 |
Note: Because the policer is executed before the filter, if an input policer is also configured on the logical interface, it cannot use the forwarding class and PLP of a multifield classifier associated with the interface. |
Multifield classifiers take action on incoming or outgoing packets, depending whether the firewall rule is applied as an input filter or an output filter. When TCM is enabled, T-series and M320 platforms support four multifield classifier packet loss priority (PLP) designations: low, medium-low, medium-high, and high.
To configure the PLP for a multifield classifier, include the loss-priority statement in a policer or firewall filter that you configure at the [edit firewall] hierarchy level:
- [edit firewall]
-
family family-name {
-
-
filter filter-name {
-
- term term-name {
-
- from {
-
match-conditions;
- }
-
- then {
- loss-priority (low | medium-low | medium-high | high);
- forwarding-class class-name;
- }
- }
- }
- }
The inputs (match conditions) for a multifield classifier are one or more of the six packet header fields: destination address, source address, IP protocol, source port, destination port, or DSCP. The outputs for a multifield classifier are the forwarding class, the PLP, or both. In other words, a multifield classifier sets the forwarding class and the PLP for each packet entering or exiting the interface with a specific destination address, source address, IP protocol, source port, destination port, or DSCP.
For example, in the following configuration, the forwarding class expedited-forwarding and PLP medium-high are assigned to all IPv4 packets with the 10.1.1.0/24 or 10.1.2.0/24 source address:
- firewall {
-
- family inet {
-
- filter classify-customers {
-
- term isp1-customers {
-
- from {
- source-address 10.1.1.0/24;
- source-address 10.1.2.0/24;
- }
-
- then {
- loss-priority medium-high;
- forwarding-class expedited-forwarding;
- }
- }
- }
- }
- }
To use this classifier, you must configure the settings for the expedited-forwarding forwarding class at the [edit class-of-service forwarding-classes queue queue-number expedited-forwarding] hierarchy level.
|
Note: Because the policer is executed before the filter, if an input policer is also configured on the logical interface, it cannot use the forwarding class and PLP of a multifield classifier associated with the interface. |
You can configure multifield classifiers within a firewall filter to set the packet’s forwarding class and packet loss priority. You can also apply policers to packets matching some classification term. The policing action might affect the resulting forwarding class, packet loss priority, and accept or drop status. For more information, see the JUNOS Class of Service Configuration Guide.
To configure the forwarding class and loss priority, include the then statement:
- then {
- loss-priority;
- forwarding-class class-name;
- }
You can include the statement at the following hierarchy levels:
You can specify one or both of the following actions:
For more information about forwarding class and loss priority, see the JUNOS Class of Service Configuration Guide. For more information about policers, see the following sections:
 | Copyright © 2008, Juniper Networks, Inc. All rights reserved. Trademark Notice. | |