Switching

last person joined: yesterday 

Ask questions and share experiences about EX and QFX portfolios and all switching solutions across your data center, campus, and branch locations.

  • 1.  EX4200 CoS Firewall filter don't work (junos 11.4R8.5)

    Posted 10-19-2013 12:19

    Hello.

     
    I use the two EX-4200 in virtual-chassis cluster mode, with Junos 11.4R8.5
     
    Problem in the following: after configuring CoS/DSCP and Multifield Classifier (MF), and applying MF to VLAN95 on input, the received packets are not marked on the input VLAN95, packets remain the same (with default dscp best-effort) on output VLAN1030.
     
    Also if the packets marked in the previous switch, they normally pass through the ex-4200 and output are labeled, but  also do not change DSCP according to the MF-rules.
     
    As testing, the MF-filter include VOICE and MGMT terms.
     
    Packets at the output VLAN1030 checked by Wireshark, they have not changed compared to the original. 

    my configuration:

     

    Spoiler
    classifiers {
        dscp DSCP-ENTERPRISE {
            forwarding-class COS-VOICE {
                loss-priority low code-points ef;
            }
            forwarding-class COS-ROUTING {
                loss-priority low code-points [ nc1 nc2 ];
            }
            forwarding-class COS-NETWORK-MGMT {
                loss-priority low code-points cs2;
            }
            forwarding-class COS-BEST-EFFORT {
                loss-priority high code-points be;
            }
            forwarding-class COS-VOICE-CONTROL {
                loss-priority low code-points [ af31 cs3 ];
            }
        }
    }
    forwarding-classes {
        class COS-VOICE queue-num 5;
        class COS-ROUTING queue-num 7;
        class COS-NETWORK-MGMT queue-num 2;
        class COS-BEST-EFFORT queue-num 0;
        class COS-VOICE-CONTROL queue-num 3;                                                                                                                     

    family ethernet-switching {
        filter CLASS-MARK-ENTERPRISE {
            inactive: term VOICE {
                from {
                    source-address {
                        192.168.95.8/32;
                    }
                }
                then {
                    forwarding-class COS-VOICE;
                    loss-priority low;
                    count VOICE;
                }
            }
            term NETWORK-MGMT {
                from {
                    protocol tcp;
                    destination-port [ 3389 ssh ];
                }
                then {
                    forwarding-class COS-NETWORK-MGMT;
                    loss-priority low;
                    count NETWORK-MGMT;
                }
            }
            term DEFAULT {
                then {
                    forwarding-class COS-BEST-EFFORT;
                    loss-priority high;

    interfaces {
    vlan {
    unit 95 {
        description LAN95;
        family inet {
            address 192.168.95.1/24;
    }

    unit 1030 {
        description CR;
        family inet {
            address 10.254.10.1/30;
    }

    vlans {
    LAN95 {
        description LAN95;
        vlan-id 95;
        filter {
            input CLASS-MARK-ENTERPRISE;
        }
        l3-interface vlan.95;

    CR-to-JSWSTK {
        description CR-to-JSW-01;
        vlan-id 1030;
        l3-interface vlan.1030;


    Spoiler
    admin@JSWSTK-01# run show version
    fpc0:
    --------------------------------------------------------------------------
    Hostname: SPB-MED-JSWSTK-01
    Model: ex4200-48t
    JUNOS Base OS boot [11.4R8.5]
    JUNOS Base OS Software Suite [11.4R8.5]
    JUNOS Kernel Software Suite [11.4R8.5]
    JUNOS Crypto Software Suite [11.4R8.5]
    JUNOS Online Documentation [11.4R8.5]
    JUNOS Enterprise Software Suite [11.4R8.5]
    JUNOS Packet Forwarding Engine Enterprise Software Suite [11.4R8.5]
    JUNOS Routing Software Suite [11.4R8.5]
    JUNOS Web Management [11.4R8.5]
    JUNOS FIPS mode utilities [11.4R8.5]

    fpc1:
    --------------------------------------------------------------------------
    Hostname: SPB-MED-JSWSTK-01
    Model: ex4200-48t
    JUNOS Base OS boot [11.4R8.5]
    JUNOS Base OS Software Suite [11.4R8.5]
    JUNOS Kernel Software Suite [11.4R8.5]
    JUNOS Crypto Software Suite [11.4R8.5]
    JUNOS Online Documentation [11.4R8.5]
    JUNOS Enterprise Software Suite [11.4R8.5]
    JUNOS Packet Forwarding Engine Enterprise Software Suite [11.4R8.5]
    JUNOS Routing Software Suite [11.4R8.5]
    JUNOS Web Management [11.4R8.5]
    JUNOS FIPS mode utilities [11.4R8.5]

     

     

    Help please.



  • 2.  RE: EX4200 CoS Firewall filter don't work (junos 11.4R8.5)
    Best Answer

    Posted 10-19-2013 17:36

    Hi Pestov82,

     

    Using MF classifier you are directing the traffic to different forwarding classes, but there is no rewrite rule to remark (no rule to change the DSCP) the traffic. Because of default behavior of Junos OS, device will not change the DSCP value of the packet.

     

    Following link  might be helpful you to write the rewrite rule to suite your needs.

     

    http://kb.juniper.net/InfoCenter/index?page=content&id=KB26735&smlogin=true

     

    Regards

    Satinder Singh



  • 3.  RE: EX4200 CoS Firewall filter don't work (junos 11.4R8.5)

    Posted 10-20-2013 03:20

    Thanks so match for the clean answer! It works! Smiley Happy   



  • 4.  RE: EX4200 CoS Firewall filter don't work (junos 11.4R8.5)

    Posted 10-20-2013 03:47

    It is my pleasure.

     

    Regards

    Satinder Singh