Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

Understanding Applying CoS Classifiers and Rewrite Rules to Interfaces

At ingress interfaces, classifiers group incoming traffic into classes based on the IEEE 802.1p, DSCP, or MPLS EXP class of service (CoS) code points in the packet header. At egress interfaces, you can use rewrite rules to change (re-mark) the code point bits before the interface forwards the packets.

You can apply classifiers and rewrite rules to interfaces to control the level of CoS applied to each packet as it traverses the system and the network. This topic describes:

Supported Classifier and Rewrite Rule Types

Table 1 shows the supported types of classifiers and rewrite rules supports:

Table 1: Supported Classifiers and Rewrite Rules

Classifier or Rewrite Rule Type

Description

Fixed classifier

Classifies all ingress traffic on a physical interface into one fixed forwarding class, regardless of the CoS bits in the packet header.

DSCP and DSCP IPv6 unicast classifiers

Classifies IP and IPv6 traffic into forwarding classes and assigns loss priorities to the traffic based on DSCP code point bits.

IEEE 802.1p unicast classifier

Classifies Ethernet traffic into forwarding classes and assigns loss priorities to the traffic based on IEEE 802.1p code point bits.

MPLS EXP classifier

Classifies MPLS traffic into forwarding classes and assigns loss priorities to the traffic on interfaces configured as family mpls.

QFX5200, QFX5100, EX4600 switches use one global EXP classifier on all family mpls switch interfaces.

DSCP multidestination classifier (also used for IPv6 multidestination traffic)

Note:

This applies only to switches that use different classifiers for unicast and multidestination traffic. It does not apply to switches that use the same classifiers for unicast and multidestination traffic.

Classifies IP and IPv6 multicast, broadcast, and destination lookup fail (DLF) traffic into multidestination forwarding classes. Multidestination classifiers are applied to all interfaces and cannot be applied to individual interfaces.

IEEE 802.1p multidestination classifier

Note:

This applies only to switches that use different classifiers for unicast and multidestination traffic. It does not apply to switches that use the same classifiers for unicast and multidestination traffic.

Classifies Ethernet multicast, broadcast, and destination lookup fail (DLF) traffic into multidestination forwarding classes. Multidestination classifiers are applied to all interfaces and cannot be applied to individual interfaces.

DSCP and DSCP IPv6 rewrite rules

Re-marks the DSCP code points of IP and IPv6 packets before forwarding the packets.

IEEE 802.1p rewrite rule

Re-marks the IEEE 802.1p code points of Ethernet packets before forwarding the packets.

MPLS EXP rewrite rule

Re-marks the EXP code points of MPLS packets before forwarding the packets on interfaces configured as family mpls.
Note:

On switches that support native Fibre Channel (FC) interfaces, you can specify a rewrite value on native FC interfaces (NP_Ports) to set the IEEE 802.1p code point of incoming FC traffic when the NP_Port encapsulates the FC packet in Ethernet before forwarding it to the FCoE network (see Understanding CoS IEEE 802.1p Priority Remapping on an FCoE-FC Gateway).

DSCP, IEEE 802.1p, and MPLS EXP classifiers are behavior aggregate (BA) classifiers. On QFX5100, QFX5200, and EX4600 switches, unlike DSCP and IEEE 802.1p classifiers, EXP classifiers are global and apply only to all interfaces that are configured as family mpls.

Unlike DSCP and IEEE 802.1p BA classifiers, there is no default EXP classifier. Also unlike DSCP and IEEE 802.1p classifiers, for MPLS traffic on family mpls interfaces only, EXP classifiers overwrite fixed classifiers. (An interface that has a fixed classifier uses the EXP classifier for MPLS traffic, not the fixed classifier, and the fixed classifier is used for all other traffic.)

On switches that use different classifiers for unicast and multidestination traffic, multidestination classifiers are global and apply to all interfaces; you cannot apply a multidestination classifier to individual interfaces.

