[Contents] [Prev] [Next] [Index] [Report an Error]

Configuring CoS Components with a Configuration Editor

To configure the device as a node in a network supporting CoS, read the section Before You Begin, determine your needs, and select the tasks you need to perform from the following list. For information about using the J-Web and CLI configuration editors, see the the J-Web Interface User Guide and the Junos CLI User Guide.

Configuring a Policer for a Firewall Filter

You configure a policer to detect packets that exceed the limits established for expedited forwarding. The packets that exceed these limits are given a higher loss priority than packets within the bandwidth and burst size limits.

The following example shows how to configure a policer called ef-policer that identifies for likely discard expedited forwarding packets with a burst size greater than 2000 bytes and a bandwidth greater than 10 percent.

For more information about firewall filters, see the JUNOS Software Routing Protocols and Policies Configuration Guide for Security Devices and the JUNOS Policy Framework Configuration Guide.

To configure an expedited forwarding policer for a firewall filter for the Services Router:

  1. Navigate to the top of the configuration hierarchy in either the J-Web or CLI configuration editor.
  2. Perform the configuration tasks described in Table 22.
  3. Go on to Configuring and Applying a Firewall Filter for a Multifield Classifier.

Table 22: Configuring a Policer for a Firewall Filter

Task

J-Web Configuration Editor

CLI Configuration Editor

Navigate to the Firewall level in the configuration hierarchy.

  1. In the J-Web interface, select Configure>CLI Tools>Point and Click CLI.
  2. Next to Firewall, click Configure or Edit.

From the [edit] hierarchy level, enter

edit firewall

Create the policer for expedited forwarding, and give the policer a name—for example, ef-policer.

  1. Click Add new entry next to Policer.
  2. In the Policer name box, type ef-policer.

Enter

edit policer ef-policer

Set the burst limit for the policer—for example, 2k.

Set the bandwidth limit or percentage for the bandwidth allowed for this type of traffic—for example, use a bandwidth percent of 10.

  1. Click Configure next to If exceeding.
  2. In the Burst size limit box, type a limit for the burst size allowed—for example, 2k.
  3. From the Bandwidth list, select bandwidth-percent.
  4. In the Bandwidth percent box, type 10.
  5. Click OK.

Enter

set if-exceeding burst-limit-size 2k

set if-exceeding bandwidth-percent 10

Enter the loss priority for packets exceeding the limits established by the policer—for example, high.

  1. Click Configure next to Then.
  2. From the Loss priority list, select high.
  3. Click OK.

Enter

set then loss-priority high

Configuring and Applying a Firewall Filter for a Multifield Classifier

You configure a multifield (MF) classifier to detect packets of interest to CoS and assign the packet to the proper forwarding class independently of the DiffServ code point (DSCP). To configure a multifield classifier on a customer-facing or host-facing link, configure a firewall filter to classify traffic. Packets are classified as they arrive on an interface.

One common way to detect packets of CoS interest is by source or destination address. The destination address is used in this example, but many other matching criteria for packet detection are available to firewall filters.

This example shows how to configure the firewall filter mf-classifier and apply it to the Services Router's Gigabit Ethernet interface ge-0/0/0. The firewall filter consists of the rules (terms) listed in Table 23.

Table 23: Sample mf-classifier Firewall Filter Terms

Rule (Term)

Purpose

Contents

assured forwarding

Detects packets destined for 192.168.44.55, assigns them to an assured forwarding class, and gives them a low likelihood of being dropped.

Match condition: destination address 192.168.44.55

Forwarding class: af-class

Loss priority: low

expedited-forwarding

Detects packets destined for 192.168.66.77, assigns them to an expedited forwarding class, and subjects them to the EF policer configured in Configuring a Policer for a Firewall Filter.

Match condition: destination address 192.168.66.77

Forwarding class: ef-class

Policer: ef-policer

network control

Detects packets with a network control precedence and forwards them to the network control class.

Match condition: precedence net-control

Forwarding class: nc-class

best-effort-data

Detects all other packets and assigns them to the best effort class.

Forwarding class: be-class

For more information about firewalls filters see JUNOS Software Routing Protocols and Policies Configuration Guide for Security Devices and the JUNOS Policy Framework Configuration Guide.

To configure a firewall filter for a multifield classifier for the Services Router:

  1. Navigate to the top of the configuration hierarchy in either the J-Web or CLI configuration editor.
  2. Perform the configuration tasks described in Table 24.
  3. Go on to Assigning Forwarding Classes to Output Queues.

Table 24: Configuring and Applying a Firewall Filter for a Multifield Classifier

Task

J-Web Configuration Editor

CLI Configuration Editor

Navigate to the Firewall level in the configuration hierarchy.

  1. In the J-Web interface, select Configure>CLI Tools>Point and Click CLI.
  2. Next to Firewall, click Configure or Edit.

From the [edit] hierarchy level, enter

edit firewall

Create the multifield classifier filter and name it—for example, mf-classifier.

  1. Click Add new entry next to Filter.
  2. In the Filter name box, type mf-classifier.
  3. Select the check box next to Interface specific.

Enter

edit filter mf-classifier

set interface-specific

Create the term for the assured forwarding traffic class, and give it a name—for example, assured-forwarding.

  1. Click Add new entry next to Term.
  2. In the Rule name box, type assured-forwarding.

Enter

edit term assured-forwarding

Create the match condition for the assured forwarding traffic class. Use the destination address for assured forwarding traffic—for example, 192.168.44.55.

  1. Click Configure next to From.
  2. Click Add new entry next to Destination address.
  3. In the Address box, type 192.168.44.55.
  4. Click OK twice.

Enter

set from destination-address 192.168.44.55

Create the forwarding class for assured forwarding DiffServ traffic—for example, af-class.

Set the loss priority for the assured forwarding traffic class—for example, low.

  1. Click Configure next to Then.
  2. In the Forwarding class box, type af-class.
  3. From the Loss priority list, select low.
  4. Click OK twice.

Enter

set then forwarding-class af-class

set then loss-priority low

Create the term for the expedited forwarding traffic class, and give it a name—for example, expedited-forwarding.

  1. Click Add new entry next to Term.
  2. In the Rule name box, type expedited-forwarding.

From the [edit firewall filter mf-classifier] hierarchy level, enter

edit term expedited-forwarding

Create the match condition for the expedited forwarding traffic class. Use the destination address for expedited forwarding traffic—for example, 192.168.66.77.

  1. Click Configure next to From.
  2. Click Add new entry next to Destination address.
  3. In the Address box, type 192.168.66.77.
  4. Click OK twice.

Enter

set from destination-address 192.168.66.77

Create the forwarding class for expedited forwarding DiffServ traffic—for example, ef-class.

Apply the policer for the expedited forwarding traffic class. Use the EF policer previously configured for expedited forwarding DiffServ traffic—ef-policer.

