Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Example: Rewriting CoS Information at the Network Border to Enforce CoS Strategies

This example shows how to rewrite (remark) class-of-service (CoS) values at the network border to enforce your internal CoS strategies. This is typically done when the CoS values of the inbound traffic at the network border cannot be trusted, or the values do not match your internal network’s CoS strategy.

A thorough explanation of the CoS rewriting and its underlying algorithms is beyond the scope of this document. For more information about traffic policing, and CoS in general, refer to QOS-Enabled Networks—Tools and Foundations by Miguel Barreiros and Peter Lundqvist. This book is available at many online booksellers and at www.juniper.net/books .

Requirements

To verify this procedure, this example uses a traffic generator. The traffic generator can be hardware-based or it can be software running on a server or host machine.

The functionality in this procedure is widely supported on devices that run Junos OS. The example shown here was tested and verified on MX Series routers running Junos OS Release 10.4.

Overview

The purpose of this example is to demonstrate CoS rewriting at a network border to convey the traffics’s CoS profile to the next-hop router, based on the forwarding class and packet loss priority (PLP) assigned to the traffic. CoS information rewriting is performed as the last step before a packet is transmitted onto the egress network.

In this example the rewriting is done when sending traffic from the host connected to Device R1 to the host connected to Device R2. The information required for rewriting the CoS parameters in the other direction is not included in this example. However, you can use the rewriting information in Device R1 (making changes for the interfaces used) and apply it to Device R2 to achieve bidirectional CoS rewriting.

Junos OS contains several default rewrite rules that might meet your requirements. You display them with the show class-of-service rewrite-rule command. A partial table of the default rewrite rule mappings is shown in the following table.

Map from Forwarding Class

PLP Value

MAP to DSCP/DSCP IPv6/EXP/IP Code Point Aliases

expedited-forwarding

low

ef

expedited-forwarding

high

ef

assured-forwarding

low

af11

assured-forwarding

high

af12(DSCP/DSCP IPv6/EXP)

best-effort

low

be

best-effort

high

be

network-control

low

nc1/cs6

network-control

high

nc2/cs7

You can also define your own custom rewrite-rules table, or use a mixture of the default rewrite-rules and a custom table that you create. This example uses default rewrite-rules.

Topology

This example uses the topology in Figure 1.

Figure 1: Rewriting CoS Information at the Network Border to Enforce CoS Strategies ScenarioRewriting CoS Information at the Network Border to Enforce CoS Strategies Scenario

This video explains the topics used in this example. We recommend that you watch the video before proceeding.

Configuration

Procedure

CLI Quick Configuration

To quickly configure this example, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, and then copy and paste the commands into the CLI at the [edit] hierarchy level.

Device R1

Device R2

Step-by-Step Procedure

The following example requires you to navigate various levels in the configuration hierarchy. For instructions on how to do that, see Using the CLI Editor in Configuration Mode in the Junos OS CLI User Guide.

To configure Device R1:

  1. Configure the device interfaces.

  2. Configure the firewall parameters.

  3. Configure the class-of-service parameters.

  4. Configure OSPF.

Step-by-Step Procedure

To configure Device R2:

  1. Configure the device interface.

  2. Configure the firewall parameters.

  3. Configure OSPF.

Results

From configuration mode, confirm your configuration by entering the show interfaces, show firewall, show class-of-service , and show protocols ospf commands. If the output does not display the intended configuration, repeat the instructions in this example to correct the configuration.

If you are done configuring Device R1, enter commit from configuration mode.

If you are done configuring Device R2, enter commit from configuration mode.

Verification

Confirm that the configuration is working properly.

Clearing the Firewall Counters

Purpose

Confirm that the firewall counters are cleared.

Action

On Devices R1 and R2, run the clear firewall all command to reset the firewall counters to 0.

Sending Traffic into the Network from TCP HTTP Ports 80 and 12345 and Monitoring the Results

Purpose

Send traffic from the host connected to Device 1 into the network so that it can be monitored by the firewall on Device R1 and Device R2.

Action

  1. Use a traffic generator to send 20 TCP packets with a source port of 80 into the network.

    The -s flag sets the source port. The -k flag causes the source port to remain steady at 80 instead of incrementing. The -c flag sets the number of packets to 20. The -d flag sets the packet size.

  2. Use a traffic generator to send 20 TCP packets with a source port of 12345 into the network.

  3. On Device R1, check the firewall counters by using the show firewall command.

  4. On Device R2, check the firewall counters using the show firewall command.

Meaning

Device R1 correctly set the code point for TCP packets to port 12345 to bf. Device R1 correctly set the code point for TCP packets to port 80 to ef. Device R2 correctly recognized the code point for TCP packets to port 12345 as bf. Device R2 correctly recognized the code point for TCP packets to port 80 as ef.