ON THIS PAGE
Example: Configuring a Filter for Use as an Ingress Queuing Filter
This example shows how to configure a firewall
filter for use as an ingress queuing filter. The ingress queuing filter
assists in traffic shaping operations by enabling you to set the forwarding
class and packet loss priority, or drop the packet before ingress
queue selection. The firewall filter must be configured within one
of the following protocol families: bridge, cc, inet, inet6, mpls, or vpls and have one or more of the following actions: accept, discard, forwarding-class, and loss-priority.
Although the ingress queuing filter can be used with EX9200 switches and T-Series routers as well as MX-Series routers, it is used only on those MX Series routers that have MPCs. An error is generated at commit if the ingress queuing filter is applied to an interface on any other type of port concentrator.
Requirements
This example uses the following hardware and software components:
An MX Series router with MPC
In order for ingress queuing filters to function, ingress-and-egress must be configured as the traffic-manager mode at the [edit chassis fpc slot pic slot traffic-manager mode] hierarchy level.
Overview
In this example, you create a firewall filter named iqfilter1 in the inet protocol family that sets the loss priority
and forwarding class of packets coming from the 192.168.2.0/24 network.
You then apply the iqfilter1 filter to the ge-0/0/0.0 logical
interface as an ingress queuing filter.
To configure a firewall filter and apply it for use as an ingress queuing filter involves:
Creating a firewall filter named
iqfilter1in theinetprotocol family with the following two actions:forwarding-classandloss-priority.Applying the firewall filter to the ge-0/0/0.0 interface as an ingress queuing filter.
Configuration
- CLI Quick Configuration
- Configuring the Firewall Filter and Applying It to an Interface as an Input Queuing Filter
- Results
CLI Quick Configuration
To quickly configure this example, copy the following
commands, paste them into a text file, remove any line breaks, change
any details necessary to match your network configuration, and then
copy and paste the commands into the CLI at the [edit] hierarchy
level.
set firewall family inet filter iqfilter1 term t1 from address 192.168.2.0/24 set firewall family inet filter iqfilter1 term t1 then loss-priority low set firewall family inet filter iqfilter1 term t1 then forwarding-class expedited-forwarding set interfaces ge-0/0/0 unit 0 family inet ingress-queuing-filter iqfilter1
Configuring the Firewall Filter and Applying It to an Interface as an Input Queuing Filter
Step-by-Step Procedure
The following example requires you to navigate various levels in the configuration hierarchy. For information about navigating the CLI, see Using the CLI Editor in Configuration Mode in the CLI User Guide.
To configure the firewall filter, iqfilter1, and
apply it to logical interface ge-0/0/0 unit 0:
Create a firewall filter named
iqfilter1.[edit firewall family inet]user@router# set filter iqfilter1 term t1 from address 192.168.2.0/24 user@router# set filter iqfilter1 term t1 then loss-priority low user@router# set filter iqfilter1 term t1 then forwarding-class expedited-forwardingApply the firewall filter to the logical interface.
[edit]user@router# set interfaces ge-0/0/0 unit 0 family inet ingress-queuing-filter iqfilter1
Results
From configuration mode, confirm your configuration
by entering the show firewall and the show interfaces
ge-0/0/0.0 commands. If the output does not display the intended
configuration, repeat the instructions in this example to correct
the configuration.
user@router# show firewall
family inet {
filter iqfilter1 {
term t1 {
from {
address {
192.168.0.0/24;
}
}
then {
loss-priority low;
forwarding-class expedited-forwarding;
}
}
}
}
user@router# show interfaces ge-0/0/0.0
family inet {
ingress-queuing-filter iqfilter1;
}
If you are done configuring the device, enter commit from configuration mode.
user@router# commit