Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All
     

    Related Documentation

     

    Multifield Classification

    Multifield Classification Overview

    This topic covers the following information:

    Forwarding Classes and PLP Levels

    You can configure the Junos OS class of service (CoS) features to classify incoming traffic by associating each packet with a forwarding class, a packet loss priority (PLP) level, or both:

    • Based on the associated forwarding class, each packet is assigned to an output queue, and the router services the output queues according to the associated scheduling you configure.
    • Based on the associated PLP, each packet carries a lower or higher likelihood of being dropped if congestion occurs. The CoS random early detection (RED) process uses the drop probability configuration, output queue fullness percentage, and packet PLP to drop packet as needed to control congestion at the output stage.

    Multifield Classification and BA Classification

    The Junos OS supports two general types of packet classification: behavior aggregate (BA) classification and multifield classification:

    • BA classification, or CoS value traffic classification, refers to a method of packet classification that uses a CoS configuration to set the forwarding class or PLP of a packet based on the CoS value in the IP packet header. The CoS value examined for BA classification purposes can be the Differentiated Services code point (DSCP) value, DSCP IPv6 value, IP precedence value, MPLS EXP bits, and IEEE 802.1p value. The default classifier is based on the IP precedence value.
    • Multifield classification refers to a method of packet classification that uses a standard stateless firewall filter configuration to set the forwarding class or PLP for each packet entering or exiting the interface based on multiple fields in the IP packet header, including the DSCP value (for IPv4 only), the IP precedence value, the MPLS EXP bits, and the IEEE 802.1p bits. Multifield classification commonly matches on IP address fields, the IP protocol type field, or the port number in the UDP or TCP pseudoheader field. Multifield classification is used instead of BA classification when you need to classify packets based on information in the packet information other than the CoS values only.

      With multifield classification, a firewall filter term can specify the packet classification actions for matching packets though the use of the forwarding-class class-name or loss-priority (high | medium-high | medium-low | low) nonterminating actions in the term’s then clause.

    Note: BA classification of a packet can be overridden by the stateless firewall filter actions forwarding-class and loss-priority.

    Multifield Classification Used In Conjunction with Policers

    To configure multifield classification in conjunction with rate limiting, a firewall filter term can specify the packet classification actions for matching packets through the use of a policer nonterminating action that references a single-rate two-color policer.

    When multifield classification is configured to perform classification through a policer, the filter-matched packets in the traffic flow are rate-limited to the policer-specified traffic limits. Packets in a conforming flow of filter-matched packets are implicitly set to a low PLP. Packets in a nonconforming traffic flow can be discarded, or the packets can be set to a specified forwarding class, set to a specified PLP level, or both, depending on the type of policer and how the policer is configured to handle nonconforming traffic.

    Note: Before you apply a firewall filter that performs multifield classification and also a policer to the same logical interface and for the same traffic direction, make sure that you consider the order of policer and firewall filter operations.

    As an example, consider the following scenario:

    • You configure a firewall filter that performs multifield classification (acts on matched packets by setting the forwarding class, the PLP, or both) based on the packet's existing forwarding class or PLP. You apply the firewall filter at the input of a logical interface.
    • You also configure a single-rate two-color policer that acts on a red traffic flow by re-marking (setting the forwarding class, the PLP, or both) rather than discarding those packets. You apply the policer as an interface policer at the input of the same logical interface to which you apply the firewall filter.

    Because of the order of policer and firewall operations, the input policer is executed before the input firewall filter. This means that the multifield classification specified by the firewall filter is performed on input packets that have already been re-marked once by policing actions. Consequently, any input packet that matches the conditions specified in a firewall filter term is then subject to a second re-marking according to the forwarding-class or loss-priority nonterminating actions also specified in that term.

    Multifield Classification Requirements and Restrictions

    This topic covers the following information:

    Supported Platforms

    The loss-priority firewall filter action is supported on the following routing platforms only:

    • EX Series switches
    • M7i and M10i routers with the Enhanced CFEB (CFEB-E)
    • M120 and M320 routers
    • MX Series routers
    • T Series routers with Enhanced II Flexible PIC Concentrators (FPCs)
    • PTX Series routers

    CoS Tricolor Marking Requirement

    The loss-priority firewall filter action has platform-specific requirements dependencies on the CoS tricolor marking feature, as defined in RFC 2698:

    • On an M320 router, you cannot commit a configuration that includes the loss-priority firewall filter action unless you enable the CoS tricolor marking feature.
    • On all routing platforms that support the loss-priority firewall filter action, you cannot set the loss-priority firewall filter action to medium-low or medium-high unless you enable the CoS tricolor marking feature. .

