示例:使用 MPC 在SRX5000防火墙上配置 CoS
此示例说明如何在具有 MPC 的SRX5000线路防火墙上配置 CoS。
要求
此示例使用以下硬件和软件组件:
带有 SRX5K-MPC 的SRX5600
适用于 SRX 系列的 Junos OS 12.1X46-D10 或更高版本
准备工作:
了解 CoS。请参阅 了解服务等级。
了解机箱群集配置。请参阅 示例:在 SRX5800 设备上配置主动/被动机箱群集。
了解机箱群集冗余接口配置。请参阅 示例:配置机箱群集冗余以太网接口。
配置此功能之前,不需要除设备初始化之外的特殊配置。
概述
在此示例中,您将创建一个行为聚合 (BA) 分类器,以根据数据包的 IEEE 802.1p 值对流量进行分类,并为流量分配转发类优先级队列。然后,配置调度器图并设置流量的优先级。
默认情况下,SRX5K-MPC 支持八个队列。在此示例中,您将配置八个队列。
将 BA 分类器应用于输入接口,并将调度器图应用于输出接口。
表 1 和表 2 显示了此示例中使用的转发类详细信息以及优先级、分配的队列号和分配的队列缓冲区。
转发类 |
队列编号 |
---|---|
成为 |
0 |
Sig |
1 |
Af |
2 |
青铜级 |
3 |
银级 |
4 |
金级 |
5 |
控制 |
6 |
Voip |
7 |
调度 |
对于 CoS 流量类型 |
分配的优先级 |
队列缓冲区的已分配部分(传输速率) |
---|---|---|---|
s-be |
0 |
低 |
15 |
S-SIG |
1 |
低 |
15 |
S-AF |
2 |
中低 |
20 |
S-青铜 |
3 |
中低 |
20 |
S-银 |
4 |
中高 |
10 |
S-黄金 |
5 |
中高 |
10 |
S-NC |
6 |
高 |
5 |
S-VoIP |
7 |
高 |
5 |
配置
程序
CLI 快速配置
要快速配置此示例,请复制以下命令,将其粘贴到文本文件中,删除所有换行符,更改与您的网络配置匹配所需的任何详细信息,将命令复制并粘贴到层次结构级别的 CLI [edit]
中,然后从配置模式进入 commit
。
set class-of-service classifiers ieee-802.1 c802 forwarding-class BE loss-priority low code-points 000 set class-of-service classifiers ieee-802.1 c802 forwarding-class SIG loss-priority low code-points 001 set class-of-service classifiers ieee-802.1 c802 forwarding-class AF loss-priority low code-points 010 set class-of-service classifiers ieee-802.1 c802 forwarding-class Bronze-Class loss-priority low code-points 011 set class-of-service classifiers ieee-802.1 c802 forwarding-class Silver-Class loss-priority low code-points 100 set class-of-service classifiers ieee-802.1 c802 forwarding-class Gold-Class loss-priority low code-points 101 set class-of-service classifiers ieee-802.1 c802 forwarding-class Central loss-priority low code-points 110 set class-of-service classifiers ieee-802.1 c802 forwarding-class VOIP loss-priority low code-points 111 set class-of-service forwarding-classes class BE queue-num 0 set class-of-service forwarding-classes class SIG queue-num 1 set class-of-service forwarding-classes class AF queue-num 2 set class-of-service forwarding-classes class Bronze-Class queue-num 3 set class-of-service forwarding-classes class Silver-Class queue-num 4 set class-of-service forwarding-classes class Gold-Class queue-num 5 set class-of-service forwarding-classes class Control queue-num 6 set class-of-service forwarding-classes class VOIP queue-num 7 set class-of-service scheduler-maps test forwarding-class BE scheduler s-be set class-of-service scheduler-maps test forwarding-class SIG scheduler s-sig set class-of-service scheduler-maps test forwarding-class AF scheduler s-af set class-of-service scheduler-maps test forwarding-class Bronze-Class scheduler s-bronze set class-of-service scheduler-maps test forwarding-class Silver-Class scheduler s-silver set class-of-service scheduler-maps test forwarding-class Gold-Class scheduler s-gold set class-of-service scheduler-maps test forwarding-class Control scheduler s-nc set class-of-service scheduler-maps test forwarding-class VOIP scheduler s-voip set class-of-service rewrite-rules ieee-802.1 rw802 forwarding-class BE loss-priority low code-point 000 set class-of-service rewrite-rules ieee-802.1 rw802 forwarding-class SIG loss-priority low code-point 001 set class-of-service rewrite-rules ieee-802.1 rw802 forwarding-class AF loss-priority low code-point 010 set class-of-service rewrite-rules ieee-802.1 rw802 forwarding-class Bronze-Class loss-priority low code-point 011 set class-of-service rewrite-rules ieee-802.1 rw802 forwarding-class Silver-Class loss-priority low code-point 100 set class-of-service rewrite-rules ieee-802.1 rw802 forwarding-class Gold-Class loss-priority low code-point 101 set class-of-service rewrite-rules ieee-802.1 rw802 forwarding-class Control loss-priority low code-point 110 set class-of-service rewrite-rules ieee-802.1 rw802 forwarding-class VOIP loss-priority low code-point 111 set class-of-service schedulers s-be transmit-rate percent 15 set class-of-service schedulers s-be priority low set class-of-service schedulers s-sig transmit-rate percent 15 set class-of-service schedulers s-sig priority low set class-of-service schedulers s-af transmit-rate percent 20 set class-of-service