Junos OS

Hello Team,

   I would like to configure CoS on MPLS L3VPN Core. Below is the network diagram

MPLS L3 VPN

   The VPN is working. As starting point for CoS , I used rpm on CE1 & CE2 to generate traffic. Until here everything is OK.

   My concern is how could I classified incomming traffic from PE/CE interfaces ?

Kind regards

1. Apply classifier at the incoming  PE-CE link link to classify the intersesting traffic on PE

set firewall family inet filter test-classifier term 1 from destination-address 172.21.19.0/24
set firewall family inet filter test-classifier term 1 then forwarding-class expedited-forwarding
set firewall family inet filter test-classifier term 1 then accept
set firewall family inet filter test-classifier term 1 then count RPM-traffic
set firewall family inet filter test-classifier term 2 then accept
set interface ge-0/0/0.0 family inet filter input test-classifier

2. Apply exp re-write rules at core facing links  (PE-P) link on PE

set class-of-service interfaces ge-0/0/1 unit 0 rewrite-rules exp default

3. Apply classifier (same classifier as step 1) at Core facing interface on egress PE  (MPLS label will be poped from P router and egress PE will be receiving plain IP packet.

set firewall family inet filter test-classifier term 1 from destination-address 172.21.19.0/24
set firewall family inet filter test-classifier term 1 then forwarding-class expedited-forwarding
set firewall family inet filter test-classifier term 1 then accept
set firewall family inet filter test-classifier term 1 then count RPM-traffic
set firewall family inet filter test-classifier term 2 then accept
set interface ge-0/0/1.0 family inet filter input test-classifier

4. Generate interesting traffic from CE as per the filter configured and verify the Queue on the egress interface

Find in attached file P,PE1,PE2,CE1 & CE2 config.

Attachment(s)

PE1-Conf.txt   2 KB 1 version

PE2-Conf.txt   2 KB 1 version

CE2-Conf.txt   1 KB 1 version

P-Conf.txt   1 KB 1 version

CE1-Conf.txt   1 KB 1 version

1. Apply classifier at the incoming  PE-CE link link to classify the interesting traffic on PE

set firewall family inet filter test-classifier term 1 from destination-address 172.21.19.1/32
set firewall family inet filter test-classifier term 1 from dscp af11
set firewall family inet filter test-classifier term 1 then forwarding-class assured-forwarding
set firewall family inet filter test-classifier term 1 then accept
set firewall family inet filter test-classifier term 1 then count RPM-AF11-traffic
set firewall family inet filter test-classifier term 2 then accept
set firewall family inet filter test-classifier term 2 then forwarding-class best-effort

set interface ge-0/0/1.0 family inet filter input test-classifier

2. Apply exp re-write rules at core facing links  (PE-P) link on PE

set class-of-service interfaces ge-0/0/0 unit 0 rewrite-rules exp default

3. Apply classifier at Core facing interface on egress PE2

set firewall family inet filter test-classifier term 1 from destination-address 172.21.19.1/32
set firewall family inet filter test-classifier term 1 from dscp af11
set firewall family inet filter test-classifier term 1 from dscp af12
set firewall family inet filter test-classifier term 1 then forwarding-class assured-forwarding
set firewall family inet filter test-classifier term 1 then accept
set firewall family inet filter test-classifier term 1 then count RPM-AF11-traffic
set firewall family inet filter test-classifier term 2 then accept
set firewall family inet filter test-classifier term 2 then forwarding-class best-effort

set interface ge-0/0/0.0 family inet filter input test-classifier

4. Generate interesting traffic from CE as per the filter configured and verify the Queue on the egress interface

check the firewall filter counter to see whether PE is getting interesting traffic

show firewall

PE1: show interfaces ge-0/0/0 extensive | find "Queue counters"
PE2: show interfaces ge-0/0/1 extensive | find "Queue counters"


Note: Same logic can be applied for CE2-CE1 RPM traffic, just change filter match conditions

Hi Nellikka,

Thanks for yours recomendations.

   Find in attached file PE1 & PE2 configuration update with firewall definition on PE-CE interface as well rewrite-rules exp default on PE-P interface.