Classifying packets into forwarding classes assigns packets to the output queues mapped to those forwarding classes. The traffic classified into a forwarding class receives the CoS scheduling configured for the output queue mapped to that forwarding class.

Note:

In addition to BA classifiers and fixed classifiers, which classify traffic based on the CoS field in the packet header, you can use firewall filters to configure multifield (MF) classifiers. MF classifiers classify traffic based on more than one field in the packet header and take precedence over BA and fixed classifiers.

Ethernet Interfaces Supported for Classifier and Rewrite Rule Configuration

To apply a classifier to incoming traffic or a rewrite rule to outgoing traffic, you need to apply the classifier or rewrite rule to one or more interfaces. When you apply a classifier or rewrite rule to an interface, the interface uses the classifier to group incoming traffic into forwarding classes and uses the rewrite rule to re-mark the CoS code point value of each packet before it leaves the system.

Not all interfaces types support all types of CoS configuration. This section describes:

Interface Types That Support Classifier and Rewrite Rule Configuration

You can apply classifiers and rewrite rules to Ethernet interfaces. For Layer 3 LAGs, configure BA or fixed classifiers on the LAG (ae) interface. The classifier configured on the LAG is valid on all of the LAG member interfaces.

On switches that support native FC interfaces, you can apply fixed classifiers to native FC interfaces (NP_Ports). You cannot apply other types of classifiers or rewrite rules to native FC interfaces. You can rewrite the value of the IEEE 802.1p code point of incoming FC traffic when the interface encapsulates it in Ethernet before forwarding it to the FCoE network as described in Understanding CoS IEEE 802.1p Priority Remapping on an FCoE-FC Gateway.

Classifier and Rewrite Rule Physical and Logical Ethernet Interface Support

The Ethernet ports can function as:

  • Layer 2 physical interfaces (family ethernet-switching)

  • Layer 2 logical interfaces (family ethernet-switching)

  • Layer 3 physical interfaces (family inet/inet6)

  • Layer 3 logical interfaces (family inet/inet6)

  • MPLS interfaces (family mpls)

Ethernet Interface Support for Most QFX Series Switches

On most QFX Series switches you can apply classifiers and rewrite rules to Layer 2 logical interfaces or to Layer 3 physical interfaces. Table 2 shows on which interfaces you can configure and apply classifiers and rewrite rules.

Note:

The CoS feature support listed in this table is identical on single interfaces and aggregated Ethernet interfaces.
Table 2: Ethernet Interface Support for Classifier and Rewrite Rule Configuration (QFX5000 and EX4600 Switches)

CoS Classifiers and Rewrite Rules

Layer 2 Physical Interfaces

Layer 2 Logical Interface (unit * applies rule to all logical interfaces)

Layer 3 Physical Interfaces (If at Least One Logical Layer 3 Interface Is Defined)

Layer 3 Logical Interfaces

Fixed classifier

No

Yes

Yes

No

DSCP classifier

No

Yes

Yes

No

DSCP IPv6 classifier

No

Yes

Yes

No

IEEE 802.1p classifier

No

Yes

Yes

No

EXP classifier

Global classifier, applies only to all switch interfaces that are configured as family mpls. Cannot be configured on individual interfaces.

DSCP rewrite rule

No

Yes

Yes

No

DSCP IPv6 rewrite rule

No

Yes

Yes

No

IEEE 802.1p rewrite rule

No

Yes

Yes

No

EXP rewrite rule

No

Yes

Yes

No
Note:

IEEE 802.1p multidestination and DSCP multidestination classifiers are applied to all interfaces and cannot be applied to individual interfaces. No DSCP IPv6 multidestination classifier is supported. IPv6 multidestination traffic uses the DSCP multidestination classifier.

Ethernet Interface Support for QFX10000 Switches

On QFX10000 switches, you can apply classifiers and rewrite rules only to Layer 2 logical interface unit 0. You can apply different classifiers and rewrite rules to different Layer 3 logical interfaces. You cannot apply classifiers or rewrite rules to Layer 2 or Layer 3 physical interfaces. Table 3 shows on which interfaces you can configure and apply classifiers and rewrite rules.