schedulers s-af priority medium-low set class-of-service schedulers s-bronze transmit-rate percent 20 set class-of-service schedulers s-bronze priority medium-low set class-of-service schedulers s-silver transmit-rate percent 10 set class-of-service schedulers s-silver priority medium-high set class-of-service schedulers s-gold transmit-rate percent 10 set class-of-service schedulers s-gold priority medium-high set class-of-service schedulers s-nc transmit-rate percent 5 set class-of-service schedulers s-nc priority high set class-of-service schedulers s-voip transmit-rate percent 5 set class-of-service schedulers s-voip priority high set class-of-service interfaces reth0 unit 0 classifiers ieee-802.1 c802 set class-of-service interfaces reth0 unit 0 rewrite-rules ieee-802.1 rw802 set class-of-service interfaces reth0 scheduler-map test set class-of-service interfaces reth0 shaping-rate 1g
分步过程
以下示例要求您在配置层次结构中导航各个级别。有关如何执行此操作的说明,请参阅 Junos OS CLI 用户指南中的在配置模式下使用 CLI 编辑器。
要配置转发类:
配置分类器。
[edit class-of-service] user@host# set classifiers ieee-802.1 c802 forwarding-class BE loss-priority low code-points 000 user@host# set classifiers ieee-802.1 c802 forwarding-class SIG loss-priority low code-points 001 user@host# set classifiers ieee-802.1 c802 forwarding-class AF loss-priority low code-points 010 user@host# set classifiers ieee-802.1 c802 forwarding-class Bronze-Class loss-priority low code-points 011 user@host# set classifiers ieee-802.1 c802 forwarding-class Silver-Class loss-priority low code-points 100 user@host# set classifiers ieee-802.1 c802 forwarding-class Gold-Class loss-priority low code-points 101 user@host# set classifiers ieee-802.1 c802 forwarding-class Central loss-priority low code-points 110 user@host# set classifiers ieee-802.1 c802 forwarding-class VOIP loss-priority low code-points 111
将尽力而为流量分配给队列。
[edit class-of-service forwarding-classes class] user@host# set BE queue-num 0 user@host# set SIG queue-num 1 user@host# set AF queue-num 2 user@host# set Bronze-Class queue-num 3 user@host# set Silver-Class queue-num 4 user@host# set Gold-Class queue-num 5 user@host# set Control queue-num 6 user@host# set VOIP queue-num 7
定义转发类到数据包调度程序的映射。
[edit class-of-service] user@host# set scheduler-maps test forwarding-class BE scheduler s-be user@host# set scheduler-maps test forwarding-class SIG scheduler s-sig user@host# set scheduler-maps test forwarding-class AF scheduler s-af user@host# set scheduler-maps test forwarding-class Bronze-Class scheduler s-bronze user@host# set scheduler-maps test forwarding-class Silver-Class scheduler s-silver user@host# set scheduler-maps test forwarding-class Gold-Class scheduler s-gold user@host# set scheduler-maps test forwarding-class Control scheduler s-nc user@host# set scheduler-maps test forwarding-class VOIP scheduler s-voip
配置 CoS 重写规则以将转发类映射到 802.1p 字段的所需值。
[edit class-of-service] user@host# set rewrite-rules ieee-802.1 rw802 forwarding-class BE loss-priority low code-point 000 user@host# set rewrite-rules ieee-802.1 rw802 forwarding-class SIG loss-priority low code-point 001 user@host# set rewrite-rules ieee-802.1 rw802 forwarding-class AF loss-priority low code-point 010 user@host# set rewrite-rules ieee-802.1 rw802 forwarding-class Bronze-Class loss-priority low code-point 011 user@host# set rewrite-rules ieee-802.1 rw802 forwarding-class Silver-Class loss-priority low code-point 100 user@host# set rewrite-rules ieee-802.1 rw802 forwarding-class Gold-Class loss-priority low code-point 101 user@host# set rewrite-rules ieee-802.1 rw802 forwarding-class Control loss-priority low code-point 110 user@host# set rewrite-rules ieee-802.1 rw802 forwarding-class VOIP loss-priority low code-point 111
使用调度优先级和传输速率配置 8 个数据包调度程序。
