Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Configuring CoS Rules on Services PICs

 

This topic describes how to configure CoS rules on Services PICs.

Each CoS rule consists of a set of terms, similar to those in a firewall filter configuration. A term consists of the following:

  • from statement—Specifies the match conditions and applications that are included and excluded.

  • then statement—Specifies the actions and action modifiers to be performed by the router software.

If you omit the from term, the router accepts all traffic and the default protocol handlers take effect:

  • User Datagram Protocol (UDP), Transmission Control Protocol (TCP), and Internet Control Message Protocol (ICMP) create a bidirectional flow with a predicted reverse flow.

  • IP creates a unidirectional flow.

In addition, each rule must include a match-direction statement that specifies the direction in which the rule match is applied. To configure where the match is applied, include the match-direction statement at the [edit services cos rule rule-name] hierarchy level:

If you configure match-direction input-output, bidirectional rule creation is allowed.

The match direction is used with respect to the traffic flow through the Services PIC. When a packet is sent to the Services PIC, direction information is carried along with it.

On interface service sets, packet direction is determined by whether a packet is entering or leaving the interface on which the service set is applied.

With a next-hop service set, packet direction is determined by the interface used to route the packet to the Services PIC. If the inside interface is used to route the packet, the packet direction is input. If the outside interface is used to direct the packet to the Services PIC, the packet direction is output. For more information on inside and outside interfaces, see Configuring Service Sets to be Applied to Services Interfaces.

On the Services PIC, a flow lookup is performed. If no flow is found, rule processing is performed. All rules in the service set are considered. During rule processing, the packet direction is compared against rule directions. Only rules with direction information that matches the packet direction are considered.

You can use either the source address or the destination address as a match condition, in the same way that you would configure a firewall filter; for more information, see the Routing Policies, Firewall Filters, and Traffic Policers User Guide.

You can also include application protocol definitions that you have configured at the [edit applications] hierarchy level; for more information, see the Junos OS Services Interfaces Library for Routing Devices.

  • To apply one or more specific application protocol definitions, include the applications statement at the [edit services cos rule rule-name term term-name from] hierarchy level.

  • To apply one or more sets of application protocol definitions you have defined, include the application-sets statement at the [edit services cos rule rule-name term term-name from] hierarchy level.

    Note

    If you include a statement that specifies application protocols, the router derives port and protocol information from the corresponding configuration at the [edit applications] hierarchy level; you cannot specify these properties as match conditions.

The following sections describe how to configure CoS rules in more detail:

Configuring Match Conditions in a CoS Rule

This topic describes how to configure the match conditions for CoS rules.

Before you begin, make sure you have completed the following tasks:

  • Configure the application protocol definitions at the [edit applications] hierarchy level; for more information, see the application and Junos OS Services Interfaces Library for Routing Devices.

  • Configure a destination prefix list by including the prefix-list statement at the [edit policy-options] hierarchy level.

  • Configure a source prefix list by including the prefix-list statement at the [edit policy-options] hierarchy level.

To configure the match conditions for a CoS rule:

  1. Create the CoS rule by specifying a name for it.
  2. Specify the direction in which the rule match is applied.
  3. Specify the input conditions for the CoS term:
    1. Define one or more target application sets.

      Note

      You must configure the application protocol definitions at the [edit applications] hierarchy level; for more information, see the Junos OS Services Interfaces Library for Routing Devices.

    2. Define one or more applications to which the CoS services apply.

    3. Specify the destination address for rule matching.

    4. Specify the name of the destination prefix list for rule matching.

      Note

      You must configure the destination prefix list by including the prefix-list statement at the [edit policy-options] hierarchy level.

    5. Specify the source address for rule matching.

    6. Specify the source address range for rule matching.

    7. Specify the source prefix list for rule matching.

      Note

      You must configure the source prefix list by including the prefix-list statement at the [edit policy-options] hierarchy level.

Configuring Actions in a CoS Rule

The principal CoS actions are:

  • dscp—Marks the packet with the specified DiffServ code point (DSCP) value or alias.

  • forwarding-class—Assigns the packet to the specified forwarding class.

This section describes how to configure these CoS actions and includes the following topics:

Configuring Application Profiles

You can optionally define one or more application profiles for inclusion in CoS actions.

The application-profile statement includes two main components and three traffic types: ftp with the data traffic type and sip with the video and voice traffic types. You can set the appropriate dscp and forwarding-class values for each component within the application profile.

Note

The ftp and sip statements are not supported on Juniper Network MX Series 5G Universal Routing Platforms.

You can apply the application profile to a CoS configuration by including it at the [edit services cos rule rule-name term term-name then] hierarchy level.

To configure an application profile for inclusion in CoS actions:

  1. Specify the application-profile statement at the [edit services cos] hierarchy level.
  2. Specify the appropriate dscp and forwarding-class value for FTP traffic.
  3. Specify the appropriate dscp and forwarding-class value for SIP video traffic.
  4. Specify the appropriate dscp and forwarding-class value for SIP voice traffic.

Configuring Reflexive and Reverse CoS Actions

It is important to understand that CoS services are unidirectional. It might be necessary to specify different treatments for flows in opposite directions.

Regardless of whether a packet matches the input, output, or input-output direction, flows in both directions are created. The difference is that a forward, reverse, or forward-and-reverse CoS action is associated with each flow. You should bear in mind that the flow in the opposite direction might end up having a CoS action associated with it, which you have not specifically configured.

To control the direction in which service is applied, separate from the direction in which the rule match is applied, you can configure the reflexive or reverse statement at the [edit services cos rule rule-name term term-name then] hierarchy level.

These two actions are mutually exclusive. If nothing is specified, data flows inherit the CoS behavior of the forward control flow.

  • reflexive causes the equivalent reverse CoS action to be applied to flows in the opposite direction.

  • reverse allows you to define the CoS behavior for flows in the reverse direction.

To control the direction in which a service is applied:

  1. Define the CoS term actions.
  2. Specify the action.
  3. Specify the application profile name.
  4. Define the Differentiated Services code point (DSCP) mapping that is applied to the packets.
  5. Define the forwarding class to which packets are assigned.
  6. (Optional) Set the configuration to record information in the system logging facility.

    Define the forwarding class to which packets are assigned.