[Contents] [Prev] [Next] [Index] [Report an Error]

Classifying Packets Based on Multiple Fields

In an edge router, an MF classifier provides the filtering functionality that scans through a variety of packet fields to determine the forwarding class for a packet. Typically, a classifier performs matching operations on the selected fields against a configured value.

Unlike a behavior aggregate (BA), which classifies packets based on class-of-service (CoS) bits in the packet header, an MF classifier can examine multiple fields in the packet header—for example, the source and destination address of the packet, and the source and destination port numbers of the packet. An MF classifier typically matches one or more of the six packet header fields: destination address, source address, IP protocol, source port, destination port, and DSCP. MF classifiers are used when a simple BA classifier is insufficient to classify a packet.

If you configure both a BA classifier and an MF classifier, BA classification is performed first; then MF classification is performed. If they conflict, any BA classification result is overridden by the MF classifier.

Note: For a specified interface, you can configure both an MF classifier and a BA classifier without conflicts. Because the classifiers are always applied in sequential order, the BA classifier followed by the MF classifier, any BA classification result is overridden by an MF classifier if they conflict.

In the JUNOS software, you configure an MF classifier with a firewall filter and its associated match conditions. This enables you to use any filter match criteria to locate packets that require classification. From a CoS perspective, MF classifiers (or firewall filter rules) provide the following services:

Classify packets to a forwarding class and loss priority. The forwarding class determines the output queue. The loss priority is used by schedulers in conjunction with the random early discard (RED) algorithm to control packet discard during periods of congestion.
Police traffic to a specific bandwidth and burst size. Packets exceeding the policer limits can be discarded, or can be assigned to a different forwarding class, to a different loss priority, or to both.

To activate an MF classifier, you must configure it on a logical interface. There is no restriction on the number of MF classifiers you can configure.

To configure MF classifiers, you can include the following statements at the [edit firewall] hierarchy level of the configuration:



[edit firewall]

family family-name {



filter filter-name {



term term-name {



from {

match-conditions;
}





then {

dscp 0;

forwarding-class class-name;

loss-priority (high | low);
}


}


}





simple-filter filter-name {



term term-name {


from {

match-conditions;
}





then {

forwarding-class class-name;

loss-priority (high | low | medium);
}


}


}


}

The [edit firewall] configuration statements are discussed in detail in the JUNOS Policy Framework Configuration Guide.

This chapter includes examples showing how to use multifield classifiers to classify packets based on destination address, and to classify packets according to whether the traffic is voice over IP (VoIP), best effort, or network control. These examples are shown in the following sections:

[Contents] [Prev] [Next] [Index] [Report an Error]