Example: Configuring CoS on EX Series Switches

 

Configure class of service (CoS) on your switch to manage traffic so that when the network experiences congestion and delay, critical applications are protected. Using CoS, you can divide traffic on your switch into classes and provide various levels of throughput and packet loss. This is especially important for traffic that is sensitive to jitter and delay, such as voice traffic.

This example shows how to configure CoS on a single EX Series switch in the network.

Requirements

This example uses the following hardware and software components:

  • EX3200 and EX4200 switches

  • Junos OS Release 9.0 or later for EX Series switches

Overview and Topology

This example uses the topology shown in Figure 1.

Figure 1: Topology for Configuring CoS
Topology for Configuring
CoS

The topology for this configuration example consists of EX3200 and EX4200 switches at the access layer.

The EX Series access switches are configured to support VLAN membership. On the EX3200 access layer switch, interfaces ge-0/0/0 and ge-0/0/1 are assigned to the voice VLAN (voice-vlan) for two VoIP IP phones. Switch interface ge-0/0/2 is assigned to the camera VLAN (camera-vlan) for the surveillance camera. Switch interfaces ge-0/0/3, ge-0/0/4, ge-0/0/5, and ge-0/0/6 are assigned to the server VLAN (server-vlan) for the servers hosting various applications such as those provided by Citrix, Microsoft, Oracle, and SAP. The EX3200 trunk ports, ge-0/0/20 and ge-0/0/21, are assigned to the server, voice, employee, and camera VLANs and used as uplink ports to connect the distribution layer switches.

EX4200 switches are also included in the access layer to similarly connect employee and voice VLANs, although this example does not show configuration details for those switches.

Table 1 shows the VLAN configuration components.

Table 1: Configuration Components: VLANs

VLAN Name

VLAN ID

VLAN Subnet and Available IP Addresses

VLAN Description

voice-vlan

10

192.168.1.0/28

192.168.1.1 through 192.168.1.14

192.168.1.15 is the subnet’s broadcast address.

Voice VLAN used for employee VoIP communication.

camera-vlan

20

192.168.1.16/28

192.168.1.17 through 192.168.1.30

192.168.1.31 is the subnet’s broadcast address.

VLAN for the surveillance cameras.

server-vlan

30

192.168.1.32/28

192.168.1.33 through 192.168.1.46

192.168.1.47 is the subnet’s broadcast address.

VLAN for the servers hosting enterprise applications.

PoE-capable ports on EX Series switches support Power over Ethernet (PoE) to provide both network connectivity and power for VoIP telephones connecting to the ports. Table 2 shows the switch interfaces that are assigned to the VLANs and the IP addresses for devices connected to the switch ports on a 48-port switch, all ports of which are PoE-capable.

Table 2: Configuration Components: Switch Interfaces Assigned to VLANs and Devices on a 48-Port All-PoE Switch

Interfaces

VLAN Membership

IP Addresses

Port Devices

ge-0/0/0, ge-0/0/1

voice-vlan

192.168.1.1/28 through 192.168.1.2/28

Two VoIP telephones.

ge-0/0/2

camera-vlan

192.168.1.17/28

Surveillance camera.

ge-0/0/3, ge-0/0/4, ge-0/0/5, ge-0/0/6

server-vlan

192.168.1.33/28 through 192.168.1.36/28

Four servers hosting applications such as those provided by Citrix, Microsoft, Oracle, and SAP.

Note

This example shows how to configure CoS on a standalone EX Series switch. This example does not consider across-the-network applications of CoS in which you might implement different configurations on ingress and egress switches to provide differentiated treatment to different classes across a set of nodes in a network.

Note

Although you will sometimes see schedulers configured for strict-high priority with a transmit-rate configured, that configuration is misleading because strict-high priority schedulers get unlimited bandwidth and the transmit-rate parameter has no effect on them. With this configuration, lower priority queues can suffer starvation if there is congestion. It is better that schedulers with strict-high priority have shaping-rate parameters configured, which is the correct way to limit their bandwidth.

