SRX Services Gateway
Highlighted
SRX Services Gateway

CoS issue on LNS

[ Edited ]
‎09-27-2018 05:30 AM

Hi,


We have two separate sites running Juniper MX240 LNS with dynamic-profiles.

 

I am now testing site 2 with VoiP. Site 1 has been tested and works fine with no problem at all. I can fill the best effort queue so that ping packets are dropping and yet, VoiP is perfect still. Exactly what I wanted.

 

So, naturally, I copy the config from one system to the other system and the CoS does not work.  Here is the route taken:

 

SIP Phone --> CPE --> LAC --> LNS --> Core -- Upstream ISP --> Other end of VoiP

 

The Core seems to be placing the traffic into the correct queue as when I look at the statistics on the interface, they are exactly as I would expect, and to confirm, I cleared them and re-tested.

 

However, on the LNS, NO packets are going into the SIP-VOICE queue..... However, on THW with the exact same configuration, using the same phone, the VoiP traffic goes into the SIP-VOICE queue ......  I have set queue 2 to be SIP-VOICE.

 

I have tried various troubleshooting techniques with no luck at all as to finding out why the traffic is not going into the correct queue.

 

Here is the dynamic-profile config and the relevant CoS:

set dynamic-profiles dyn-hex-lns-profile routing-instances "$junos-routing-instance" interface "$junos-interface-name"
set dynamic-profiles dyn-hex-lns-profile routing-instances "$junos-routing-instance" routing-options access route $junos-framed-route-ip-address-prefix next-hop "$junos-framed-route-nexthop"
set dynamic-profiles dyn-hex-lns-profile routing-instances "$junos-routing-instance" routing-options access route $junos-framed-route-ip-address-prefix metric "$junos-framed-route-cost"
set dynamic-profiles dyn-hex-lns-profile routing-instances "$junos-routing-instance" routing-options access route $junos-framed-route-ip-address-prefix preference "$junos-framed-route-distance"
set dynamic-profiles dyn-hex-lns-profile routing-instances "$junos-routing-instance" routing-options access route $junos-framed-route-ip-address-prefix tag "$junos-framed-route-tag"
set dynamic-profiles dyn-hex-lns-profile routing-instances "$junos-routing-instance" routing-options access-internal route $junos-subscriber-ip-address qualified-next-hop "$junos-interface-name"
set dynamic-profiles dyn-hex-lns-profile interfaces "$junos-interface-ifd-name" unit "$junos-interface-unit" dial-options l2tp-interface-id l2tp-encapsulation
set dynamic-profiles dyn-hex-lns-profile interfaces "$junos-interface-ifd-name" unit "$junos-interface-unit" dial-options dedicated
set dynamic-profiles dyn-hex-lns-profile interfaces "$junos-interface-ifd-name" unit "$junos-interface-unit" keepalives interval 30
set dynamic-profiles dyn-hex-lns-profile interfaces "$junos-interface-ifd-name" unit "$junos-interface-unit" family inet unnumbered-address "$junos-loopback-interface"
set dynamic-profiles dyn-hex-lns-profile interfaces "$junos-interface-ifd-name" unit "$junos-interface-unit" family inet6 tcp-mss 1452
set dynamic-profiles dyn-hex-lns-profile interfaces "$junos-interface-ifd-name" unit "$junos-interface-unit" family inet6 unnumbered-address "$junos-loopback-interface"
set dynamic-profiles dyn-hex-lns-profile protocols router-advertisement interface "$junos-interface-name" other-stateful-configuration
set dynamic-profiles dyn-hex-lns-profile protocols router-advertisement interface "$junos-interface-name" prefix $junos-ipv6-ndra-prefix
set dynamic-profiles dyn-hex-lns-profile class-of-service traffic-control-profiles test scheduler-map normal
set dynamic-profiles dyn-hex-lns-profile class-of-service traffic-control-profiles test shaping-rate 80m
set dynamic-profiles dyn-hex-lns-profile class-of-service interfaces "$junos-interface-ifd-name" unit "$junos-interface-unit" output-traffic-control-profile test
set dynamic-profiles dyn-hex-lns-profile class-of-service interfaces "$junos-interface-ifd-name" unit "$junos-interface-unit" classifiers dscp sip-voice
set dynamic-profiles dyn-hex-lns-profile class-of-service interfaces "$junos-interface-ifd-name" unit "$junos-interface-unit" rewrite-rules dscp steves-test

 

Here is the CoS:

set class-of-service classifiers dscp sip-voice forwarding-class SIP-VOICE loss-priority high code-points 101111
set class-of-service classifiers dscp sip-voice forwarding-class SIP-VOICE loss-priority low code-points af31
set class-of-service classifiers dscp sip-voice forwarding-class SIP-VOICE loss-priority low code-points ef
set class-of-service classifiers inet-precedence sip-voice forwarding-class SIP-VOICE loss-priority low code-points 101
set class-of-service classifiers inet-precedence sip-voice forwarding-class SIP-VOICE loss-priority low code-points 010
set class-of-service drop-profiles low-drop fill-level 95 drop-probability 0
set class-of-service drop-profiles low-drop fill-level 100 drop-probability 100
set class-of-service drop-profiles med-drop fill-level 75 drop-probability 0
set class-of-service drop-profiles med-drop fill-level 95 drop-probability 30
set class-of-service drop-profiles high-drop fill-level 50 drop-probability 0
set class-of-service drop-profiles high-drop fill-level 95 drop-probability 50
set class-of-service forwarding-classes queue 2 SIP-VOICE
set class-of-service interfaces xe-1/1/1 scheduler-map normal
set class-of-service rewrite-rules dscp steves-test forwarding-class SIP-VOICE loss-priority low code-point ef
set class-of-service rewrite-rules ieee-802.1 test-1p forwarding-class SIP-VOICE loss-priority low code-point 010
set class-of-service scheduler-maps normal forwarding-class best-effort scheduler be
set class-of-service scheduler-maps normal forwarding-class expedited-forwarding scheduler ef
set class-of-service scheduler-maps normal forwarding-class SIP-VOICE scheduler sv
set class-of-service scheduler-maps normal forwarding-class network-control scheduler nc
set class-of-service schedulers be transmit-rate percent 65
set class-of-service schedulers be buffer-size percent 65
set class-of-service schedulers be priority medium-low
set class-of-service schedulers be drop-profile-map loss-priority high protocol any drop-profile high-drop
set class-of-service schedulers be drop-profile-map loss-priority medium-high protocol any drop-profile med-drop
set class-of-service schedulers be drop-profile-map loss-priority medium-low protocol any drop-profile med-drop
set class-of-service schedulers be drop-profile-map loss-priority low protocol any drop-profile low-drop
set class-of-service schedulers nc transmit-rate percent 5
set class-of-service schedulers nc buffer-size percent 5
set class-of-service schedulers nc priority medium-high
set class-of-service schedulers nc drop-profile-map loss-priority high protocol any drop-profile high-drop
set class-of-service schedulers nc drop-profile-map loss-priority medium-high protocol any drop-profile med-drop
set class-of-service schedulers nc drop-profile-map loss-priority medium-low protocol any drop-profile med-drop
set class-of-service schedulers nc drop-profile-map loss-priority low protocol any drop-profile low-drop
set class-of-service schedulers ef transmit-rate 5k
set class-of-service schedulers ef transmit-rate exact
set class-of-service schedulers ef buffer-size temporal 1
set class-of-service schedulers ef priority low
set class-of-service schedulers ef drop-profile-map loss-priority high protocol any drop-profile high-drop
set class-of-service schedulers ef drop-profile-map loss-priority medium-high protocol any drop-profile med-drop
set class-of-service schedulers ef drop-profile-map loss-priority medium-low protocol any drop-profile med-drop
set class-of-service schedulers ef drop-profile-map loss-priority low protocol any drop-profile low-drop
set class-of-service schedulers sv transmit-rate percent 30
set class-of-service schedulers sv buffer-size percent 30
set class-of-service schedulers sv priority high
set class-of-service schedulers sv drop-profile-map loss-priority high protocol any drop-profile high-drop
set class-of-service schedulers sv drop-profile-map loss-priority medium-high protocol any drop-profile med-drop
set class-of-service schedulers sv drop-profile-map loss-priority medium-low protocol any drop-profile med-drop
set class-of-service schedulers sv drop-profile-map loss-priority low protocol any drop-profile low-drop

 

Here is the firewall filter:

set firewall filter cos1 interface-specific
set firewall filter cos1 term 1 from dscp 46
set firewall filter cos1 term 1 from dscp 26
set firewall filter cos1 term 1 then count SIP-VOICE
set firewall filter cos1 term 1 then forwarding-class SIP-VOICE
set firewall filter cos1 term 1 then accept
set firewall filter cos1 term 4 from source-address 200.80.16.2/32
set firewall filter cos1 term 4 from source-address 200.80.16.3/32
set firewall filter cos1 term 4 from source-address 200.80.16.4/32
set firewall filter cos1 term 4 from source-address 200.80.16.5/32
set firewall filter cos1 term 4 from source-address 200.80.16.154/32
set firewall filter cos1 term 4 then count ADEN
set firewall filter cos1 term 4 then log
set firewall filter cos1 term 4 then forwarding-class SIP-VOICE
set firewall filter cos1 term 4 then accept
set firewall filter cos1 term 2 then count BEST
set firewall filter cos1 term 2 then forwarding-class best-effort
set firewall filter cos1 term 2 then accept
set firewall filter test-dscp interface-specific
set firewall filter test-dscp term 1 from dscp ef
set firewall filter test-dscp term 1 then count dscp-ef
set firewall filter test-dscp term 1 then accept
set firewall filter test-dscp term 2 then accept

 

And the interface configuration:

set interfaces xe-1/1/1 unit 0 family inet filter input-list cos1
set interfaces xe-1/1/1 unit 0 family inet filter input-list filter-ssh
set interfaces xe-1/1/1 unit 0 family inet filter output filter-ssh-out
set interfaces xe-1/1/1 unit 0 family inet address 200.80.0.45/30
set interfaces xe-1/1/1 unit 0 family iso
set interfaces xe-1/1/1 unit 0 family inet6 address 3c61:e840:1143:ffff:ffff:ffff:0000:0001/126

 

 

 

Anyone know any more troubleshooting I can complete for this issue please?

1 REPLY 1
Highlighted
SRX Services Gateway
Solution
Accepted by topic author adgwytc
‎09-28-2018 02:25 AM

Re: CoS issue on LNS

[ Edited ]
‎09-28-2018 02:24 AM

Two points to this problem....

 

1: Why have I put this problem under SRX and not Junos.... apologies for that error.

 

2: I have solved the issue anyway.....

 

Hierarchical CoS can be a bit tricky sometimes from a troubelshooting perspective..... that's why the twofold resolution is a little strange..... here are the two problems and resolutions:

 

1: The following VSA needed to be excluded in the RADIUS config:

 

set access profile aaa-profile radius attributes exclude tunnel-server-endpoint access-request

 

I can only assume that this VSA was causing the packet to be encapsulated in such a way that the Hierarchical Rewrite rule could not access the inner tunnel to see the DSCP marked packets.

 

2: The phone being used was only sending RTP marked traffic and not SIP. When I tried a phone that marked both RTP and SIP it all worked immediately.

 

Again, apologies for asking this question in the wrong forum area.

Feedback