Traditionally, packet marking (that is, setting rewrite
rules) in Junos OS uses the forwarding class and loss priority that
have been determined through a behavior aggregate (BA) classifier
or multifield classifier. The forwarding class and loss priority is
also used to decide queuing behavior. This approach does not allow
rewrite rules to be directly assigned for each customer because of
the limited number of combinations of forwarding class and loss priority.
When a new customer is added, setting rewrite rules by using this
approach requires changes to the configuration on the core interfaces,
which must be avoided as one mistake can affect traffic from all customers.
An alternative packet marking scheme, available starting in
Junos OS Release 14.2R3, called policy map, enables you to define rewrite rules on a per-customer basis (that
is, for each customer). The policy map makes it possible to use any
packet field to identify a given flow and specify a rewrite value
for that flow.
To configure and apply policy maps, you must
have the following:
To assign rewrite rules on a per-customer basis:
- Configure a policy map.
[edit class-of-service policy-map policy-map-name]
user@host# set inet-precedence proto-ip code-point [alias | bits];
user@host# set inet-precedence proto-mpls code-point [alias | bits]
user@host# set dscp proto-ip code-point [alias | bits]
user@host# set dscp proto-mpls code-point [alias | bits]
user@host# set dscp-ipv6 proto-ip code-point [alias | bits]
user@host# set dscp-ipv6 proto-mpls code-point [alias | bits]
user@host# set exp all-label code-point [alias | bits]
user@host# set exp outer-label code-point [alias | bits]
user@host# set ieee-802.1 outer code-point [alias | bits]
user@host# set ieee-802.1 outer-and-inner code-point [alias | bits]
user@host# set ieee-802.1ad outer code-point [alias | bits]
user@host# set ieee-802.1ad outer-and-inner code-point [alias | bits]
Note: Policy maps have the following configuration restrictions:
When configuring both proto-ip
and proto-mpls
options for inet-precedence
, dscp
, or dscp-ipv6
, you must configure both options with the same code
point or code point alias.
You cannot configure inet-precedence
and dscp
in the same policy map.
You cannot configure ieee-802.1
and ieee-802.1ad
in the same policy map.
You cannot configure both outer
and outer-and-inner
options for ieee-802.1
and ieee-802.1ad
code
points in the same policy map.
For MPLS POP operation EXP rewrite, if the inner header
is also MPLS, only the exp
value given with the mpls
option all-label
will go into effect.
For example:
[edit class-of-service]
user@host# set policy-map pm1 dscp proto-ip code-point 111000
user@host# set policy-map pm1 ieee-802.1 outer code-point 001
- Apply the policy map.
Apply the policy map an ingress or egress firewall filter.
[edit firewall family protocol-family-name filter filter-name]
user@host# set term term-name from match-conditions
user@host# set term term-name then policy-map policy-map-name
For example:
[edit firewall family inet filter f1]
user@host# set term t1 from address 10.2.2.0/24
user@host# set term t1 then policy-map pm1
Note: In this example, every IPv4 packet arriving from IP address
10.2.2.0/24 is assigned a DSCP value of 111000
.
Alternatively, apply the policy map to a routing instance.
[edit class-of-service]
user@host# set routing-instances routing-instance-name policy-map policy-map-name
For example:
[edit class-of-service]
user@host# set routing-instances r1 policy-map p1
Note: In this example, every IPv4 packet in routing instance r1
is assigned a DSCP value of 111000
.
Alternatively, apply the policy map directly to an ingress interface.
[edit class-of-service]
user@host# set interfaces interface-name unit logical-unit-number policy-map policy-map-name
For example:
[edit class-of-service]
user@host# set interfaces xe-4/0/0 unit 0 policy-map p1