Configuration

CLI Quick Configuration

To quickly configure CoS, copy the following commands and paste them into the switch terminal window:

[edit]

set class-of-service forwarding-classes class app queue-num 5

set class-of-service forwarding-classes class mail queue-num 1

set class-of-service forwarding-classes class db queue-num 2

set class-of-service forwarding-classes class erp queue-num 3

set class-of-service forwarding-classes class video queue-num 4

set class-of-service forwarding-classes class best-effort queue-num 0

set class-of-service forwarding-classes class voice queue-num 6

set class-of-service forwarding-classes class network-control queue-num 7

set firewall family ethernet-switching filter voip_class term voip from source-address 192.168.1.1/28

set firewall family ethernet-switching filter voip_class term voip from source-address 192.168.1.2/28

set firewall family ethernet-switching filter voip_class term voip from protocol udp

set firewall family ethernet-switching filter voip_class term voip from source-port 2698

set firewall family ethernet-switching filter voip_class term voip then forwarding-class voice loss-priority low

set firewall family ethernet-switching filter voip_class term network_control from precedence [net-control internet-control]

set firewall family ethernet-switching filter voip_class term network_control then forwarding-class network-control loss-priority low

set firewall family ethernet-switching filter voip_class term best_effort_traffic then forwarding-class best-effort loss-priority low

set interfaces ge-0/0/0 description phone1–voip-ingress-port

set interfaces ge-0/0/0 unit 0 family ethernet-switching filter input voip_class

set class-of-service interfaces ge-0/0/0 shaping-rate 100m

set interfaces ge-0/0/1 description phone2–voip-ingress-port

set interfaces ge-0/0/1 unit 0 family ethernet-switching filter input voip_class

set firewall family ethernet-switching filter video_class term video from source-address 192.168.1.17/28

set firewall family ethernet-switching filter video_class term video from protocol udp

set firewall family ethernet-switching filter video_class term video from source-port 2979

set firewall family ethernet-switching filter video_class term video then forwarding-class video loss-priority low

set firewall family ethernet-switching filter video_class term network_control from precedence [net-control internet-control]

set firewall family ethernet-switching filter video_class term network_control then forwarding-class network-control loss-priority low

set firewall family ethernet-switching filter video_class term best_effort_traffic then forwarding-class best-effort loss-priority low

set interfaces ge-0/0/2 description video-ingress-port

set interfaces ge-0/0/2 unit 0 family ethernet-switching filter input video_class

set firewall family ethernet-switching filter app_class term app from source-address 192.168.1.33/28

set firewall family ethernet-switching filter app_class term app from protocol tcp

set firewall family ethernet-switching filter app_class term app from source-port [1494 2512 2513 2598 2897]

set firewall family ethernet-switching filter app_class term app then forwarding-class app loss-priority low

set firewall family ethernet-switching filter app_class term mail from source-address 192.168.1.34/28

set firewall family ethernet-switching filter app_class term mail from protocol tcp

set firewall family ethernet-switching filter app_class term mail from source-port [25 143 389 691 993 3268 3269]

set firewall family ethernet-switching filter app_class term mail then forwarding-class mail loss-priority low

set firewall family ethernet-switching filter app_class term db from source-address 192.168.1.35/28

set firewall family ethernet-switching filter app_class term db from protocol tcp

set firewall family ethernet-switching filter app_class term db from source-port [1521 1525 1527 1571 1810 2481]

set firewall family ethernet-switching filter app_class term db then forwarding-class db loss-priority low

set firewall family ethernet-switching filter app_class term erp from source-address 192.168.1.36/28

set firewall family ethernet-switching filter app_class term erp from protocol tcp

set firewall family ethernet-switching filter app_class term erp from source-port [3200 3300 3301 3600]

set firewall family ethernet-switching filter app_class term erp then forwarding-class erp loss-priority low

set firewall family ethernet-switching filter app_class term network_control from precedence [net-control internet-control]