    To enable the CoS tricolor marking feature, include the tri-color statement at the [edit class-of-service] hierarchy level.

    Restrictions

    You cannot configure the loss-priority and three-color-policer nonterminating actions for the same firewall filter term. These two nonterminating actions are mutually exclusive.

    Note: On a PTX Series router, you must configure the policer action in a separate rule and not combine it with the rule configuring the forwarding-class, and loss-priority actions. See Firewall and Policing Differences Between PTX Series Packet Transport Routers and T Series Matrix Routers.

    Multifield Classification Limitations on M Series Routers

    This topic covers the following information:

    Problem: Output-Filter Matching on Input-Filter Classification

    On M Series routers (except M120 routers), you cannot classify packets with an output filter match based on the ingress classification that is set with an input filter applied to the same IPv4 logical interface.

    For example, in the following configuration, the filter called ingress assigns all incoming IPv4 packets to the expedited-forwarding class. The filter called egress counts all packets that were assigned to the expedited-forwarding class in the ingress filter. This configuration does not work on most M Series routers. It works on all other routing platforms, including M120 routers, MX Series routers, and T Series routers.

    [edit]user@host # show firewall
    family inet {filter ingress {term 1 {then {forwarding-class expedited-forwarding;accept;}}term 2 {then accept;}}filter egress {term 1 {from {forwarding-class expedited-forwarding;}then count ef;}term 2 {then accept;}}}
     [edit]user@host# show interfaces
    ge-1/2/0 {unit 0 {family inet {filter {input ingress;output egress;}}}}

    Workaround: Configure All Actions in the Ingress Filter

    As a workaround, you can configure all of the actions in the ingress filter.

    user@host # show firewall
    family inet {filter ingress {term 1 {then {forwarding-class expedited-forwarding;accept;count ef;}}term 2 {then accept;}}}
     [edit]user@host# show interfaces
    ge-1/2/0 {unit 0 {family inet {filter {input ingress;}}}}

    Example: Configuring Multifield Classification

    This example shows how to configure multifield classification of IPv4 traffic by using firewall filter actions and two firewall filter policers.

    Requirements

    Before you begin, make sure that your environment supports the features shown in this example:

    1. The loss-priority firewall filter action must be supported on the router and configurable to all four values.

      1. To be able to set a loss-priority firewall filter action, configure this example on logical interface ge-1/2/0.0 on one of the following routing platforms:

        • MX Series router
        • M120 or M320 router
        • M7i or M10i router with the Enhanced CFEB (CFEB-E)
        • T Series router with Enhanced II Flexible PIC Concentrator (FPC)
      2. To be able to set a loss-priority firewall filter action to medium-low or medium-high, make sure that the CoS tricolor marking feature is enabled. To enable the CoS tricolor marking feature, include the tri-color statement at the [edit class-of-service] hierarchy level.
    2. The expedited-forwarding and assured-forwarding forwarding classes must be scheduled on the underlying physical interface ge-1/2/0.

      1. Make sure that the following forwarding classes are assigned to output queues:

        • expedited-forwarding
        • assured-forwarding
        Forwarding-class assignments are configured at the [edit class-of-service forwarding-classes queue queue-number] hierarchy level.

        Note: You cannot commit a configuration that assigns the same forwarding class to two different queues.

      2. Make sure that the output queues to which the forwarding classes are assigned are associated with schedulers. A scheduler defines the amount of interface bandwidth assigned to the queue, the size of the memory buffer allocated for storing packets, the priority of the queue, and the random early detection (RED) drop profiles associated with the queue.

        • You configure output queue schedulers at the [edit class-of-service schedulers] hierarchy level.
        • You associate output queue schedulers with forwarding classes by means of a scheduler map that you configure at the [edit class-of-service scheduler-maps map-name] hierarchy level.
      3. Make sure that output-queue scheduling is applied to the physical interface ge-1/2/0.

        You apply a scheduler map to a physical interface at the [edit class-of-service interfaces ge-1/2/0 scheduler-map map-name] hierarchy level.

    Overview

    In this example, you apply multifield classification to the input IPv4 traffic at a logical interface by using stateless firewall filter actions and two firewall filter policers that are referenced from the firewall filter. Based on the source address field, packets are either set to the low loss priority or else policed. Neither of the policers discards nonconforming traffic. Packets in nonconforming flows are marked for a specific forwarding class (expedited-forwarding or assured-forwarding), set to a specific loss priority, and then transmitted.

