Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Configuring Multifield Classifiers

This topic describes how you configure multifield classifiers.

Multifield classifiers classify packets to a forwarding class and loss priority based on the filter match criteria. Multifield classification is usually done at the edge of the network for packets that do not have valid or trusted behavior aggregate code points.

If you configure both a behavior aggregate (BA) classifier and a multifield classifier, BA classification is performed first; then multifield classification is performed. If they conflict, any BA classification result is overridden by the multifield classifier.

Note:

For a specified interface, you can configure both a multifield classifier and a BA classifier without conflicts. Because the classifiers are always applied in sequential order, the BA classifier followed by the multifield classifier, any BA classification result is overridden by a multifield classifier if they conflict.

To activate (apply) a multifield classifier, you must configure it on a logical interface. There is no restriction on the number of multifield classifiers you can configure.

Note:

For MX Series routers and EX Series switches, if you configure a firewall filter with a DSCP action or traffic-class action on a DPC, the commit does not fail, but a warning displays and an entry is made in the syslog.

For an L2TP LNS on MX Series routers, you can attach firewall for static LNS sessions by configuring these at logical interfaces directly on the inline services device (si-fpc/pic/port). RADIUS-configured firewall attachments are not supported.

You configure multifield classifiers by:

  1. Defining the filter—Configure either a firewall filter or a simple filter. Simple filters filter IPv4 traffic (family inet) only. Firewall filters enable you to filter additional protocol families and more complex filters. The following sections describe both procedures.

  2. Applying the filter—Activate the filter by configuring on a logical interface as an input filter.

To configure a firewall filter:

  1. Under the firewall statement, specify the protocol family for which you want to filter traffic and specify a name for the filter.
  2. Specify the term name and match criteria you want to look for in incoming packets.
  3. Specify the action you want to take when a packet matches the conditions.

    For multifield classifiers, you can perform the following actions:

    • Set the value of the DSCP field of incoming packets.

    • Set the forwarding class of incoming packets. The forwarding class determines the output queue.

    • Set the loss priority of incoming packets. The loss priority is used by schedulers in conjunction with the random early discard (RED) algorithm to control packet discard during periods of congestion.

To configure a simple filter:

  1. Specify a name for the simple filter.

  2. Specify the term name and match criteria you want to look for in incoming packets.

  3. Specify the action you want to take when a packet matches the conditions.

    For multifield classifiers, you can perform the following actions for a simple filter:

To apply the firewall filter to the appropriate logical interfaces as an input filter.

  1. Specify the physical and logical interface on which you want to apply the firewall filter.

  2. Specify the protocol family for the firewall filter.

  3. Specify the names of the firewall filters to apply to received packets.

    Repeat this step for the family protocol filter and the simple filter.

  4. Save your configuration.

Related Documentation