示例:在机箱群集中 SRX 系列防火墙上的冗余以太网接口上启用八队列服务等级
此示例说明如何在机箱群集中 SRX 系列防火墙上的冗余以太网接口上启用八队列 CoS。此示例适用于SRX1600、SRX2300、SRX4100、SRX4200、SRX4300、SRX4600、SRX5400、SRX5600和SRX5800。机箱群集中分支 SRX 系列防火墙的冗余以太网接口也支持 8 队列 CoS。分支的 SRX 系列支持八个队列,但默认情况下仅启用四个队列。
要求
此示例使用以下硬件和软件组件:
机箱群集中的两个 SRX5600 服务网关
适用于 SRX 系列防火墙的 Junos OS 11.4R4 或更高版本
准备工作:
了解机箱群集配置。请参阅 示例:在 SRX5800 设备上配置主动/被动机箱群集。
了解机箱群集冗余接口配置。请参阅 示例:配置机箱群集冗余以太网接口。
概述
SRX 系列防火墙支持 8 个队列,但默认情况下仅启用 4 个队列。使用该 set chassis fpc x pic y max-queues-per-interface 8 命令在机箱级别显式启用八个队列。 x 和 y 的值取决于 IOC 的位置以及接口在需要实施 CoS 的设备上所在的 PIC 编号。要查找 IOC 位置,请使用 show chassis fpc pic-status 或 show chassis hardware 命令。
您必须重新启动机箱控制才能使配置生效。
在 SRX 系列防火墙上,每个 ae 接口支持 8 个 QoS 队列。
图 1 显示了如何在机箱群集中 SRX 系列防火墙上的冗余以太网接口上配置 8 队列 CoS。
拓扑学
图 1:冗余以太网接口
上的 8 队列 CoS
上的 8 队列 CoS
配置
程序
CLI 快速配置
要快速配置此示例,请复制以下命令,将其粘贴到文本文件中,删除所有换行符,更改与您的网络配置匹配所需的任何详细信息,将命令复制并粘贴到层次结构级别的 CLI [edit] 中,然后从配置模式进入 commit 。
set chassis fpc 5 pic 1 max-queues-per-interface 8 set chassis fpc 5 pic 1 max-queues-per-interface 8 set chassis cluster reth-count 2 set chassis cluster control-ports fpc 4 port 0 set chassis cluster control-ports fpc 10 port 0 set chassis cluster redundancy-group 0 node 0 priority 254 set chassis cluster redundancy-group 0 node 1 priority 1 set chassis cluster redundancy-group 1 node 0 priority 200 set chassis cluster redundancy-group 1 node 1 priority 100 set interfaces ge-5/1/14 gigether-options redundant-parent reth0 set interfaces ge-5/1/15 gigether-options redundant-parent reth1 set interfaces ge-11/1/14 gigether-options redundant-parent reth0 set interfaces ge-11/1/15 gigether-options redundant-parent reth1 set interfaces reth0 vlan-tagging set interfaces reth0 redundant-ether-options redundancy-group 1 set interfaces reth0 unit 0 vlan-id 1350 set interfaces reth0 unit 0 family inet address 192.0.2.1/24 set interfaces reth1 hierarchical-scheduler set interfaces reth1 vlan-tagging set interfaces reth1 redundant-ether-options redundancy-group 2 set interfaces reth1 unit 0 vlan-id 1351 set interfaces reth1 unit 0 family inet address 192.0.2.2/24 set interfaces reth1 unit 1 vlan-id 1352 set interfaces reth1 unit 1 family inet address 192.0.2.3/24 set interfaces reth1 unit 2 vlan-id 1353 set interfaces reth1 unit 2 family inet address 192.0.2.4/24 set interfaces reth1 unit 3 vlan-id 1354 set interfaces reth1 unit 3 family inet address 192.0.2.5/24 set class-of-service classifiers inet-precedence inet_prec_4 forwarding-class q0 loss-priority low code-points 000 set class-of-service classifiers inet-precedence inet_prec_4 forwarding-class q2 loss-priority low code-points 010 set class-of-service classifiers inet-precedence inet_prec_4 forwarding-class q3 loss-priority low code-points 011 set class-of-service classifiers inet-precedence inet_prec_4 forwarding-class q1 loss-priority low code-points 001 set class-of-service classifiers inet-precedence inet_prec_4 forwarding-class q4 loss-priority low code-points 100 set class-of-service classifiers inet-precedence inet_prec_4 forwarding-class q5 loss-priority low code-points 101 set class-of-service classifiers inet-precedence inet_prec_4 forwarding-class q6 loss-priority low code-points 110 set class-of-service classifiers inet-precedence inet_prec_4 forwarding-class q7 loss-priority low code-points 111 set class-of-service forwarding-classes queue 0 q0 set class-of-service forwarding-classes queue 1 q1 set class-of-service forwarding-classes queue 2 q2 set class-of-service forwarding-classes queue 3 q3 set class-of-service forwarding-classes queue 4 q4 set class-of-service forwarding-classes queue 5 q5 set class-of-service forwarding-classes queue 6 q6 set class-of-service forwarding-classes queue 7 q7 set class-of-service traffic-control-profiles 1 scheduler-map sched_map set class-of-service traffic-control-profiles 