    Note: Single-rate two-color policers always transmit packets in a conforming traffic flow after implicitly setting a low loss priority.

    Topology

    In this example, you apply multifield classification to the IPv4 traffic on logical interface ge-1/2/0.0. The classification rules are specified in the IPv4 stateless firewall filter mfc-filter and two single-rate two-color policers, ef-policer and af-policer.

    The IPv4 standard stateless firewall filter mfc-filter defines three filter terms:

    • isp1-customers—The first filter term matches packets with the source address 10.1.1.0/24 or 10.1.2.0/24. Matched packets are assigned to the expedited-forwarding forwarding class and set to the low loss priority.
    • isp2-customers—The second filter term matches packets with the source address 10.1.3.0/24 or 10.1.4.0/24. Matched packets are passed to ef-policer, a policer that rate-limits traffic to a bandwidth limit of 300 Kbps with a burst-size limit of 50 KB. This policer specifies that packets in a nonconforming flow are marked for the expedited-forwarding forwarding class and set to the high loss priority.
    • other-customers—The third and final filter term passes all other packets to af-policer, a policer that rate-limits traffic to a bandwidth limit of 300 Kbps and a burst-size limit of 50 KB (the same traffic limits as defined by ef-policer). This policer specifies that packets in a nonconforming flow are marked for the assured-forwarding forwarding class and set to the medium-high loss priority.

    Configuration

    The following example requires you to navigate various levels in the configuration hierarchy. For information about navigating the CLI, see Using the CLI Editor in Configuration Mode.

    To configure this example, perform the following tasks:

    CLI Quick Configuration

    To quickly configure this example, copy the following configuration commands into a text file, remove any line breaks, and then paste the commands into the CLI at the [edit] hierarchy level.

    set firewall policer ef-policer if-exceeding bandwidth-limit 300kset firewall policer ef-policer if-exceeding burst-size-limit 50kset firewall policer ef-policer then loss-priority highset firewall policer ef-policer then forwarding-class expedited-forwardingset firewall policer af-policer if-exceeding bandwidth-limit 300kset firewall policer af-policer if-exceeding burst-size-limit 50kset firewall policer af-policer then loss-priority highset firewall policer af-policer then forwarding-class assured-forwardingset firewall family inet filter mfc-filter term isp1-customers from source-address 10.1.1.0/24set firewall family inet filter mfc-filter term isp1-customers from source-address 10.1.2.0/24set firewall family inet filter mfc-filter term isp1-customers then loss-priority lowset firewall family inet filter mfc-filter term isp1-customers then forwarding-class expedited-forwardingset firewall family inet filter mfc-filter term isp2-customers from source-address 10.1.3.0/24set firewall family inet filter mfc-filter term isp2-customers from source-address 10.1.4.0/24set firewall family inet filter mfc-filter term isp2-customers then policer ef-policerset firewall family inet filter mfc-filter term other-customers then policer af-policerset interfaces ge-1/2/0 unit 0 family inet address 192.168.1.1/24set interfaces ge-1/2/0 unit 0 family inet filter input mfc-filter

    Configuring Policers to Rate-Limit Expedited-Forwarding and Assured-Forwarding Traffic

    Step-by-Step Procedure

    To configure policers to rate-limit expedited-forwarding and assured-forwarding traffic:

    1. Define traffic limits for expedited-forwarding traffic.

      [edit]user@host# edit firewall policer ef-policer[edit firewall policer ef-policer]user@host# set if-exceeding bandwidth-limit 300kuser@host# set if-exceeding burst-size-limit 50kuser@host# set then loss-priority highuser@host# set then forwarding-class expedited-forwarding
    2. Configure a policer for assured-forwarding traffic.

      [edit firewall policer ef-policer]user@host# up [edit firewall]user@host# edit policer af-policer [edit firewall policer af-policer]user@host# set if-exceeding bandwidth-limit 300kuser@host# set if-exceeding burst-size-limit 50kuser@host# set then loss-priority highuser@host# set then forwarding-class assured-forwarding

    Results

    Confirm the configuration of the policer by entering the show firewall configuration mode command. If the command output does not display the intended configuration, repeat the instructions in this procedure to correct the configuration.

