示例:在机箱群集中的 SRX 系列防火墙上的冗余以太网接口上启用八队列服务等级
此示例说明如何在机箱群集的 SRX 系列防火墙上的冗余以太网接口上启用八队列 CoS。本示例适用于SRX1600、SRX2300、SRX4120、SRX4100、SRX4200、SRX4300、SRX4600、SRX5400、SRX5600、SRX5800。机箱群集中分支机构 SRX 系列防火墙的冗余以太网接口也支持八队列 CoS。分支机构的 SRX 系列支持八个队列,但默认情况下仅启用四个队列。
要求
此示例使用以下硬件和软件组件:
-
机箱群集中的两个SRX5600服务网关
-
Junos OS 11.4R4 或更高版本(适用于 SRX 系列防火墙)
开始之前:
-
了解机箱群集配置。请参阅 示例:在 SRX5800 设备上配置主动/被动机箱群集。
-
了解机箱群集冗余接口配置。请参阅 示例:配置机箱群集冗余以太网接口。
概述
SRX 系列防火墙支持八个队列,但默认情况下仅启用四个队列。set chassis fpc x pic y max-queues-per-interface 8使用命令可在机箱级别显式启用八个队列。和 y 的值x取决于 IOC 的位置以及接口在需要实施 CoS 的设备上所在的 PIC 编号。要查找 IOC 位置,请使用show chassis fpc pic-status或 show chassis hardware 命令。
您必须重新启动机箱控制才能使配置生效。
在 SRX 系列防火墙上,每个 ae 接口支持八个 QoS 队列。
图 1 显示了如何在机箱群集中的 SRX 系列防火墙上的冗余以太网接口上配置八队列 CoS。
拓扑学
图 1:冗余以太网接口
上的八队列 CoS
上的八队列 CoS
配置
程序
CLI 快速配置
要快速配置此示例,请复制以下命令,将其粘贴到文本文件中,删除所有换行符,更改详细信息,以便与网络配置匹配,将命令复制并粘贴到层 [edit] 级的 CLI 中,然后从配置模式进入 commit 。
set chassis fpc 5 pic 1 max-queues-per-interface 8
set chassis fpc 5 pic 1 max-queues-per-interface 8
set chassis cluster reth-count 2
set chassis cluster control-ports fpc 4 port 0
set chassis cluster control-ports fpc 10 port 0
set chassis cluster redundancy-group 0 node 0 priority 254
set chassis cluster redundancy-group 0 node 1 priority 1
set chassis cluster redundancy-group 1 node 0 priority 200
set chassis cluster redundancy-group 1 node 1 priority 100
set interfaces ge-5/1/14 gigether-options redundant-parent reth0
set interfaces ge-5/1/15 gigether-options redundant-parent reth1
set interfaces ge-11/1/14 gigether-options redundant-parent reth0
set interfaces ge-11/1/15 gigether-options redundant-parent reth1
set interfaces reth0 vlan-tagging
set interfaces reth0 redundant-ether-options redundancy-group 1
set interfaces reth0 unit 0 vlan-id 1350
set interfaces reth0 unit 0 family inet address 192.0.2.1/24
set interfaces reth1 hierarchical-scheduler
set interfaces reth1 vlan-tagging
set interfaces reth1 redundant-ether-options redundancy-group 2
set interfaces reth1 unit 0 vlan-id 1351
set interfaces reth1 unit 0 family inet address 192.0.2.2/24
set interfaces reth1 unit 1 vlan-id 1352
set interfaces reth1 unit 1 family inet address 192.0.2.3/24
set interfaces reth1 unit 2 vlan-id 1353
set interfaces reth1 unit 2 family inet address 192.0.2.4/24
set interfaces reth1 unit 3 vlan-id 1354
set interfaces reth1 unit 3 family inet address 192.0.2.5/24
set class-of-service classifiers inet-precedence inet_prec_4 forwarding-class q0 loss-priority low code-points 000
set class-of-service classifiers inet-precedence inet_prec_4 forwarding-class q2 loss-priority low code-points 010
set class-of-service classifiers inet-precedence inet_prec_4 forwarding-class q3 loss-priority low code-points 011
set class-of-service classifiers inet-precedence inet_prec_4 forwarding-class q1 loss-priority low code-points 001
set class-of-service classifiers inet-precedence inet_prec_4 forwarding-class q4 loss-priority low code-points 100
set class-of-service classifiers inet-precedence inet_prec_4 forwarding-class q5 loss-priority low code-points 101
set class-of-service classifiers inet-precedence inet_prec_4 forwarding-class q6 loss-priority low code-points 110
set class-of-service classifiers inet-precedence inet_prec_4 forwarding-class q7 loss-priority low code-points 111
set class-of-service forwarding-classes queue 0 q0
set class-of-service forwarding-classes queue 1 q1
set class-of-service forwarding-classes queue 2 q2
set class-of-service forwarding-classes queue 3 q3
set class-of-service forwarding-classes queue 4 q4
set class-of-service forwarding-classes queue 5 q5
set class-of-service forwarding-classes queue 6 q6
set class-of-service forwarding-classes queue 7 q7
set class-of-service traffic-control-profiles 1 scheduler-map sched_map
set class-of-service traffic-control-profiles 1 shaping-rate 200m