(See Configuring a Policer for a Firewall Filter.)

  1. Click Configure next to Then.
  2. In the Forwarding class box, type ef-class.
  3. From the Policer choice list, select Policer.
  4. In the Policer box, type ef-policer.
  5. Click OK twice.

Enter

set then forwarding-class ef-class

set then policer ef-policer

Create the term for the network control traffic class, and give it a name—for example, network-control.

  1. Click Add new entry next to Term.
  2. In the Rule name box, type network-control.

From the [edit firewall filter mf-classifier] hierarchy level, enter

edit term network-control

Create the match condition for the network control traffic class.

  1. Click Configure next to From.
  2. From the Precedence choice list, select Precedence.
  3. Click Add new entry next to Precedence.
  4. From the Value keyword list, select net-control.
  5. Click OK twice.

Enter

set from precedence net-control

Create the forwarding class for the network control traffic class, and give it a name—for example, nc-class.

  1. Click Configure next to Then.
  2. In the Forwarding class box, type nc-class.
  3. Click OK twice.

Enter

set then forwarding-class nc-class

Create the term for the best-effort traffic class, and give it a name—for example, best-effort-data.

  1. Click Add new entry next to Term.
  2. In the Rule name box, type best-effort-data.

From the [edit firewall filter mf-classifier] hierarchy level, enter

edit term best-effort-data

Create the forwarding class for the best-effort traffic class, and give it a name—for example, be-class. (Because this is the last term in the filter, it has no match condition.)

  1. Click Configure next to Then.
  2. In the Forwarding class box, type be-class.
  3. Click OK four times.

Enter

set then forwarding-class be-class

Navigate to the Interfaces level in the configuration hierarchy.

On the main Configuration page next to Interfaces, click Configure or Edit.

From the [edit] hierarchy level, enter

edit interfaces

Apply the multifield classifier firewall filter mf-classifier as an input filter on each customer-facing or host-facing interface that needs the filter—for example, on ge-0/0/0, unit 0.

  1. Click the Interface ge-0/0/0 and Unit 0.
  2. Click Configure next to Inet.
  3. Click Configure next to Filter.
  4. From the Input choice list, select Input.
  5. In the Input box, type mf-classifier.
  6. Click OK.

Enter

set ge-0/0/0 unit 0 family inet filter input mf-classifier

Assigning Forwarding Classes to Output Queues

You must assign the forwarding classes established by the mf-classifier multifield classifier to output queues. This example assigns output queues as shown in Table 25.

Table 25: Sample Output Queue Assignments for mf-classifier Forwarding Queues

mf-classifier Forwarding Class

For Traffic Type

Output Queue

be-class

Best-effort traffic

Queue 0

ef-class

Expedited forwarding traffic

Queue 1

af-class

Assured forwarding traffic

Queue 2

nc-class

Network control traffic

Queue 3

For multifield classifier details, see Configuring and Applying a Firewall Filter for a Multifield Classifier.

To assign forwarding classes to output queues:

  1. Navigate to the top of the configuration hierarchy in either the J-Web or CLI configuration editor.
  2. Perform the configuration tasks described in Table 26.
  3. Go on to Configuring and Applying Rewrite Rules.

Table 26: Assigning Forwarding Classes to Output Queues

Task

J-Web Configuration Editor

CLI Configuration Editor

Navigate to the Class of service level in the configuration hierarchy.

  1. In the J-Web interface, select Configure>CLI Tools>Point and Click CLI.
  2. Next to Class of service, click Configure or Edit.

From the [edit] hierarchy level, enter

edit class-of-service

Assign best-effort traffic to queue 0.

  1. Click Configure next to Forwarding classes.
  2. Click Add new entry next to Queue.
  3. In the Queue num box, type 0.
  4. In the Class name box, type the previously configured name of the best-effort class—be-class.
  5. Click OK.

Enter

set forwarding-classes queue 0 be-class

Assign expedited forwarding traffic to queue 1.

  1. Click Add new entry next to Queue.
  2. In the Queue num box, type 1.
  3. In the Class name box, type the previously configured name of the expedited forwarding class—ef-class.
  4. Click OK.

Enter

set forwarding-classes queue 1 ef-class

Assign assured forwarding traffic to queue 2.

  1. Click Add new entry next to Queue.
  2. In the Queue num box, type 2.
  3. In the Class name box, type the previously configured name of the assured forwarding class—af-class.
  4. Click OK.

Enter

set forwarding-classes queue 2 af-class

Assign network control traffic to queue 3.

  1. Click Add new entry next to Queue.
  2. In the Queue num box, type 3.
  3. In the Class name box, type the previously configured name of the network control forwarding class—nc-class.
  4. Click OK.

Enter

set forwarding-classes queue 3 nc-class

Configuring Forwarding Classes

To configure CoS forwarding classes on an SRX Series device, include the following statements at the [edit class-of-service] hierarchy level of the configuration:

[edit class-of-service]forwarding-classes {class class-name queue-num queue-number priority (high | low);queue queue-number class-name priority (high | low);}interfaces {interface-name {unit logical-unit-number {forwarding-class class-name;}}}restricted-queues { forwarding-class class-name queue-number;}

You cannot commit a configuration that assigns the same forwarding class to two different queues.

Assigning a Forwarding Class to an Interface

On an SRX Series device, you can configure fixed classification on a logical interface by specifying a forwarding class to be applied to all packets received by the logical interface, regardless of the packet contents.

To assign a forwarding class configuration to the input logical interface, include the forwarding-class statement at the [edit class-of-service interfaces interface-name unit logical-unit-number] hierarchy level:

[edit class-of-service interfaces interface-name unit logical-unit-number] forwarding-class class-name;

You can include interface wildcards for interface-name and logical-unit-number.

In the following example, all packets coming into the device from the ge-3/0/0.0 interface are assigned to the assured-forwarding forwarding class:

[edit class-of-service]interfaces {ge-3/0/0 {unit 0 {forwarding-class assured-forwarding;}}}

Example: Configuring Up to Eight Forwarding Classes

By default on all platforms, four output queues are mapped to four forwarding classes as shown in Table 8. On J Series or SRX Series devices, you can configure up to eight forwarding classes and eight queues.

To configure up to eight forwarding classes, include the queue statement at the [edit class-of-service forwarding-classes] hierarchy level:

[edit class-of-service forwarding-classes]queue queue-number class-name;

The output queue number can be from 0 through 7, and you must map the forwarding classes one-to-one with the output queues. The default scheduler transmission rate and buffer size percentages for queues 0 through 7 are 95, 0, 0, 5, 0, 0, 0, and 0 percent.

