Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Configure Multifield Classifiers

This topic describes how to configure multifield classifiers.

Multifield classifiers classify packets to a forwarding class and loss priority based on firewall filter match criteria. You usually use multifield classification at the edge of the network for packets that do not have valid or trusted BA code points.

If you configure both a BA classifier and a multifield classifier, BA classification is performed first; then multifield classification is performed. If both a BA classifier and a multifield classifier conflict, the multifield classifier overrides the BA classifier.

Note:

For a specified interface, you can configure both a multifield classifier and a BA classifier without conflicts. Because Junos applies the classifiers in sequential order, the BA classifier followed by the multifield classifier, the multifield classifier overrides the BA classifier if the two classifiers conflict.

To activate (apply) a multifield classifier, you must configure it on a logical interface. There is no restriction on the number of multifield classifiers you can configure.

You configure multifield classifiers by:

  1. Defining the filter—Configure either a firewall filter or a simple filter. Simple filters filter only IPv4 traffic (family inet). Firewall filters enable you to filter additional protocol families and more complex filters. The following sections describe both procedures.

  2. Applying the filter—Activate the filter by configuring on a logical interface as an input filter.

To configure a firewall filter:

  1. Under the firewall statement, specify the protocol family for which you want to filter traffic and specify a name for the filter.
  2. Specify the term name and match criteria you want to look for in incoming packets.
  3. Specify the action you want to take when a packet matches the conditions.

    For multifield classifiers, you can perform the following actions:

    • Set the value of the DSCP field of incoming packets.

    • Set the forwarding class of incoming packets. The forwarding class determines the output queue.

    • Set the loss priority of incoming packets. The loss priority is used by schedulers in conjunction with the random early discard (RED) algorithm to control packet discard during periods of congestion.

To configure a simple filter:

  1. Specify a name for the simple filter.

  2. Specify the term name and match criteria you want to look for in incoming packets.

  3. Specify the action you want to take when a packet matches the conditions.

    For multifield classifiers, you can perform the following actions for a simple filter:

To apply the firewall filter to the appropriate logical interfaces as an input filter.

  1. Specify the physical and logical interface on which you want to apply the firewall filter.

  2. Specify the protocol family for the firewall filter.

  3. Specify the names of the firewall filters to apply to received packets.

    Repeat this step for the family protocol filter and the simple filter.

  4. Save your configuration.

Platform-Specific Multifield Classifier Behavior

Use Feature Explorer to confirm platform and release support for specific features.

Use the following table to review platform-specific behaviors for your platform:

Platform Difference
EX Series Switches

  • If you configure a firewall filter with a DSCP action or traffic-class action on a DPC, the commit does not fail, but a warning displays and an entry is made in the syslog.
MX Series

  • If you configure a firewall filter with a DSCP action or traffic-class action on a DPC, the commit does not fail, but a warning displays and an entry is made in the syslog.

  • For an L2TP LNS on MX Series routers, you can attach firewall for static LNS sessions by configuring these at logical interfaces directly on the inline services device (si-fpc/pic/port). RADIUS-configured firewall attachments are not supported.

Related Documentation