1 shaping-rate 200m set class-of-service interfaces reth0 unit 0 classifiers inet-precedence inet_prec_4 set class-of-service interfaces reth1 unit 0 output-traffic-control-profile 1 set class-of-service scheduler-maps sched_map forwarding-class q0 scheduler S0 set class-of-service scheduler-maps sched_map forwarding-class q1 scheduler S1 set class-of-service scheduler-maps sched_map forwarding-class q2 scheduler S2 set class-of-service scheduler-maps sched_map forwarding-class q3 scheduler S3 set class-of-service scheduler-maps sched_map forwarding-class q4 scheduler S4 set class-of-service scheduler-maps sched_map forwarding-class q5 scheduler S5 set class-of-service scheduler-maps sched_map forwarding-class q6 scheduler S6 set class-of-service scheduler-maps sched_map forwarding-class q7 scheduler S7 set class-of-service schedulers S0 transmit-rate percent 20 set class-of-service schedulers S1 transmit-rate percent 5 set class-of-service schedulers S2 transmit-rate percent 5 set class-of-service schedulers S3 transmit-rate percent 10 set class-of-service schedulers S4 transmit-rate percent 10 set class-of-service schedulers S5 transmit-rate percent 10 set class-of-service schedulers S6 transmit-rate percent 10 set class-of-service schedulers S7 transmit-rate percent 30
分步过程
以下示例要求您在配置层次结构中导航各个级别。有关如何执行此操作的说明,请参阅 CLI 用户指南中的在 配置模式下使用 CLI 编辑器 。
要在冗余以太网接口上启用八队列 CoS,请执行以下操作:
在节点 0 和节点 1 上的接口上配置最多 8 个队列。
[edit chassis] user@host# set fpc 5 pic 1 max-queues-per-interface 8
除了在层次结构级别配置
[edit chassis]8 个队列外,层次结构级别的配置[edit class-of-service]还必须支持每个接口 8 个队列。指定冗余以太网接口的数量。
[edit chassis cluster] user@host# set reth-count 2
配置控制端口。
[edit chassis cluster] user@host# set control-ports fpc 4 port 0 user@host# set control-ports fpc 10 port 0
配置冗余组。
[edit chassis cluster] user@host# set redundancy-group 0 node 0 priority 254 user@host# set redundancy-group 0 node 1 priority 1 user@host# set redundancy-group 1 node 0 priority 200 user@host# set redundancy-group 1 node 1 priority 100
配置冗余以太网接口。
[edit interfaces] user@host# set ge-5/1/14 gigether-options redundant-parent reth0 user@host# set ge-11/1/14 gigether-options redundant-parent reth0 user@host# set ge-5/1/15 gigether-options redundant-parent reth1 user@host# set ge-11/1/15 gigether-options redundant-parent reth1 user@host# set reth0 redundant-ether-options redundancy-group 1 user@host# set reth0 vlan-tagging user@host# set reth0 unit 0 vlan-id 1350 user@host# set reth0 unit 0 family inet address 192.0.2.1/24 user@host# set reth1 hierarchical-scheduler user@host# set reth1 vlan-tagging user@host# set reth1 redundant-ether-options redundancy-group 2 user@host# set reth1 unit 0 vlan-id 1351 user@host# set reth1 unit 0 family inet address 192.0.2.2/24 user@host# set reth1 unit 1 vlan-id 1352 user@host# set reth1 unit 1 family inet address 192.0.2.3/24 user@host# set reth1 unit 2 vlan-id 1353 user@host# set reth1 unit 2 family inet address 192.0.2.4/24 user@host# set reth1 unit 3 vlan-id 1354 user@host# set reth1 unit 3 family inet address 192.0.2.5/24
定义分类器并将其应用于逻辑接口。
[edit class-of-service] user@host# set classifiers inet-precedence inet_prec_4 forwarding-class q0 loss-priority low code-points 000 user@host# set classifiers inet-precedence inet_prec_4 forwarding-class q2 loss-priority low code-points 010 user@host# set classifiers inet-precedence inet_prec_4 forwarding-class q3 loss-priority low code-points 011 user@host# set classifiers inet-precedence inet_prec_4 forwarding-class q1 loss-priority low code-points 001 user@host# set classifiers inet-precedence inet_prec_4 forwarding-class q4 loss-priority low code-points 100 user@host# set classifiers inet-precedence inet_prec_4 forwarding-class q5 loss-priority low code-points 101 user@host# set classifiers inet-precedence inet_prec_4 forwarding-class q6 loss-priority low code-points 110 user@host# set classifiers inet-precedence inet_prec_4 forwarding-class q7 loss-priority low code-points 111
