You can configure firewall filters to assign packet loss priority (PLP) and forwarding
classes so that if congestion occurs, the marked packets can be dropped according to the priority
you set. The valid match conditions are one or more of the six packet header fields: destination
address, source address, IP protocol, source port, destination port, and DSCP. In other words,
you can set the forwarding class and the PLP for each packet entering or an
interface with a specific destination address, source address, IP protocol, source port, destination
port, or DSCP.
Note: Junos OS assigns forwarding classes and PLP on ingress only. Do not use a filter
that assigns forwarding classes or PLP as an egress filter.
When tricolor marking is enabled, a switch supports four PLP designations: low, medium-low, medium-high, and high. You can also
specify any of the forwarding classes listed in Table 1
Table 1: Unicast Forwarding ClassesUnicast Forwarding Class
|
For CoS Traffic Type
|
|---|
be
|
Best-effort traffic
|
no-loss
|
Guaranteed delivery for TCP traffic
|
fcoe
|
Guaranteed delivery for Fibre Channel over Ethernet (FCoE) traffic
|
nc
|
Network-control traffic
|
To assign forwarding classes in firewall filters:
- Configure the family address type and filter name:
[edit]
user@switch# edit firewall family inetfilter ingress-filter
- Configure the terms of the filter as appropriate, including the
forwarding-class and loss-priority action modifiers. For example, each of the following terms
in the filter examines various packet header fields and assigns the appropriate forwarding
class and packet loss priority: The term corp-traffic matches all IPv4 packets with a 10.1.1.0/24 source address and assigns the packets to forwarding class no-loss with a loss
priority of low:
[edit firewall family inet filter ingress-filter]
user@switch# set term corp-traffic from source-address 10.1.1.0/24;
user@switch# set term corp-traffic then forwarding-class no-loss
user@switch# set term corp-traffic then loss-priority low
The term data-traffic matches all IPv4 packets with a 10.1.2.0/24 source address and assigns the packets to forwarding class be (best effort) with
a loss priority of medium-high:
[edit firewall family inet filter ingress-filter]
user@switch# set term data-traffic from source-address 10.1.2.0/24;
user@switch# set term data-traffic then forwarding-class be
user@switch# set term data-traffic then loss-priority medium-high
The last term accept-traffic matches any packets that did not match
on any of the preceding terms and assigns the packets to forwarding class be with
a loss priority of high:
[edit firewall family inet filter ingress-filter]
user@switch# set term accept-traffic then forwarding-class be
user@switch# set term accept-traffic then loss-priority high
- Apply the filter
ingress-filter to a Layer 3
interface. For information about applying the filter, see Configuring Firewall Filters. (Assigning forwarding classes and PLP is supported only on ingress
filters.)
