 0, flags
[none], proto: OSPF (89), length: 80) 10.1.1.1 > 224.0.0.5: OSPFv2, Hello,
length 60 [len 48]
Router-ID 10.1.1.1, Backbone Area, Authentication Type: none (0)
Options [External, LLS]
Hello Timer 10s, Dead Timer 40s, Mask 255.255.255.0, Priority 128
Designated Router 10.1.1.2, Backup Designated Router 10.1.1.1
Neighbor List:
10.1.1.2
LLS: checksum: 0xfff6, length: 3
Extended Options (1), length: 4
Options: 0x00000001 [LSDB resync]
03:03:10.139274 In IP (tos 0x0, ttl 64, id 36110, offset 0, flags [none],
proto: ICMP (1), length: 84) 10.1.1.2 > 10.1.1.1: ICMP echo request, id
21963, seq 95, length 64
03:03:10.139293 *Out IP (tos 0x20*, ttl 64, id 36113, offset 0, flags
[none], proto: ICMP (1), length: 84) 10.1.1.1 > 10.1.1.2: ICMP echo reply,
id 21963, seq 95, length 64
*! Monitoring receiving end router (Ge-1/1/0 is in Virtual routing instance)
*
lab at MX5> monitor traffic interface ge-1/1/0 detail no-resolve
Address resolution is OFF.
Listening on ge-1/1/0, capture size 1514 bytes
02:46:31.081182 Out IP (tos 0xc0, ttl 1, id 22118, offset 0, flags
[none], proto: OSPF (89), length: 80) 10.1.1.2 > 224.0.0.5: OSPFv2, Hello,
length 60 [len 48]
Router-ID 10.1.1.2, Backbone Area, Authentication Type: none (0)
Options [External, LLS]
Hello Timer 10s, Dead Timer 40s, Mask 255.255.255.0, Priority 128
Designated Router 10.1.1.2, Backup Designated Router 10.1.1.1
Neighbor List:
10.1.1.1
LLS: checksum: 0xfff6, length: 3
Extended Options (1), length: 4
Options: 0x00000001 [LSDB resync]
02:46:36.192372 *In IP (tos 0xe0*, ttl 1, id 22177, offset 0, flags
[none], proto: OSPF (89), length: 80) 10.1.1.1 > 224.0.0.5: OSPFv2, Hello,
length 60 [len 48]
Router-ID 10.1.1.1, Backbone Area, Authentication Type: none (0)
Options [External, LLS]
Hello Timer 10s, Dead Timer 40s, Mask 255.255.255.0, Priority 128
Designated Router 10.1.1.2, Backup Designated Router 10.1.1.1
Neighbor List:
10.1.1.2
LLS: checksum: 0xfff6, length: 3
Extended Options (1), length: 4
Options: 0x00000001 [LSDB resync]
02:52:08.433263 *In IP (tos 0x20*, ttl 64, id 26878, offset 0, flags
[none], proto: ICMP (1), length: 84) 10.1.1.1 > 10.1.1.2: ICMP echo reply,
id 21945, seq 96, length 64
02:52:08.434017 Out IP (tos 0x0, ttl 64, id 26881, offset 0, flags [none],
proto: ICMP (1), length: 84) 10.1.1.2 > 10.1.1.1: ICMP echo request, id
21945, seq 97, length 64
On Thu, Oct 11, 2012 at 2:53 AM, Wayne Tucker <wayne at tuckerlabs.com> wrote:
> On Wed, Oct 10, 2012 at 5:18 AM, Huan Pham <drie.huanpham at gmail.com>
> wrote:
> >
> http://www.juniper.net/techpubs/en_US/junos10.0/information-products/topic-collections/config-guide-cos/cos-assigning-fc-dscp-to-re-pkts.html
> >
> > Once I apply the Firewall Filter with QoS term on loopback interface, it
> > does not seem to change the default behaviour.
> >
> > I tried host-outbound-traffic feature, which assign a forwarding class,
> > and I can set DSCP for all traffic generated by RE, which works as it
> says,
> > but I want a finer control.
>
> Which revision are you running? I believe this requires one of the
> 11.x releases on the MX(5|10|40|80).
>
>
> > *This behaviour is not what I expected. Does anyone experience the same
> > issue, please?*
>
> I was able to get it working for everything except PPM generated
> traffic (BFD, etc) which always went into the same queue. I've
> changed jobs since then so I don't have ready access to the configs I
> used, but I believe the MX was one of the platforms where I ran into
> trouble if I tried to use anything other than queue #3 for nc traffic.
>
> Have you tried capturing the traffic from a different box? It's
> possible that the RE sees the traffic before the rewrite occurs.
>
> :w
>
More information about the juniper-nsp
mailing list