将转发类映射到 CoS 队列。
[edit class-of-service] user@host# set forwarding-classes queue 0 q0 user@host# set forwarding-classes queue 1 q1 user@host# set forwarding-classes queue 2 q2 user@host# set forwarding-classes queue 3 q3 user@host# set forwarding-classes queue 4 q4 user@host# set forwarding-classes queue 5 q5 user@host# set forwarding-classes queue 6 q6 user@host# set forwarding-classes queue 7 q7
配置流量控制配置文件。
[edit class-of-service] user@host# set traffic-control-profiles 1 scheduler-map sched_map user@host# set traffic-control-profiles 1 shaping-rate 200m
定义通过 CoS 元素的数据包流。
[edit class-of-service] user@host# set interfaces reth0 unit 0 classifiers inet-precedence inet_prec_4
将流量调度配置文件应用于接口。
[edit class-of-service] user@host# set interfaces reth1 unit 0 output-traffic-control-profile 1
配置 CoS 调度程序。
[edit class-of-service] user@host# set scheduler-maps sched_map forwarding-class q0 scheduler S0 user@host# set scheduler-maps sched_map forwarding-class q1 scheduler S1 user@host# set scheduler-maps sched_map forwarding-class q2 scheduler S2 user@host# set scheduler-maps sched_map forwarding-class q3 scheduler S3 user@host# set scheduler-maps sched_map forwarding-class q4 scheduler S4 user@host# set scheduler-maps sched_map forwarding-class q5 scheduler S5 user@host# set scheduler-maps sched_map forwarding-class q6 scheduler S6 user@host# set scheduler-maps sched_map forwarding-class q7 scheduler S7 user@host# set schedulers S0 transmit-rate percent 20 user@host# set schedulers S1 transmit-rate percent 5 user@host# set schedulers S2 transmit-rate percent 5 user@host# set schedulers S3 transmit-rate percent 10 user@host# set schedulers S4 transmit-rate percent 10 user@host# set schedulers S5 transmit-rate percent 10 user@host# set schedulers S6 transmit-rate percent 10 user@host# set schedulers S7 transmit-rate percent 30
结果
在配置模式下,输入 show class-of-service 命令确认您的配置。如果输出未显示预期的配置,请重复此示例中的配置说明以进行更正。
为简洁起见,此 show 命令输出仅包含与此示例相关的配置。系统上的任何其他配置都已替换为省略号 (...)。
[edit]
user@host# show class-of-service
classifiers {
inet-precedence inet_prec_4 {
forwarding-class q0 {
loss-priority low code-points 000;
}
forwarding-class q2 {
loss-priority low code-points 010;
}
forwarding-class q3 {
loss-priority low code-points 011;
}
forwarding-class q1 {
loss-priority low code-points 001;
}
forwarding-class q4 {
loss-priority low code-points 100;
}
forwarding-class q5 {
loss-priority low code-points 101;
}
forwarding-class q6 {
loss-priority low code-points 110;
}
forwarding-class q7 {
loss-priority low code-points 111;
}
}
}
forwarding-classes {
queue 0 q0;
queue 1 q1;
queue 2 q2;
queue 3 q3;
queue 4 q4;
queue 5 q5;
queue 6 q6;
queue 7 q7;
}
traffic-control-profiles {
1 {
scheduler-map sched_map;
shaping-rate 200m;
}
}
interfaces {
reth0 {
unit 0 {
classifiers {
inet-precedence inet_prec_4;
}
}
}
reth1 {
unit 0 {
output-traffic-control-profile 1;
}
}
}
scheduler-maps {
sched_map {
forwarding-class q0 scheduler S0;
forwarding-class q1 scheduler S1;
forwarding-class q2 scheduler S2;
forwarding-class q3 scheduler S3;
forwarding-class q4 scheduler S4;
forwarding-class q5 scheduler S5;
forwarding-class q6 scheduler S6;
forwarding-class q7 scheduler S7;
}
}
schedulers {
S0 {
transmit-rate percent 20;
}
S1 {
transmit-rate percent 5;
}
S2 {
transmit-rate percent 5;
}
S3 {
transmit-rate percent 10;
}
S4 {
transmit-rate percent 10;
}
S5 {
transmit-rate percent 10;
}
S6 {
transmit-rate percent 10;
}
S7 {
transmit-rate percent 30;
}
}
如果完成设备配置,请从配置模式输入 commit 。
要重新启动机箱控制,请在操作模式下输入 restart chassis-control 命令。
执行命令 restart chassis-control 时,将重置机箱上的所有 FRU 卡,从而影响流量。更改队列数必须在计划的停机时间内执行。执行命令后 restart chassis-control ,卡需要 5-10 分钟才能联机。