set class-of-service interfaces reth0 unit 0 classifiers inet-precedence inet_prec_4
set class-of-service interfaces reth1 unit 0 output-traffic-control-profile 1
set class-of-service scheduler-maps sched_map forwarding-class q0 scheduler S0
set class-of-service scheduler-maps sched_map forwarding-class q1 scheduler S1
set class-of-service scheduler-maps sched_map forwarding-class q2 scheduler S2
set class-of-service scheduler-maps sched_map forwarding-class q3 scheduler S3
set class-of-service scheduler-maps sched_map forwarding-class q4 scheduler S4
set class-of-service scheduler-maps sched_map forwarding-class q5 scheduler S5
set class-of-service scheduler-maps sched_map forwarding-class q6 scheduler S6
set class-of-service scheduler-maps sched_map forwarding-class q7 scheduler S7
set class-of-service schedulers S0 transmit-rate percent 20
set class-of-service schedulers S1 transmit-rate percent 5
set class-of-service schedulers S2 transmit-rate percent 5
set class-of-service schedulers S3 transmit-rate percent 10
set class-of-service schedulers S4 transmit-rate percent 10
set class-of-service schedulers S5 transmit-rate percent 10
set class-of-service schedulers S6 transmit-rate percent 10
set class-of-service schedulers S7 transmit-rate percent 30
分步过程
下面的示例要求您在各个配置层级中进行导航。有关作说明,请参阅 CLI 用户指南中的 在配置模式下使用 CLI 编辑器 。
要在冗余以太网接口上启用八队列 CoS,请执行以下作:
-
在节点 0 和节点 1 上的接口上最多配置八个队列。
[edit chassis] user@host# set fpc 5 pic 1 max-queues-per-interface 8除了在
[edit chassis]层级配置八个队列外,层级的配置[edit class-of-service]还必须支持每个接口八个队列。 -
指定冗余以太网接口的数量。
[edit chassis cluster] user@host# set reth-count 2 -
配置控制端口。
[edit chassis cluster] user@host# set control-ports fpc 4 port 0 user@host# set control-ports fpc 10 port 0 -
配置冗余组。
[edit chassis cluster] user@host# set redundancy-group 0 node 0 priority 254 user@host# set redundancy-group 0 node 1 priority 1 user@host# set redundancy-group 1 node 0 priority 200 user@host# set redundancy-group 1 node 1 priority 100 -
配置冗余以太网接口。
[edit interfaces] user@host# set ge-5/1/14 gigether-options redundant-parent reth0 user@host# set ge-11/1/14 gigether-options redundant-parent reth0 user@host# set ge-5/1/15 gigether-options redundant-parent reth1 user@host# set ge-11/1/15 gigether-options redundant-parent reth1 user@host# set reth0 redundant-ether-options redundancy-group 1 user@host# set reth0 vlan-tagging user@host# set reth0 unit 0 vlan-id 1350 user@host# set reth0 unit 0 family inet address 192.0.2.1/24 user@host# set reth1 hierarchical-scheduler user@host# set reth1 vlan-tagging user@host# set reth1 redundant-ether-options redundancy-group 2 user@host# set reth1 unit 0 vlan-id 1351 user@host# set reth1 unit 0 family inet address 192.0.2.2/24 user@host# set reth1 unit 1 vlan-id 1352 user@host# set reth1 unit 1 family inet address 192.0.2.3/24 user@host# set reth1 unit 2 vlan-id 1353 user@host# set reth1 unit 2 family inet address 192.0.2.4/24 user@host# set reth1 unit 3 vlan-id 1354 user@host# set reth1 unit 3 family inet address 192.0.2.5/24 -
定义分类器并将其应用于逻辑接口。
[edit class-of-service] user@host# set classifiers inet-precedence inet_prec_4 forwarding-class q0 loss-priority low code-points 000 user@host# set classifiers inet-precedence inet_prec_4 forwarding-class q2 loss-priority low code-points 010 user@host# set classifiers inet-precedence inet_prec_4 forwarding-class q3 loss-priority low code-points 011 user@host# set classifiers inet-precedence inet_prec_4 forwarding-class q1 loss-priority low code-points 001 user@host# set classifiers inet-precedence inet_prec_4 forwarding-class q4 loss-priority low code-points 100 user@host# set classifiers inet-precedence inet_prec_4 forwarding-class q5 loss-priority low code-points 101 user@host# set classifiers inet-precedence inet_prec_4 forwarding-class q6 loss-priority low code-points 110 user@host# set classifiers inet-precedence inet_prec_4 forwarding-class q7 loss-priority low code-points 111 -
