Class of Service : Classifiers
During my second JNCIE-SEC study and after another unfortunate failure, I stepped back a little bit. Sometimes I need to break for a while to recharge my battery. I am still not sure if I am fully re-charged though but I have to move on. As my little doughter already went to bed, 🙂 I can continue with Class of Service which I think I have never written about before. Feel free to correct my mistakes.
On this post, I will only write about how we can classify a packet and send it to an interface queue which can be a good start for anyone who doesn’t know CoS. You will find a basic setup below and branchK SRX device (which is actually a 12.1X47-D10 firefly VM) will handle the classification of an ICMP packet as an example. The purpose of this post is only about classification. I won’t talk about scheduling etc. Along the road, I will try to talk about more for each of these config items but first I would like to show a working example. Let’s get started.
Only configuration is done under [edit class-of-service] level and nowhere else in this post. Below you also see step by step the function of each config stanza.
[edit class-of-service] root@BranchK# show classifiers { dscp sip-traffic { forwarding-class assured-forwarding { <<<-------- 2) loss-priority low code-points af22; } } } forwarding-classes { <<<--------- 1) queue 2 assured-forwarding priority high; } interfaces { ge-0/0/0 { unit 403 { classifiers { dscp sip-traffic; <<<----------- 5) } } } } scheduler-maps { sec-map1 { forwarding-class assured-forwarding scheduler voice-sd; <<<------- 4) } } schedulers { voice-sd { <<<-------- 3) buffer-size percent 50; priority high; } }
- 1) Create a forwarding class or use built-in one "assured-forwarding" for this example
- 2) Assign code points/bits to forwarding class
- 3) Create scheduler
- 4) Create a scheduler map and assign scheduler(s) you created to forwarding classes
- 5) and finally apply the classifier you created on the INPUT interface
So what does this config literally mean? It means that "If a packet enters the interface ge-0/0/0.403 and has the DSCP field is set to 010100 (which is AF22), assign it to Assured Forwarding class which is sent to Queue number 2". This may not still be clear but I will show you this by an example.
From the HostE linux device connected, I will send a single ICMP packet with modified DSCP field i.e set to 010100
Let's ping Google DNS server with our modified ICMP packet
root@hostE:~/Labs# ping -Q 80 8.8.8.8 -c 1 PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data. 64 bytes from 8.8.8.8: icmp_req=1 ttl=45 time=25.2 ms --- 8.8.8.8 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 25.216/25.216/25.216/0.000 ms
"-Q 80" means change the ToS field. You can check ping manual for more details.
Check the assured-forwarding packet counter.
[edit class-of-service] root@BranchK# run show interfaces ge-0/0/0 extensive Physical interface: ge-0/0/0, Enabled, Physical link is Up Interface index: 134, SNMP ifIndex: 507, Generation: 137 Link-level type: Ethernet, MTU: 1518, Link-mode: Full-duplex, Speed: 1000mbps, BPDU Error: None, MAC-REWRITE Error: None, CoS queues : 8 supported, 8 maximum usable queues .... Queue counters: Queued packets Transmitted packets Dropped packets 0 best-effort 16 16 0 1 expedited-fo 0 0 0 2 assured-forw 1 1 0 <<<------- Single ICMP packet is sent to Queue 2 3 network-cont 0 0 0 Queue number: Mapped forwarding classes 0 best-effort 1 expedited-forwarding 2 assured-forwarding 3 network-control
We took the packet on 0.403 interface and sent it via 0.402 but egress queue is assured-forwarding instead of the best-effort which is by default. Let's also have a look how this transmitted packet looks like in wireshark.
As you can see we modified the DSCP field!
Note: Don't worry about source IP address. It is the natted address and I make up all IP address for my lab.
For beginning, it is just an introduction. I hope to do more fancy stuff later. Stay tuned!