set firewall family ethernet-switching filter app_class term network_control then forwarding-class network-control loss-priority low

set firewall family ethernet-switching filter app_class term best_effort_traffic then forwarding-class best-effort loss-priority low

set interfaces ge-0/0/3 unit 0 family ethernet-switching filter input app_class

set interfaces ge-0/0/4 unit 0 family ethernet-switching filter input app_class

set interfaces ge-0/0/5 unit 0 family ethernet-switching filter input app_class

set interfaces ge-0/0/6 unit 0 family ethernet-switching filter input app_class

set class-of-service schedulers voice-sched shaping-rate percent 10

set class-of-service schedulers voice-sched buffer-size percent 10

set class-of-service schedulers voice-sched priority strict-high

set class-of-service schedulers video-sched priority low

set class-of-service schedulers video-sched transmit-rate percent 15

set class-of-service schedulers app-sched buffer-size percent 10

set class-of-service schedulers app-sched priority low

set class-of-service schedulers app-sched transmit-rate percent 10

set class-of-service schedulers mail-sched buffer-size percent 5

set class-of-service schedulers mail-sched priority low

set class-of-service schedulers mail-sched transmit-rate percent 5

set class-of-service schedulers db-sched buffer-size percent 10

set class-of-service schedulers db-sched priority low

set class-of-service schedulers db-sched transmit-rate percent 10

set class-of-service schedulers erp-sched buffer-size percent 10

set class-of-service schedulers erp-sched priority low

set class-of-service schedulers erp-sched transmit-rate percent 10

set class-of-service schedulers nc-sched shaping-rate percent 5

set class-of-service schedulers nc-sched buffer-size percent 5

set class-of-service schedulers nc-sched priority strict-high

set class-of-service schedulers be-sched buffer-size percent 35

set class-of-service schedulers be-sched priority low

set class-of-service schedulers be-sched transmit-rate percent 35

set class-of-service scheduler-maps ethernet-cos-map forwarding-class voice scheduler voice-sched

set class-of-service scheduler-maps ethernet-cos-map forwarding-class video scheduler video-sched

set class-of-service scheduler-maps ethernet-cos-map forwarding-class app scheduler app-sched

set class-of-service scheduler-maps ethernet-cos-map forwarding-class mail scheduler mail-sched

set class-of-service scheduler-maps ethernet-cos-map forwarding-class db scheduler db-sched

set class-of-service scheduler-maps ethernet-cos-map forwarding-class erp scheduler erp-sched

set class-of-service scheduler-maps ethernet-cos-map forwarding-class network-control scheduler nc-sched

set class-of-service scheduler-maps ethernet-cos-map forwarding-class best-effort scheduler be-sched

set class-of-service interfaces ge-0/0/20 scheduler-map ethernet-cos-map

set class-of-service interfaces ge-0/0/21 scheduler-map ethernet-cos-map

set class-of-service schedulers voice-sched-queue-shap shaping-rate 30m

set class-of-service scheduler-maps sched-map-be forwarding-class best-effort scheduler voice-sched-queue-shap

set class-of-service interfaces ge-0/0/2 scheduler-map sched-map-be

Step-by-Step Procedure

To configure and apply CoS:

  1. Configure one-to-one mappings between eight forwarding classes and eight queues:
    [edit class-of-service]

    user@switch# set forwarding-classes class app queue-num 5

    user@switch# set forwarding-classes class mail queue-num 1

    user@switch# set forwarding-classes class db queue-num 2

    user@switch# set forwarding-classes class erp queue-num 3

    user@switch# set forwarding-classes class video queue-num 4

    user@switch# set forwarding-classes class best-effort queue-num 0

    user@switch# set forwarding-classes class voice queue-num 6

    user@switch# set forwarding-classes class network-control queue-num 7

  2. Define the firewall filter voip_class to classify the VoIP traffic:
    [edit firewall]

    user@switch# set family ethernet-switching filter voip_class

  3. Define the term voip:
    [edit firewall]

    user@switch# set family ethernet-switching filter voip_class term voip from source-address 192.168.1.1/28

