Routing

Hi everyone,

I am trying to understand class based forwarding, I have built a sample topology in EVE-NG 

SRX is running in packet mode. We are running OSPF between SRX1 and SRX2 on  all interfaces ( ge-0/0/0, ge-0/0/1, ge-0/0/2, ge-0/0/3).

SRX1 is learning 199.199.199.0/24 over all three links:

Linux8 machine is sending traffic with DSCP  CS3 to 199.199.199.199 ( linux6).

I want to use class based forwarding  to direct all traffic received on ge-0/0/0  with DSCP CS3 to next hop ge-0/0/1. 

In order to accomplish, this I have deployed following config on SRX1 but it is not working.

MF filter defined and applied under ge-0/0/0 on SRX1:

set firewall family inet filter MF term CS3 from dscp cs3
set firewall family inet filter MF term CS3 then forwarding-class CS3
set firewall family inet filter MF term CS3 then accept

set interfaces ge-0/0/0 unit 0 family inet filter input MF
set interfaces ge-0/0/0 unit 0 family inet address 188.188.188.1/24

A class  based forwarding policy is configured:

set class-of-service forwarding-policy next-hop-map TEST forwarding-class CS3 next-hop ge-0/0/1.0

A policy is defined referencing the above CBF:

set policy-options policy-statement CBF term T1 then cos-next-hop-map TEST
set policy-options policy-statement CBF term T1 then accept

This policy is then applied to forwarding table:

set routing-options forwarding-table export CBF

But SRX1 is not using ge-0/0/1 for the traffic. I verified Linux8 is sending traffic with DSCP CS3:

Below is the full config on SRX1:

set version 12.1X47-D20.7
set system host-name SRX1
set interfaces ge-0/0/0 unit 0 family inet filter input MF
set interfaces ge-0/0/0 unit 0 family inet address 188.188.188.1/24
set interfaces ge-0/0/1 unit 0 family inet address 100.100.100.1/24
set interfaces ge-0/0/2 unit 0 family inet address 200.200.200.1/24
set interfaces ge-0/0/3 unit 0 family inet address 201.201.201.1/24
set routing-options forwarding-table export CBF
set protocols ospf area 0.0.0.0 interface all
set policy-options policy-statement CBF term T1 then cos-next-hop-map TEST
set policy-options policy-statement CBF term T1 then accept
set policy-options policy-statement LB then load-balance per-packet
set policy-options policy-statement LB then accept
set class-of-service forwarding-policy next-hop-map TEST forwarding-class CS3 next-hop ge-0/0/1.0
set class-of-service forwarding-classes queue 1 CS1
set class-of-service forwarding-classes queue 2 CS2
set class-of-service forwarding-classes queue 3 CS3
set class-of-service forwarding-classes queue 4 CS4
set security forwarding-options family inet6 mode packet-based
set security forwarding-options family mpls mode packet-based
set firewall family inet filter MF term CS3 from dscp cs3
set firewall family inet filter MF term CS3 then forwarding-class CS3
set firewall family inet filter MF term CS3 then accept
set firewall family inet filter MF term ELSE then accept

####################################################################################

What am I missing ?

Much appreciated!!

Hi,

I would suggest to try 2 things

• Try to use IP address instead of interface as next-hop in COS forwarding policy.
• In policy statement itself, I think accept action is unnecessary for T1 term, just COS next-hop-map should be enough.

Hi everyone,

I am trying to understand class based forwarding, I have built a sample topology in EVE-NG 

SRX is running in packet mode. We are running OSPF between SRX1 and SRX2 on  all interfaces ( ge-0/0/0, ge-0/0/1, ge-0/0/2, ge-0/0/3).

SRX1 is learning 199.199.199.0/24 over all three links:

Linux8 machine is sending traffic with DSCP  CS3 to 199.199.199.199 ( linux6).

I want to use class based forwarding  to direct all traffic received on ge-0/0/0  with DSCP CS3 to next hop ge-0/0/1. 

In order to accomplish, this I have deployed following config on SRX1 but it is not working.

MF filter defined and applied under ge-0/0/0 on SRX1:

set firewall family inet filter MF term CS3 from dscp cs3
set firewall family inet filter MF term CS3 then forwarding-class CS3
set firewall family inet filter MF term CS3 then accept

set interfaces ge-0/0/0 unit 0 family inet filter input MF
set interfaces ge-0/0/0 unit 0 family inet address 188.188.188.1/24

A class  based forwarding policy is configured:

set class-of-service forwarding-policy next-hop-map TEST forwarding-class CS3 next-hop ge-0/0/1.0

A policy is defined referencing the above CBF:

set policy-options policy-statement CBF term T1 then cos-next-hop-map TEST
set policy-options policy-statement CBF term T1 then accept

This policy is then applied to forwarding table:

set routing-options forwarding-table export CBF

But SRX1 is not using ge-0/0/1 for the traffic. I verified Linux8 is sending traffic with DSCP CS3:

Below is the full config on SRX1:

set version 12.1X47-D20.7
set system host-name SRX1
set interfaces ge-0/0/0 unit 0 family inet filter input MF
set interfaces ge-0/0/0 unit 0 family inet address 188.188.188.1/24
set interfaces ge-0/0/1 unit 0 family inet address 100.100.100.1/24
set interfaces ge-0/0/2 unit 0 family inet address 200.200.200.1/24
set interfaces ge-0/0/3 unit 0 family inet address 201.201.201.1/24
set routing-options forwarding-table export CBF
set protocols ospf area 0.0.0.0 interface all
set policy-options policy-statement CBF term T1 then cos-next-hop-map TEST
set policy-options policy-statement CBF term T1 then accept
set policy-options policy-statement LB then load-balance per-packet
set policy-options policy-statement LB then accept
set class-of-service forwarding-policy next-hop-map TEST forwarding-class CS3 next-hop ge-0/0/1.0
set class-of-service forwarding-classes queue 1 CS1
set class-of-service forwarding-classes queue 2 CS2
set class-of-service forwarding-classes queue 3 CS3
set class-of-service forwarding-classes queue 4 CS4
set security forwarding-options family inet6 mode packet-based
set security forwarding-options family mpls mode packet-based
set firewall family inet filter MF term CS3 from dscp cs3
set firewall family inet filter MF term CS3 then forwarding-class CS3
set firewall family inet filter MF term CS3 then accept
set firewall family inet filter MF term ELSE then accept

####################################################################################

What am I missing ?

Much appreciated!!

Hi,

I would suggest to try 2 things

• Try to use IP address instead of interface as next-hop in COS forwarding policy.
• In policy statement itself, I think accept action is unnecessary for T1 term, just COS next-hop-map should be enough.

Hi everyone,

I am trying to understand class based forwarding, I have built a sample topology in EVE-NG 

SRX is running in packet mode. We are running OSPF between SRX1 and SRX2 on  all interfaces ( ge-0/0/0, ge-0/0/1, ge-0/0/2, ge-0/0/3).

SRX1 is learning 199.199.199.0/24 over all three links:

Linux8 machine is sending traffic with DSCP  CS3 to 199.199.199.199 ( linux6).

I want to use class based forwarding  to direct all traffic received on ge-0/0/0  with DSCP CS3 to next hop ge-0/0/1. 

In order to accomplish, this I have deployed following config on SRX1 but it is not working.

MF filter defined and applied under ge-0/0/0 on SRX1:

set firewall family inet filter MF term CS3 from dscp cs3
set firewall family inet filter MF term CS3 then forwarding-class CS3
set firewall family inet filter MF term CS3 then accept

set interfaces ge-0/0/0 unit 0 family inet filter input MF
set interfaces ge-0/0/0 unit 0 family inet address 188.188.188.1/24

A class  based forwarding policy is configured:

set class-of-service forwarding-policy next-hop-map TEST forwarding-class CS3 next-hop ge-0/0/1.0

A policy is defined referencing the above CBF:

set policy-options policy-statement CBF term T1 then cos-next-hop-map TEST
set policy-options policy-statement CBF term T1 then accept

This policy is then applied to forwarding table:

set routing-options forwarding-table export CBF

But SRX1 is not using ge-0/0/1 for the traffic. I verified Linux8 is sending traffic with DSCP CS3:

Below is the full config on SRX1:

set version 12.1X47-D20.7
set system host-name SRX1
set interfaces ge-0/0/0 unit 0 family inet filter input MF
set interfaces ge-0/0/0 unit 0 family inet address 188.188.188.1/24
set interfaces ge-0/0/1 unit 0 family inet address 100.100.100.1/24
set interfaces ge-0/0/2 unit 0 family inet address 200.200.200.1/24
set interfaces ge-0/0/3 unit 0 family inet address 201.201.201.1/24
set routing-options forwarding-table export CBF
set protocols ospf area 0.0.0.0 interface all
set policy-options policy-statement CBF term T1 then cos-next-hop-map TEST
set policy-options policy-statement CBF term T1 then accept
set policy-options policy-statement LB then load-balance per-packet
set policy-options policy-statement LB then accept
set class-of-service forwarding-policy next-hop-map TEST forwarding-class CS3 next-hop ge-0/0/1.0
set class-of-service forwarding-classes queue 1 CS1
set class-of-service forwarding-classes queue 2 CS2
set class-of-service forwarding-classes queue 3 CS3
set class-of-service forwarding-classes queue 4 CS4
set security forwarding-options family inet6 mode packet-based
set security forwarding-options family mpls mode packet-based
set firewall family inet filter MF term CS3 from dscp cs3
set firewall family inet filter MF term CS3 then forwarding-class CS3
set firewall family inet filter MF term CS3 then accept
set firewall family inet filter MF term ELSE then accept

####################################################################################

What am I missing ?

Much appreciated!!