SRX

 View Only
last person joined: 4 days ago 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.
Back to discussions
Expand all | Collapse all

QOS/COS, best effort doesn't transmit

  • 1.  QOS/COS, best effort doesn't transmit

    Posted 06-08-2019 13:54
    I have an srx 240 and three Asus AP's on the srx. Junos 11.4xxx . Connecting to the srx the Asus/s are 1 gbps. The srx is in layer 3 mode. I get use of queue 3 "network-controlled", but not best effort. QOS/COS is in use of the default schedulers/classifiers which means it is mostly best effort.

    1. Do I have to explicitly call best effort on that port ,,, ge-0/0/13 ?

    2. It has the "network-controlled" queue operating. Can I make that to 95% or so? Instead of using best effort. The Asus/s are in routed mode too.

    The srx is ethernet switched at the Asus ports.

    What do I need to do?

    The "network controlled" queue is only at 5% of the bandwidth.

    Is it really probably transmitting best effort?

    I have QOS on in the Asus/s.


  • 2.  RE: QOS/COS, best effort doesn't transmit

    Posted 06-08-2019 14:10
    Eugene, Can you elaborate on your topology? Im not sure if ge-0/0/3 is supposed to be the interface connecting to one of your APs. What is the flow of the traffic? Internet->SRX->APs and viceversa? On what interface are you seeing only network-control being used, ge-0/0/3? The ports connecting to the APs are configured for ethernet-switching right? what the l3 interface associated to the vlan of those ports? You mentioned that you have QoS configured on the APs, what exactly is that configuration doing? is tagging the packets being sent to the SRX? Can you share the QoS configuration on the SRX? # show class-of-service > show class-of-service interface ge-0/0/3 > show class-of-service interface [interface_facing_internet]