    user@switch# set family ethernet-switching filter voip_class term voip from source-address 192.168.1.2/28

    user@switch# set family ethernet-switching filter voip_class term voip protocol udp

    user@switch# set family ethernet-switching filter voip_class term voip source-port 2698

    user@switch# set family ethernet-switching filter voip_class term voip then forwarding-class voice loss-priority low
  4. Define the term network_control (for the voip_class filter):
    [edit firewall]

    user@switch# set family ethernet-switching filter voip_class term network_control from precedence [net-control internet-control]

    user@switch# set family ethernet-switching filter voip_class term network_control then forwarding-class network-control loss-priority low
  5. Define the term best_effort_traffic with no match conditions (for the voip_class filter):
    [edit firewall]

    user@switch# set family ethernet-switching filter voip_class term best_effort_traffic then forwarding-class best-effort loss-priority low
  6. Apply the firewall filter voip_class as an input filter to the interfaces for the VoIP phones:
    [edit interfaces]

    user@switch# set ge-0/0/0 description phone1-voip-ingress-port

    user@switch# set ge-0/0/0 unit 0 family ethernet-switching filter input voip_class

    user@switch# set ge-0/0/1 description phone2-voip-ingress-port

    user@switch# set ge-0/0/1 unit 0 family ethernet-switching filter input voip_class
  7. Apply port shaping on the interface ge-0/0/0:
    [edit]

    user@switch# set class-of-service interfaces ge-0/0/0 shaping-rate 100m
  8. Define the firewall filter video_class to classify the video traffic:
    [edit firewall]

    user@switch# set family ethernet-switching filter video_class

  9. Define the term video:
    [edit firewall]

    user@switch# set family ethernet-switching filter video_class term video from source-address 192.168.1.17/28

    user@switch# set family ethernet-switching filter video_class term video protocol udp

    user@switch# set family ethernet-switching filter video_class term video source-port 2979

    user@switch# set family ethernet-switching filter video_class term video then forwarding-class video loss-priority low

  10. Define the term network_control (for the video_class filter):
    [edit firewall]

    user@switch# set family ethernet-switching filter video_class term network_control from precedence [net-control internet-control]

    user@switch# set family ethernet-switching filter video_class term network_control then forwarding-class network-control loss-priority low
  11. Define the term best_effort_traffic with no match conditions (for the video_class filter):
    [edit firewall]

    user@switch# set family ethernet-switching filter video_class term best_effort_traffic then forwarding-class best-effort loss-priority low

  12. Apply the firewall filter video_class as an input filter to the interface for the surveillance camera:
    [edit interfaces]

    user@switch# set ge-0/0/2 description video-ingress-port

    user@switch# set ge-0/0/2 unit 0 family ethernet-switching filter input video_class
  13. Define the firewall filter app_class to classify the application server traffic:
    [edit firewall]

    user@switch# set family ethernet-switching filter app_class
  14. Define the term app (for the app_class filter):
    [edit firewall]

    user@switch# set family ethernet-switching filter app_class term app from source-address 192.168.1.33/28

    user@switch# set family ethernet-switching filter app_class term app protocol tcp

    user@switch# set family ethernet-switching filter app_class term app source-port [1494 2512 2513 2598 2897]

    user@switch# set family ethernet-switching filter app_class term app then forwarding-class app loss-priority low

  15. Define the term mail (for the app_class filter):
    [edit firewall]

    user@switch# set family ethernet-switching filter app_class term mail from source-address 192.168.1.34/28

    user@switch# set family ethernet-switching filter app_class term mail protocol tcp

    user@switch# set family ethernet-switching filter app_class term mail source-port [25 143 389 691 993 3268 3269]

    user@switch# set family ethernet-switching filter app_class term mail then forwarding-class mail loss-priority low
  16. Define the term db (for the app_class filter):
    [edit firewall]

    user@switch# set family ethernet-switching filter app_class term db from source-address 192.168.1.35/28