Note:

The CoS feature support listed in this table is identical on single interfaces and aggregated Ethernet interfaces.
Table 3: Ethernet Interface Support for Classifier and Rewrite Rule Configuration (QFX10000 Switches)

CoS Classifiers and Rewrite Rules

Layer 2 Physical Interfaces

Layer 2 Logical Interface (Unit 0 Only)

Layer 3 Physical Interfaces

Layer 3 Logical Interfaces

Fixed classifier

No

Yes

No

Yes

DSCP classifier

No

Yes

No

Yes

DSCP IPv6 classifier

No

Yes

No

Yes

IEEE 802.1p classifier

No

Yes

No

Yes

EXP classifier

No

Yes

No

Yes

DSCP rewrite rule

No

Yes

No

Yes

DSCP IPv6 rewrite rule

No

Yes

No

Yes

IEEE 802.1p rewrite rule

No

Yes

No

Yes

EXP rewrite rule

No

Yes

No

Yes

Routed VLAN Interfaces (RVIs) and Integrated Routing and Bridging (IRB) Interfaces

You cannot apply classifiers and rewrite rules directly to routed VLAN interfaces (RVIs) or integrated routing and bridging (IRB) interfaces because the members of RVIs and IRBs are VLANs, not ports. However, you can apply classifiers and rewrite rules to the VLAN port members of an RVI or an IRB. You can also apply MF classifiers to RVIs and IRBs.

Default Classifiers

If you do not explicitly configure classifiers on an Ethernet interface, the switch applies default classifiers so that the traffic receives basic CoS treatment. The factors that determine the default classifier applied to the interface include the interface type (Layer 2 or Layer 3), the port mode (trunk, tagged-access, or access), and whether logical interfaces have been configured.

The switch applies default classifiers using the following rules:

  • If the physical interface has at least one Layer 3 logical interface configured, the logical interfaces use the default DSCP classifier.

  • If the physical interface has a Layer 2 logical interface in trunk mode or tagged-access mode, it uses the default IEEE 802.1p trusted classifier.

  • If the physical interface has a Layer 2 logical interface in access mode, it uses the default IEEE 802.1p untrusted classifier.

  • If the physical interface has no logical interface configured, no default classifier is applied.

  • On switches that use different classifiers for unicast and multidestination traffic, the default multidestination classifier is the IEEE 802.1p multidestination classifier.

  • There is no default MPLS EXP classifier.

Default Rewrite Rules

No default rewrite rules are applied to interfaces. If you want to re-mark packets at the egress interface, you must explicitly configure a rewrite rule.

Classifier Precedence

You can apply multiple classifiers (MF, fixed, IEEE 802.1p, DSCP, or EXP) to an Ethernet interface to handle different types of traffic. (EXP classifiers are global and apply only to all MPLS traffic on all family mpls interfaces.) When you apply more than one classifier to an interface, the system uses an order of precedence to determine which classifier to use on interfaces:

Classifier Precedence on Physical Ethernet Interfaces

The precedence of classifiers on physical interfaces, from the highest-priority classifier to the lowest-priority classifier, is:

  • MF classifier on a logical interface (no classifier has a higher priority than MF classifiers)

  • Fixed classifier on the physical interface

  • DSCP or DSCP IPv6 classifier on the physical interface

  • IEEE 802.1p classifier on the physical interface

Note:

If an EXP classifier is configured, MPLS traffic uses the EXP classifier on all family mpls interfaces, even if an MF or fixed classifier is applied to the interface. If an EXP classifier is not configured, then if a fixed classifier is applied to the interface, the MPLS traffic uses the fixed classifier. If no EXP classifier and no fixed classifier is applied to the interface, MPLS traffic is treated as best-effort traffic. DSCP classifiers are not applied to MPLS traffic.