  • 3.  RE: QOS/COS, best effort doesn't transmit

    Posted 06-08-2019 14:48
    QOS/COS seem fine on the ge-0/0/0 . ge-0/0/0 is the internet interface. No help needed ther as of yet. This is one of the AP's on ge-0/0/13 . ge-0/0/13 { gigether-options { auto-negotiation; } unit 0 { arp-resp; family ethernet-switching { port-mode access; vlan { members vlan-trust; } } } } This AP is an Asus rt-ac56u dd-wrt. It has HTB with fq_codel for qos. @MySRX240> show class-of-service interface ge-0/0/13 Physical interface: ge-0/0/13, Index: 147 Queues supported: 8, Queues in use: 4 Scheduler map: <DEFAULT>, Index: 2 Congestion-notification: Disabled Logical interface: ge-0/0/13.0, Index: 82 Here is the proof of queue 3 only being used? Yes it seems as though im only using the 5% . @MySRX240> show interfaces ge-0/0/13 extensive | find "Queue counters" Queue counters: Queued packets Transmitted packets Dropped packets 0 best-effort 0 0 0 1 expedited-fo 0 0 0 2 assured-forw 0 0 0 3 network-cont 191002 191002 0 Queue number: Mapped forwarding classes 0 best-effort 1 expedited-forwarding 2 assured-forwarding 3 network-control Active alarms : None Active defects : None MAC statistics: Receive Transmit Total octets 252277924 2990532838 Total packets 1255357 5794374 Unicast packets 1194351 5158296 Broadcast packets 2067 2250 Multicast packets 58939 633828 CRC/Align errors 0 0 FIFO errors 0 0 MAC control frames 0 0 MAC pause frames 0 0 Oversized frames 0 Jabber frames 0 Fragment frames 0 VLAN tagged frames 0 Code violations 0 Filter statistics: Input packet count 0 Input packet rejects 0 Input DA rejects 0 Input SA rejects 0 Output packet count 0 Output packet pad count 0 Output packet error count 0 CAM destination filters: 2, CAM source filters: 0 Autonegotiation information: Negotiation status: Complete Link partner: Link mode: Full-duplex, Flow control: None, Remote fault: OK, Link partner Speed: 1000 Mbps Local resolution: Flow control: None, Remote fault: Link OK Packet Forwarding Engine configuration: Destination slot: 0 CoS information: Direction : Output CoS transmit queue Bandwidth Buffer Priority Limit % bps % usec 0 best-effort 95 950000000 95 0 low none 3 network-control 5 50000000 5 0 low none Interface transmit statistics: Disabled Logical interface ge-0/0/13.0 (Index 82) (SNMP ifIndex 543) (Generation 147) Flags: SNMP-Traps 0x0 Encapsulation: ENET2 Traffic statistics: Input bytes : 252853878 Output bytes : 3014633047 Input packets: 1264806 Output packets: 5985378 Local statistics: Input bytes : 575954 Output bytes : 24100209 Input packets: 9449 Output packets: 191004 Transit statistics: Input bytes : 252277924 6832 bps Output bytes : 2990532838 9208 bps Input packets: 1255357 13 pps Output packets: 5794374 16 pps Security: Zone: untrust Allowed host-inbound traffic : bootp bfd bgp dns dvmrp igmp ldp msdp nhrp ospf ospf3 pgm pim rip ripng router-discovery rsvp sap vrrp dhcp finger ftp tftp ident-reset http https ike netconf ping reverse-telnet reverse-ssh rlogin rpm rsh snmp snmp-trap ssh telnet traceroute xnm-clear-text xnm-ssl lsping ntp sip dhcpv6 r2cp Flow Statistics : Flow Input statistics : Self packets : 0 ICMP packets : 0 VPN packets : 0 Multicast packets : 0 Bytes permitted by policy : 0 Connections established : 0 Flow Output statistics: Multicast packets : 0 Bytes permitted by policy : 0 Flow error statistics (Packets dropped due to): Address spoofing: 0 Authentication failed: 0 Incoming NAT errors: 0 Invalid zone received packet: 0 Multiple user authentications: 0 Multiple incoming NAT: 0 No parent for a gate: 0 No one interested in self packets: 0 No minor session: 0 No more sessions: 0 No NAT gate: 0 No route present: 0 No SA for incoming SPI: 0 No tunnel found: 0 No session for a gate: 0 No zone or NULL zone binding 0 Policy denied: 0 Security association not active: 0 TCP sequence number out of window: 0 Syn-attack protection: 0 User authentication errors: 0 Protocol eth-switch, MTU: 0, Generation: 161, Route table: 0 Flags: None Flow of traffic is ge-0/0/0(internet dhcp router 192.168.1.1) -> to ge-0/0/1 through ge-0/0/15 Someone tell me why I cant get best effort on those ports with the dd-wrt asus. Can I make network controlled 95% or so?</DEFAULT>


  • 4.  RE: QOS/COS, best effort doesn't transmit

    Posted 06-08-2019 14:54
    Hello eugene, Network Control Queue is by default 5% and that Queue is specifically reserved for RE bound traffic( like OSFP, BGP updates etc) with strict-high Priority because in congestion also the NC queue is always prioritized. Suggestion is not to change anything to NC queue, leave it queue size to 5% as designed. With Default configuration RE control traffic goes via NC and rest traffic goes via best-effort queue as you are saying the traffic does not goes via best effort queue then it looks to be more of configuration issue. Please refer "Default IP Precedence Classifier" section from the below link. https://www.juniper.net/documentation/en_US/junos/topics/concept/cos-classifier-overview-security.html Well any COS configuration either default or custom has to be applied on physical interface to take affect. As I understand you have multiple AP's connected in ethernet switching so if you have configured VLAN for AP's the try configuring classifiers on VLAN interface OR else on physical interfaces.


  • 5.  RE: QOS/COS, best effort doesn't transmit

    Posted 06-08-2019 15:04

    Sorry about last post

    QOS/COS seem fine on the ge-0/0/0 . ge-0/0/0 is the internet interface.

    No help needed there as of yet. This is one of the AP's on ge-0/0/13 .

     

        ge-0/0/13 {
        gigether-options {
            auto-negotiation;
        }
        unit 0 {
            arp-resp;
            family ethernet-switching {
                port-mode access;
                vlan {
                    members vlan-trust;
                }
            }
        }
    }

     

    This AP is an Asus rt-ac56u dd-wrt. It has HTB with fq_codel for qos.

