Junos
Reply
Contributor
CNIDog
Posts: 161
Registered: ‎02-04-2008
0

Rewrite-Rules

I found this example of rewrite-rules configuration on Juniper's website:

To configure a rewrite-rules mapping and associate it with the appropriate forwarding
class and code-point alias or bit set, include the rewrite-rules statement at the [edit class-of-service] hierarchy level:

[edit class-of-service]

rewrite-rules {

(dscp | exp | inet-precedence) rewrite-name {

import (rewrite-name | default);

forwarding-class class-name {

loss-priority (low | high) code-point alias | bits;

}

}

}



To assign the rewrite-rules configuration to the output logical interface, include the following configuration:

[edit class-of-service]

interfaces {

interface-name {

unit logical-unit-number {

rewrite-rules {

dscp (rewrite-name | default);

exp (rewrite-name | default) protocol protocol-types;

ieee-802.1 default;

inet-precedence (rewrite-name | default);

}

}

}

}

I was looking for an example of an actual configuration, because I don't quite understand this example. They don't show the "rewrite-name" that is imported and they don't show the forwarding-class that is referenced. Any assistance would be greatly appreciated. I'm trying to understand how to rewrite the DSCP bits for outgoing packets, so that the service provider can properly handle the packets as they enter their network. Best Regards,
DAK
Super Contributor
AntonD
Posts: 111
Registered: ‎11-07-2007
0

Re: Rewrite-Rules

Hi DAK

Here is a very short example of the command. I hope this give you a starting point.

[edit class-of-service]
user@graz-re0# show
interfaces {
ge-0/0/0 {
unit 0 {
rewrite-rules {
inet-precedence test1;
}
}
}
}
rewrite-rules {
inet-precedence test1 {
forwarding-class expedited-forwarding {
loss-priority high code-point 010;
}
}
}

[edit class-of-service]
user@graz-re0#

 


Contributor
CNIDog
Posts: 161
Registered: ‎02-04-2008
0

Re: Rewrite-Rules

Thank you for your quick response, Anton. I have a few other questions regarding this example:

- I assume that the rewrite rule gets applied to the outgoing interface.
- I assume that the import statement that they show in this example is just indicating that you can import, or nest rewrite rules.
- My rewrite rule will look something like this:

rewrite-rules
dscp level3-voice
forwarding-class expedited-forwarding
loss-priority high code-point 101110

interface t3-1/0/0 ********** this is my MPLS SP interface ************
unit 0
rewrite-rules
dscp level3-voice

The T3 interface connects to my service provider, so I assume that this is where I apply the rewrite rule in order to ensure that the DSCP is set to 46 (ef) before being sent to the SP. I also need to identify the voice traffic as it enters the router and only apply the rewrite rule to the IP voice. The voice will be entering the router through one of the GE interfaces - data is on one interface and voice is on another.

Regards,
DAK
Super Contributor
AntonD
Posts: 111
Registered: ‎11-07-2007
0

Re: Rewrite-Rules

To be clear, there are several things that need to be taken into account when developing a Class of Service design and configuration. I would really suggest that you spend some more time reading throught the documentation to be clear what it is that you want to achieve.  For a quick start here is some suggestions.

 

You will need to classify the incoming packets and assign them to a forwarding class which will match your re-write rule. As you know that all traffic coming in on a particular interface is voice traffic, you can use a configuration similar to the one below.

 

user@graz-re0# show
interfaces {
ge-0/0/0 {
unit 0 {
forwarding-class expedited-forwarding;
}
}
t3-1/0/0 {
unit 0 {
rewrite-rules {
dscp level3-voice;
}
}
}
}
rewrite-rules {
dscp level3-voice {
forwarding-class expedited-forwarding {
loss-priority high code-point 101110;
}
}
}

You might therefore have to use loss-priority low instead of high. Keep in mind if you don't assign all the values for the re-write rule, the default values will apply. I also don't know what the incoming DCSP value is for your voice traffic. 

