Community Talk

 View Only
last person joined: 3 days ago 

Learn how to best utilize the Elevate community and hear first about community updates.

How to configure CoS Rewrite-rules on st0 interface on Juniper SRX320 Chassis Cluster.

  • 1.  How to configure CoS Rewrite-rules on st0 interface on Juniper SRX320 Chassis Cluster.

    Posted 09-01-2021 12:47
    Hello everyone.
    I have 2 x SRX320 in cluster:
    !
    admin@srx320-01> show version
    node0:
    --------------------------------------------------------------------------
    Hostname: srx320-01
    Model: srx320
    Junos: 15.1X49-D170.4
    JUNOS Software Release [15.1X49-D170.4]

    node1:
    --------------------------------------------------------------------------
    Hostname: srx320-02
    Model: srx320
    Junos: 15.1X49-D170.4
    JUNOS Software Release [15.1X49-D170.4]

    There are 3 logical interfaces:
    !
    reth1.208 - Internet-facing logical interface
    reth1.242 - VoIP_LAN-facing logical interface
    st0.0 - VTI-based IPSec tunnel to HQ

    Below are class-of-services configuration statements:
    !
    set class-of-service classifiers dscp DSCP-MAP forwarding-class EF loss-priority low code-points 101110
    set class-of-service classifiers dscp DSCP-MAP forwarding-class CS7 loss-priority low code-points 111000
    set class-of-service classifiers dscp DSCP-MAP forwarding-class CS7 loss-priority low code-points 110000
    set class-of-service classifiers dscp DSCP-MAP forwarding-class CS5 loss-priority low code-points 101000
    set class-of-service classifiers dscp DSCP-MAP forwarding-class CS4 loss-priority low code-points 100000
    set class-of-service classifiers dscp DSCP-MAP forwarding-class CS3 loss-priority low code-points 011000
    set class-of-service classifiers dscp DSCP-MAP forwarding-class CS2 loss-priority low code-points 010000
    set class-of-service classifiers dscp DSCP-MAP forwarding-class CS1 loss-priority low code-points 001000
    set class-of-service classifiers dscp DSCP-MAP forwarding-class BE loss-priority high code-points 000000

    set class-of-service forwarding-classes queue 0 BE
    set class-of-service forwarding-classes queue 0 priority low
    set class-of-service forwarding-classes queue 1 EF
    set class-of-service forwarding-classes queue 1 priority high
    set class-of-service forwarding-classes queue 2 CS7
    set class-of-service forwarding-classes queue 2 priority high
    set class-of-service forwarding-classes queue 3 CS5
    set class-of-service forwarding-classes queue 3 priority high
    set class-of-service forwarding-classes queue 4 CS4
    set class-of-service forwarding-classes queue 4 priority low
    set class-of-service forwarding-classes queue 5 CS3
    set class-of-service forwarding-classes queue 5 priority high
    set class-of-service forwarding-classes queue 6 CS2
    set class-of-service forwarding-classes queue 6 priority low
    set class-of-service forwarding-classes queue 7 CS1
    set class-of-service forwarding-classes queue 7 priority low


    set class-of-service interfaces reth1 unit 208 scheduler-map map01
    set class-of-service interfaces reth1 unit 208 shaping-rate 150m
    set class-of-service interfaces reth1 unit 208 classifiers dscp DSCP-MAP
    set class-of-service interfaces reth1 unit 208 rewrite-rules dscp DSCP-MARK

    set class-of-service interfaces reth1 unit 242 scheduler-map map01

    set class-of-service interfaces st0 unit 0 classifiers dscp DSCP-MAP
    set class-of-service interfaces st0 unit 0 rewrite-rules dscp DSCP-MARK


    set class-of-service rewrite-rules dscp DSCP-MARK forwarding-class EF loss-priority low code-point 101110
    set class-of-service rewrite-rules dscp DSCP-MARK forwarding-class CS7 loss-priority low code-point 111000
    set class-of-service rewrite-rules dscp DSCP-MARK forwarding-class CS5 loss-priority low code-point 101000
    set class-of-service rewrite-rules dscp DSCP-MARK forwarding-class CS4 loss-priority low code-point 100000
    set class-of-service rewrite-rules dscp DSCP-MARK forwarding-class CS3 loss-priority low code-point 011000
    set class-of-service rewrite-rules dscp DSCP-MARK forwarding-class CS2 loss-priority low code-point 010000
    set class-of-service rewrite-rules dscp DSCP-MARK forwarding-class CS1 loss-priority low code-point 001000
    set class-of-service rewrite-rules dscp DSCP-MARK forwarding-class BE loss-priority high code-point 000000