You can apply a DSCP classifier, an IEEE 802.1p classifier, and an EXP classifier on a physical interface. When all three classifiers are on an interface, IP traffic uses the DSCP classifier, MPLS traffic on family mpls interfaces uses the EXP classifier, and all other traffic uses the IEEE classifier.

Note:

You cannot apply a fixed classifier and a DSCP or IEEE classifier to the same interface. If a DSCP classifier, an IEEE classifier, or both are on an interface, you cannot apply a fixed classifier to that interface unless you first delete the DSCP and IEEE classifiers. If a fixed classifier is on an interface, you cannot apply a DSCP classifier or an IEEE classifier unless you first delete the fixed classifier.

Classifier Precedence on Logical Ethernet Interfaces

The precedence of classifiers on logical interfaces, from the highest priority classifier to the lowest priority classifier, is:

  • MF classifier on a logical interface (no classifier has a higher priority than MF classifiers).

  • Fixed classifier on the logical interface.

  • DSCP or DSCP IPv6 classifier on the physical or logical interface..

  • IEEE 802.1p classifier on the physical or logical interface.

Note:

If a global EXP classifier is configured, MPLS traffic uses the EXP classifier on all family mpls interfaces, even if a fixed classifier is applied to the interface. If a global EXP classifier is not configured, then:

  • If a fixed classifier is applied to the interface, the MPLS traffic uses the fixed classifier. If no EXP classifier and no fixed classifier is applied to the interface, MPLS traffic is treated as best-effort traffic.

You can apply both a DSCP classifier and an IEEE 802.1p classifier on a logical interface. When both a DSCP and an IEEE classifier are on an interface, IP traffic uses the DSCP classifier, and all other traffic uses the IEEE classifier. Only MPLS traffic on interfaces configured as family mpls uses the EXP classifier.

Classifier Behavior and Limitations

Consider the following behaviors and constraints when you apply classifiers to Ethernet interfaces.

  • You can configure only one DSCP classifier (IP or IPv6) on a physical interface. You cannot configure both types of DSCP classifier on one physical interface. Both IP and IPv6 traffic use whichever DSCP classifier is configured on the interface.

  • When you configure a DSCP or a DSCP IPv6 classifier on a physical interface and the physical interface has at least one logical Layer 3 interface, all packets (IP, IPv6, and non-IP) use that classifier.

  • An interface with both a DSCP classifier (IP or IPv6) and an IEEE 802.1p classifier uses the DSCP classifier for IP and IPv6 packets, and uses the IEEE classifier for all other packets.

  • Fixed classifiers and BA classifiers (DSCP and IEEE classifiers) are not permitted simultaneously on an interface. If you configure a fixed classifier on an interface, you cannot configure a DSCP or an IEEE classifier on that interface. If you configure a DSCP classifier, an IEEE classifier, or both classifiers on an interface, you cannot configure a fixed classifier on that interface.

  • When you configure an IEEE 802.1p classifier on a physical interface and a DSCP classifier is not explicitly configured on that interface, the interface uses the IEEE classifier for all types of packets. No default DSCP classifier is applied to the interface. (In this case, if you want a DSCP classifier on the interface, you must explicitly configure it and apply it to the interface.)

  • The system does not apply a default classifier to a physical interface until you create a logical interface on that physical interface. If you configure a Layer 3 logical interface, the system uses the default DSCP classifier. If you configure a Layer 2 logical interface, the system uses the default IEEE 802.1p trusted classifier if the port is in trunk mode or tagged-access mode, or the default IEEE 802.1p untrusted classifier if the port is in access mode.

  • MF classifiers configured on logical interfaces take precedence over BA and fixed classifiers, with the exception of the global EXP classifier, which is always used for MPLS traffic on family mpls interfaces. (Use firewall filters to configure MF classifiers.) When BA or fixed classifiers are present on an interface, you can still configure an MF classifier on that interface.

  • There is no default EXP classifier for MPLS traffic.

