Routing
Routing

Help ! QOS - Class of Service - on SRX 110

‎07-16-2019 04:43 AM

Hi , 

Buenas Dias.

I've been trying to enable and make  Class of Service to work on our SRX110 , but after 11 hours -still no luck, there something missing with my config  .

What Im trying to achieve is to prioritize Voice and video ,traffic for  IP Phones, Skype -Teams, Zoom.

 

 

Below is my COS config

 

##################################################

class-of-service {
classifiers {
dscp voip {
import default;
forwarding-class expedited-forwarding {
loss-priority low code-points 101110;
}
forwarding-class assured-forwarding {
loss-priority medium-low code-points [ 100000 100010 100100 100110 ];
loss-priority medium-high code-points [ 010010 010100 010110 ];
}
}
}
forwarding-classes {
queue 2 assured-forwarding;
queue 3 network-control;
queue 0 best-effort;
queue 1 expedited-forwarding;
}
interfaces {
fe-0/0/0 {
scheduler-map normal;
unit 0 {
forwarding-class expedited-forwarding;
}
}
fe-0/0/1 {
scheduler-map normal;
}
fe-0/0/2 {
scheduler-map normal;
}
fe-0/0/5 {
scheduler-map normal;
}
fe-0/0/7 {
scheduler-map normal;
}
}
scheduler-maps {
normal {
forwarding-class expedited-forwarding scheduler ef;
forwarding-class assured-forwarding scheduler af;
forwarding-class best-effort scheduler be;
forwarding-class network-control scheduler nc;
}
}
schedulers {
ef {
transmit-rate percent 15;
buffer-size percent 15;
priority high;
}
af {
transmit-rate percent 15;
buffer-size percent 15;
priority medium-high;
}
nc {
transmit-rate percent 10;
buffer-size percent 10;
priority strict-high;
}
be {
transmit-rate {
remainder;
}
buffer-size {
remainder;
}
priority low;
}
}
}

###################################

 

When I ran a command show inte fe0/0/x extensive , the only queues thats being utilized are Best Effort 0 and Network Control 3 . 

 

###################################

Physical interface: fe-0/0/7, Enabled, Physical link is Up
Interface index: 141, SNMP ifIndex: 518, Generation: 144
Link-level type: Ethernet, MTU: 1514, Link-mode: Full-duplex, Speed: 100mbps, BPDU Error: None, MAC-REWRITE Error: None, Loopback: Disabled, Source filtering: Disabled, Flow control: Disabled
Device flags : Present Running
Interface flags: SNMP-Traps Internal: 0x0
CoS queues : 8 supported, 8 maximum usable queues
Hold-times : Up 0 ms, Down 0 ms

Traffic statistics:
Input bytes : 5377004 25960 bps
Output bytes : 10268451 54824 bps
Input packets: 43511 39 pps
Output packets: 51057 44 pps
Input errors:
Errors: 0, Drops: 0, Framing errors: 0, Runts: 0, Policed discards: 0, L3 incompletes: 0, L2 channel errors: 0, L2 mismatch timeouts: 0, FIFO errors: 0, Resource errors: 0
Output errors:
Carrier transitions: 0, Errors: 0, Drops: 0, Collisions: 0, Aged packets: 0, FIFO errors: 0, HS link CRC errors: 0, MTU errors: 0, Resource errors: 0
Egress queues: 8 supported, 4 in use
Queue counters: Queued packets Transmitted packets Dropped packets
0 best-effort 49938 49938 0
1 expedited-fo 0 0 0
2 assured-forw 0 0 0
3 network-cont 842 842 0
Queue number: Mapped forwarding classes
0 best-effort
1 expedited-forwarding
2 assured-forwarding
3 network-control
Active alarms : None
Active defects : None
MAC statistics: Receive Transmit
Total octets 6288540 11126861
Total packets 43599 50792
Unicast packets 43598 50792
Broadcast packets 1 0
Multicast packets 0 0
CRC/Align errors 0 0
FIFO errors 0 0
MAC control frames 0 0
MAC pause frames 0 0
Oversized frames 0
Jabber frames 0
Fragment frames 0
VLAN tagged frames 0
Code violations 0
Filter statistics:
Input packet count 0
Input packet rejects 0
Input DA rejects 0
Input SA rejects 0
Output packet count 0
Output packet pad count 0
Output packet error count 0
CAM destination filters: 2, CAM source filters: 0
Autonegotiation information:
Negotiation status: Complete
Link partner:
Link mode: Full-duplex, Flow control: None, Remote fault: OK, Link partner Speed: 100 Mbps
Packet Forwarding Engine configuration:
Destination slot: 0
CoS information:
Direction : Output
CoS transmit queue Bandwidth Buffer Priority Limit
% bps % usec
0 best-effort r r r 0 low none
1 expedited-forwarding 15 15000000 15 0 high none
2 assured-forwarding 15 15000000 15 0 medium-high none
3 network-control 10 10000000 10 0 strict-high none
Interface transmit statistics: Disabled

