CoS The first 3 bits

Hi guillermonrvz83,

Please try this:

Create a forwarding-class and assign to desired queue:
set forwarding-class my_class queue-num 1

If the interface ge-0/0/2 is family inet then:
set class-of-service rewrite-rules dscp rewrite_dscps forwarding-class my-class loss-priority high code-point 000110
set class-of-service interfaces ge-0/0/2 rewrite-rules dscp rewrite_dscps

Else if it's family ethernet-switching then:
set class-of-service rewrite-rules ieee-802.1 rewrite_dot1p forwarding-class my_class loss-priority high code-point 110
set class-of-service interfaces ge-0/0/2 rewrite-rules ieee-802.1 rewrite_dot1p

Hope this helps.

Regards,
-r.

--------------------------------------------------

If this solves your problem, please mark this post as "Accepted Solution."
Kudos are always appreciated .

Hi,

Let me first try to understand your question better:  The subject of your question is "CoS The first 3 bits", then you say that you are trying to set “the ToS field to 6”, and then you talk about 802.1p. You also say that you are applying the default 802.1 rewrite rule, but then your configuration snippet shows that you are applying dscp default rewrite rule. So, I am not clear which value you are actually trying to set to 6.  Can you clarify that? 

Also, you are saying that you are using 4 instead of 6. I am assuming that is just another test you were doing. I am also assuming that you are applying that firewall filter inbound so that all traffic is classified as AF for testing, is that right? Are the inbound and outbound interfaces configuring with family ethernet-switching? What kind of device are you using?

Regards,

I tested using the default ieee802.1 rewrite-rule, and also a custom one, in my lab. See attached file. It also worked with DSCP though I didn't include it. 

HTH, 

Thanks a lot for that lab! 

This is my configuration and still not working

set class-of-service classifiers ieee-802.1 custom_cl forwarding-class assured-forwarding loss-priority low code-points 110
set class-of-service interfaces ge-0/0/2 unit 0 rewrite-rules ieee-802.1 custom_rw
set class-of-service interfaces ge-0/0/3 unit 0 classifiers ieee-802.1 custom_cl
set class-of-service rewrite-rules ieee-802.1 custom_rw forwarding-class assured-forwarding loss-priority low code-point 110
set firewall family ethernet-switching filter fwall1 term t01 then accept
set firewall family ethernet-switching filter fwall1 term t01 then forwarding-class assured-forwarding
set firewall family ethernet-switching filter fwall1 term t01 then loss-priority low
set firewall family ethernet-switching filter fwall1 term t01 then count match_counter
set firewall family ethernet-switching filter fwall1 term tdef then accept


root@sw-mcast-test# run show interfaces queue ge-0/0/2     
Physical interface: ge-0/0/2, Enabled, Physical link is Up
  Interface index: 131, SNMP ifIndex: 506
Forwarding classes: 16 supported, 4 in use
Egress queues: 8 supported, 4 in use
Queue: 0, Forwarding classes: best-effort
  Queued:
  Transmitted:
    Packets              :                     0
    Bytes                :                     0
    Tail-dropped packets :                     0
Queue: 1, Forwarding classes: assured-forwarding
  Queued:
  Transmitted:
    Packets              :                    21
    Bytes                :                  2424
    Tail-dropped packets :                     0
Queue: 5, Forwarding classes: expedited-forwarding
  Queued:
  Transmitted:
    Packets              :                     0
    Bytes                :                     0
    Tail-dropped packets :                     0
Queue: 7, Forwarding classes: network-control
  Queued:
  Transmitted:
    Packets              :                     9
    Bytes                :                   814
    Tail-dropped packets :                     0


root@sw-mcast-test# run show interfaces queue ge-0/0/3     
Physical interface: ge-0/0/3, Enabled, Physical link is Up
  Interface index: 132, SNMP ifIndex: 508
Forwarding classes: 16 supported, 4 in use
Egress queues: 8 supported, 4 in use
Queue: 0, Forwarding classes: best-effort
  Queued:
  Transmitted:
    Packets              :                    11
    Bytes                :                  1239
    Tail-dropped packets :                     0
Queue: 1, Forwarding classes: assured-forwarding
  Queued:
  Transmitted:
    Packets              :                     0
    Bytes                :                     0
    Tail-dropped packets :                     0
Queue: 5, Forwarding classes: expedited-forwarding
  Queued:
  Transmitted:
    Packets              :                     0
    Bytes                :                     0
    Tail-dropped packets :                     0
Queue: 7, Forwarding classes: network-control
  Queued:
  Transmitted:
    Packets              :                     4
    Bytes                :                   272
    Tail-dropped packets :                     0

