Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Understanding Priority Propagation

SRX5600 and SRX5800 firewalls with input/output cards (IOCs) perform priority propagation. Priority propagation is useful for mixed traffic environments when, for example, you want to make sure that the voice traffic of one customer does not suffer from the data traffic of another customer. Nodes and queues are always serviced in the order of their priority. The priority of a queue is decided by configuration (the default priority is low) in the scheduler. However, not all elements of hierarchical schedulers have direct priorities configured. Internal nodes, for example, must determine their priority in other ways.

The priority of any internal node is decided as follows:

  • By the highest priority of an active child (interface sets only take the highest priority of their active children

  • Whether the node is above its configured guaranteed rate (CIR) or not (this is relevant only if the physical interface is in CIR mode)

Each queue has a configured priority and a hardware priority. Table 1 shows the usual mapping between the configured priority and the hardware priority.

Table 1: Queue Priority

Configured Priority

Hardware Priority

Strict-high

0

High

0

Medium-high

1

Medium-low

1

Low

2

Figure 1 shows a physical interface with hierarchical schedulers configured. The configured priorities are shown for each queue at the top of the figure. The hardware priorities for each node are shown in parentheses. Each node also shows any configured shaping rate (PIR) or guaranteed rate (CIR) and whether or not the queues are above or below the CIR. The nodes are shown in one of the following three states:

  • Above the CIR (clear)

  • Below the CIR (dark)

  • Condition where the CIR does not matter (gray)

Figure 1: Hierarchical Schedulers and PrioritiesHierarchical Schedulers and Priorities

In Figure 1, the strict high queue for C-VLAN 0 (cvlan 0) receives service first, even though the C-VLAN is above the configured CIR. Once that queue has been drained, and the priority of the node has become 3 instead of 0 (because of the lack of strict-high traffic), the system moves on to the medium queues (cvlan 1 and cvlan 3), draining them in a round-robin fashion where empty queues lose their hardware priority. The low queue on cvlan 4 (priority 2) is sent next because that mode is below the CIR. Then, the high queues on cvlan 0 and cvlan2 (both now with priority 3) are drained in a round-robin fashion, and finally the low queue on cvlan 0 is drained (because svlan 0 has a priority of 3).

Related Documentation