Logical interface fe-0/0/7.0 (Index 78) (SNMP ifIndex 530) (Generation 143)
Flags: SNMP-Traps 0x0 Encapsulation: ENET2
Traffic statistics:
Input bytes : 5385429
Output bytes : 10309186
Input packets: 43613
Output packets: 51232
Local statistics:
Input bytes : 98573
Output bytes : 223412
Input packets: 943
Output packets: 1123
Transit statistics:
Input bytes : 5286856 34232 bps
Output bytes : 10085774 341600 bps
Input packets: 42670 51 pps
Output packets: 50109 87 pps
Security: Zone: untrust
Allowed host-inbound traffic : ike ping ssh
Flow Statistics :
Flow Input statistics :
Self packets : 1037
ICMP packets : 96
VPN packets : 10664
Multicast packets : 0
Bytes permitted by policy : 2942706
Connections established : 184
Flow Output statistics:
Multicast packets : 0
Bytes permitted by policy : 8921605
Flow error statistics (Packets dropped due to):
Address spoofing: 0
Authentication failed: 0
Incoming NAT errors: 0
Invalid zone received packet: 0
Multiple user authentications: 0
Multiple incoming NAT: 0
No parent for a gate: 0
No one interested in self packets: 0
No minor session: 0
No more sessions: 0
No NAT gate: 0
No route present: 0
No SA for incoming SPI: 0
No tunnel found: 0
No session for a gate: 0
No zone or NULL zone binding 0
Policy denied: 0
Security association not active: 0
TCP sequence number out of window: 0
Syn-attack protection: 0
User authentication errors: 0
Protocol inet, MTU: 1500, Generation: 156, Route table: 0

#################

If you could please guide me to the right track sorting out this COS , really appreciate it

Not giving up on this one , but  need your assistance guys. 

Thanks in advanced !!!

 

 

Cheers,

Ant

 

3 REPLIES 3
Routing

Re: Help ! QOS - Class of Service - on SRX 110

[ Edited ]
‎07-16-2019 05:11 AM

Hi anghang,

 

Please find a sample working config.  You may need to modify the filter/IPs and dscp code values per your requirement, but the general template should work.

 

1) Creation of forwarding class.

set class-of-service forwarding-classes queue 2 assured-forwarding
set class-of-service forwarding-classes queue 1 expedited-forwarding

2) Creation of the forwarding scheduler, which grabs packets from the queue for their transmission.

set class-of-service classifiers dscp Egress forwarding-class VOICE loss-priority low code-points ef
set class-of-service classifiers dscp Egress forwarding-class DATA loss-priority medium-high code-points af41
set class-of-service forwarding-classes class DATA queue-num 2
set class-of-service forwarding-classes class VOICE queue-num 1
set class-of-service schedulers EF-SCHED transmit-rate percent 30
set class-of-service schedulers EF-SCHED priority high
set class-of-service schedulers DATA transmit-rate percent 70
set class-of-service schedulers DATA priority medium-high
set class-of-service schedulers DATA drop-profile-map loss-priority low protocol any drop-profile LOW
set interface ge-0/0//0 unit 0 classifiers dscp Egress
set interface ge-0/0/6 unit 0 classifiers dscp Egress



3) Setting the scheduler on the interface(s). Both interfaces are included to cover both directions of the flow.

set class-of-service interfaces ge-0/0/0 unit 0 scheduler-map Voice-MAP
set class-of-service interfaces ge-0/0/1 unit 0 scheduler-map Voice-MAP

set class-of-service scheduler-maps Voice-MAP forwarding-class VOICE scheduler EF-SCHED

4) Firewall filters to tell the SRX to move the incoming traffic to the forwarding class.

WAN interface:
set firewall filter untrust-COS-voice term voice from protocol udp
set firewall filter untrust-COS-voice term voice then forwarding-class expedited-forwarding
set firewall filter untrust-COS-voice term voice then accept
set firewall filter untrust-COS-voice term allow-else then accept

LAN interface:
set firewall filter trust-COS-voice term voice from protocol udp
set firewall filter trust-COS-voice term voice from destination-address 192.168.1.0/24
set firewall filter trust-COS-voice term voice then forwarding-class expedited-forwarding
set firewall filter trust-COS-voice term voice then accept
set firewall filter trust-COS-voice term allow-else then accept


5) Add the scheduler option on the physical interface and the filters on the logical interface.

WAN interface:
set interfaces ge-0/0/0 per-unit-scheduler
set interfaces ge-0/0/0 unit 0 family inet filter input untrust-COS-voice
set interfaces ge-0/0/0 unit 0 family inet address 201.0.0.1/28

LAN interface:
set interfaces ge-0/0/1 per-unit-scheduler
set interfaces ge-0/0/1 unit 0 family inet filter input trust-COS-voice
set interfaces ge-0/0/1 unit 0 family inet address 192.168.1.1/24

 

Hope this helps.

Regards,
-r.

--------------------------------------------------

If this solves your problem, please mark this post as "Accepted Solution."
Kudos are always appreciated Smiley Happy.

 

Routing

Re: Help ! QOS - Class of Service - on SRX 110

‎07-16-2019 10:36 AM

What you are missing is classification. What you need is to identify your interested traffic, either based on dscp/priority bit, or incoming interface or a particular port number, then put the traffic into corresponding forwarding-class. 

 

Frequently used classifications are BA, MF and static

 

https://www.juniper.net/documentation/en_US/junos/topics/concept/cos-classifier-overview-security.ht...

 

 


Mengzhe Hu
JNCIE x 3 (SP DC ENT)
Highlighted
Routing

Re: Help ! QOS - Class of Service - on SRX 110

[ Edited ]
‎07-16-2019 06:00 PM

Hi , 

I've tweaked my config , but when I appplied the last part to LAN and WAN ports , Im getting this error 


'family'
When ethernet-switching family is configured on an interface, no other family type can be configured on the same interface.
error: configuration check-out failed

 

for the WAN , set interfaces ge-0/0/0 unit 0 family inet address 201.0.0.1/28 - this is the Public IP address right ? 

for the LAN ,  set interfaces ge-0/0/1 unit 0 family inet address 192.168.1.x- this is the default gateway of LAN ? 

 

And also , the  command set interfaces ge-0/0/0 per-unit-scheduler seems not for this platform 

 

Cheers, 

Ant