SRX

 View Only
last person joined: yesterday 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.
  • 1.  CoS issue on LNS

     
    Posted 09-27-2018 05:31

    Hi,


    We have two separate sites running Juniper MX240 LNS with dynamic-profiles.

     

    I am now testing site 2 with VoiP. Site 1 has been tested and works fine with no problem at all. I can fill the best effort queue so that ping packets are dropping and yet, VoiP is perfect still. Exactly what I wanted.

     

    So, naturally, I copy the config from one system to the other system and the CoS does not work.  Here is the route taken:

     

    SIP Phone --> CPE --> LAC --> LNS --> Core -- Upstream ISP --> Other end of VoiP

     

    The Core seems to be placing the traffic into the correct queue as when I look at the statistics on the interface, they are exactly as I would expect, and to confirm, I cleared them and re-tested.

     

    However, on the LNS, NO packets are going into the SIP-VOICE queue..... However, on THW with the exact same configuration, using the same phone, the VoiP traffic goes into the SIP-VOICE queue ......  I have set queue 2 to be SIP-VOICE.

     

    I have tried various troubleshooting techniques with no luck at all as to finding out why the traffic is not going into the correct queue.

     

    Here is the dynamic-profile config and the relevant CoS:

    set dynamic-profiles dyn-hex-lns-profile routing-instances "$junos-routing-instance" interface "$junos-interface-name"
    set dynamic-profiles dyn-hex-lns-profile routing-instances "$junos-routing-instance" routing-options access route $junos-framed-route-ip-address-prefix next-hop "$junos-framed-route-nexthop"
    set dynamic-profiles dyn-hex-lns-profile routing-instances "$junos-routing-instance" routing-options access route $junos-framed-route-ip-address-prefix metric "$junos-framed-route-cost"
    set dynamic-profiles dyn-hex-lns-profile routing-instances "$junos-routing-instance" routing-options access route $junos-framed-route-ip-address-prefix preference "$junos-framed-route-distance"
    set dynamic-profiles dyn-hex-lns-profile routing-instances "$junos-routing-instance" routing-options access route $junos-framed-route-ip-address-prefix tag "$junos-framed-route-tag"
    set dynamic-profiles dyn-hex-lns-profile routing-instances "$junos-routing-instance" routing-options access-internal route $junos-subscriber-ip-address qualified-next-hop "$junos-interface-name"
    set dynamic-profiles dyn-hex-lns-profile interfaces "$junos-interface-ifd-name" unit "$junos-interface-unit" dial-options l2tp-interface-id l2tp-encapsulation
    set dynamic-profiles dyn-hex-lns-profile interfaces "$junos-interface-ifd-name" unit "$junos-interface-unit" dial-options dedicated
    set dynamic-profiles dyn-hex-lns-profile interfaces "$junos-interface-ifd-name" unit "$junos-interface-unit" keepalives interval 30
    set dynamic-profiles dyn-hex-lns-profile interfaces "$junos-interface-ifd-name" unit "$junos-interface-unit" family inet unnumbered-address "$junos-loopback-interface"
    set dynamic-profiles dyn-hex-lns-profile interfaces "$junos-interface-ifd-name" unit "$junos-interface-unit" family inet6 tcp-mss 1452
    set dynamic-profiles dyn-hex-lns-profile interfaces "$junos-interface-ifd-name" unit "$junos-interface-unit" family inet6 unnumbered-address "$junos-loopback-interface"
    set dynamic-profiles dyn-hex-lns-profile protocols router-advertisement interface "$junos-interface-name" other-stateful-configuration
    set dynamic-profiles dyn-hex-lns-profile protocols router-advertisement interface "$junos-interface-name" prefix $junos-ipv6-ndra-prefix
    set dynamic-profiles dyn-hex-lns-profile class-of-service traffic-control-profiles test scheduler-map normal
    set dynamic-profiles dyn-hex-lns-profile class-of-service traffic-control-profiles test shaping-rate 80m
    set dynamic-profiles dyn-hex-lns-profile class-of-service interfaces "$junos-interface-ifd-name" unit "$junos-interface-unit" output-traffic-control-profile test
    set dynamic-profiles dyn-hex-lns-profile class-of-service interfaces "$junos-interface-ifd-name" unit "$junos-interface-unit" classifiers dscp sip-voice
    set dynamic-profiles dyn-hex-lns-profile class-of-service interfaces "$junos-interface-ifd-name" unit "$junos-interface-unit" rewrite-rules dscp steves-test