    set class-of-service scheduler-maps map01 forwarding-class EF scheduler ef-scheduler
    set class-of-service scheduler-maps map01 forwarding-class BE scheduler be-scheduler
    set class-of-service scheduler-maps map01 forwarding-class CS1 scheduler cs1-scheduler
    set class-of-service scheduler-maps map01 forwarding-class CS2 scheduler cs2-scheduler
    set class-of-service scheduler-maps map01 forwarding-class CS3 scheduler cs3-scheduler
    set class-of-service scheduler-maps map01 forwarding-class CS4 scheduler cs4-scheduler
    set class-of-service scheduler-maps map01 forwarding-class CS5 scheduler cs5-scheduler
    set class-of-service scheduler-maps map01 forwarding-class CS7 scheduler cs7-scheduler

    set class-of-service schedulers ef-scheduler transmit-rate percent 25
    set class-of-service schedulers ef-scheduler buffer-size percent 25
    set class-of-service schedulers ef-scheduler priority strict-high
    set class-of-service schedulers cs7-scheduler transmit-rate percent 5
    set class-of-service schedulers cs7-scheduler buffer-size percent 5
    set class-of-service schedulers cs7-scheduler priority high
    set class-of-service schedulers cs5-scheduler transmit-rate percent 15
    set class-of-service schedulers cs5-scheduler buffer-size percent 15
    set class-of-service schedulers cs5-scheduler priority medium-high
    set class-of-service schedulers cs4-scheduler transmit-rate percent 20
    set class-of-service schedulers cs4-scheduler buffer-size percent 20
    set class-of-service schedulers cs4-scheduler priority medium-low
    set class-of-service schedulers cs3-scheduler transmit-rate percent 5
    set class-of-service schedulers cs3-scheduler buffer-size percent 5
    set class-of-service schedulers cs3-scheduler priority high
    set class-of-service schedulers cs2-scheduler transmit-rate percent 5
    set class-of-service schedulers cs2-scheduler buffer-size percent 5
    set class-of-service schedulers cs2-scheduler priority low
    set class-of-service schedulers cs1-scheduler transmit-rate percent 20
    set class-of-service schedulers cs1-scheduler buffer-size percent 20
    set class-of-service schedulers cs1-scheduler priority medium-low
    set class-of-service schedulers be-scheduler transmit-rate remainder
    set class-of-service schedulers be-scheduler buffer-size remainder
    set class-of-service schedulers be-scheduler priority low

    set firewall family inet filter vlan242_in term SIP_Mark_DSCP from source-address 172.22.105.0/24
    set firewall family inet filter vlan242_in term SIP_Mark_DSCP from destination-address 172.22.140.10/32
    set firewall family inet filter vlan242_in term SIP_Mark_DSCP from destination-port 5060-5064
    set firewall family inet filter vlan242_in term SIP_Mark_DSCP then forwarding-class CS3
    set firewall family inet filter vlan242_in term SIP_Mark_DSCP then accept
    set firewall family inet filter vlan242_in term RTP_Mark_DSCP from source-address 172.22.105.0/24
    set firewall family inet filter vlan242_in term RTP_Mark_DSCP from destination-address 172.22.140.10/32
    set firewall family inet filter vlan242_in term RTP_Mark_DSCP from protocol udp
    set firewall family inet filter vlan242_in term RTP_Mark_DSCP from destination-port 10000-20000
    set firewall family inet filter vlan242_in term RTP_Mark_DSCP then forwarding-class EF
    set firewall family inet filter vlan242_in term RTP_Mark_DSCP then accept
    set firewall family inet filter vlan242_in term default then forwarding-class CS1
    set firewall family inet filter vlan242_in term default then accept

    set interfaces reth1 unit 242 description VoIP
    set interfaces reth1 unit 242 vlan-id 242
    set interfaces reth1 unit 242 family inet filter input vlan242_in
    set interfaces reth1 unit 242 family inet address 172.22.105.1/24

    When I try to capture traffic on HQ Router, I see only DSCP '0' traffic.
    Please help.






    ------------------------------
    Aleksandr Korobkin
    ------------------------------