 No queues visible on PE. Here below the result I have :

 root@PE2> show interfaces ge-0/0/1 extensive | find "Queue counters"

 Pattern not found
root@PE2>

Attachment(s)

PE1_PE2_Conf_Update.txt   6 KB 1 version

Which model you are using? Please share below mentioned command output.

show interfaces ge-0/0/0 extensive

show interfaces ge-0/0/1 extensive

Hello Nellika,

I use the vmx model 

{

root@PE2> show version
Hostname: PE2
Model: vmx
Junos: 14.1R1.10

}

Here below the full output on PE2

root@PE2> show interfaces ge-0/0/0 extensive
Physical interface: ge-0/0/0, Enabled, Physical link is Up
Interface index: 137, SNMP ifIndex: 515, Generation: 140
Description: PE2->P
Link-level type: Ethernet, MTU: 1514, MRU: 1522, Speed: 1000mbps,
BPDU Error: None, MAC-REWRITE Error: None, Loopback: Disabled,
Source filtering: Disabled, Flow control: Enabled
Pad to minimum frame size: Disabled
Device flags : Present Running
Interface flags: SNMP-Traps Internal: 0x4000
Link flags : None
CoS queues : 8 supported, 8 maximum usable queues
Hold-times : Up 0 ms, Down 0 ms
Current address: 00:05:86:71:0e:00, Hardware address: 00:05:86:71:0e:00
Last flapped : 2019-01-08 10:08:52 UTC (1d 05:11 ago)
Statistics last cleared: Never
Traffic statistics:
Input bytes : 7321885 552 bps
Output bytes : 4081109 344 bps
Input packets: 81418 0 pps
Output packets: 42326 0 pps
IPv6 transit statistics:
Input bytes : 0
Output bytes : 0
Input packets: 0
Output packets: 0
Label-switched interface (LSI) traffic statistics:
Input bytes : 0 0 bps
Input packets: 0 0 pps
Dropped traffic statistics due to STP State:
Input bytes : 0
Output bytes : 0
Input packets: 0
Output packets: 0
Input errors:
Errors: 0, Drops: 0, Framing errors: 0, Runts: 0, Policed discards: 0,
L3 incompletes: 0, L2 channel errors: 0, L2 mismatch timeouts: 0,
FIFO errors: 0, Resource errors: 0
Output errors:
Carrier transitions: 1, Errors: 0, Drops: 0, Collisions: 0, Aged packets: 0,
FIFO errors: 0, HS link CRC errors: 0, MTU errors: 0, Resource errors: 0
Active alarms : None
Active defects : None
MAC statistics: Receive Transmit
Total octets 0 0
Total packets 0 0
Unicast packets 0 0
Broadcast packets 0 0
Multicast packets 0 0
CRC/Align errors 0 0
FIFO errors 0 0
MAC control frames 0 0
MAC pause frames 0 0
Oversized frames 0
Jabber frames 0
Fragment frames 0
VLAN tagged frames 0
Code violations 0
Total errors 0 0
Filter statistics:
Input packet count 0
Input packet rejects 0
Input DA rejects 0
Input SA rejects 0
Output packet count 0
Output packet pad count 0
Output packet error count 0
CAM destination filters: 0, CAM source filters: 0
Autonegotiation information:
Negotiation status: Incomplete
Packet Forwarding Engine configuration:
Destination slot: 0 (0x00)
CoS information:
Direction : Output
CoS transmit queue Bandwidth Buffer Priority Limit
% bps % usec
0 best-effort 95 950000000 95 0 low none
3 network-control 5 50000000 5 0 low none
Interface transmit statistics: Disabled

Logical interface ge-0/0/0.0 (Index 332) (SNMP ifIndex 519) (Generation 141)
Flags: Up SNMP-Traps 0x4004000 Encapsulation: ENET2
Traffic statistics:
Input bytes : 7321958
Output bytes : 3829709
Input packets: 81419
Output packets: 42326
Local statistics:
Input bytes : 7222383
Output bytes : 3734813
Input packets: 80992
Output packets: 41900
Transit statistics:
Input bytes : 99575 0 bps
Output bytes : 94896 0 bps
Input packets: 427 0 pps
Output packets: 426 0 pps
Protocol inet, MTU: 1500, Generation: 158, Route table: 0
Flags: Sendbcast-pkt-to-re, Is-Primary
Addresses, Flags: Is-Preferred Is-Primary
Destination: 10.0.10.4/30, Local: 10.0.10.5, Broadcast: 10.0.10.7,
Generation: 140
Protocol iso, MTU: 1497, Generation: 159, Route table: 0
Flags: Is-Primary
Protocol mpls, MTU: 1488, Maximum labels: 3, Generation: 160,
Route table: 0
Flags: Is-Primary
Protocol multiservice, MTU: Unlimited, Generation: 161, Route table: 0
Flags: Is-Primary
Policer: Input: __default_arp_policer__