    [edit]user@host# show firewall
    policer af-policer {if-exceeding {bandwidth-limit 300k;burst-size-limit 50k;}then {loss-priority high;forwarding-class assured-forwarding;}}
    policer ef-policer {if-exceeding {bandwidth-limit 300k;burst-size-limit 50k;}then {loss-priority high;forwarding-class expedited-forwarding;}}

    Configuring a Multifield Classification Filter That Also Applies Policing

    Step-by-Step Procedure

    To configure a multifield classification filter that additionally applies policing:

    1. Enable configuration of a firewall filter term for IPv4 traffic.

      [edit]user@host# edit firewall family inet filter mfc-filter
    2. Configure the first term to match on source addresses and then classify the matched packets.

      [edit firewall family inet filter mfc-filter]user@host# set term isp1-customers from source-address 10.1.1.0/24user@host# set term isp1-customers from source-address 10.1.2.0/24user@host# set term isp1-customers then loss-priority lowuser@host# set term isp1-customers then forwarding-class expedited-forwarding
    3. Configure the second term to match on different source addresses and then police the matched packets.

      [edit firewall family inet filter mfc-filter]user@host# set term isp2-customers from source-address 10.1.3.0/24user@host# set term isp2-customers from source-address 10.1.4.0/24user@host# set term isp2-customers then policer ef-policer
    4. Configure the third term to police all other packets to a different set of traffic limits and actions.

      [edit firewall family inet filter mfc-filter]user@host# set term other-customers then policer af-policer

    Results

    Confirm the configuration of the filter by entering the show firewall configuration mode command. If the command output does not display the intended configuration, repeat the instructions in this procedure to correct the configuration.

    [edit]user@host# show firewall
    family inet {filter mfc-filter {term isp1-customers {from {source-address 10.1.1.0/24;source-address 10.1.2.0/24;}then {loss-priority low;forwarding-class expedited-forwarding;}}term isp2-customers {from {source-address 10.1.3.0/24;source-address 10.1.4.0/24;}then {policer ef-policer;}}term other-customers {then {policer af-policer;}}}}
    policer af-policer {if-exceeding {bandwidth-limit 300k;burst-size-limit 50k;}then discard;}
    policer ef-policer {if-exceeding {bandwidth-limit 200k;burst-size-limit 50k;}then {loss-priority high;forwarding-class expedited-forwarding;}}

    Applying Multifield Classification Filtering and Policing to the Logical Interface

    Step-by-Step Procedure

    To apply multifield classification filtering and policing to the logical interface:

    1. Enable configuration of IPv4 on the logical interface.

      [edit]user@host# edit interfaces ge-1/2/0 unit 0 family inet
    2. Configure an IP address for the logical interface.

      [edit interfaces ge-1/2/0 unit 0 family inet ]user@host# set address 192.168.1.1/24
    3. Apply the firewall filter to the logical interface input.

      [edit interfaces ge-1/2/0 unit 0 family inet ]user@host# set filter input mfc-filter

      Note: Because the policer is executed before the filter, if an input policer is also configured on the logical interface, it cannot use the forwarding class and PLP of a multifield classifier associated with the interface.

    Results

    Confirm the configuration of the interface by entering the show interfaces configuration mode command. If the command output does not display the intended configuration, repeat the instructions in this procedure to correct the configuration.

    [edit]user@host# show interfaces
    ge-1/2/0 {unit 0 {family inet {filter {input mfc-filter;}address 192.168.1.1/24;}}}

    If you are done configuring the device, enter commit from configuration mode.

    Verification

    Confirm that the configuration is working properly.

    Displaying the Number of Packets Processed by the Policer at the Logical Interface

    Purpose

    Verify the traffic flow through the logical interface and that the policer is evaluated when packets are received on the logical interface.

    Action

    Use the show firewall operational mode command for the filter you applied to the logical interface.

    user@host> show firewall filter rate-limit-in
    Filter: rate-limit-in                                          
    Policers:
    Name                                              Packets 
    ef-policer-isp2-customers                           32863
    af-policer-other-customers                           3870
    

    The command output lists the policers applied by the firewall filter rate-limit-in, and the number of packets that matched the filter term.

    Note: The packet count includes the number of out-of-specification (out-of-spec) packet counts, not all packets policed by the policer.

    The policer name is displayed concatenated with the name of the firewall filter term in which the policer is referenced as an action.