     

    @MySRX240> show class-of-service interface ge-0/0/13
Physical interface: ge-0/0/13, Index: 147
Queues supported: 8, Queues in use: 4
  Scheduler map: <default>, Index: 2
  Congestion-notification: Disabled

  Logical interface: ge-0/0/13.0, Index: 82

    Here is the proof of queue 3 only being used?
    Yes it seems as though im only using the 5% .

     

    @MySRX240> show interfaces ge-0/0/13 extensive | find "Queue counters"
  Queue counters:       Queued packets  Transmitted packets      Dropped packets
    0 best-effort                    0                    0                    0
    1 expedited-fo                   0                    0                    0
    2 assured-forw                   0                    0                    0
    3 network-cont              191002               191002                    0
  Queue number:         Mapped forwarding classes
    0                   best-effort
    1                   expedited-forwarding
    2                   assured-forwarding
    3                   network-control
  Active alarms  : None
  Active defects : None
  MAC statistics:                      Receive         Transmit
    Total octets                     252277924       2990532838
    Total packets                      1255357          5794374
    Unicast packets                    1194351          5158296
    Broadcast packets                     2067             2250
    Multicast packets                    58939           633828
    CRC/Align errors                         0                0
    FIFO errors                              0                0
    MAC control frames                       0                0
    MAC pause frames                         0                0
    Oversized frames                         0
    Jabber frames                            0
    Fragment frames                          0
    VLAN tagged frames                       0
    Code violations                          0
  Filter statistics:
    Input packet count                       0
    Input packet rejects                     0
    Input DA rejects                         0
    Input SA rejects                         0
    Output packet count                                       0
    Output packet pad count                                   0
    Output packet error count                                 0
    CAM destination filters: 2, CAM source filters: 0
  Autonegotiation information:
    Negotiation status: Complete
    Link partner:
        Link mode: Full-duplex, Flow control: None, Remote fault: OK, Link partner Speed: 1000 Mbps
    Local resolution:
        Flow control: None, Remote fault: Link OK
  Packet Forwarding Engine configuration:
    Destination slot: 0
  CoS information:
    Direction : Output
    CoS transmit queue               Bandwidth               Buffer Priority   Limit
                              %            bps     %           usec
    0 best-effort            95      950000000    95              0      low    none
    3 network-control         5       50000000     5              0      low    none
  Interface transmit statistics: Disabled

  Logical interface ge-0/0/13.0 (Index 82) (SNMP ifIndex 543) (Generation 147)
    Flags: SNMP-Traps 0x0 Encapsulation: ENET2
    Traffic statistics:
     Input  bytes  :            252853878
     Output bytes  :           3014633047
     Input  packets:              1264806
     Output packets:              5985378
    Local statistics:
     Input  bytes  :               575954
     Output bytes  :             24100209
     Input  packets:                 9449
     Output packets:               191004
    Transit statistics:
     Input  bytes  :            252277924                 6832 bps
     Output bytes  :           2990532838                 9208 bps
     Input  packets:              1255357                   13 pps
     Output packets:              5794374                   16 pps
    Security: Zone: untrust
    Allowed host-inbound traffic : bootp bfd bgp dns dvmrp igmp ldp msdp nhrp ospf ospf3 pgm pim rip ripng
    router-discovery rsvp sap vrrp dhcp finger ftp tftp ident-reset http https ike netconf ping reverse-telnet
    reverse-ssh rlogin rpm rsh snmp snmp-trap ssh telnet traceroute xnm-clear-text xnm-ssl lsping ntp sip dhcpv6 r2cp
    Flow Statistics :
    Flow Input statistics :
      Self packets :                     0
      ICMP packets :                     0
      VPN packets :                      0
      Multicast packets :                0
      Bytes permitted by policy :        0
      Connections established :          0
    Flow Output statistics:
      Multicast packets :                0
      Bytes permitted by policy :        0
    Flow error statistics (Packets dropped due to):
      Address spoofing:                  0
      Authentication failed:             0
      Incoming NAT errors:               0
      Invalid zone received packet:      0
      Multiple user authentications:     0
      Multiple incoming NAT:             0
      No parent for a gate:              0
      No one interested in self packets: 0
      No minor session:                  0
      No more sessions:                  0
      No NAT gate:                       0
      No route present:                  0
      No SA for incoming SPI:            0
      No tunnel found:                   0
      No session for a gate:             0
      No zone or NULL zone binding       0
      Policy denied:                     0
      Security association not active:   0
      TCP sequence number out of window: 0
      Syn-attack protection:             0
      User authentication errors:        0
    Protocol eth-switch, MTU: 0, Generation: 161, Route table: 0
      Flags: None