For example, to configure a one-to-one mapping between eight forwarding classes and eight queues: you would use the following configuration:

[edit class-of-service]forwarding-classes {queue 0 be;queue 1 ef;queue 2 af;queue 3 nc;queue 4 ef1;queue 5 ef2;queue 6 af1;queue 7 nc1;}

Defining Eight Classifiers

[edit class-of-service]classifiers {dscp dscp-table {forwarding-class ef {loss-priority low code-points [101000, 101001];loss-priority high code-points [101010, 101011];}forwarding-class af {loss-priority low code-points [010000, 010001];loss-priority high code-points [010010, 010011];}forwarding-class be {loss-priority low code-points [000000];}forwarding-class nc {loss-priority low code-points [111000];}forwarding-class ef1 {loss-priority low code-points [101100, 101101];loss-priority high code-points [101110];}forwarding-class af1 {loss-priority high code-points [101110];}forwarding-class ef2 {loss-priority low code-points [101111];}forwarding-class af2 {loss-priority low code-points [010000];}forwarding-class nc1 {loss-priority low code-points [111001];}}}

Adding Eight Schedulers to a Scheduler Map

Configure a custom scheduler map that applies globally to all interfaces, except those that are restricted to four queues:

[edit class-of-service]scheduler-maps {sched {forwarding-class be scheduler Q0;forwarding-class ef scheduler Q1;forwarding-class af scheduler Q2;forwarding-class nc scheduler Q3;forwarding-class ef1 scheduler Q4;forwarding-class ef2 scheduler Q5;forwarding-class af1 scheduler Q6;forwarding-class nc1 scheduler Q7;}}schedulers {Q0 {transmit-rate percent 25;buffer-size percent 25;priority low;drop-profile-map loss-priority any protocol both drop-default;}Q1 {buffer-size temporal 2000;priority strict-high;drop-profile-map loss-priority any protocol both drop-ef;}Q2 {transmit-rate percent 35;buffer-size percent 35;priority low;drop-profile-map loss-priority any protocol both drop-default;}Q3 {transmit-rate percent 5;buffer-size percent 5;drop-profile-map loss-priority any protocol both drop-default;}Q4 {transmit-rate percent 5;priority high;drop-profile-map loss-priority any protocol both drop-ef;}Q5 {transmit-rate percent 10;priority high;drop-profile-map loss-priority any protocol both drop-ef;}Q6 {transmit-rate remainder;priority low;drop-profile-map loss-priority any protocol both drop-default;}Q7 {transmit-rate percent 5;priority high;drop-profile-map loss-priority any protocol both drop-default;}}

Configuring an IP Precedence Classifier and Rewrite Tables

[edit class-of-service]classifiers {inet-precedence inet-classifier {forwarding-class be {loss-priority low code-points 000;}forwarding-class af11 {loss-priority high code-points 001;}forwarding-class ef {loss-priority low code-points 010;}forwarding-class nc1 {loss-priority high code-points 011;}forwarding-class {loss-priority low code-points 100;}forwarding-class af12 {loss-priority high code-points 101;}forwarding-class ef1 {loss-priority low code-points 110;}forwarding-class nc2 {loss-priority high code-points 111;}}}exp exp-rw-table {forwarding-class be {loss-priority low code-point 000;}forwarding-class af11 {loss-priority high code-point 001;}forwarding-class ef {loss-priority low code-point 010;}forwarding-class nc1 {loss-priority high code-point 111;}forwarding-class be1 {loss-priority low code-point 100;}forwarding-class af12 {loss-priority high code-point 101;}forwarding-class ef1 {loss-priority low code-point 110;}forwarding-class nc2 {loss-priority low code-point 111;}}inet-precedence inet-rw-table {forwarding-class be {loss-priority low code-point 000;}forwarding-class af11 {loss-priority high code-point 001;}forwarding-class ef1 {loss-priority low code-point 010;}forwarding-class nc1 {loss-priority low code-point 111;}forwarding-class be1 {loss-priority low code-point 100;}forwarding-class af12 {loss-priority high code-point 101;}forwarding-class ef1 {loss-priority low code-point 111;}forwarding-class nc2 {loss-priority low code-point 110;}}

Configuring and Applying Rewrite Rules

You can configure rewrite rules to replace DiffServ code points (DSCPs) on packets received from the customer or host with the values expected by other devices. You do not have to configure rewrite rules if the received packets already contain valid DSCPs. Rewrite rules apply the forwarding class information and packet loss priority used internally by the device to establish the DSCP on outbound packets. Once configured, you must apply the rewrite rules to the correct interfaces.

The following example shows how to create the rewrite rules rewrite-dscps and apply them to the device's Gibabit Ethernet interface ge-0/0/0. The rewrite rules replace the DSCPs on packets in the four forwarding classes, as shown in Table 27.

Table 27: Sample rewrite-dscps Rewrite Rules to Replace DSCPs

mf-classifier Forwarding Class

For CoS Traffic Type

rewrite-dscps Rewrite Rules

be-class

Best-effort traffic

Low-priority code point: 000000

High-priority code point: 000001

ef-class

Expedited forwarding traffic

Low-priority code point: 101110

High-priority code point: 101111

af-class

Assured forwarding traffic

Low-priority code point: 001010

High-priority code point: 001100

nc-class

Network control traffic

Low-priority code point: 110000

High-priority code point: 110001

To configure and apply rewrite rules for the device:

  1. Navigate to the top of the configuration hierarchy in either the J-Web or CLI configuration editor.
  2. Perform the configuration tasks described in Table 28.
  3. Go on to Configuring and Applying Behavior Aggregate Classifiers .

Table 28: Configuring and Applying Rewrite Rules

Task

J-Web Configuration Editor

CLI Configuration Editor

Navigate to the Class of service level in the configuration hierarchy.

  1. In the J-Web interface, select Configure>CLI Tools>Point and Click CLI.
  2. Next to Class of service, click Configure or Edit.

From the [edit] hierarchy level, enter

edit class-of-service

Configure rewrite rules for DiffServ CoS.

  1. Click Configure next to Rewrite rules.
  2. Click Add new entry next to Dscp.
  3. In the Name box, type the name of the rewrite rules—for example, rewrite-dscps.

Enter

edit rewrite-rules dscp rewrite-dscps

Configure best-effort forwarding class rewrite rules.

  1. Click Add new entry next to Forwarding class.
  2. In the Class name box, type the name of the previously configured best-effort forwarding class—be-class.
  3. Click Add new entry next to Loss priority.
  4. From the Loss val list, select low.
  5. In the Code point box, type the value of the low-priority code point for best-effort traffic—for example, 000000.
  6. Click OK.
  7. Click Add new entry next to Loss priority.
  8. From the Loss val list, select high.
  9. In the Code point box, type the value of the high-priority code point for best-effort traffic—for example, 000001.
  10. Click OK twice.

Enter

set forwarding-class be-class loss-priority low code-point 000000

set forwarding-class be-class loss-priority high code-point 000001

Configure expedited forwarding class rewrite rules.