  • You can configure up to 64 EXP classifiers.

    All family mpls switch interfaces use the EXP classifier specified using this configuration statement to classify MPLS traffic, even on interfaces that have a fixed classifier. No other traffic uses the EXP classifier.

Rewrite Rule Precedence and Behavior

The following rules apply on Ethernet interfaces for rewrite rules:

  • If you configure one DSCP (or DSCP IPv6) rewrite rule and one IEEE 802.1p rewrite rule on an interface, both rewrite rules take effect. Traffic with IP and IPv6 headers use the DSCP rewrite rule, and traffic with a VLAN tag uses the IEEE rewrite rule.

  • If you do not explicitly configure a rewrite rule, there is no default rewrite rule, so the system does not apply any rewrite rule to the interface.

  • You can apply a DSCP rewrite rule or a DSCP IPv6 rewrite rule to an interface, but you cannot apply both a DSCP and a DSCP IPv6 rewrite rule to the same interface. Both IP and IPv6 packets use the same DSCP rewrite rule, regardless of whether the configured rewrite rule is DSCP or DSCP IPv6.

  • MPLS EXP rewrite rules apply only to logical interfaces on family mpls interfaces. You cannot apply to an EXP rewrite rule to a physical interface. You can configure up to 64 EXP rewrite rules, but you can only use 16 EXP rewrite rules at any time on the switch.

  • A logical interface can use both DSCP (or DSCP IPv6) and EXP rewrite rules.

  • DSCP and DSCP IPv6 rewrite rules are not applied to MPLS traffic.

  • If the switch is performing penultimate hop popping (PHP), EXP rewrite rules do not take effect. If both an EXP classifier and an EXP rewrite rule are configured on the switch, then the EXP value from the last popped label is copied into the inner label. If either an EXP classifier or an EXP rewrite rule (but not both) is configured on the switch, then the inner label EXP value is sent unchanged.

Note:

On each physical interface, either all forwarding classes that are being used on the interface must have rewrite rules configured or no forwarding classes that are being used on the interface can have rewrite rules configured. On any physical port, do not mix forwarding classes with rewrite rules and forwarding classes without rewrite rules.
Note:

Rewrite rules are applied before the egress filter is matched to traffic. Because the code point rewrite occurs before the egress filter is matched to traffic, the egress filter match is based on the rewrite value, not on the original code point value in the packet.

Classifier and Rewrite Rule Configuration Interaction with Ethernet Interface Configuration

This section focuses on BA classifiers, but the interaction between BA classifiers and interfaces described in this section also applies to fixed classifiers and rewrite rules.

Note:

See Defining CoS BA Classifiers (DSCP, DSCP IPv6, IEEE 802.1p) for how to configure multidestination classifiers and see Configuring a Global MPLS EXP Classifier for how to configure EXP classifiers.

On switches that use different classifiers for unicast and multidestination traffic, multidestination classifiers are global and apply to all switch interfaces.

There are two components to applying classifiers or rewrite rules to interfaces:

  1. Setting the interface family (inet, inet6, or ethernet-switching; ethernet-switching is the default interface family) in the [edit interfaces] configuration hierarchy.

  2. Applying a classifier or rewrite rule to the interface in the [edit class-of-service] hierarchy.

These are separate operations that can be set and committed at different times. Because the type of classifier or rewrite rule you can apply to an interface depends on the interface family configuration, the system performs checks to ensure that the configuration is valid. The method the system uses to notify you of an invalid configuration depends on the set operation that causes the invalid configuration.

If applying the classifier or rewrite rule to the interface in the [edit class-of-service] hierarchy causes an invalid configuration, the system rejects the configuration and returns a commit check error.