     

    Flow of traffic is ge-0/0/0(internet dhcp router 192.168.1.1) -> to ge-0/0/1 through ge-0/0/15



  • 6.  RE: QOS/COS, best effort doesn't transmit

    Posted 06-08-2019 15:40
    Hello Eugene, understood the flow now, if this does not work on output interface like ge-0/0/13 then I suspect this could be related to scheduler map. I guess you would have below forwarding class configuration. [edit class-of-service] forwarding-classes { queue 0 best-effort; <<<<WHATEVER may="" the="" name="" be=""></WHATEVER>


  • 7.  RE: QOS/COS, best effort doesn't transmit

    Posted 06-08-2019 15:42
    Hello Eugene, understood the flow now, if this does not work on output interface like ge-0/0/13 then I suspect this could be related to scheduler map. I guess you would have below forwarding class configuration. [edit class-of-service] forwarding-classes { queue 0 best-effort; queue 3 network-control; Would you be able to try out this configuration? edit class-of-service] schedulers { network-control { transmit-rate percent 5; buffer-size percent 5; priority high; } best-effort { transmit-rate percent 95; buffer-size percent 95; priority low; } } [edit class-of-service] scheduler-maps { sched { forwarding-class best-effort scheduler best-effort ; forwarding-class network-control scheduler network-control ;


  • 8.  RE: QOS/COS, best effort doesn't transmit

    Posted 06-08-2019 16:46
    I can do that yes but here is my next questions.

    1. Doesn't the default have this set?

    2. Is the default INPUT only?

    3. Does setting commands in the cli
    control OUTPUT?

    I have not set anything in class-of-service
    yet.

    Is it required to set these commands to
    get QOS/cos to operate?


  • 9.  RE: QOS/COS, best effort doesn't transmit

    Posted 06-16-2019 00:00

    eugene,

    I had a quick lab setup to test this and I also do see the same problem in lab like traffic does not hit in Best effor queue at all. I am suspecting this could be fact that ge-0/0/13 has family ethernet switching not the family inet.

    I will check few more things and update



  • 10.  RE: QOS/COS, best effort doesn't transmit

    Posted 06-16-2019 02:20
    Deepakcr thanks for the great ears. I'm wondering if placing code in the cli or jweb would signify making cos perform output. I'm assuming however that the default does input and output. Did you check the internet interface? I would appreciate you checking. Because I am only going to use ethernet-switching, plz don't drop the discussion.


  • 11.  RE: QOS/COS, best effort doesn't transmit

    Posted 06-16-2019 05:52
    In class of service you can still use the interface in question. ge-0/0/13 . Maybe you don't have to use family inet.


  • 12.  RE: QOS/COS, best effort doesn't transmit

    Posted 06-17-2019 06:53
    Anyone know if this will work out of
    the box? I don't have junos 12.1 or
    above yet. I didn't put any other code
    in yet. I'm assuming the default cos
    is able.


    firewall {
    family inet {
    filter local-best-effort {
    term 1 {
    from {
    source-address {
    any;
    }
    }
    then {
    forwarding-class best-effort;
    accept;
    }
    }
    }
    }

    interfaces {
    ge-0/0/13 {
    unit 0 {
    family ethernet-switching {
    filter {
    output local-best-effort;
    input local-best-effort;
    }
    }
    }
    }


    This assumes that the bandwidth and such
    are already in place. My interface code for
    vlan and others is omitted.


  • 13.  RE: QOS/COS, best effort doesn't transmit
    Best Answer

    Posted 06-18-2019 10:08
    I used the cli to set the cos. Thought default would handle unit 0, etc.


  • 14.  RE: QOS/COS, best effort doesn't transmit

    Posted 06-18-2019 10:54

    intresting, good to know that it resovled the issue.