  1. Click Add new entry next to Forwarding class.
  2. In the Class name box, type the name of the previously configured expedited forwarding class—ef-class.
  3. Click Add new entry next to Loss priority.
  4. From the Loss val list, select low.
  5. In the Code point box, type the value of the low-priority code point for expedited forwarding traffic—for example, 101110.
  6. Click OK.
  7. Click Add new entry next to Loss priority.
  8. From the Loss val list, select high.
  9. In the Code point box, type the value of the high-priority code point for expedited forwarding traffic—for example, 101111.
  10. Click OK twice.

Enter

set forwarding-class ef-class loss-priority low code-point 101110

set forwarding-class ef-class loss-priority high code-point 101111

Configure assured forwarding class rewrite rules.

  1. Click Add new entry next to Forwarding class.
  2. In the Class name box, type the name of the previously configured assured forwarding class—af-class.
  3. Click Add new entry next to Loss priority.
  4. From the Loss val list, select low.
  5. In the Code point box, type the value of the low-priority code point for assured forwarding traffic—for example, 001010.
  6. Click OK.
  7. Click Add new entry next to Loss priority.
  8. From the Loss val list, select high.
  9. In the Code point box, type the value of the high-priority code point for assured forwarding traffic—for example, 001100.
  10. Click OK twice.

Enter

set forwarding-class af-class loss-priority low code-point 001010

set forwarding-class af-class loss-priority high code-point 001100

Configure network control class rewrite rules.

  1. Click Add new entry next to Forwarding class.
  2. In the Class name box, type the name of the previously configured network control forwarding class—nc-class.
  3. Click Add new entry next to Loss priority.
  4. From the Loss val list, select low.
  5. In the Code point box, type the value of the low-priority code point for network control traffic—for example, 110000.
  6. Click OK.
  7. Click Add new entry next to Loss priority.
  8. From the Loss val list, select high.
  9. In the Code point box, type the value of the high-priority code point for network control traffic—for example, 110001.
  10. Click OK four times.

Enter

set forwarding-class nc-class loss-priority low code-point 110000

set forwarding-class nc-class loss-priority high code-point 110001

Apply rewrite rules to an interface.

(See the interface naming conventions in JUNOS Software Interfaces Configuration Guide for Security Devices.)

  1. Click Add new entry next to Interfaces
  2. In the Interface name box, type the name of the interface—for example, ge-0/0/0.
  3. Click Add new entry next to Unit.
  4. In the Unit number box, type the logical interface unit number—0.
  5. Click Configure next to Rewrite rules.
  6. In the Rewrite rules name box, under Dscp, type the name of the previously configured rewrite rules—rewrite-dscps.
  7. Click OK.

From the [edit class of service] hierarchy level, enter

set interfaces ge-0/0/0 unit 0 rewrite-rules dscp rewrite-dscps

Configuring and Applying Behavior Aggregate Classifiers

You configure behavior aggregate classifiers to classify packets that contain valid DSCPs to appropriate queues. Once configured, you must apply the behavior aggregate classifier to the correct interfaces.

The following example shows how to configure the DSCP behavior aggregate classifier ba-classifier as the default DSCP map, and apply it to the device's Gigabit Ethernet interface ge-0/0/0. The behavior aggregate classifier assigns loss priorities, as shown in Table 29, to incoming packets in the four forwarding classes.

Table 29: Sample ba-classifier Loss Priority Assignments

mf-classifier Forwarding Class

For CoS Traffic Type

ba-classifier Assignments

be-class

Best-effort traffic

High-priority code point: 000001

ef-class

Expedited forwarding traffic

High-priority code point: 101111

af-class

Assured forwarding traffic

High-priority code point: 001100

nc-class

Network control traffic

High-priority code point: 110001

To configure and apply behavior aggregate classifiers for the device:

  1. Navigate to the top of the configuration hierarchy in either the J-Web or CLI configuration editor.
  2. Perform the configuration tasks described in Table 30.
  3. Go on to Configuring RED Drop Profiles for Congestion Control .

Table 30: Configuring and Applying Behavior Aggregate Classifiers

Task

J-Web Configuration Editor

CLI Configuration Editor

Navigate to the Class of service level in the configuration hierarchy.

  1. In the J-Web interface, select Configure>CLI Tools>Point and Click CLI.
  2. Next to Class of service, click Configure or Edit.

From the [edit] hierarchy level, enter

edit class-of-service

Configure behavior aggregate classifiers for DiffServ CoS.

  1. Click Configure next to Classifiers.
  2. Click Add new entry next to Dscp.
  3. In the Name box, type the name of the behavior aggregate classifier—for example, ba-classifier.
  4. In the Import box, type the name of the default DSCP map, default.

Enter

edit classifiers dscp ba-classifier

set import default

Configure a best-effort forwarding class classifier.

  1. Click Add new entry next to Forwarding class.
  2. In the Class name box, type the name of the previously configured best-effort forwarding class—be-class.
  3. Click Add new entry next to Loss priority.
  4. From the Loss val list, select high.
  5. Click Add new entry next to Code points.
  6. In the Value box, type the value of the high-priority code point for best-effort traffic—for example, 00001.
  7. Click OK three times.

Enter

set forwarding-class be-class loss-priority high code-points 000001

Configure an expedited forwarding class classifier.

  1. Click Add new entry next to Forwarding class.
  2. In the Class name box, type the name of the previously configured expedited forwarding class—ef-class.
  3. Click Add new entry next to Loss priority.
  4. From the Loss val list, select high.
  5. Click Add new entry next to Code points.
  6. In the Value box, type the value of the high-priority code point for expedited forwarding traffic—for example, 101111.
  7. Click OK three times.

Enter

set forwarding-class ef-class loss-priority high code-points 101111

Configure an assured forwarding class classifier.

  1. Click Add new entry next to Forwarding class.
  2. In the Class name box, type the name of the previously configured assured forwarding class—af-class.
  3. Click Add new entry next to Loss priority.
  4. From the Loss val list, select high.
  5. Click Add new entry next to Code points.
  6. In the Value box, type the value of the high-priority code point for assured forwarding traffic—for example, 001100.
  7. Click OK three times.

Enter

set forwarding-class af-class loss-priority high code-points 001100

Configure a network control class classifier.

  1. Click Add new entry next to Forwarding class.
  2. In the Class name box, type the name of the previously configured network control forwarding class—nc-class.
  3. Click Add new entry next to Loss priority.
  4. From the Loss val list, select high.
  5. Click Add new entry next to Code points.
  6. In the Value box, type the value of the high-priority code point for network control traffic—for example, 110001.
  7. Click OK five times.

Enter

set forwarding-class nc-class loss-priority high code-points 110001

Apply the behavior aggregate classifier to an interface.

(See the interface naming conventions in JUNOS Software Interfaces Configuration Guide for Security Devices.)