    user@switch# set family ethernet-switching filter app_class term db protocol tcp

    user@switch# set family ethernet-switching filter app_class term db source-port [1521 1525 1527 1571 1810 2481]

    user@switch# set family ethernet-switching filter app_class term db then forwarding-class db loss-priority low
  17. Define the term erp (for the app_class filter):
    [edit firewall]

    user@switch# set family ethernet-switching filter app_class term erp from source-address 192.168.1.36/28

    user@switch# set family ethernet-switching filter app_class term erp protocol tcp

    user@switch# set family ethernet-switching filter app_class term erp source-port [3200 3300 3301 3600]

    user@switch# set family ethernet-switching filter app_class term erp then forwarding-class erp loss-priority low
  18. Define the term network_control (for the app_class filter):
    [edit firewall]

    user@switch# set family ethernet-switching filter app_class term network_control from precedence [net-control internet-control]

    user@switch# set family ethernet-switching filter app_class term network_control then forwarding-class network-control loss-priority low
  19. Define the term best_effort_traffic (for the app_class filter):
    [edit firewall]

    user@switch# set family ethernet-switching filter app_class term best_effort_traffic then forwarding-class best-effort loss-priority low
  20. Apply the firewall filter app_class as an input filter to the interfaces for the servers hosting applications:
    [edit interfaces]

    user@switch# set ge-0/0/3 unit 0 family ethernet-switching filter input app_class

    user@switch# set ge-0/0/4 unit 0 family ethernet-switching filter input app_class

    user@switch# set ge-0/0/5 unit 0 family ethernet-switching filter input app_class

    user@switch# set ge-0/0/6 unit 0 family ethernet-switching filter input app_class
  21. Configure schedulers:
    [edit class-of-service]

    user@switch# set schedulers voice-sched shaping-rate percent 10

    user@switch# set schedulers voice-sched buffer-size percent 10

    user@switch# set schedulers voice-sched priority strict-high

    user@switch# set schedulers video-sched priority low

    user@switch# set schedulers video-sched transmit-rate percent 15

    user@switch# set schedulers app-sched buffer-size percent 10

    user@switch# set schedulers app-sched priority low

    user@switch# set schedulers app-sched transmit-rate percent 10

    user@switch# set schedulers mail-sched buffer-size percent 5

    user@switch# set schedulers mail-sched priority low

    user@switch# set schedulers mail-sched transmit-rate percent 5

    user@switch# set schedulers db-sched buffer-size percent 10

    user@switch# set schedulers db-sched priority low

    user@switch# set schedulers db-sched transmit-rate percent 10

    user@switch# set schedulers erp-sched buffer-size percent 10

    user@switch# set schedulers erp-sched priority low

    user@switch# set schedulers erp-sched transmit-rate percent 10

    user@switch# set schedulers nc-sched shaping-rate percent 5

    user@switch# set schedulers nc-sched buffer-size percent 5

    user@switch# set schedulers nc-sched priority strict-high

    user@switch# set schedulers nc-sched transmit-rate percent 5

    user@switch# set schedulers be-sched buffer-size percent 35

    user@switch# set schedulers be-sched priority low

    user@switch# set schedulers be-sched transmit-rate percent 35
  22. Assign the forwarding classes to schedulers with the scheduler map ethernet-cos-map:
    [edit class-of-service]

    user@switch# set scheduler-maps ethernet-cos-map forwarding-class voice scheduler voice-sched

    user@switch# set scheduler-maps ethernet-cos-map forwarding-class video scheduler video-sched

    user@switch# set scheduler-maps ethernet-cos-map forwarding-class app scheduler app-sched

    user@switch# set scheduler-maps ethernet-cos-map forwarding-class mail scheduler mail-sched

    user@switch# set scheduler-maps ethernet-cos-map forwarding-class db scheduler db-sched

    user@switch# set scheduler-maps ethernet-cos-map forwarding-class erp scheduler erp-sched

    user@switch# set scheduler-maps ethernet-cos-map forwarding-class network-control scheduler nc-sched