    Example: Configuring and Applying a Firewall Filter for a Multifield Classifier

    This example shows how to configure a firewall filter to classify traffic using a multifield classifier. The classifier detects packets of interest to class of service (CoS) as they arrive on an interface. Multifield classifiers are used when a simple behavior aggregate (BA) classifier is insufficient to classify a packet, when peering routers do not have CoS bits marked, or the peering router’s marking is untrusted.

    Requirements

    To verify this procedure, this example uses a traffic generator. The traffic generator can be hardware-based or it can be software running on a server or host machine.

    The functionality in this procedure is widely supported on devices that run Junos OS. The example shown here was tested and verified on MX Series routers running Junos OS Release 10.4.

    Overview

    A classifier is a software operation that inspects a packet as it enters the router or switch. The packet header contents are examined, and this examination determines how the packet is treated when the network becomes too busy to handle all of the packets and you want your devices to drop packets intelligently, instead of dropping packets indiscriminately. One common way to detect packets of interest is by source port number. The TCP port numbers 80 and 12345 are used in this example, but many other matching criteria for packet detection are available to multifield classifiers, using firewall filter match conditions. The configuration in this example specifies that TCP packets with source port 80 are classified into the BE-data forwarding class and queue number 0. TCP packets with source port 12345 are classified into the Premium-data forwarding class and queue number 1.

    Multifield classifiers are typically used at the network edge as packets enter an autonomous system (AS).

    In this example, you configure the firewall filter mf-classifier and specify some custom forwarding classes on Device R1. In specifying the custom forwarding classes, you also associate each class with a queue.

    The classifier operation is shown in Figure 1.

    Figure 1: Multifield Classifier Based on TCP Source Ports

    Multifield
Classifier Based on TCP Source Ports

    You apply the multifield classifier’s firewall filter as an input filter on each customer-facing or host-facing interface that needs the filter. The incoming interface is ge-1/0/0 on Device R1. The classification and queue assignment is verified on the outgoing interface. The outgoing interface is Device R1’s ge-1/0/2 interface.

    Topology

    Figure 2 shows the sample network.

    Figure 2: Multifield Classifier Scenario

    Multifield Classifier Scenario

    CLI Quick Configuration shows the configuration for all of the Juniper Networks devices in Figure 2.

    The section Step-by-Step Procedure describes the steps on Device R1.

    Classifiers are described in more detail in the following Juniper Networks Learning Byte video.

    Video 1: Class of Service Basics, Part 2: Classification Learning Byte

    Configuration

    CLI Quick Configuration

    To quickly configure this example, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, copy and paste the commands into the CLI at the [edit] hierarchy level, and then enter commit from the configuration mode.

    Device R1

    set interfaces ge-1/0/0 description to-hostset interfaces ge-1/0/0 unit 0 family inet filter input mf-classifierset interfaces ge-1/0/0 unit 0 family inet address 172.16.50.2/30set interfaces ge-1/0/2 description to-R2set interfaces ge-1/0/2 unit 0 family inet address 10.30.0.1/30set class-of-service forwarding-classes class BE-data queue-num 0set class-of-service forwarding-classes class Premium-data queue-num 1set class-of-service forwarding-classes class Voice queue-num 2set class-of-service forwarding-classes class NC queue-num 3set firewall family inet filter mf-classifier term BE-data from protocol tcpset firewall family inet filter mf-classifier term BE-data from port 80set firewall family inet filter mf-classifier term BE-data then forwarding-class BE-dataset firewall family inet filter mf-classifier term Premium-data from protocol tcpset firewall family inet filter mf-classifier term Premium-data from port 12345set firewall family inet filter mf-classifier term Premium-data then forwarding-class Premium-dataset firewall family inet filter mf-classifier term accept-all-else then accept

    Device R2

    set interfaces ge-1/0/2 description to-R1set interfaces ge-1/0/2 unit 0 family inet address 10.30.0.2/30

    Step-by-Step Procedure

    The following example requires that you navigate various levels in the configuration hierarchy. For information about navigating the CLI, see Using the CLI Editor in Configuration Mode in the CLI User Guide.