  1. Click Add new entry next to Interfaces.
  2. In the Interface name box, type the name of the interface—for example, ge-0/0/0.
  3. Click Add new entry next to Unit.
  4. In the Unit number box, type the logical interface unit number—0.
  5. Click Configure next to Classifiers.
  6. In the Classifiers box, under Dscp, type the name of the previously configured behavior aggregate classifier—ba-classifier.
  7. Click OK.

From the [edit class of service] hierarchy level, enter

set interfaces ge-0/0/0 unit 0 classifiers dscp ba-classifier

Example: Defining Aliases for Bits

When you configure classes and define classifiers, you can refer to the markers by alias names. You can configure user-defined classifiers in terms of alias names. If the value of an alias changes, it alters the behavior of any classifier that references it.

To define a code-point alias on an SRX Series device, include the code-point-aliases statement at the [edit class-of-service] hierarchy level:

[edit class-of-service]code-point-aliases {(dscp |exp | ieee-802.1 | inet-precedence) {alias-name bits;}}

The CoS marker types are as follows:

For example, you can set up the following configuration:

[edit class-of-service] code-point-aliases {dscp {my1 110001;my2 101110;be 000001;cs7 110000;}}

The sample configuration produces this mapping:


user@host>show class-of-service code-point-aliases dscp
Alias 	Bit pattern
ef/my2 	101110
af11 		001010
af12 		001100
af13 		001110
af21 		010010
af22 		010100
af23 		010110
af31 		011010
af32 		011100
af33 		011110
af41 		100010
af42 		100100
af43 		100110
be 		000001
cs1 		001000
cs2 		010000
cs3 		011000
cs4 		100000
cs5 		101000
nc1/cs6/cs7 110000
nc2 		111000
my1 		110001

The following notes explain certain results in the mapping:

Configuring RED Drop Profiles for Congestion Control

If the device must support assured forwarding, you can control congestion by configuring random early detection (RED) drop profiles. RED drop profiles use drop probabilities for different levels of buffer fullness to determine which scheduling queue on the device is likely to drop assured forwarding packets under congested conditions. The device can drop packets when the queue buffer becomes filled to the configured percentage.

Assured forwarding traffic with the PLP (packet loss priority) bit set is more likely to be discarded than traffic without the PLP bit set. This example shows how to configure a drop probability and a queue fill level for both PLP and non-PLP assured forwarding traffic. It is only one example of how to use RED drop profiles.

The example shows how to configure the RED drop profiles listed in Table 31.

Table 31: Sample RED Drop Profiles

Drop Profile

Drop Probability

Queue Fill Level

af-normal—For non-PLP (normal) assured forwarding traffic

Between 0 (never dropped) and 100 percent (always dropped)

Between 95 and 100 percent

af-with-plp—For PLP (aggressive packet dropping) assured forwarding traffic

Between 95 and 100 percent (always dropped)

Between 80 and 95 percent

To configure RED drop profiles for assured forwarding congestion control on the device:

  1. Navigate to the top of the configuration hierarchy in either the J-Web or CLI configuration editor.
  2. Perform the configuration tasks described in Table 32.
  3. If you are finished configuring the device, commit the configuration.
  4. Go on to one of the following tasks:

Table 32: Configuring RED Drop Profiles for Assured Forwarding Congestion Control

Task

J-Web Configuration Editor

CLI Configuration Editor

Navigate to the Class of service level in the configuration hierarchy.

  1. In the J-Web interface, select Configure>CLI Tools>Point and Click CLI.
  2. Next to Class of service, click Configure or Edit.

From the [edit] hierarchy level, enter

edit class-of-service

Configure the lower drop probability for normal, non-PLP traffic.

  1. Click Add new entry next to Drop profiles.
  2. In the Profile name box, type the name of the drop profile—for example, af-normal.
  3. Click Configure next to Interpolate.
  4. Click Add new entry next to Drop probability.
  5. In the Value box, type a number for the first drop point—for example, 0.
  6. Click OK.
  7. Click Add new entry next to Drop probability again.
  8. In the Value box, type a number for the next drop point—for example, 100.
  9. Click OK.

Enter

edit drop-profiles af-normal interpolate

set drop-probability 0

set drop-probability 100

Configure a queue fill level for the lower non-PLP drop probability.

  1. Click Add new entry next to Fill level.
  2. In the Value box, type a number for the first fill level—for example, 95.
  3. Click OK.
  4. Click Add new entry next to Fill level.
  5. In the Value box, type a number for the next fill level—for example, 100.
  6. Click OK three times.

Enter

set fill-level 95

set fill-level 100

Configure the higher drop probability for PLP traffic.

  1. Click Add new entry next to Drop profiles.
  2. In the Profile name box, type the name of the drop profile—for example, af-with-plp.
  3. Click Configure next to Interpolate.
  4. Click Add new entry next to Drop probability.
  5. In the Value box, type a number for the first drop point—for example, 95.
  6. Click OK.
  7. Click Add new entry next to Drop probability.
  8. In the Value box, type a number for the next drop point—for example, 100.
  9. Click OK.

From the [edit class of service] hierarchy level, enter

edit drop-profiles af-with-PLP interpolate

set drop-probability 95

set drop-probability 100

Configure a queue fill level for the higher PLP drop probability.

  1. Click Add new entry next to Fill level.
  2. In the Value box, type a number for the first fill level—for example, 80.
  3. Click OK.
  4. Click Add new entry next to Fill level.
  5. In the Value box, type a number for the next fill level—for example, 95.
  6. Click OK.

Enter

set fill-level 80

set fill-level 95

Example: Configuring RED Drop Profiles

Create a segmented configuration and an interpolated configuration that correspond to the graphs in Figure 4. The values defined in the configuration are matched to represent the data points in the graph line. In this example, the drop probability is 25 percent when the queue is 50 percent full. The drop probability increases to 50 percent when the queue is 75 percent full.

Figure 4: Segmented and Interpolated Drop Profiles

Image h1704.gif

Segmented

class-of-service {drop-profiles {segmented-style-profile {fill-level 25 drop-probability 25;fill-level 50 drop-probability 50;fill-level 75 drop-probability 75;fill-level 95 drop-probability 100;}}}

To create the profile’s graph line, the software begins at the bottom-left corner, representing a 0 percent fill level and a 0 percent drop probability. This configuration draws a line directly to the right until it reaches the first defined fill level, 25 percent for this configuration. The software then continues the line vertically until the first drop probability is reached. This process is repeated for all of the defined levels and probabilities until the top-right corner of the graph is reached.

Create a smoother graph line by configuring the profile with the interpolate statement. This allows the software to automatically generate 64 data points on the graph beginning at (0, 0) and ending at (100, 100). Along the way, the graph line intersects specific data points, which you define as follows:

Interpolated

class-of-service {drop-profiles {interpolated-style-profile {interpolate {fill-level [ 50 75 ];drop-probability [ 25 50 ];}}}}

Configuring Schedulers

You configure schedulers to assign resources, priorities, and drop profiles to output queues. By default, only queues 0 and 3 have resources assigned.

