Class of Service : Classifiers

During my second JNCIE-SEC study and after another unfortunate failure, I stepped back a little bit. Sometimes I need to break for a while to recharge my battery. I am still not sure if I am fully re-charged though but I have to move on. As my little doughter already went to bed, 🙂 I can continue with Class of Service which I think I have never written about before. Feel free to correct my mistakes.

On this post, I will only write about how we can classify a packet and send it to an interface queue which can be a good start for anyone who doesn’t know CoS. You will find a basic setup below and branchK SRX device (which is actually a 12.1X47-D10 firefly VM) will handle the classification of an ICMP packet as an example. The purpose of this post is only about classification. I won’t talk about scheduling etc. Along the road, I will try to talk about more for each of these config items but first I would like to show a working example. Let’s get started.


Only configuration is done under [edit class-of-service] level and nowhere else in this post. Below you also see step by step the function of each config stanza.

  • 1) Create a forwarding class or use built-in one “assured-forwarding” for this example
  • 2) Assign code points/bits to forwarding class
  • 3) Create scheduler
  • 4) Create a scheduler map and assign scheduler(s) you created to forwarding classes
  • 5) and finally apply the classifier you created on the INPUT interface

So what does this config literally mean? It means that “If a packet enters the interface ge-0/0/0.403 and has the DSCP field is set to 010100 (which is AF22), assign it to Assured Forwarding class which is sent to Queue number 2”. This may not still be clear but I will show you this by an example.

From the HostE linux device connected, I will send a single ICMP packet with modified DSCP field i.e set to 010100

Let’s ping Google DNS server with our modified ICMP packet

“-Q 80” means change the ToS field. You can check ping manual for more details.

Check the assured-forwarding packet counter.

We took the packet on 0.403 interface and sent it via 0.402 but egress queue is assured-forwarding instead of the best-effort which is by default. Let’s also have a look how this transmitted packet looks like in wireshark.


As you can see we modified the DSCP field!

Note: Don’t worry about source IP address. It is the natted address and I make up all IP address for my lab.

For beginning, it is just an introduction. I hope to do more fancy stuff later. Stay tuned!

You have a feedback?