Remember, my goal is to get the ToS 6 value on the device (laptop+tcpdump) in the port ge-0/0/2.

root@sw-mcast-test# run show version 
fpc0:
--------------------------------------------------------------------------
Hostname: sw-mcast-test
Model: ex4200-48px
JUNOS Base OS boot [12.3R3.4]
JUNOS Base OS Software Suite [12.3R3.4]
JUNOS Kernel Software Suite [12.3R3.4]
JUNOS Crypto Software Suite [12.3R3.4]
JUNOS Online Documentation [12.3R3.4]
JUNOS Enterprise Software Suite [12.3R3.4]
JUNOS Packet Forwarding Engine Enterprise Software Suite [12.3R3.4]
JUNOS Routing Software Suite [12.3R3.4]
JUNOS Web Management [12.3R3.4]
JUNOS FIPS mode utilities [12.3R3.4]

Thanks in advance!

1.- Is the firewall filter applied inbound to ge-0/0/3? 

Firewall filter (Multifield) classification overrides behavior aggregate classification (configured under class of service interface) so your custom classifier is really doing nothing. Because your firewall filter does not have any from statement, all traffic coming in on interface ge-0/0/3, and going out of ge-0/0/2 is being placed in the forwarding class assured forwarding. You can see that in the output of the show interface queue ge-0/0/2 that you attached.

So, classification is working as expected even though ALL traffic is classified the same.

2.- The output of the show interface queue ge-0/0/3 doesn't apply to your use case. You are classifying coming in on ge-0/0/3 and trying to rewrite out of ge-0/0/2.  Traffic in the opposite direction (in on ge-0/0/2 and queued and the forwarded out of ge-0/0/3)  is using the default behavior, unless you also CoS configured on that direction, but are not showing that.

3.- How do you know the traffic is not being marked properly going out of ge-0/0/2? You are capturing traffic on a laptop connected to ge-0/0/2, and looking at what field? 

3.- How is ge-0/0/2 configured?  is it a trunk? IEEE 802.1p is a field within the vlan tag. 

Hello ylara,

Yes I have a laptop capturing traffic and the port is in access mode.

I understood that the MF in the firewall is working, but the egress packets haven't the mark that I need.

Thank you

This is the configuration.

root@sw-mcast-test# show class-of-service | display set 
set class-of-service interfaces ge-0/0/2 unit 0 rewrite-rules ieee-802.1 custom_rw
set class-of-service rewrite-rules ieee-802.1 custom_rw forwarding-class assured-forwarding loss-priority low code-point 110

{master:0}[edit]
root@sw-mcast-test# show firewall | display set            
set firewall family ethernet-switching filter fwall1 term t01 then accept
set firewall family ethernet-switching filter fwall1 term t01 then forwarding-class assured-forwarding
set firewall family ethernet-switching filter fwall1 term t01 then loss-priority low
set firewall family ethernet-switching filter fwall1 term t01 then count match_counter
set firewall family ethernet-switching filter fwall1 term tdef then accept

{master:0}[edit]
root@sw-mcast-test# show interfaces ge-0/0/2 | display set 
set interfaces ge-0/0/2 unit 0 family ethernet-switching port-mode access
set interfaces ge-0/0/2 unit 0 family ethernet-switching vlan members vlan25

{master:0}[edit]
root@sw-mcast-test# show interfaces ge-0/0/3 | display set    
set interfaces ge-0/0/3 unit 0 family ethernet-switching port-mode access
set interfaces ge-0/0/3 unit 0 family ethernet-switching vlan members vlan25
set interfaces ge-0/0/3 unit 0 family ethernet-switching filter input fwall1

root@sw-mcast-test# show vlans | display set           
set vlans default l3-interface vlan.0
set vlans vlan25 vlan-id 25
set vlans vlan35 vlan-id 35

I remove the classifier.

I change the configuration to this and still not receive the ToS value that I expect.

root@sw-mcast-test# show firewall      
family ethernet-switching {
    filter fwall1 {
        term t01 {
            then {
                accept;
                forwarding-class expedited-forwarding;
                loss-priority low;
                count match_counter;
            }
        }
        term tdef {
            then accept;
        }
    }
}

root@sw-mcast-test# show class-of-service 
interfaces {
    ge-0/0/2 {
        unit 0 {
            rewrite-rules {
                ieee-802.1 custom_rw_full;
            }
        }
    }
}
rewrite-rules {
    ieee-802.1 custom_rw {
        forwarding-class assured-forwarding {
            loss-priority low code-point 110;
        }
    }
    ieee-802.1 custom_rw_full {
        forwarding-class best-effort {
            loss-priority low code-point 110;
            loss-priority high code-point 110;
        }
        forwarding-class expedited-forwarding {
            loss-priority low code-point 110;
            loss-priority high code-point 110;
        }                               
        forwarding-class assured-forwarding {
            loss-priority low code-point 110;
            loss-priority high code-point 110;
        }
        forwarding-class network-control {
            loss-priority low code-point 110;
            loss-priority high code-point 110;
        }
    }
}