     

    Here is the CoS:

    set class-of-service classifiers dscp sip-voice forwarding-class SIP-VOICE loss-priority high code-points 101111
    set class-of-service classifiers dscp sip-voice forwarding-class SIP-VOICE loss-priority low code-points af31
    set class-of-service classifiers dscp sip-voice forwarding-class SIP-VOICE loss-priority low code-points ef
    set class-of-service classifiers inet-precedence sip-voice forwarding-class SIP-VOICE loss-priority low code-points 101
    set class-of-service classifiers inet-precedence sip-voice forwarding-class SIP-VOICE loss-priority low code-points 010
    set class-of-service drop-profiles low-drop fill-level 95 drop-probability 0
    set class-of-service drop-profiles low-drop fill-level 100 drop-probability 100
    set class-of-service drop-profiles med-drop fill-level 75 drop-probability 0
    set class-of-service drop-profiles med-drop fill-level 95 drop-probability 30
    set class-of-service drop-profiles high-drop fill-level 50 drop-probability 0
    set class-of-service drop-profiles high-drop fill-level 95 drop-probability 50
    set class-of-service forwarding-classes queue 2 SIP-VOICE
    set class-of-service interfaces xe-1/1/1 scheduler-map normal
    set class-of-service rewrite-rules dscp steves-test forwarding-class SIP-VOICE loss-priority low code-point ef
    set class-of-service rewrite-rules ieee-802.1 test-1p forwarding-class SIP-VOICE loss-priority low code-point 010
    set class-of-service scheduler-maps normal forwarding-class best-effort scheduler be
    set class-of-service scheduler-maps normal forwarding-class expedited-forwarding scheduler ef
    set class-of-service scheduler-maps normal forwarding-class SIP-VOICE scheduler sv
    set class-of-service scheduler-maps normal forwarding-class network-control scheduler nc
    set class-of-service schedulers be transmit-rate percent 65
    set class-of-service schedulers be buffer-size percent 65
    set class-of-service schedulers be priority medium-low
    set class-of-service schedulers be drop-profile-map loss-priority high protocol any drop-profile high-drop
    set class-of-service schedulers be drop-profile-map loss-priority medium-high protocol any drop-profile med-drop
    set class-of-service schedulers be drop-profile-map loss-priority medium-low protocol any drop-profile med-drop
    set class-of-service schedulers be drop-profile-map loss-priority low protocol any drop-profile low-drop
    set class-of-service schedulers nc transmit-rate percent 5
    set class-of-service schedulers nc buffer-size percent 5
    set class-of-service schedulers nc priority medium-high
    set class-of-service schedulers nc drop-profile-map loss-priority high protocol any drop-profile high-drop
    set class-of-service schedulers nc drop-profile-map loss-priority medium-high protocol any drop-profile med-drop
    set class-of-service schedulers nc drop-profile-map loss-priority medium-low protocol any drop-profile med-drop
    set class-of-service schedulers nc drop-profile-map loss-priority low protocol any drop-profile low-drop
    set class-of-service schedulers ef transmit-rate 5k
    set class-of-service schedulers ef transmit-rate exact
    set class-of-service schedulers ef buffer-size temporal 1
    set class-of-service schedulers ef priority low
    set class-of-service schedulers ef drop-profile-map loss-priority high protocol any drop-profile high-drop
    set class-of-service schedulers ef drop-profile-map loss-priority medium-high protocol any drop-profile med-drop
    set class-of-service schedulers ef drop-profile-map loss-priority medium-low protocol any drop-profile med-drop
    set class-of-service schedulers ef drop-profile-map loss-priority low protocol any drop-profile low-drop
    set class-of-service schedulers sv transmit-rate percent 30
    set class-of-service schedulers sv buffer-size percent 30
    set class-of-service schedulers sv priority high
    set class-of-service schedulers sv drop-profile-map loss-priority high protocol any drop-profile high-drop
    set class-of-service schedulers sv drop-profile-map loss-priority medium-high protocol any drop-profile med-drop
    set class-of-service schedulers sv drop-profile-map loss-priority medium-low protocol any drop-profile med-drop
    set class-of-service schedulers sv drop-profile-map loss-priority low protocol any drop-profile low-drop