    user@switch# set scheduler-maps ethernet-cos-map forwarding-class best-effort scheduler be-sched
  23. Associate the scheduler map with the outgoing interfaces:
    [edit class-of-service interfaces]

    user@switch# set ge-0/0/20 scheduler-map ethernet-cos-map

    user@switch# set ge-0/0/21 scheduler-map ethernet-cos-map
  24. Apply queue shaping for the best-effort queue:
    [edit]

    user@switch# set class-of-service schedulers voice-sched-queue-shap shaping-rate 30m

    user@switch# set class-of-service scheduler-maps sched-map-be forwarding-class best-effort scheduler voice-sched-queue-shap

    user@switch# set class-of-service interfaces ge-0/0/2 scheduler-map sched-map-be

Results

Display the results of the configuration:

Verification

To confirm that the configuration is working properly, perform these tasks:

Verifying That the Defined Forwarding Classes Exist and Are Mapped to Queues

Purpose

Verify that the forwarding classes app, best-effort, db, erp, mail, network-control, video, and voice have been defined and mapped to queues.

Action

user@switch> show class-of-service forwarding-class

Meaning

This output shows that the forwarding classes have been defined and mapped to appropriate queues.

Verifying That the Forwarding Classes Have Been Assigned to Schedulers

Purpose

Verify that the forwarding classes have been assigned to schedulers.

Action

user@switch> show class-of-service scheduler-map

Meaning

This output shows that the forwarding classes have been assigned to schedulers.

Verifying That the Scheduler Map Has Been Applied to the Interfaces

Purpose

Verify that the scheduler map has been applied to the interfaces.

Action

user@switch> show class-of-service interface

Meaning

This output includes details of the interfaces to which the scheduler map (ethernet-cos-map) has been applied (ge-0/0/20 and ge-0/0/21).

Verifying That Port Shaping Has Been Applied

Purpose

Verify that the port shaping has been applied to an interface.

Action

Following is the output before port shaping is applied to the interface ge-0/0/0, when there is egress traffic of 400 Mpbs exiting on that interface:

user@switch> show interfaces ge-0/0/0 extensive

The Traffic statistics: field in this output shows that egress traffic is ~400 Mpbs (345,934,816 bps). When a port shaping of 100 Mbps is applied to the ge-0/0/0 interface, you see the following outputs for the show interfaces ge-0/0/0 statistics and the show class-of-service interface ge-0/0/0 commands:

user@switch> show interfaces ge-0/0/0 statistics
user@switch> show class-of-service interface ge-0/0/0

Meaning

In the output for the show interfaces ge-0/0/0 statistics command, the Traffic statistics: field shows that egress traffic is ~100 Mbps (100,223,104 bps). The output for the show class-of-service interface ge-0/0/0 command shows that the shaping rate is 100,000,000 bps, which indicates that a port shaping of 100 Mbps is applied to the ge-0/0/0 interface.

Verifying That Queue Shaping Has Been Applied

Purpose

Verify that the queue shaping has been applied to the best-effort queue.

Action

Following is the output before queue shaping is applied to the best-effort queue when there is egress traffic of 400 Mpbs exiting on that interface:

user@switch> show interfaces ge-0/0/2 extensive

The Traffic statistics: field in this output shows that the egress traffic is ~400 Mpbs (345,934,816 bps). When a queue shaping of 30 Mbps is applied to the best-effort queue, you see the following output for the show interfaces ge-0/0/2 statistics and show class-of-service scheduler-map sched-map-be commands:

user@switch> show interfaces ge-0/0/2 statistics
user@switch> show class-of-service scheduler-map sched-map-be

Meaning

In the output for the show interfaces ge-0/0/2 statistics command, the Traffic statistics: field shows that the egress traffic is ~30 Mbps (30,097,712 bps). The output for the show class-of-service scheduler-map sched-map-be command, shows that a shaping rate of 30,000,000 bps (that is 30 Mbps) is applied to the best-effort queue.