Note: SRX Series devices support hierarchical schedulers, including per-unit-schedulers. For more information, see Configuring CoS Hierarchical Schedulers.

This example creates the schedulers listed in Table 33.

Table 33: Sample Schedulers

Scheduler

For CoS Traffic Type

Assigned Priority

Allocated Portion of Queue Buffer

Assigned Bandwidth (Transmit Rate)

be-scheduler

Best-effort traffic

Low

40 percent

10 percent

ef-scheduler

Expedited forwarding traffic

High

10 percent

10 percent

af-scheduler

Assured forwarding traffic

High

45 percent

45 percent

nc-scheduler

Network control traffic

Low

5 percent

5 percent

To configure schedulers for the device:

  1. Navigate to the top of the configuration hierarchy in either the J-Web or CLI configuration editor.
  2. Perform the configuration tasks described in Table 34.
  3. Go on to Configuring and Applying Scheduler Maps .

Table 34: Configuring Schedulers

Task

J-Web Configuration Editor

CLI Configuration Editor

Navigate to the Class of service level in the configuration hierarchy.

  1. In the J-Web interface, select Configure>CLI Tools>Point and Click CLI.
  2. Next to Class of service, click Configure or Edit.

From the [edit] hierarchy level, enter

edit class-of-service

Configure a best-effort scheduler.

  1. Click Add new entry next to Schedulers.
  2. In the Scheduler name box, type the name of the best-effort scheduler—for example, be-scheduler.

Enter

edit schedulers be-scheduler

Configure a best-effort scheduler priority and buffer size.

  1. In the Priority box, type low.
  2. Click Configure next to Buffer size.
  3. From the Buffer size choice list, select the basis for the buffer allocation method—for example, Percent.
  4. In the Percent box, type the percentage of the buffer to be used by the best-effort scheduler—for example, 40.
  5. Click OK.

Enter

set priority low

set buffer-size percent 40

Configure a best-effort scheduler transmit rate.

  1. Click Configure next to Transmit rate.
  2. From the Transmit rate choice list, select the basis for the transmit rate method—for example, Percent.
  3. In the Percent box, type the percentage of the bandwidth to be used by the best-effort scheduler—for example, 10.
  4. Click OK twice.

Enter

set transmit-rate percent 10

Configure an expedited forwarding scheduler.

  1. Click Add new entry next to Schedulers.
  2. In the Scheduler name box, type the name of the expedited forwarding scheduler—for example, ef-scheduler.

From the [edit class of service] hierarchy level, enter

edit schedulers ef-scheduler

Configure an expedited forwarding scheduler priority and buffer size.

  1. In the Priority box, type high.
  2. Click Configure next to Buffer size.
  3. From the Buffer size choice list, select the basis for the buffer allocation method—for example, Percent.
  4. In the Percent box, type the percentage of the buffer to be used by the expedited forwarding scheduler—for example, 10.
  5. Click OK.

Enter

set priority high

set buffer-size percent 10

Configure an expedited forwarding scheduler transmit rate.

  1. Click Configure next to Transmit rate.
  2. From the Transmit rate choice list, select the basis for the transmit rate method—for example, Percent.
  3. In the Percent box, type the percentage of the bandwidth to be used by the expedited forwarding scheduler—for example, 10.
  4. Click OK twice.

Enter

set transmit-rate percent 10

Configure an assured forwarding scheduler.

  1. Click Add new entry next to Schedulers.
  2. In the Scheduler name box, type the name of the assured forwarding scheduler—for example, af-scheduler.

From the [edit class of service] hierarchy level, enter

edit schedulers af-scheduler

Configure an assured forwarding scheduler priority and buffer size.

  1. In the Priority box, type high.
  2. Click Configure next to Buffer size.
  3. From the Buffer size choice list, select the basis for the buffer allocation method—for example, Percent.
  4. In the Percent box, type the percentage of the buffer to be used by the assured forwarding scheduler—for example, 45.
  5. Click OK.

Enter

set priority high

set buffer-size percent 45

Configure an assured forwarding scheduler transmit rate.

  1. Click Configure next to Transmit rate.
  2. From the Transmit rate choice list, select the basis for the transmit rate method—for example, Percent.
  3. In the Percent box, type the percentage of the bandwidth to be used by the assured forwarding scheduler—for example, 45.
  4. Click OK.

Enter

set transmit-rate percent 45

(Optional) Configure a drop profile map for assured forwarding low and high priority. (DiffServ can have a RED drop profile associated with assured forwarding.)

  1. Click Add new entry next to Drop profile map.
  2. From the Loss priority box, select Low.
  3. From the Protocol box, select Any.
  4. In the Drop profile box, type the name of the drop profile—for example, af-normal.
  5. Click OK.
  6. Click Add new entry next to Drop profile map.
  7. From the Loss priority box, select High.
  8. From the Protocol box, select Any.
  9. In the Drop profile box, type the name of the drop profile—for example, af-with-PLP.
  10. Click OK twice.

Enter

set drop-profile-map loss-priority low protocol any drop-profile af-normal

set drop-profile-map loss-priority high protocol any drop-profile af-with-PLP

Configure a network control scheduler.

  1. Click Add new entry next to Schedulers.
  2. In the Scheduler name box, type the name of the network control scheduler—for example, nc-scheduler.

From the [edit class of service] hierarchy level, enter

edit schedulers nc-scheduler

Configure a network control scheduler priority and buffer size.

  1. In the Priority box, type low.
  2. Click Configure next to Buffer size.
  3. From the Buffer size choice list, select the basis for the buffer allocation method—for example, Percent.
  4. In the Percent box, type the percentage of the buffer to be used by the network control scheduler—for example, 5.
  5. Click OK.

Enter

set priority low

set buffer-size percent 5

Configure a network control scheduler transmit rate.

  1. Click Configure next to Transmit rate.
  2. From the Transmit rate choice list, select the basis for the transmit rate method—for example, Percent.
  3. In the Percent box, type the percentage of the bandwidth to be used by the network control scheduler—for example, 5.
  4. Click OK.

Enter

set transmit-rate percent 5

Configuring and Applying Scheduler Maps

You configure a scheduler map to assign a forwarding class to a scheduler, then apply the scheduler map to any interface that must enforce DiffServ CoS.

The following example shows how to create the scheduler map diffserv-cos-map and apply it to the device's Ethernet interface ge-0/0/0. The map associates the mf-classifier forwarding classes configured in Configuring and Applying a Firewall Filter for a Multifield Classifier to the schedulers configured in Configuring Schedulers, as shown in Table 35.

