Routing
Reply
Contributor
Ruwini
Posts: 59
Registered: ‎08-25-2008

QOS Features on M7i

Does JUNOS provide a feature similar to class-based qos on Cisco, the below is a customer requirement for a potemtial M7i deal please help me out on this... 


The  requirement is to limit the total traffic on our outside link to
some bandwidth, subject to bandwidth guarantees to individual sites


Site X - Average Bandwidth Ax guaranteed, Px peak (if there is spare bw)

Site Y - Bandwidth Ay guaranteed, Py peak (if there is spare bw)

 

Total Average Bandwidth should be limited to At (normally larger than  Ax + Ay)  Each site should be able to use at least their guaranteed bandwidth,  but should be able to use up-to their peak bandwidth, if spare
bandwidth is available (i.e. the total bandwidth used is less than At).

 

According to the config guide, a logical interface in Ethernet context is a VLAN (using the same physical interface). But in our case, we do not want to create separate vlans for each site, but define classes based on the IP addresses used and then provide b/w guarantees for such classes and do traffic shaping.

 

many thanks,

 

Ruwini

Trusted Contributor
Trusted Contributor
JJ
Posts: 53
Registered: ‎11-06-2007

Re: QOS Features on M7i

Well, probably the easiest way to implement a CIR/PIC scheme is to use vlans and the methods described here:

http://www.juniper.net/techpubs/software/junos/junos90/swconfig-cos/oversubscribing-interface-bandwi...

 

That being said, there are other ways to do it.  Can I assume that your router only uses the 2 GigE interfaces?  If so, we can used JUNOS policers in the next best method.  See, our policers are not usually simply set up with a CIR/PIR, but rather a maximum bandwidth and a burst value.  So the method I've used to approximate a CIR/PIR or two-rate/three color scheme can be discribed like this:

 

Assuming you have only 2 interfaces for the router, you can split the CIR/PIC implementation between the two interfaces.  Let's assume your traffic is coming in on ge-0/0/1 from the outside and going to your sites on ge-0/0/2.  You configure a firewall filter on the INPUT of ge-0/0/1 with matching statements for the IP addresses for your 3 sites on 3 terms, then police for each term at the *PIR* for that traffic class.  The policer action in this case should be set to drop any traffic above the PIR bandwidth.

 

Then on the ge-0/0/2 interface, you do something similar, but rather you use your match terms to call policers set to the *CIR* rates, and rather than dropping the traffic for exceeding, you set the precedence or loss-priority differently as needed.

 

I hope my explanation makes sense.  If you can't figure out the syntax from the description, i'll check back later when I have more time.

 

Best of luck,

-JJ

Contributor
Ruwini
Posts: 59
Registered: ‎08-25-2008
0

Re: QOS Features on M7i

Hi JJ,

 

Many thanks for the reply, is there any way that you could please share a  config code with me on this regard. The customer has been running Cisco 7206VXR's  on this academic network for a long time now and now he is opening upto look at Juniper the only stumbling block I have is this QOS feature...... He says doing it with Cisco is super Easy and with Juniper it's over complicated...

 

Appreciate your input please..

 

regards,

 

Ruwini..

Sri Lanka

Trusted Contributor
Trusted Contributor
JJ
Posts: 53
Registered: ‎11-06-2007

Re: QOS Features on M7i

Apologies for the lag time...  Had some personal issues and my paying gig was a bit busy yesterday.  :smileywink:

 

First, some disclaimers:

1.  I have *NOT* performed any testing other than "commit check".  Therefore I do not know if the traffic profiles you are looking for will exactly come from this config, and I may have made some subnetting errors.

2.  I've made several assumptions based on your IOS config, such as the multiple "site-x" references were typos to mean site-y and site-z in some places.  Also, my interpretation of IOS COS could be a little off.

3.  We may not have the overall 31 Meg shaper available on your M7i, depending on the PIC type you are using.  I have two relevant configs for it.  The 32 M shaper under the COS config is the closest fit, but may only be available if you use an IQ PIC.  Otherwise, you may only have an interface policer (not shaper) available.  A policer will be more of a hard cut-off, whereas a shaper should average out the traffic.  Use *either* the policer *or* the *shaper* for the whole interface, but *not both*.

4.  I assumed that you are classifying the different sites to different queues/traffic-classes, and then set up class-of-service configs appropriately.  The class-of-service config is partial, as you may need to define what you want to do with high/low loss-priority, etc.  I picked arbitray buffer sizes.  If you did not need to used different forwarding classes, you could use "then loss-priority" in the firewall and policer configs.

5.  This scheme of trtcm mainly only works with a point-to-point configuration, such as when there is one entry and one exit.

 

All that being said, here is what I came up with for the example configs.  The ge-0/1/0 is the input and ge-0/2/0 is the output.  I hope you find this helpful.

 

jj@someM20# show interfaces
ge-0/1/0 {
    unit 0 {
        family inet {
            filter {
                input PIR-input;
            }
        }
    }
}
ge-0/2/0 {
    unit 0 {
        family inet {
            filter {
                output CIR-output;
            }
            policer {
                output 32-Meg;
            }
        }
    }
}