[edit class-of-service] user@host# set schedulers s-be transmit-rate percent 15 user@host# set schedulers s-be priority low user@host# set schedulers s-sig transmit-rate percent 15 user@host# set schedulers s-sig priority low user@host# set schedulers s-af transmit-rate percent 20 user@host# set schedulers s-af priority medium-low user@host# set schedulers s-bronze transmit-rate percent 20 user@host# set schedulers s-bronze priority medium-low user@host# set schedulers s-silver transmit-rate percent 10 user@host# set schedulers s-silver priority medium-high user@host# set schedulers s-gold transmit-rate percent 10 user@host# set schedulers s-gold priority medium-high user@host# set schedulers s-nc transmit-rate percent 5 user@host# set schedulers s-nc priority high user@host# set schedulers s-voip transmit-rate percent 5 user@host# set schedulers s-voip priority high
将分类器并重写规则应用于接口。
[edit class-of-service] user@host# set interfaces reth0 unit 0 classifiers ieee-802.1 c802 user@host# set interfaces reth1 unit 0 rewrite-rules ieee-802.1 rw802
将调度程序映射“test”应用于接口。
[edit class-of-service] user@host# set interfaces reth0 scheduler-map test
应用整形速率以控制接口上传输的最大流量速率。
[edit class-of-service] user@host# set interfaces reth0 shaping-rate 1g
结果
在配置模式下,输入 show xxx
命令确认您的配置。如果输出未显示预期的配置,请重复此示例中的配置说明以进行更正。
classifiers { ieee-802.1 c802 { forwarding-class BE { loss-priority low code-points 000; } forwarding-class SIG { loss-priority low code-points 001; } forwarding-class AF { loss-priority low code-points 010; } forwarding-class Bronze-Class { loss-priority low code-points 011; } forwarding-class Silver-Class { loss-priority low code-points 100; } forwarding-class Gold-Class { loss-priority low code-points 101; } forwarding-class Control { loss-priority low code-points 110; } forwarding-class VOIP { loss-priority low code-points 111; } } } forwarding-classes { class BE queue-num 0; class SIG queue-num 1; class VOIP queue-num 7; class AF queue-num 2; class Bronze-Class queue-num 3; class Silver-Class queue-num 4; class Gold-Class queue-num 5; class Control queue-num 6; } interfaces { reth0 { shaping-rate 1g; unit 0 { scheduler-map test; } } reth0 { shaping-rate 1g; unit 0 { classifiers { ieee-802.1 c802; } rewrite-rules { ieee-802.1 rw802; } } } } rewrite-rules { ieee-802.1 rw802 { forwarding-class BE { loss-priority low code-point 000; } forwarding-class SIG { loss-priority low code-point 001; } forwarding-class AF { loss-priority low code-point 010; } forwarding-class Bronze-Class { loss-priority low code-point 011; } forwarding-class Silver-Class { loss-priority low code-point 100; } forwarding-class Gold-Class { loss-priority low code-point 101; } forwarding-class Control { loss-priority low code-point 110; } forwarding-class VOIP { loss-priority low code-point 111; } } } scheduler-maps { test { forwarding-class BE scheduler s-be; forwarding-class VOIP scheduler s-voip; forwarding-class Gold-Class scheduler s-gold; forwarding-class SIG scheduler s-sig; forwarding-class AF scheduler s-af; forwarding-class Bronze-Class scheduler s-bronze; forwarding-class Silver-Class scheduler s-silver; forwarding-class Control scheduler s-nc; } } schedulers { s-be { transmit-rate percent 15; priority low; } s-nc { transmit-rate percent 5; priority high; } s-gold { transmit-rate percent 10; priority medium-high; } s-sig { transmit-rate percent 15; priority low; } s-af { transmit-rate percent 20; priority medium-low; } s-bronze { transmit-rate percent 20; priority medium-low; } s-silver { transmit-rate percent 10; priority medium-high; } s-voip { transmit-rate percent 5; priority high; } }
如果完成设备配置,请从配置模式输入 commit
。
验证
确认配置工作正常。
验证服务等级配置
目的
验证是否已配置 CoS。
行动
在操作模式下,输入 show class-of-service classifier
命令。
user@host> show class-of-service classifier type ieee-802.1
Forwarding class ID Queue Restricted queue Fabric priority Policing priority SPU priority
BE 0 0 0 low normal low
SIG 1 1 1 low normal low
AF 2 2 2 low normal low
Bronze-Class 3 3 3 low normal low
Silver-Class 4 4 0 low normal low
Gold-Class 5 5 1 low normal low
Control 6 6 2 low normal low
VOIP 7 7 3 low normal low
验证在 MPC 接口上配置的专用队列数
目的
显示为端口上的接口配置的专用队列资源数。
行动
在操作模式下,输入 show class-of-service interface
命令。
user@host> show class-of-service interface reth0
Physical interface: reth0, Index: 129
Queues supported: 8, Queues in use: 4
Scheduler map: <default>, Index: 2
Congestion-notification: Disabled
Logical interface: reth0.0, Index: 71
Object Name Type Index
Classifier dscp-ipv6-compatibility dscp-ipv6 9
Classifier ipprec-compatibility ip 13
Logical interface: reth1.32767, Index: 70