Table 35: Sample diffserv-cos-map Scheduler Mapping

mf-classifier Forwarding Class

For CoS Traffic Type

diffserv-cos-map Scheduler

be-class

Best-effort traffic

be-scheduler

ef-class

Expedited forwarding traffic

ef-scheduler

af-class

Assured forwarding traffic

af-scheduler

nc-class

Network control traffic

nc-scheduler

To configure and apply scheduler maps:

  1. Navigate to the top of the configuration hierarchy in either the J-Web or CLI configuration editor.
  2. Perform the configuration tasks described in Table 36.
  3. If you are finished configuring the device, commit the configuration.
  4. Go on to one of the following tasks:

Table 36: Configuring Scheduler Maps

Task

J-Web Configuration Editor

CLI Configuration Editor

Navigate to the Class of service level in the configuration hierarchy.

  1. In the J-Web interface, select Configure>CLI Tools>Point and Click CLI.
  2. Next to Class of service, click Configure or Edit.

From the [edit] hierarchy level, enter

edit class-of-service

Configure a scheduler map for DiffServ CoS.

  1. Click Add new entry next to Scheduler maps.
  2. In the Map name box, type the name of the scheduler map—for example, diffserv-cos-map.

Enter

edit scheduler-maps diffserv-cos-map

Configure a best-effort forwarding class and scheduler.

  1. Click Add new entry next to Forwarding class.
  2. In the Class name box, type the name of the previously configured best-effort forwarding class—be-class.
  3. In the Scheduler box, type the name of the previously configured best-effort scheduler—be-scheduler.
  4. Click OK.

Enter

set forwarding-class be-class scheduler be-scheduler

Configure an expedited forwarding class and scheduler.

  1. Click Add new entry next to Forwarding class.
  2. In the Class name box, type the name of the previously configured expedited forwarding class—ef-class.
  3. In the Scheduler box, type the name of the previously configured expedited forwarding scheduler—ef-scheduler.
  4. Click OK.

Enter

set forwarding-class ef-class scheduler ef-scheduler

Configure an assured forwarding class and scheduler.

  1. Click Add new entry next to Forwarding class.
  2. In the Class name box, type the name of the previously configured assured forwarding class—af-class.
  3. In the Scheduler box, type the name of the previously configured assured forwarding scheduler—af-scheduler.
  4. Click OK.

Enter

set forwarding-class af-class scheduler af-scheduler

Configure a network control class and scheduler.

  1. Click Add new entry next to Forwarding class.
  2. In the Class name box, type the name of the previously configured network control class—nc-class.
  3. In the Scheduler box, type the name of the previously configured network control scheduler—nc-scheduler.
  4. Click OK twice.

Enter

set forwarding-class nc-class scheduler nc-scheduler

Apply the scheduler map to an interface.

(See the interface naming conventions in JUNOS Software Interfaces Configuration Guide for Security Devices.)

  1. Click Add new entry next to Interfaces.
  2. In the Interface name box, type the name of the interface—for example, ge-0/0/0.
  3. Click Add new entry next to Unit.
  4. In the Unit number box, type the logical interface unit number—0.
  5. In the Scheduler map box, type the name of the previously configured scheduler map—diffserv-cos-map.
  6. Click OK.

From the [edit class of service] hierarchy level, enter

set interfaces ge-0/0/0 scheduler-map diffserv-cos-map

Scheduler Maps: Sample Configuration

Once you define a scheduler, you can include it in a scheduler map, which maps a specified forwarding class to a scheduler configuration. To do this, include the scheduler-maps statement at the [edit class-of-service] hierarchy level:

[edit class-of-service]scheduler-maps {map-name {forwarding-class class-name scheduler scheduler-name;}}

After you have defined the scheduler map, you can associate it with an output interface. To do this, include the scheduler-map statement at the [edit class-of-service interfaces interface-name] hierarchy level:

[edit class-of-service interfaces interface-name]scheduler-map map-name;

Interface wildcards are supported.

Schedulers: Sample Configuration

You use schedulers to define the properties of output queues. These properties include the amount of interface bandwidth assigned to the queue, the size of the memory buffer allocated for storing packets, the priority of the queue, and the random early detection (RED) drop profiles associated with the queue.

You associate the schedulers with forwarding classes by means of scheduler maps. You can then associate each scheduler map with an interface, thereby configuring the hardware queues, packet schedulers, and RED processes that operate according to this mapping.

To configure class-of-service (CoS) schedulers, use the following sample configuration at the [edit class-of-service] hierarchy level:

[edit class-of-service]interfaces {interface-name {scheduler-map map-name;scheduler-map-chassis map-name;schedulers number;shaping-rate rate;unit {output-traffic-control-profile profile-name; scheduler-map map-name;shaping-rate rate;}}} fabric {scheduler-map {priority (high | low) scheduler scheduler-name;}}scheduler-maps {map-name {forwarding-class class-name scheduler scheduler-name;}}schedulers {scheduler-name {buffer-size (percent percentage | remainder | temporal microseconds );drop-profile-map loss-priority (any | low | medium-low | medium-high | high) protocol (any | non-tcp | tcp) drop-profile profile-name;priority priority-level;transmit-rate (rate | percent percentage remainder) <exact | rate-limit>;}}traffic-control-profiles profile-name { delay-buffer-rate (percent percentage | rate); guaranteed-rate (percent percentage | rate); scheduler-map map-name;shaping-rate (percent percentage | rate);}

Note: For J Series devices and SRX210, SRX240, and SRX650 devices, when configuring the “protocol parameter” in the drop-profile-map statement, tcp and non-tcp values are not supported, only the value “any” is supported.

Configuring and Applying Virtual Channels

You configure a virtual channel to set up queuing, packet scheduling, and accounting rules to be applied to one or more logical interfaces. You then must apply the virtual channel to a particular logical interface. Virtual channels can be applied in different ways. For more information on virtual channels, see Configuring Virtual Channels. In the example here, an output firewall filter is used for directing traffic to a particular virtual channel.

The following example shows how to create the virtual channels branch1–vc, branch2–vc, and branch3–vc and apply them in the firewall filter choose-vc to the Services Router's T3 interface t3-1/0/0.

To configure and apply virtual channels for the Services Router:

  1. Navigate to the top of the configuration hierarchy in either the J-Web or CLI configuration editor.
  2. Perform the configuration tasks described in Table 37.
  3. If you are finished configuring the router, commit the configuration.
  4. Go on to one of the following tasks:

Table 37: Configuring and Applying Virtual Channels

Task

J-Web Configuration Editor

CLI Configuration Editor

Navigate to the Class of service level in the configuration hierarchy.

  1. In the J-Web interface, select Configure>CLI Tools>Point and Click CLI.
  2. Next to Class of service, click Configure or Edit.

From the [edit] hierarchy level, enter

edit class-of-service

Define the virtual channels branch1–vc, branch2–vc, branch3–vc, and the default virtual channel. You must specify a default virtual channel.