    To configure Device R1:

    1. Configure the device interfaces.
      [edit interfaces]user@R1# set ge-1/0/0 description to-hostuser@R1# set ge-1/0/0 unit 0 family inet address 172.16.50.2/30
      user@R1# set ge-1/0/2 description to-R2user@R1# set ge-1/0/2 unit 0 family inet address 10.30.0.1/30
    2. Configure the custom forwarding classes and associated queue numbers.
      [edit class-of-service forwarding-classes]user@R1# set BE-data queue-num 0user@R1# set Premium-data queue-num 1user@R1# set Voice queue-num 2user@R1# set NC queue-num 3
    3. Configure the firewall filter term that places TCP traffic with a source port of 80 (HTTP traffic) into the BE-data forwarding class, associated with queue 0.
      [edit firewall family inet filter mf-classifier]user@R1# set term BE-data from protocol tcpuser@R1# set term BE-data from port 80user@R1# set term BE-data then forwarding-class BE-data
    4. Configure the firewall filter term that places TCP traffic with a source port of 12345 into the Premium-data forwarding class, associated with queue 1.
      [edit firewall family inet filter mf-classifier]user@R1# set term Premium-data from protocol tcpuser@R1# set term Premium-data from port 12345user@R1# set term Premium-data then forwarding-class Premium-data
    5. At the end of your firewall filter, configure a default term that accepts all other traffic.

      Otherwise, all traffic that arrives on the interface and is not explicitly accepted by the firewall filter is discarded.

      [edit firewall family inet filter mf-classifier]user@R1# set term accept-all-else then accept
    6. Apply the firewall filter to the ge-1/0/0 interface as an input filter.
      [edit interfaces]user@R1# set ge-1/0/0 unit 0 family inet filter input mf-classifier

    Results

    From configuration mode, confirm your configuration by entering the show interfaces, show class-of-service, show firewall commands. If the output does not display the intended configuration, repeat the instructions in this example to correct the configuration.

    user@R1# show interfaces
    ge-1/0/0 {description to-host;unit 0 {family inet {filter {input mf-classifier;}address 172.16.50.2/30;}}}
    ge-1/0/2 {description to-R2;unit 0 {family inet {address 10.30.0.1/30;}}}
    user@R1# show class-of-service
    forwarding-classes {class BE-data queue-num 0;class Premium-data queue-num 1;class Voice queue-num 2;class NC queue-num 3;}
    user@R1# show firewall
    family inet {filter mf-classifier {term BE-data {from {protocol tcp;port 80;}then forwarding-class BE-data;}term Premium-data {from {protocol tcp;port 12345;}then forwarding-class Premium-data;}term accept-all-else {then accept;}}}

    If you are done configuring the device, enter commit from configuration mode.

    Verification

    Confirm that the configuration is working properly.

    Checking the CoS Settings

    Purpose

    Confirm that the forwarding classes are configured correctly.

    Action

    From Device R1, run the show class-of-service forwardng-classes command.

    user@R1> show class-of-service forwarding-class
    Forwarding class                       ID      Queue  Restricted queue  Fabric priority  Policing priority   SPU priority
      BE-data                               0       0          0             low                normal            low    
      Premium-data                          1       1          1             low                normal            low    
      Voice                                 2       2          2             low                normal            low    
      NC                                    3       3          3             low                normal            low  

    Meaning

    The output shows the configured custom classifier settings.

    Sending TCP Traffic into the Network and Monitoring the Queue Placement

    Purpose

    Make sure that the traffic of interest is sent out the expected queue.

    Action

    1. Clear the interface statistics on Device R1’s outgoing interface.
      user@R1> clear interfaces statistics ge-1/0/2
    2. Use a traffic generator to send 50 TCP port 80 packets to Device R2 or to some other downstream device.
    3. On Device R1, check the queue counters.

      Notice that you check the queue counters on the downstream output interface, not on the incoming interface.

      user@R1> show interfaces extensive ge-1/0/2 | find "Queue counters"
        Queue counters:       Queued packets  Transmitted packets      Dropped packets
          0                               50                   50                    0
          1                                0                   57                    0
          2                                0                    0                    0
          3                                0                    0                    0
    4. Use a traffic generator to send 50 TCP port 12345 packets to Device R2 or to some other downstream device.
      [root@host]# hping 172.16.60.1 -c 50 -s 12345 -k
    5. On Device R1, check the queue counters.
      user@R1> show interfaces extensive ge-1/0/2 | find "Queue counters"
       
        Queue counters:       Queued packets  Transmitted packets      Dropped packets
          0                               50                   50                    0
          1                               50                   57                    0
          2                                0                    0                    0
          3                                0                    0                    0

    Meaning

    The output shows that the packets are classified correctly. When port 80 is used in the TCP packets, queue 0 is incremented. When port 12345 is used, queue 1 is incremented.

     

    Related Documentation

     

    Modified: 2017-04-26