  

user@graz-re0# run show class-of-service rewrite-rule type dscp
Rewrite rule: dscp-default, Code point type: dscp, Index: 26
Forwarding class Loss priority Code point
best-effort low 000000
best-effort high 000000
expedited-forwarding low 101110
expedited-forwarding high 101110
assured-forwarding low 001010
assured-forwarding high 001100
network-control low 110000
network-control high 111000


You should also change your default schedulers applied to the interface. By default, the best-effort forwarding class gets 95% while the network-control forwarding class gets 5%.
 user@graz-re0# ...ensive so-0/0/0 | find "CoS transmit"
CoS transmit queue Bandwidth Buffer Priority Limit
% bps % usec
0 best-effort 95 147744000 95 0 low none
3 network-control 5 7776000 5 0 low none


If you leave it at the defaults, your voice traffic in expedited-forwarding queue will actually gets less priority than you normal best-effort queue.
Contributor
CNIDog
Posts: 161
Registered: ‎02-04-2008
0

Re: Rewrite-Rules

[ Edited ]
Hello, Anton. Not sure what you mean by, "You might therefore have to use loss-priority low instead of high." I assume you mean in the rewrite rules.

Can I use the classifiers to set the loss-priority and code-point for incoming packets? Or does the classifier only identify the packets based on the code-point setting of the packet?

Here is my entire configuration:

class-of-service {
classifiers {
inet-precedence ERS-Data-Classifier {
forwarding-class Data {
loss-priority low code-points 000000;
}
inet-precedence ERS-Voice-Classifier {
forwarding-class Audio {
loss-priority high code-points 101110;
}
}
}
forwarding-classes {
queue 0 Data;
queue 1 Audio;
}
interfaces {
ge-0/0/0 {
unit 0 {
classifiers {
inet-precedence ERS-Voice-Classifier;
}
}
}
ge-0/0/1 {
unit 0 {
classifiers {
inet-precedence ERS-Data-Classifier;
}
}
}
t1-1/0/0 {
scheduler-map ERS-Scheduler;
}
}
scheduler-maps {
ERS-Scheduler {
forwarding-class Audio scheduler ERS-Audio-Scheduler;
forwarding-class Data scheduler Best_Effort;
}
}
schedulers {
ERS-Audio-Scheduler {
transmit-rate percent 60;
buffer-size percent 60;
priority strict-high;
}
Best_Effort {
transmit-rate percent 40;
buffer-size percent 40;
priority medium-low;
}
}
}
Message Edited by CNIDog on 05-23-2008 12:17 PM
DAK
Distinguished Expert
rkim
Posts: 755
Registered: ‎11-06-2007
0

Re: Rewrite-Rules

You've configured a Behavior Aggregate (BA) classifier for your voice and data traffic. BA classifiers only work if the incoming traffic has inet-precedence bits and loss priority (PLP bit) already set on ingress. If that is the case then rewrite rules are not really needed as the JUNOS router will preserve whatever TOS bits are set on egress.

 

However, if your voice traffic is all ingressing without TOS bits set, then you will need to use a Multifield Classifier instead of a BA classifier. The multifield classifier uses firewall rules to identify traffic based on perhaps source IP, source or destination ports, or whatever is the best way to be sure that you can target only the voice traffic. Then for the action statement you would specify the loss-priority and forwarding class. That will send the traffic to the proper out-queue on the egress interface. Then you can configure the rewrite rules on the egress interface to set the TOS bits as needed.

 

-Richard

Contributor
CNIDog
Posts: 161
Registered: ‎02-04-2008
0

Re: Rewrite-Rules

Thank you, Richard. I opened a case with JTAC and attached a copy of my configuration, but I haven't heard back from them yet.

I am assuming that the phone switch is not marking the voice traffic Code Point (DSCP), because Level3 says they aren't seeing any traffic on their Voice plane coming from any of the customer loactions. I guess that since I am classifying ingress traffic on the voice port, I will also want to ensure that the traffic coming into the router from the Data LAN port gets its DSCP set to zero (0). Below is what I think the configuration will look like:

firewall {
family inet {
filter ef-class {
term match-voice {
from {
source-address {
10.10.0.0/16;
}
}
then {
forwarding-class Audio;
accept;
}
}
filter data-class {
term match-data {
from {
source-address {
10.1.0.0/16;
}
}
then {
forwarding-class Data;
accept;
}
}
term accept-all {
then accept;
}
}
}
}
class-of-service {
forwarding-classes {
queue 0 Data;
queue 1 Audio;
}
rewrite-rules {
inet-precedence ERS-Voice {
forwarding-class Audio {
loss-priority high code-point 101110;
inet-precedence ERS-Data
forwarding-class Data
loss-priority low code-point 000000;
}
}
}
interfaces {
t3-1/0/0 {
scheduler-map ERS-Scheduler;
unit 0 {
rewrite-rules {
inet-precedence ERS-Voice;
inet-precedence ERS-Data;
}
}
}
scheduler-maps {
ERS-Scheduler {
forwarding-class Audio scheduler ERS-Audio-Scheduler;
forwarding-class Data scheduler Best_Effort;
}
}
schedulers {
ERS-Audio-Scheduler {
transmit-rate percent 60;
buffer-size percent 60;
priority strict-high;
}
Best_Effort {
transmit-rate percent 40;
buffer-size percent 40;
priority medium-low;
}
}
}
interfaces {
ge-0/0/0 {
description Data;
speed 1g;
link-mode full-duplex;
gigether-options {
auto-negotiation;
}
unit 0 {
family inet {
address 10.1.10.10/16;
filter
input data-class
}
}
}
ge-1/0/0 {
description Voice;
speed 1g;
link-mode full-duplex;
gigether-options {
no-auto-negotiation;
}
unit 0 {
family inet {
address 10.10.10.10/16;
filter
input ef-class
}
}
}

Are these code point settings correct? Level3 says that they identify voice by DSCP 46 - expedited forwarding (ef).

Regards,
DAK
Super Contributor
AntonD
Posts: 111
Registered: ‎11-07-2007
0

Re: Rewrite-Rules

Hi DAK

 

Within your filter I would aslo specify the loss-priority. That will make sure that your rewrite rules will take effect. 

 

set firewall family inet filter ef-class term match-voice then loss-priority high

 

I noticed that you have assigned the queues with a schedule ratio of 40/60. There is now nothing assigned to queue 3 which is the default queue for a lot of control plain traffic.I would suggest that you assign 5% to it as well.

 

 

Regular Visitor
Osama
Posts: 7
Registered: ‎05-25-2008
0

Re: Rewrite-Rules

Hi ,

 

Just I want to elaborate more as you look a bit confused, first of all you should classify the packets at your ingress interface and then assign a forwarding class, you classify the packets using either Multifield Aggreagte (MA) or Behaviour Aggregate. MA is used when the packets arriving the interface don't have the TOS value set in the IP header and in this casde you need to define a firewall filter based on IP source/destination or port number whatever and assign a forwarding class and a loss priority high or low, for voice traffic you can use protocol UDP and ports rang of RTP

 

firewall {
    filter x{
        term x {
            from {
                protocol x;
                port x;
            }
            then {
                loss-priority x;
                forwarding-class x;
                accept;
            }
        }

 

Now you just assigned the traffic to specific class "queue", you now need to define the rewrite rule as the TOS field of the IP header is still not changed and apply this rule to the outgoing interface, you have to change it before the packet leave the router.

 

class-of-service { 

    interfaces {
        x {
            unit * {
                rewrite-rules {
                    dscp x;
                }
            }
        }

 

The other type of classifiers is the BA which is used if the packets arriving at the interface are already assigned TOS value, in this case you just need to create the classifier and assign it to the interface without the need to apply a rewrite rule as the TOS field is aready marked

 

 

class-of-service { 

    interfaces {
        x {
            unit * {
                classifier {
                    dscp x;
                }
            }
        }

 

you can use copy/paste for configuring classifiers and rewrite rules as they use the same parameters and should be the same value in the network

I just want to add for the best practice with voice traffic, it is better to make the marking at the voice node itself, this should make the marking very accurate and there will be less overhead in the routers as the firewall filter is very CPU consuming

 

Hope it helps

 

Osama  

New User
danie53595
Posts: 1
Registered: ‎03-12-2010
0

Re: Rewrite-Rules

Thanks for sharing this post. This is a very helpful and informative material. Good post and keep it up. Websites are always helpful in one way or the other, that’s cool stuff, anyways, a good way to get started to renovate your dreams into the world of reality.

Daniel Perl
mcitp
Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.