  1. Click Add new entry next to Virtual channels.
  2. In the Channel name box, type the name of the virtual channel—for example, branch1–vc.
  3. Click OK.
  4. Create additional virtual channels for branch2–vc, branch3–vc, and default-vc.
  1. Enter

    set virtual-channels branch1–vc

  2. Repeat this statement for branch2–vc, branch3–vc, and default-vc.

Define the virtual channel group wan-vc-group to include the four virtual channels, and assign each virtual channel the scheduler map bestscheduler.

  1. Click Add new entry next to Virtual channel groups.
  2. In the Group name box, type the name of the virtual channel group—wan-vc-group.
  3. Click Add new entry next to Channel.
  4. In the Channel name box, type the name of the previously configured virtual channels—branch1–vc.
  5. In the Scheduler map box, type the name of the previously configured scheduler map—bestscheduler.
  6. Click OK.
  7. Add the virtual channels branch2–vc, branch3–vc, and default-vc. Select the Default box when adding the virtual channel default-vc.
  1. Enter

    set virtual-channel-groups wan-vc-group branch1–vc scheduler-map bestscheduler

  2. Repeat this statement for branch2–vc, branch3–vc, and default-vc.
  3. Enter

    set virtual-channel-groups wan-vc-group default–vc default

Specify a shaping rate of 2 Mbps for each virtual channel within the virtual channel group.

  1. Click branch1–vc in the list of virtual channels.
  2. Select the Shaping rate box.
  3. Click Configure.
  4. Select Absolute rate from the Rate choice box.
  5. In the Absolute rate box, type the shaping rate—2m.
  6. Add the shaping rate for the branch2–vc and branch3–vc virtual channels.
  7. Click OK three times.
  1. Enter

    set virtual-channel-groups wan-vc-group branch1–vc shaping-rate 2m

  2. Repeat this statement for branch2–vc and branch3–vc.

Apply the virtual channel group to the logical interface t3–1/0/0.0.

(See the interface naming conventions in JUNOS Software Interfaces Configuration Guide for Security Devices.)

  1. Click Add new entry next to Interfaces.
  2. In the Interface name box, type the name of the interface—t3–1/0/0.
  3. Click Add new entry next to Unit.
  4. In the Unit number box, type the logical interface unit number—0.
  5. In the Virtual channel group box, type the name of the previously configured virtual channel group—wan-vc-group.
  6. Click OK.

From the [edit class of service] hierarchy level, enter

set interfaces t3–1/0/0 unit 0 virtual-channel-group wan-vc-group

Create the firewall filter choose-vc to select the traffic that is transmitted on a particular virtual channel.

  1. On the main Configuration page next to Firewall, click Configure or Edit.
  2. Click Add new entry next to Filter.
  3. In the Filter name box, type the name of the firewall filter—choose-vc.
  4. Click Add new entry next to Term.
  5. In the Rule name box, type the name of the firewall term—branch1.
  6. Click Configure next to From.
  7. Click Add new entry next to Destination address.
  8. In the Address box, type the IP address of the destination host—192.168.10.0/24.
  9. Click OK twice.
  10. On the firewall term page, click Configure next to Then.
  11. Select Accept from the Designation box.
  12. In the Virtual channel box, type the name of the previously configured virtual channel—branch1–vc.
  13. Click OK.
  14. Repeat these steps for the virtual channels branch2–vc and branch3–vc.
  1. From the [edit] hierarchy level, enter

    edit firewall

  2. Enter

    set family inet filter choose-vc term branch1 from destination 192.168.10.0/24

  3. Enter

    set family inet filter choose-vc term branch1 then accept

  4. Enter

    set family inet filter choose-vc term branch1 then virtual-channel branch1–vc

  5. Repeat these steps for virtual channels branch2–vc and branch3–vc.

Apply the firewall filter choose-vc to output traffic on the t3–1/0/0.0 interface.

  1. On the main Configuration page next to Interfaces, click Configure or Edit.
  2. Click t3–1/0/0 in the list of configured interfaces.
  3. Click 0 in the list of configured logical units for the interface.
  4. Click Edit next to Inet.
  5. Click Configure next to Filter.
  6. In the Output box, type the name of the previously configured firewall filter—choose–vc.
  7. Click OK.
  1. From the [edit] hierarchy level, enter

    edit interfaces

  2. Enter

    set t3–1/0/0 unit 0 family inet filter output choose-vc

Configuring and Applying an Adaptive Shaper

You can use adaptive shaping to limit the bandwidth of traffic flowing on a Frame Relay logical interface. If you configure and apply adaptive shaping, the device checks the backward explicit congestion notification (BECN) bit within the last inbound (ingress) packet received on the interface. For more information on adaptive shaping, see Configuring Adaptive Shaping for Frame Relay.

Note: Adaptive shaping is not available on SRX3400, SRX3600, SRX5600, and SRX5800 devices.

The following example shows how to create an adaptive shaper fr-shaper and apply it to the device's T1 interface t1-0/0/2. The adapter shaper limits the transmit bandwidth on the interface to 64 Kbps.

To configure and apply an adaptive shaper for the device:

  1. Navigate to the top of the configuration hierarchy in either the J-Web or CLI configuration editor.
  2. Perform the configuration tasks described in Table 38.
  3. If you are finished configuring the device, commit the configuration.
  4. Go on to one of the following tasks:

Table 38: Configuring and Applying an Adaptive Shaper

Task

J-Web Configuration Editor

CLI Configuration Editor

Navigate to the Class of service level in the configuration hierarchy.

  1. In the J-Web interface, select Configure>CLI Tools>Point and Click CLI.
  2. Next to Class of service, click Configure or Edit.

From the [edit] hierarchy level, enter

edit class-of-service

Define the adaptive shaper name and maximum transmit rate.

  1. Next to Adaptive Shapers, click Add new entry.
  2. In the Adaptive shaper name box, type fr-shaper.
  3. Next to Trigger, click Add new entry.
  4. Next to Becn, select the check box.
  5. Next to Shaping rate, select the check box and click Configure.
  6. From the Rate choice list, select Absolute rate.
  7. In the Absolute rate box, type 64k.
  8. Click OK three times.

Enter

set adaptive-shapers fr-shaper trigger becn shaping-rate 64k

Apply the adaptive shaper to the logical interface t1-0/0/2.0.

(See the interface naming conventions in JUNOS Software Interfaces Configuration Guide for Security Devices.)

  1. Next to Interfaces, click Add new entry.
  2. In the Interface name box, type the name of the interface—t1-0/0/2.
  3. Next to Unit, click Add new entry.
  4. In the Unit number box, type the logical interface unit number—0.
  5. In the Adaptive shaper box, type the name of the adaptive shaper—fr-shaper.
  6. Click OK.

Enter

set interfaces t1-0/0/2 unit 0 adaptive-shaper fr-shaper

[Contents] [Prev] [Next] [Index] [Report an Error]


[an error occurred while processing this directive]