jj@someM20# show firewall
policer site-x-PIR-in {
    if-exceeding {
        bandwidth-limit 20480000;
        burst-size-limit 9k;
    }
    then discard;
}
policer site-y-PIR-in {
    if-exceeding {
        bandwidth-limit 10240000;
        burst-size-limit 9k;
    }
    then discard;
}
policer site-z-PIR-in {
    if-exceeding {
        bandwidth-limit 10240000;
        burst-size-limit 9k;
    }
    then discard;
}
policer site-x-CIR-out {
    if-exceeding {
        bandwidth-limit 10240000;
        burst-size-limit 9k;
    }
    then loss-priority high;
}
policer site-y-CIR-out {
    if-exceeding {
        bandwidth-limit 512k;
        burst-size-limit 9k;
    }
    then loss-priority high;
}
policer site-z-CIR-out {
    if-exceeding {
        bandwidth-limit 8192000;
        burst-size-limit 9k;
    }
    then loss-priority high;
}
policer 32-Meg {
    if-exceeding {
        bandwidth-limit 32m;
        burst-size-limit 9k;
    }
    then discard;
}
family inet {
    filter PIR-input {
        term site-x-PIR {
            from {
                address {
                    192.248.4.0/22;
                }
            }
            then {
                policer site-x-PIR-in;
                loss-priority low;
                forwarding-class best-effort;
            }
        }
        term site-y-PIR {
            from {
                address {
                    192.248.8.0/22;
                }
            }
            then {
                policer site-y-PIR-in;
                loss-priority low;
                forwarding-class assured-forwarding;
            }
        }
        term site-z-PIR {
            from {
                address {
                    192.248.12.0/22;
                }
            }
            then {
                policer site-z-PIR-in;
                loss-priority low;
                forwarding-class expedited-forwarding;
            }
        }
        term default {
            then {
                count unclassified-in;
                loss-priority low;
                forwarding-class best-effort;
            }
        }
    }
    filter CIR-output {
        term site-x-CIR {
            from {
                address {
                    192.248.4.0/22;
                }
            }
            then policer site-x-CIR-out;
        }
        term site-y-CIR {
            from {
                address {
                    192.248.8.0/22;
                }
            }
            then policer site-y-CIR-out;
        }
        term site-z-CIR {
            from {
                address {
                    192.248.12.0/22;
                }
            }
            then policer site-z-CIR-out;
        }
        term default-out {
            then count unclassified-out;
        }
    }
}

[edit]
jj@someM20#

jj@someM20# show class-of-service
interfaces {
    ge-0/2/0 {
        scheduler-map xyz;
        shaping-rate 32m;
    }
}
scheduler-maps {
    xyz {
        forwarding-class best-effort scheduler site-x;
        forwarding-class assured-forwarding scheduler site-y;
        forwarding-class expedited-forwarding scheduler site-z;
    }
}
schedulers {
    site-x {
        transmit-rate 10240000;
        buffer-size percent 40;
    }
    site-y {
        transmit-rate 5120000;
        buffer-size percent 20;
    }
    site-z {
        transmit-rate 8192000;
        buffer-size percent 30;
    }
}

[edit]
jj@someM20#

 

Contributor
7wonders
Posts: 33
Registered: ‎07-08-2008
0

Re: QOS Features on M7i

very helpful JJ.

 

-Ray 

Contributor
Ruwini
Posts: 59
Registered: ‎08-25-2008
0

Re: QOS Features on M7i

Hi JJ,

 

Many a thanks for the reply, I will be haveing a discussion with the client shortly and will update you..

 

Thanks  A Million..

 

Regards,

 

Ruwini

Contributor
Ruwini
Posts: 59
Registered: ‎08-25-2008
0

Re: QOS Features on M7i

Hi JJ,

 

Can you please let me have some input on the below -

 

 

1. Can we change

from {

 

address {

 

entries to

 

to {

 

address {

 

as we need to shape traffic TO sites x y and z and not

 

traffic from them?

 

2. How do we change the section  if we wish to have the same forwarding class for all sites?

 

scheduler-maps {

 

xyz {

 

forwarding-class best-effort scheduler site-x;

 

forwarding-class assured-forwarding scheduler site-y;

 

forwarding-class expedited-forwarding scheduler site-z;

 

}

 

}

 

 

Many Thanks in Advance if you can shed some calrity on this matter..

 

regards,

 

ruwini

 

 

 

Trusted Contributor
Trusted Contributor
JJ
Posts: 53
Registered: ‎11-06-2007
0

Re: QOS Features on M7i

On point 1:

The sytax for firewall filter match conditions is always "from", but what you want to use is "from destination-address <x.x.x.x/x>".  Sorry, that's one example of the kind of mistake i could make providing the untested config.  :-)

 

On point2:

 If you use the same forwarding-class, you can just put all three in best-effort, and rely on the policers to differentiate between the sites.  Then just allocate the 32 Meg of bandwidth to best-effort as its transmit-rate.  Depending on your desired results, you may want to use the keywords "exact" or "rate-limit" in the scheduler for best-effort.  More info on that here:

http://www.juniper.net/techpubs/software/junos/junos90/swconfig-cos/transmit-rate.html

 

 

The other thing I left out was a RED (drop-profile).  This was partly because I was unsure of the intended consequence of marking the precedence in the IOS config.  However, if you are using the same queue, I assume you will want to implement a drop-profile for the traffic between CIR and PIR.  More information on configuring drop profiles is here:

http://www.juniper.net/techpubs/software/junos/junos90/swconfig-cos/configuring-red-drop-profiles.ht...

 

The thing to remember about drop-profiles in Juniperese is that "loss-priority low" (PLP low or PLP of 0) generally means a lower chance of dropping packets compared to "loss-priority high" (PLP high or PLP of 1).  That is why I set the out-of-profile packets to PLP high in the CIR policer.  Usually you will configure a more agressive drop-profile for the high loss priority.

 

-JJ

Contributor
Ruwini
Posts: 59
Registered: ‎08-25-2008
0

Re: QOS Features on M7i

Many Thanks JJ, will get back to you if I need any more clarifications..

 

thanks

 

Ruwini

Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.