将转发类映射到 CoS 队列。
[edit class-of-service] user@host# set forwarding-classes queue 0 q0 user@host# set forwarding-classes queue 1 q1 user@host# set forwarding-classes queue 2 q2 user@host# set forwarding-classes queue 3 q3 user@host# set forwarding-classes queue 4 q4 user@host# set forwarding-classes queue 5 q5 user@host# set forwarding-classes queue 6 q6 user@host# set forwarding-classes queue 7 q7 -
配置流量控制配置文件。
[edit class-of-service] user@host# set traffic-control-profiles 1 scheduler-map sched_map user@host# set traffic-control-profiles 1 shaping-rate 200m -
通过 CoS 元素定义数据包流。
[edit class-of-service] user@host# set interfaces reth0 unit 0 classifiers inet-precedence inet_prec_4 -
将流量调度配置文件应用于接口。
[edit class-of-service] user@host# set interfaces reth1 unit 0 output-traffic-control-profile 1 -
配置 CoS 调度器。
[edit class-of-service] user@host# set scheduler-maps sched_map forwarding-class q0 scheduler S0 user@host# set scheduler-maps sched_map forwarding-class q1 scheduler S1 user@host# set scheduler-maps sched_map forwarding-class q2 scheduler S2 user@host# set scheduler-maps sched_map forwarding-class q3 scheduler S3 user@host# set scheduler-maps sched_map forwarding-class q4 scheduler S4 user@host# set scheduler-maps sched_map forwarding-class q5 scheduler S5 user@host# set scheduler-maps sched_map forwarding-class q6 scheduler S6 user@host# set scheduler-maps sched_map forwarding-class q7 scheduler S7 user@host# set schedulers S0 transmit-rate percent 20 user@host# set schedulers S1 transmit-rate percent 5 user@host# set schedulers S2 transmit-rate percent 5 user@host# set schedulers S3 transmit-rate percent 10 user@host# set schedulers S4 transmit-rate percent 10 user@host# set schedulers S5 transmit-rate percent 10 user@host# set schedulers S6 transmit-rate percent 10 user@host# set schedulers S7 transmit-rate percent 30
结果
在配置模式下,输入 show class-of-service 命令以确认您的配置。如果输出未显示预期的配置,请重复此示例中的配置说明,以便进行更正。
为简洁起见,此 show 命令输出仅包含与此示例相关的配置。系统上的任何其他配置都已替换为省略号 (...)。
[edit]
user@host# show class-of-service
classifiers {
inet-precedence inet_prec_4 {
forwarding-class q0 {
loss-priority low code-points 000;
}
forwarding-class q2 {
loss-priority low code-points 010;
}
forwarding-class q3 {
loss-priority low code-points 011;
}
forwarding-class q1 {
loss-priority low code-points 001;
}
forwarding-class q4 {
loss-priority low code-points 100;
}
forwarding-class q5 {
loss-priority low code-points 101;
}
forwarding-class q6 {
loss-priority low code-points 110;
}
forwarding-class q7 {
loss-priority low code-points 111;
}
}
}
forwarding-classes {
queue 0 q0;
queue 1 q1;
queue 2 q2;
queue 3 q3;
queue 4 q4;
queue 5 q5;
queue 6 q6;
queue 7 q7;
}
traffic-control-profiles {
1 {
scheduler-map sched_map;
shaping-rate 200m;
}
}
interfaces {
reth0 {
unit 0 {
classifiers {
inet-precedence inet_prec_4;
}
}
}
reth1 {
unit 0 {
output-traffic-control-profile 1;
}
}
}
scheduler-maps {
sched_map {
forwarding-class q0 scheduler S0;
forwarding-class q1 scheduler S1;
forwarding-class q2 scheduler S2;
forwarding-class q3 scheduler S3;
forwarding-class q4 scheduler S4;
forwarding-class q5 scheduler S5;
forwarding-class q6 scheduler S6;
forwarding-class q7 scheduler S7;
}
}
schedulers {
S0 {
transmit-rate percent 20;
}
S1 {
transmit-rate percent 5;
}
S2 {
transmit-rate percent 5;
}
S3 {
transmit-rate percent 10;
}
S4 {
transmit-rate percent 10;
}
S5 {
transmit-rate percent 10;
}
S6 {
transmit-rate percent 10;
}
S7 {
transmit-rate percent 30;
}
}
如果完成设备配置,请从配置模式输入 commit 。
要重新启动机箱控制,请在作模式下输入 restart chassis-control 命令。
执行 restart chassis-control 命令时,机箱上的所有 FRU 卡都将重置,从而影响流量。更改队列数必须在计划的停机时间内执行。执行命令后 restart chassis-control ,卡需要 5-10 分钟才能联机。