ge-0/0/2 {
    unit 0 {
        family ethernet-switching {
            port-mode access;           
            vlan {
                members vlan25;
            }
        }
    }
}
ge-0/0/3 {
    unit 0 {
        family ethernet-switching {
            port-mode access;
            vlan {
                members vlan25;
            }
            filter {
                input fwall1;
            }
        }
    }
}


root@sw-mcast-test# show vlans 
default {
    l3-interface vlan.0;
}
vlan25 {
    vlan-id 25;
}
vlan35 {
    vlan-id 35;
}

root@sw-mcast-test# run show interfaces queue ge-0/0/2    
Physical interface: ge-0/0/2, Enabled, Physical link is Up
  Interface index: 131, SNMP ifIndex: 506
Forwarding classes: 16 supported, 4 in use
Egress queues: 8 supported, 4 in use
Queue: 0, Forwarding classes: best-effort
  Queued:
  Transmitted:
    Packets              :                     0
    Bytes                :                     0
    Tail-dropped packets :                     0
Queue: 1, Forwarding classes: assured-forwarding
  Queued:
  Transmitted:
    Packets              :                     0
    Bytes                :                     0
    Tail-dropped packets :                     0
Queue: 5, Forwarding classes: expedited-forwarding
  Queued:
  Transmitted:
    Packets              :                     6
    Bytes                :                  1296
    Tail-dropped packets :                     0
Queue: 7, Forwarding classes: network-control
  Queued:
  Transmitted:
    Packets              :                     8
    Bytes                :                   746
    Tail-dropped packets :                     0




root@sw-mcast-test# run show interfaces queue ge-0/0/3    
Physical interface: ge-0/0/3, Enabled, Physical link is Up
  Interface index: 132, SNMP ifIndex: 508
Forwarding classes: 16 supported, 4 in use
Egress queues: 8 supported, 4 in use
Queue: 0, Forwarding classes: best-effort
  Queued:
  Transmitted:
    Packets              :                     8
    Bytes                :                   993
    Tail-dropped packets :                     0
Queue: 1, Forwarding classes: assured-forwarding
  Queued:
  Transmitted:
    Packets              :                     0
    Bytes                :                     0
    Tail-dropped packets :                     0
Queue: 5, Forwarding classes: expedited-forwarding
  Queued:
  Transmitted:
    Packets              :                     0
    Bytes                :                     0
    Tail-dropped packets :                     0
Queue: 7, Forwarding classes: network-control
  Queued:
  Transmitted:
    Packets              :                    20
    Bytes                :                  1764
    Tail-dropped packets :                     0

You are using an ieee802.1p rewrite rule, which marks the PCP value which is part of the VLAN tag. 

Your interface is configured as an access port, that means there is NO VLAN tag in the packet.

Basically, you are asking your router to mark a field that does NOT exist in the packet.  You need to apply a DSCP or IP precedence rewrite rule, or turn on vlan-tagging (make the interface a trunk) to see any marking.

Since your question was: "CoS The first 3 bits", I am assuming that means you want to set IP precedence.  

Ok, this is my new configuration.

root@sw-mcast-test# show interfaces ge-0/0/3  
unit 0 {
    family ethernet-switching {
        port-mode access;
        vlan {
            members vlan25;
        }
        filter {
            input fwall1;
        }
    }
}

{master:0}[edit]
root@sw-mcast-test# show interfaces ge-0/0/2    
unit 0 {
    family ethernet-switching {
        port-mode trunk;
        vlan {
            members vlan25;
        }
    }
}


root@sw-mcast-test# show class-of-service 
interfaces {
    ge-0/0/2 {
        unit 0 {
            rewrite-rules {
                ieee-802.1 custom_rw_full;
            }
        }
    }
}
rewrite-rules {
    ieee-802.1 custom_rw {
        forwarding-class assured-forwarding {
            loss-priority low code-point 110;
        }
    }
    ieee-802.1 custom_rw_full {
        forwarding-class best-effort {
            loss-priority low code-point 110;
            loss-priority high code-point 110;
        }
        forwarding-class expedited-forwarding {
            loss-priority low code-point 110;
            loss-priority high code-point 110;
        }                               
        forwarding-class assured-forwarding {
            loss-priority low code-point 110;
            loss-priority high code-point 110;
        }
        forwarding-class network-control {
            loss-priority low code-point 110;
            loss-priority high code-point 110;
        }
    }
}

Still not receiving the value 6 in the ToS field.

