Routing
Highlighted
Routing

vMX COS and rewrite rules

[ Edited ]
‎10-24-2019 06:01 AM

Topology

Junos_COS.png

Hi,

I am trying to rewrite the packet but unfortunately, I am unable to do so. The design is attached.

 

IOU ->vMX-1 ->vMX-2->vMX-3

On IOU ICMP is being marked as EF

IOU5#show class-map     
 Class Map match-all CM_MAP (id 1)
   Match access-group  1 

 Class Map match-any class-default (id 0)
   Match any 

IOU5#show policy-map
  Policy Map PM_MAP
    Class CM_MAP
      set dscp ef

IOU5#show access-list 
Standard IP access list 1
    10 permit 5.5.5.5 (242 matches)
IOU5#
IOU5#show run int e0/0
Building configuration...

Current configuration : 128 bytes
!
interface Ethernet0/0
 ip address 172.16.1.1 255.255.255.0
 ip ospf network point-to-point
 service-policy output PM_MAP
end

vMX1:

The firewall filter is configured to put source 5.5.5.5 with dscp as EF to forwarding-class class2v. The firewall counter shows the hit count when ping is issued from source 5.5.5.5 to 6.6.6.6

root@vMX-1> show configuration firewall 
filter EF_2V {
    term term1 {
        from {
            source-address {
                5.5.5.5/32;
            }
            dscp ef;
            protocol icmp;
        }
        then {
            count EF_2V;
            forwarding-class class2v;
        }
    }
    term term2 {
        then {
            count term2;
            accept;
        }
    }
}

unit 0 {
    family inet {
        filter {
            input EF_2V;
        }
        address 172.16.1.2/24;
    }
}

firewall counter shows hit count when ping is sourced from 5.5.5.5 on IOU:

IOU5#ping 6.6.6.6 source 5.5.5.5
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 6.6.6.6, timeout is 2 seconds:
Packet sent with a source address of 5.5.5.5 
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 3/4/5 ms

root@vMX-1> show firewall 

Filter: EF_2V                                                  
Counters:
Name                                                Bytes              Packets
EF_2V                                                 500                    5
term2                                               16236                  203

Filter: __default_bpdu_filter__                                

 I have configured a rewrite rule on vMX and applied on interface ge-0/0/0:

root@vMX-1> show configuration class-of-service rewrite-rules 
dscp dscp_rule {
    forwarding-class class2v {
        loss-priority low code-point af41;
    }
}

root@vMX-1> show configuration class-of-service interfaces 
ge-0/0/0 {
    unit 0 {
        rewrite-rules {
            dscp dscp_rule;
        }
    }
}

On vMX -2 there is filter created just to capture firewall hit count. If the rewrite is successful and the packet is marked as AF41, the counter should go up in vMX2.Apparently, there is no hit count on vMX-2

root@vMX-2> show configuration firewall 
filter CATC2V {
    term term1 {
        from {
            dscp af41;
        }
        then {
            count HIT_41;
            forwarding-class class2v;
        }
    }
    term term2 {
        then {
            count HIT_DEFAULT;
            accept;
        }
    }
}

root@vMX-2> show configuration interfaces ge-0/0/0 
unit 0 {
    family inet {
        filter {
            input CATC2V;
        }
        address 192.168.1.2/24;
    }
}

Apparently is no hit count oin firewall filter on vMX -2. What am I missing?

Note: I have created customer forwarding-classes on each router. The snippet below is from vMX-1

root@vMX-1> show configuration class-of-service interfaces 
ge-0/0/0 {
    unit 0 {
        rewrite-rules {
            dscp dscp_rule;
        }
    }
}

root@vMX-1> show configuration class-of-service 
classifiers {
    dscp dscp_classifier {
        forwarding-class nc {
            loss-priority low code-points [ nc1 nc2 ];
        }
        forwarding-class class2 {
            loss-priority low code-points [ af31 af32 ];
        }
        forwarding-class class2v {
            loss-priority low code-points [ af41 af42 ];
        }
        forwarding-class class3 {
            loss-priority low code-points [ af21 af22 ];
        }
        forwarding-class class_scavenger {
            loss-priority low code-points [ af11 af12 ];
        }
    }
}
forwarding-classes {
    class nc queue-num 7;
    class unused6 queue-num 5;
    class class1 queue-num 5;
    class class2v queue-num 4;          
    class class2 queue-num 3;
    class class3 queue-num 2;
    class class_scavenger queue-num 1;
    class class4 queue-num 0;
}
interfaces {
    ge-0/0/0 {
        unit 0 {
            rewrite-rules {
                dscp dscp_rule;
            }
        }
    }
}
rewrite-rules {
    dscp dscp_rule {
        forwarding-class class2v {
            loss-priority low code-point af41;
        }
    }
}

 

1 REPLY 1
Highlighted
Routing

Re: vMX COS and rewrite rules

‎10-29-2019 06:47 AM

Hi Rohit,

 

Its  little tricky with CoS. Please make sure you have these 3 knobs configure under the chassis config :  performance-mode ,flexible-queuing-mode and loopback-device-count 1.

 

The most important is "loopback-device-count 1" if you want to use COS.

 

root# run show configuration chassis

fpc 0 {

pic 0 {

tunnel-services {

bandwidth 10g;

}

interface-type xe;

inline-services {

bandwidth 10g;

}

}

pic 1 {

inline-services;

}

performance-mode;

flexible-queuing-mode;

loopback-device-count 1;

}

network-services enhanced-ip;

 

Please accept this as a solution if it works for you so others can also benefit from your post.

 

Hope this helps !!

 

+++++++++++++++++++++++++++++++++++++++++++++

Accept as Solution = cool !
Accept as Solution+Kudo = You are a Star !

+++++++++++++++++++++++++++++++++++++++++++++

 

Regards

Arpit