Hi,
I try to mark packets enter the SRX with appropriate forwarding-class, but I think it not work as expected. I use Netflow Analyzer (NFA) to monitor packet flow and I find that all packet are best effort. I really appreciate if someone can help.
I also want add qos marking to ipsec vpn packet so our provider router (PE) can forward ipsec vpn packet to appropriate forwarding-class. Anyone know how to this?
Juniper SRX240 with Junos 10.3
interfaces {
ge-0/0/1 {
description "LAN";
unit 0 {
family inet {
filter {
input cos;
output cos;
}
address 10.254.254.254/27;
}
}
}
ge-0/0/2 {
description "WAN";
unit 0 {
family inet {
filter {
input cos;
output cos;
}
sampling {
input;
output;
}
address 10.254.254.222/27;
}
}
}
lo0 {
unit 0 {
family inet {
address 10.1.5.254/32;
}
}
}
st0 {
unit 0 {
family inet;
}
}
}
forwarding-options {
sampling {
input {
rate 1;
}
family inet {
output {
flow-server 10.254.254.250 {
port 9996;
source-address 10.1.5.254;
version 5;
}
}
}
}
}
firewall {
filter cos {
term 1 {
from {
destination-port http;
}
then {
sample;
loss-priority low;
forwarding-class assured-forwarding;
}
}
term 2 {
from {
destination-port [ ftp ftp-data ];
}
then {
sample;
loss-priority low;
forwarding-class assured-forwarding;
}
}
term 3 {
then {
sample;
accept
}
}
}
}
class-of-service {
classifiers {
inet-precedence qos-classifier {
forwarding-class best-effort {
loss-priority low code-points 000;
}
forwarding-class assured-forwarding {
loss-priority low code-points 011;
}
forwarding-class expedited-forwarding {
loss-priority low code-points 101;
}
forwarding-class network-control {
loss-priority low code-points 110;
}
}
}
interfaces {
ge-0/0/1 {
unit 0 {
classifiers {
inet-precedence qos-classifier;
}
rewrite-rules {
inet-precedence access;
}
}
}
ge-0/0/2 {
unit 0 {
classifiers {
inet-precedence qos-classifier;
}
rewrite-rules {
inet-precedence access;
}
}
}
}
rewrite-rules {
inet-precedence access {
forwarding-class best-effort {
loss-priority low code-point 000;
loss-priority high code-point 000;
}
forwarding-class assured-forwarding {
loss-priority low code-point 011;
loss-priority high code-point 011;
}
forwarding-class expedited-forwarding {
loss-priority low code-point 110;
loss-priority high code-point 110;
}
}
}
scheduler-maps {
map-access {
forwarding-class best-effort scheduler sch_be;
forwarding-class assured-forwarding scheduler sch_af;
forwarding-class expedited-forwarding scheduler sch_ef;
forwarding-class network-control scheduler sch_nc;
}
}
schedulers {
sch_be {
transmit-rate percent 15;
buffer-size percent 15;
priority low;
}
sch_af {
transmit-rate percent 40;
buffer-size percent 30;
priority low;
}
sch_ef {
transmit-rate percent 35;
buffer-size percent 10;
priority low;
}
sch_nc {
transmit-rate percent 10;
buffer-size percent 10;
priority low;
}
}
}
Thanks and Regards,
Nto