I think that I waiting the Tos value in the wrong way.

Now that your interface is a trunk, you need to check for the priority bits in the VLAN TAG itself.  Which bits are you checking? 

Dear ylara,

ping -Q6 when port is trunk

10:04:36.428266 58:8a:5a:32:0f:f1 > c8:5b:76:2e:00:c2, ethertype 802.1Q (0x8100), length 102: vlan 25, p 6, ethertype IPv4, (tos 0x6,ECT(0), ttl 64, id 19329, offset 0, flags [DF], proto ICMP (1), length 84)
    10.9.9.22 > 10.9.9.9: ICMP echo request, id 1713, seq 36, length 64
	0x0000:  4506 0054 4b81 4000 4001 c8f1 0a09 0916
	0x0010:  0a09 0909 0800 a2dd 06b1 0024 642a 655d
	0x0020:  0000 0000 bff2 0600 0000 0000 1011 1213
	0x0030:  1415 1617 1819 1a1b 1c1d 1e1f 2021 2223
	0x0040:  2425 2627 2829 2a2b 2c2d 2e2f 3031 3233
	0x0050:  3435 3637

ping -Q6 when the port is in access mode:

10:08:19.678196 58:8a:5a:32:0f:f1 > c8:5b:76:2e:00:c2, ethertype IPv4 (0x0800), length 98: (tos 0x6,ECT(0), ttl 64, id 46162, offset 0, flags [DF], proto ICMP (1), length 84)
    10.9.9.22 > 10.9.9.9: ICMP echo request, id 1713, seq 254, length 64
	0x0000:  4506 0054 b452 4000 4001 6020 0a09 0916
	0x0010:  0a09 0909 0800 8578 06b1 00fe 432b 655d
	0x0020:  0000 0000 f97c 0a00 0000 0000 1011 1213
	0x0030:  1415 1617 1819 1a1b 1c1d 1e1f 2021 2223
	0x0040:  2425 2627 2829 2a2b 2c2d 2e2f 3031 3233
	0x0050:  3435 3637

ping without -Q option:

10:12:10.477281 c8:5b:76:2e:00:c2 > 58:8a:5a:32:0f:f1, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 14045, offset 0, flags [none], proto ICMP (1), length 84)
    10.9.9.9 > 10.9.9.22: ICMP echo reply, id 1722, seq 165, length 64
	0x0000:  4500 0054 36dd 0000 4001 1d9c 0a09 0909
	0x0010:  0a09 0916 0000 0113 06ba 00a5 2a2c 655d
	0x0020:  0000 0000 a231 0700 0000 0000 1011 1213
	0x0030:  1415 1617 1819 1a1b 1c1d 1e1f 2021 2223
	0x0040:  2425 2627 2829 2a2b 2c2d 2e2f 3031 3233
	0x0050:  3435 3637

Still not receiving the ToS value 6.

I can't understand how a packet can passthrough to the switch with the ToS=6 but the switch can mark the packet by itself.

Thanks a lot for your time.

I can't understand how a packet can passthrough the switch with the ToS=6 but the switch can't mark the packet by itself.

Thanks a lot for your time.

I can keep trying to help you until we figure it out, if you want me to. :-)  Just let me know. 
In the meantime, are those packet coming out of your PC or the switch? I see ToS =6. Or am I missing something? 

The only way that I can receive a packet with the ToS value equal to 6 is sending ping from the laptop2 with "ping -Q 6" to the laptop1, without "-Q6" the ToS is 0x0. I think that the switch is taking the ToS value generated by the laptop2 and send it without modification to laptop1. My goal is to take every ingress traffic in the ge-0/0/3 and put it to a class (done!) and rewrite the value of that class on the egress of ge-0/0/2 using the ToS bits and not the DSCP bits.

When a packet with "ping -Q6" is comming the value of the ToS is 00000110, I'm trying to get the same result rewriting the egress traffic of ge-0/0/3.

[laptop1]--- ge-0/0/2 EX4200 ge-0/0/3 ---[laptop2]

Thank you!

The priority bits in ieee.1p is 3 bits not 8. But regardless, I believe this is what you are doing, and it SHOULD work. Unfortunatelly, I don't have access to an EX4500 to try. It works on my SRX. 

If this what you have I would open a case with JTAC, or maybe try with a different version of Junos. Sorry I cannot be more helpful. I can understand your frustation. 

Regards,