Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


rule-sets (CoS AppQoS)


Hierarchy Level


Defines AppQoS rule sets and the rules that establish priorities based on quality-of-service requirements for the associated applications. AppQoS rules can be included in policy statements to implement application-aware quality of service control.


  • rule-set-name—Name used to refer to a collection of AppQoS rules.

  • rule rule-name—Name applied to the match criteria and resulting actions that control the quality-of-service provided to any matching applications.

  • application application-name—Name of the application to be used as match criteria for the rule.

  • application-any —Any application encountering this rule. Note that when you use this specification, all application matching ends. Any application rule following this one will never be encountered.

  • application-group application-group-name—Group of applications to be used as match criteria for the rule. Both applications and application groups can be match criteria for a single rule.

  • application-known—Match criteria specifying any session that is identified, but its corresponding application is not specified.

  • application-unknown—Match criteria specifying any session that is not identified.

  • forwarding-class forwarding-class-name—The AppQoS class with which matching applications will be marked. This field identifies the rewriter that has marked the DSCP value . Therefore, the AppQoS forwarding class must be different from those used by IDP or firewall filters. With this class specified, firewall filter class will not overwrite the existing DSCP value.

  • dscp-code-point—DSCP alias or bit map with which matching applications will be marked to establish the output queue. This value can be marked by rewriters from IDP, AppQoS, or a firewall filter. The forwarding-class value identifies which rewriter has re-marked the packet with the current DSCP value. If a packet triggers all three rewriters, IDP takes precedence over AppQoS, which takes precedence over a firewall filter.

  • loss-priority—Loss priority with which matching applications will be marked. This value is used to determine the likelihood that a packet would be dropped when encountering congestion. A high loss priority means that there is an 80% chance of packet loss in congestion. Possible values are high, medium-high, medium-low and low.

  • rate-limit—Rate limiters to be associated with client-to-server and with server-to-client traffic for this application. The rate limiter profile defines maximum speed and volume limits for matching applications.

  • log—AppQoS event logging.

Required Privilege Level

security—To view this statement in the configuration.

security-control—To add this statement to the configuration.

Release Information

Statement introduced in Junos OS Release 11.4.

Support at the following hierarchy levels introduced in Junos OS Release 19.3R1: [edit logical-systems logical-system-name class-of-service application-traffic-control], and [edit tenants tenant-name class-of-service application-traffic-control].