Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

Class of Service for Services PICs (Next Gen Services)

Class of Service Overview for Services PICs (Next Gen Services)

You can configure CoS Differentiated Services (DiffServ) code point (DSCP) marking and forwarding-class assignment for packets transiting a services PIC while being processed by a service set.

Configure services CoS rules, which identify the matching conditions for packet source and destination addresses and for packet applications, and the actions to take on those packets. You must apply CoS rules to a service set before the rules can be applied to traffic. Only stateful firewall and NAT rules can be used with CoS rules in a service set.

You can also configure specific CoS actions for FTP and for SIP traffic by creating an application profile. The application profile can then be referenced in the CoS rule actions.

The services CoS rules do not support scheduling. You must configure scheduling at the [edit class-of-service] hierarchy level on the output interface or fabric.

Note:

When configuring Next Gen Services with the MX-SPC3 services card, the service set must include at least one stateful firewall (SFW) rule or NAT rule, or services CoS does not work. Only stateful firewall and NAT rules can be used with CoS rules in a service set. CoS works without NAT and SFW rules also.

Benefits

CoS for traffic on a services PIC lets you classify traffic flows based on stateful firewall and NAT configurations.

See Also

Configuring CoS for Traffic Processed by a Services PIC (Next Gen Services)

Configuring CoS Rules

  1. Configure a name for the CoS rule.
  2. Specify the traffic flow direction for the CoS rule.

    If this CoS rule is applied to an interface-type service set, the direction is determined by whether a packet is entering or leaving the interface on which the service set is applied. If this CoS rule is applied to a next-hop service set, the direction is input if the inside interface is used to route the packet, and the direction is output if the outside interface is used to route the package.

    If you configure input-output, the rule is applied to sessions initiated from either direction.

  3. Configure a name for a CoS rule policy.

    You can configure multiple policies for a CoS rule. Each policy identifies the matching conditions for packet source and destination addresses and for packet applications, and the CoS actions to take on those packets. Once a policy in the rule matches a packet, that policy is applied and no other policies in the rule are processed.

  4. Specify one or more port-based applications that match the policy.
  5. Specify the destination address that matches the policy.
  6. Specify a range of destination addresses that match the policy.
  7. Specify the destination port number that matches the policy.
  8. Specify the source address that matches the policy.
  9. Specify a range of source addresses that match the policy.
  10. Specify a prefix list of source address prefixes that match the policy.

    You configure a prefix list by using the prefix-list statement at the [edit policy-options] hierarchy level.

  11. Specify the application profile that defines the CoS policy actions for FTP and SIP traffic.
  12. Specify the DSCP value to apply to the packet.

    The DSCP can be either a code point alias or a DSCP bit value.

  13. Specify the forwarding class name to apply to the packet.

    The choices are:

    • assured-forwarding

    • best-effort

    • expedited-forwarding

    • network-control

    • user-defined classifiers.

      You can define classifiers under [edit class-of-service classifiers dscp] hierarchy.

  14. Configure system logging for the CoS rule policy.
  15. Specify the treatment of flows in the reverse direction of the matching direction. Perform only one of the following:
    1. Configure unique values for the reverse direction:
    2. Apply the CoS rule policy actions to flows in the reverse direction as well as to flows in the matching direction.
    3. Store the DSCP and forwarding class of a packet that is received in the match direction of the rule and then apply that DSCP and forwarding class to packets that are received in the reverse direction of the same session.

Configuring Application Profiles for CoS Rules

Configure CoS actions for FTP and SIP traffic. The application profile can then be used in CoS rule actions.

  1. Configure a name for the application profile.
  2. Specify the DSCP value to apply to the FTP or SIP (voice or video) packets.

    For FTP traffic:

    For SIP voice or video traffic:

    The DSCP can be either a code point alias or a DSCP bit value.

  3. Specify the forwarding class to apply to FTP or SIP packets.

    For FTP traffic:

    For SIP voice or video traffic:

    The choices are:

    • assured-forwarding

    • best-effort

    • expedited-forwarding

    • network-control

Configuring CoS Rule Sets

A CoS rule set lets you specify a set of services CoS rules. You can then assign the rule set to a service set, which processes the rules in the order they appear. Once a rule matches the packet, the router performs the corresponding action, and no further rules in the rule set are applied.

  1. Configure a name for the CoS rule set.
  2. Specify the CoS rules that belong to the rule set.

Configuring the Service Set for CoS

You must apply CoS rules to a service set before the rules can be applied to traffic. Only stateful firewall and NAT rules can be used with CoS rules in a service set.

To configure a service set with CoS rules:

  1. Define the service set.
  2. Configure either an interface service set, which requires a single service interface, or a next-hop service set, which requires an inside and outside service interface.

    or

  3. Specify the CoS rules to be used with the service set. You can either specify individual rules or rule sets.

    To apply individual CoS rules:

    To apply CoS rule sets:

    The service set processes the CoS rules or rule sets in the order in which they appear in the service set configuration.

  4. (Optional) Assign at least one stateful firewall rule or NAT rule to the service set.
  5. (Optional) Configure the service set to create a CoS session even if a packet is first received in the reverse direction of the matching direction of the CoS rule. The CoS rule values are then applied as soon as a packet in the correct match direction is received.

See Also