If setting the interface family in the [edit interfaces] configuration hierarchy causes an invalid configuration, the system creates a syslog error message. If you receive the error message, you need to remove the classifier or rewrite rule configuration from the logical interface and apply it to the physical interface, or remove the classifier or rewrite rule configuration from the physical interface and apply it to the logical interface. For classifiers, if you do not take action to correct the error, the system programs the default classifier for the interface family on the interface. (There are no default rewrite rules. If the commit check fails, no rewrite rule is applied to the interface.)

Two scenarios illustrate these situations:

  • Applying a classifier to an Ethernet interface causes a commit check error

  • Configuring the Ethernet interface family causes a syslog error

These scenarios differ on different switches because some switches support classifiers on physical Layer 3 interfaces but not on logical Layer 3 interfaces, while other switches support classifiers on logical Layer 3 interfaces but not on physical Layer 3 interfaces.

Two scenarios illustrate these situations:

Note:

Both of these scenarios also apply to fixed classifiers and rewrite rules.

QFX5000 Series and EX4600 Switch Scenarios

Scenario 1: Applying a Classifier to an Ethernet Interface Causes a Commit Check Error

In Scenario 1, we set the interface family, and then specify an invalid classifier.

  1. Set and commit the interface as a Layer 3 (family inet) interface:

    This commit operation succeeds.

  2. Set and commit a DSCP classifier on the logical interface (this example uses a DSCP classifier named dscp1):

    This configuration is not valid, because it attempts to apply a classifier to a Layer 3 logical interface. Because the failure is caused by the class-of-service configuration and not by the interface configuration, the system rejects the commit operation and issues a commit error, not a syslog message.

    Note that the commit operation succeeds if you apply the classifier to the physical Layer 3 interface as follows:

    Because the logical unit is not specified, the classifier is applied to the physical Layer 3 interface in a valid configuration, and the commit check succeeds.

Scenario 2: Configuring the Ethernet Interface Family Causes a Syslog Error

In Scenario 2, we set the classifier first, and then set an invalid interface type.

  1. Set and commit a DSCP classifier on a logical interface that has no existing configuration:

    This commit succeeds. Because no explicit configuration existed on the interface, it is by default a Layer 2 (family ethernet-switching) interface. Layer 2 logical interfaces support BA classifiers, so applying the classifier is a valid configuration.

  2. Set and commit the interface as a Layer 3 interface (family inet) interface:

    This configuration is not valid because it attempts to change an interface from Layer 2 (family ethernet-switching) to Layer 3 (family inet) when a classifier has already been applied to a logical interface. Layer 3 logical interfaces do not support classifiers. Because the failure is caused by the interface configuration and not by the class-of-service configuration, the system does not issue a commit error, but instead issues a syslog message.

    When the system issues the syslog message, it programs the default classifier for the interface type on the interface. In this scenario, the interface has been configured as a Layer 3 interface, so the system applies the default DSCP profile to the physical Layer 3 interface.

    In this scenario, to install a configured DSCP classifier, remove the misconfigured classifier from the Layer 3 logical interface and apply it to the Layer 3 physical interface. For example:

Platform-Specific Behavior

Use the following table to review platform-specific behaviors for your platforms.

Table 4: Platform-Specific Behavior

Platform

Difference

QFX5000 Series and EX4600 switches

  • On QFX5100, QFX5200, and EX4600 switches, you can apply classifier and rewrite rules to Layer 3 physical interfaces if at least one logical Layer 3 interface is configured on the physical interface. The CoS you configure on a Layer 3 physical interface is applied to all of the Layer 3 logical interfaces on that physical interface. This means that each Layer 3 interface uses the same classifiers and rewrite rules for all of the Layer 3 traffic on that interface.

  • On QFX5100, QFX5200, and EX4600 switches, configure an EXP classifier and configure it as the global system default EXP classifier.

QFX 10000 Series

  • QFX10000 switches do not support global EXP classifiers. You can apply the same EXP classifier or different EXP classifiers to different family mpls interfaces.

    If you want to classify MPLS traffic using EXP bits on QFX10000 switches, configure an EXP classifier and apply it to a logical interface that is configured as family mpls.

Related Documentation