Configuring Two-Rate Tricolor or Four-Color Marking

Networks police traffic by limiting the input or output transmission rate of a class of traffic on the basis of user-defined criteria. Policing traffic allows you to control the maximum rate of traffic sent or received on an interface and to partition a network into multiple priority levels or classes of service.

Policers require you to apply a burst size and bandwidth limit to the traffic flow, and set a consequence for packets that exceed these limits—usually a higher loss priority, so that packets exceeding the policer limits are discarded first.

Two-rate tricolor marking (TCM) (as defined in RFC 2698, A Two Rate Three Color Marker) extends the functionality of class-of-service (CoS) traffic policing by providing three levels of drop precedence (loss priority) instead of two. RFC 2698 describes TCM as a "color-aware" method of traffic policing because TCM polices traffic according to the color classification of each packet, which can be red, yellow, or green. In the JUNOS software implementation, you can configure four loss priorities instead of three. The software marks loss priorities as high, medium-high, medium-low, and low. This allows you to provision even more granular service-level agreements (SLAs) across the Differentiated Services (DiffServ) domain.

Two-rate TCM (or four-color marking) are supported on the following routing platforms:

• T-series and M320 platforms with Enhanced II Flexible PIC Concentrators (FPCs)
• T640 platforms with Enhanced Scaling FPC4

The platforms that support two-rate TCM interoperate with other platforms, as shown in Table 28.

Table 28: Two-Rate TCM Platform Interoperation 

Packet Sent from Other Platforms	Received by Platforms that Support Two-Rate TCM
low	low
high	medium-high
Packet Sent from Platforms that Support Two-Rate TCM	Received by Other Platforms
low	low
medium-low	low
medium-high	high
high	high

You can monitor how packets are marked by issuing the show class-of-service forwarding-table classifier command:

user@host> show class-of-service forwarding-table classifier

Classifier table index: 33166, # entries: 8, Table type: IEEE 802.1

Entry #   Code point   Queue #   PLP

   0           000        1       2  <---- medium-low

   1           001        2       2  

   2           010        2       1  <---- high

   3           011        1       1

   4           100        2       3  <---- medium-high

   5           101        1       3

   6           110        1       0  <---- low

   7           111        2       0

Policers provide two functions: metering and marking. The policer meters each packet and passes the packet and the metering result to the marker, as shown in Figure 10.

Figure 10: Flow of Tricolor Marking Policer Operation

The meter operates in one of two modes. In the colorblind mode, the meter treats the packet stream as uncolored. Any preset loss priorities are ignored. In the color-aware mode, the meter inspects the packet loss priority (PLP) field, which has been set by an upstream device as PLP high, medium-high, medium-low, or low; in other words, the PLP field has already been set by a behavior aggregate (BA) or multifield (MF) classifier. The marker changes the PLP of each incoming IP packet according to the results of the meter. For more information, see Color-Aware Mode.

Two-rate TCM is so called because traffic is policed according to two rates: the committed information rate (CIR) and the peak information rate (PIR). The CIR specifies the average rate at which packets are admitted to the network. As each packet enters the network, it is counted. Packets that do not exceed the CIR are marked low PLP. Packets that exceed the CIR but are below the PIR are marked medium-high PLP. Packets that exceed the PIR are marked high PLP. For more information, see How Two-Rate Tricolor Marking Works.

For information about how to use marking policers with BA and MF classifiers, see Setting the PLP with a BA Classifier and Setting the PLP with a Multifield Classifier.

You configure marking policers by defining the policer and multiple levels of PLP for classifiers, rewrite rules, random early detection (RED) drop profiles, and firewall filters. To configure marking policers, you can include the following statements at the [edit class-of-service] hierarchy level of the configuration:

[edit class-of-service]

tri-color;

classifiers {

    (dscp | dscp-ipv6 | exp | ieee-802.1 | inet-precedence) classifier-name {

        import (classifier-name | default);

        forwarding-class class-name {

            loss-priority (low | medium-low | medium-high | high) {

                code-points [ aliases ] [ 6-bit-patterns ];

            }

        }

    }

}

rewrite-rules {

    (dscp | dscp-ipv6 | exp | ieee-802.1 | inet-precedence) rewrite-name {

        import (rewrite-name | default);

        forwarding-class class-name {

            loss-priority (low | medium-low | medium-high | high) 

                              code-point (alias | bits);

        }

    }

}

schedulers {

    scheduler-name {

        drop-profile-map loss-priority (any | low | medium-low | medium-high | high) 
                                  protocol any drop-profile profile-name;

    }

}

[edit firewall]

policer name {

    then loss-priority (low | medium-low | medium-high | high);

}

three-color-policer name {

    two-rate {

        (color-aware | color-blind);

        committed-information-rate bps;

        committed-burst-size bytes;

        peak-information-rate bps;

        peak-burst-size bytes;

    }

}

filter filter-name {

    <family family> {

        term rule-name {

            then {

                three-color-policer {

                    two-rate policer-name;

                }

            }

        }

    }

}

The following limitations apply to TCM:

• When you enable TCM on a 10-port 1-Gigabit Ethernet PIC or a 10-Gigabit Ethernet PIC, for queues 6 and 7 only, the output of the show interfaces queue interface-name command does not display the number of queued bytes and packets, or the number of bytes and packets dropped due to RED. If you do not configure tricolor marking on the interface, these statistics are available for all queues.
• When you enable TCM, Transmission Control Protocol (TCP)-based configurations for drop profiles are rejected. In other words, you cannot include the protocol statement at the [edit class-of-service schedulers scheduler-name drop-profile-map] hierarchy level. The result is that drop profiles are applied to packets with the specified PLP and any protocol type.
• On Gigabit Ethernet IQ PICs, for IEEE-802.1 rewrite rules, only two loss priorities are supported. Exiting packets with medium-high loss priority are treated as high, and packets with medium-low loss priority are treated as low. In other words rewrite rules corresponding to high and low apply instead of those corresponding to medium-high and medium-low.
• When some PICs with Frame Relay encapsulation mark a packet with high loss priority, the packet is treated as having medium-high loss priority on T-series and M320 platforms with Enhanced II FPCs and the T640 platform with Enhanced Scaling FPC4.
• TCM is not supported on aggregated Ethernet and aggregated SONET/SDH interfaces.
• In a single firewall filter term, you cannot configure both the loss-priority action modifier and the three-color-policer action modifier. These statements are mutually exclusive.

This chapter discusses the following topics:

• How Two-Rate Tricolor Marking Works
• Enabling Tricolor Marking
• Configuring a Two-Rate Tricolor Marking Policer
• Applying a Tricolor Marking Policer to a Firewall Filter
• Applying a Tricolor Marking Policer to an Interface
• Setting the PLP with a BA Classifier
• Setting the PLP with a Multifield Classifier
• Associating the PLP with a Drop-Profile Map
• Associating the PLP with a Rewrite Rule
• Verifying Your Configuration
• Example: Configuring Tricolor Marking