     

    Here is the firewall filter:

    set firewall filter cos1 interface-specific
    set firewall filter cos1 term 1 from dscp 46
    set firewall filter cos1 term 1 from dscp 26
    set firewall filter cos1 term 1 then count SIP-VOICE
    set firewall filter cos1 term 1 then forwarding-class SIP-VOICE
    set firewall filter cos1 term 1 then accept
    set firewall filter cos1 term 4 from source-address 200.80.16.2/32
    set firewall filter cos1 term 4 from source-address 200.80.16.3/32
    set firewall filter cos1 term 4 from source-address 200.80.16.4/32
    set firewall filter cos1 term 4 from source-address 200.80.16.5/32
    set firewall filter cos1 term 4 from source-address 200.80.16.154/32
    set firewall filter cos1 term 4 then count ADEN
    set firewall filter cos1 term 4 then log
    set firewall filter cos1 term 4 then forwarding-class SIP-VOICE
    set firewall filter cos1 term 4 then accept
    set firewall filter cos1 term 2 then count BEST
    set firewall filter cos1 term 2 then forwarding-class best-effort
    set firewall filter cos1 term 2 then accept
    set firewall filter test-dscp interface-specific
    set firewall filter test-dscp term 1 from dscp ef
    set firewall filter test-dscp term 1 then count dscp-ef
    set firewall filter test-dscp term 1 then accept
    set firewall filter test-dscp term 2 then accept

     

    And the interface configuration:

    set interfaces xe-1/1/1 unit 0 family inet filter input-list cos1
    set interfaces xe-1/1/1 unit 0 family inet filter input-list filter-ssh
    set interfaces xe-1/1/1 unit 0 family inet filter output filter-ssh-out
    set interfaces xe-1/1/1 unit 0 family inet address 200.80.0.45/30
    set interfaces xe-1/1/1 unit 0 family iso
    set interfaces xe-1/1/1 unit 0 family inet6 address 3c61:e840:1143:ffff:ffff:ffff:0000:0001/126

     

     

     

    Anyone know any more troubleshooting I can complete for this issue please?



  • 2.  RE: CoS issue on LNS
    Best Answer

     
    Posted 09-28-2018 02:24

    Two points to this problem....

     

    1: Why have I put this problem under SRX and not Junos.... apologies for that error.

     

    2: I have solved the issue anyway.....

     

    Hierarchical CoS can be a bit tricky sometimes from a troubelshooting perspective..... that's why the twofold resolution is a little strange..... here are the two problems and resolutions:

     

    1: The following VSA needed to be excluded in the RADIUS config:

     

    set access profile aaa-profile radius attributes exclude tunnel-server-endpoint access-request

     

    I can only assume that this VSA was causing the packet to be encapsulated in such a way that the Hierarchical Rewrite rule could not access the inner tunnel to see the DSCP marked packets.

     

    2: The phone being used was only sending RTP marked traffic and not SIP. When I tried a phone that marked both RTP and SIP it all worked immediately.

     

    Again, apologies for asking this question in the wrong forum area.