root@PE2> show interfaces ge-0/0/1 extensive
Physical interface: ge-0/0/1, Enabled, Physical link is Up
Interface index: 138, SNMP ifIndex: 516, Generation: 141
Description: PE2->CE2
Link-level type: Ethernet, MTU: 1514, MRU: 1522, Speed: 1000mbps,
BPDU Error: None, MAC-REWRITE Error: None, Loopback: Disabled,
Source filtering: Disabled, Flow control: Enabled
Pad to minimum frame size: Disabled
Device flags : Present Running
Interface flags: SNMP-Traps Internal: 0x4000
Link flags : None
CoS queues : 8 supported, 8 maximum usable queues
Hold-times : Up 0 ms, Down 0 ms
Current address: 00:05:86:71:0e:01, Hardware address: 00:05:86:71:0e:01
Last flapped : 2019-01-08 10:08:52 UTC (1d 05:11 ago)
Statistics last cleared: Never
Traffic statistics:
Input bytes : 1072736 88 bps
Output bytes : 1316720 120 bps
Input packets: 12628 0 pps
Output packets: 12688 0 pps
IPv6 transit statistics:
Input bytes : 0
Output bytes : 0
Input packets: 0
Output packets: 0
Dropped traffic statistics due to STP State:
Input bytes : 0
Output bytes : 0
Input packets: 0
Output packets: 0
Input errors:
Errors: 0, Drops: 0, Framing errors: 0, Runts: 0, Policed discards: 0,
L3 incompletes: 0, L2 channel errors: 0, L2 mismatch timeouts: 0,
FIFO errors: 0, Resource errors: 0
Output errors:
Carrier transitions: 1, Errors: 0, Drops: 0, Collisions: 0, Aged packets: 0,
FIFO errors: 0, HS link CRC errors: 0, MTU errors: 0, Resource errors: 0
Active alarms : None
Active defects : None
MAC statistics: Receive Transmit
Total octets 0 0
Total packets 0 0
Unicast packets 0 0
Broadcast packets 0 0
Multicast packets 0 0
CRC/Align errors 0 0
FIFO errors 0 0
MAC control frames 0 0
MAC pause frames 0 0
Oversized frames 0
Jabber frames 0
Fragment frames 0
VLAN tagged frames 0
Code violations 0
Total errors 0 0
Filter statistics:
Input packet count 0
Input packet rejects 0
Input DA rejects 0
Input SA rejects 0
Output packet count 0
Output packet pad count 0
Output packet error count 0
CAM destination filters: 0, CAM source filters: 0
Autonegotiation information:
Negotiation status: Incomplete
Packet Forwarding Engine configuration:
Destination slot: 0 (0x00)
CoS information:
Direction : Output
CoS transmit queue Bandwidth Buffer Priority Limit
% bps % usec
0 best-effort 95 950000000 95 0 low none
3 network-control 5 50000000 5 0 low none
Interface transmit statistics: Disabled

Logical interface ge-0/0/1.0 (Index 333) (SNMP ifIndex 526) (Generation 142)
Flags: Up SNMP-Traps 0x4004000 Encapsulation: ENET2
Traffic statistics:
Input bytes : 1072816
Output bytes : 1243148
Input packets: 12629
Output packets: 12688
Local statistics:
Input bytes : 978880
Output bytes : 1148252
Input packets: 12254
Output packets: 12262
Transit statistics:
Input bytes : 93936 0 bps
Output bytes : 94896 0 bps
Input packets: 375 0 pps
Output packets: 426 0 pps
Protocol inet, MTU: 1500, Generation: 162, Route table: 5
Flags: Sendbcast-pkt-to-re, Is-Primary
Input Filters: test-classifer
Addresses, Flags: Is-Default Is-Preferred Is-Primary
Destination: 10.10.10.4/30, Local: 10.10.10.5, Broadcast: 10.10.10.7,
Generation: 142
Protocol multiservice, MTU: Unlimited, Generation: 163, Route table: 5
Policer: Input: __default_arp_policer__

You have to use version 14.1R5 or higher version for CoS support. Please refer CoS section in below mentioned link:

https://apps.juniper.net/feature-explorer/displayFeatures.html?rt=1&release=16.1R7&swName=Junos%20OS&platform=vMX