Community Talk

IMPORTANT MODERATION NOTICE

This community is currently under full moderation, meaning  all posts will be reviewed before appearing in the community. Please expect a brief delay—there is no need to post multiple times. If your post is rejected, you'll receive an email outlining the reason(s). We've implemented full moderation to control spam. Thank you for your patience and participation.

How to configure CoS Rewrite-rules on st0 interface on Juniper SRX320 Chassis Cluster.

  • 1.  How to configure CoS Rewrite-rules on st0 interface on Juniper SRX320 Chassis Cluster.

    Posted 09-01-2021 12:47
    Hello everyone.
    I have 2 x SRX320 in cluster:
    !
    admin@srx320-01> show version
    node0:
    --------------------------------------------------------------------------
    Hostname: srx320-01
    Model: srx320
    Junos: 15.1X49-D170.4
    JUNOS Software Release [15.1X49-D170.4]

    node1:
    --------------------------------------------------------------------------
    Hostname: srx320-02
    Model: srx320
    Junos: 15.1X49-D170.4
    JUNOS Software Release [15.1X49-D170.4]

    There are 3 logical interfaces:
    !
    reth1.208 - Internet-facing logical interface
    reth1.242 - VoIP_LAN-facing logical interface
    st0.0 - VTI-based IPSec tunnel to HQ

    Below are class-of-services configuration statements:
    !
    set class-of-service classifiers dscp DSCP-MAP forwarding-class EF loss-priority low code-points 101110
    set class-of-service classifiers dscp DSCP-MAP forwarding-class CS7 loss-priority low code-points 111000
    set class-of-service classifiers dscp DSCP-MAP forwarding-class CS7 loss-priority low code-points 110000
    set class-of-service classifiers dscp DSCP-MAP forwarding-class CS5 loss-priority low code-points 101000
    set class-of-service classifiers dscp DSCP-MAP forwarding-class CS4 loss-priority low code-points 100000
    set class-of-service classifiers dscp DSCP-MAP forwarding-class CS3 loss-priority low code-points 011000
    set class-of-service classifiers dscp DSCP-MAP forwarding-class CS2 loss-priority low code-points 010000
    set class-of-service classifiers dscp DSCP-MAP forwarding-class CS1 loss-priority low code-points 001000
    set class-of-service classifiers dscp DSCP-MAP forwarding-class BE loss-priority high code-points 000000

    set class-of-service forwarding-classes queue 0 BE
    set class-of-service forwarding-classes queue 0 priority low
    set class-of-service forwarding-classes queue 1 EF
    set class-of-service forwarding-classes queue 1 priority high
    set class-of-service forwarding-classes queue 2 CS7
    set class-of-service forwarding-classes queue 2 priority high
    set class-of-service forwarding-classes queue 3 CS5
    set class-of-service forwarding-classes queue 3 priority high
    set class-of-service forwarding-classes queue 4 CS4
    set class-of-service forwarding-classes queue 4 priority low
    set class-of-service forwarding-classes queue 5 CS3
    set class-of-service forwarding-classes queue 5 priority high
    set class-of-service forwarding-classes queue 6 CS2
    set class-of-service forwarding-classes queue 6 priority low
    set class-of-service forwarding-classes queue 7 CS1
    set class-of-service forwarding-classes queue 7 priority low


    set class-of-service interfaces reth1 unit 208 scheduler-map map01
    set class-of-service interfaces reth1 unit 208 shaping-rate 150m
    set class-of-service interfaces reth1 unit 208 classifiers dscp DSCP-MAP
    set class-of-service interfaces reth1 unit 208 rewrite-rules dscp DSCP-MARK

    set class-of-service interfaces reth1 unit 242 scheduler-map map01

    set class-of-service interfaces st0 unit 0 classifiers dscp DSCP-MAP
    set class-of-service interfaces st0 unit 0 rewrite-rules dscp DSCP-MARK


    set class-of-service rewrite-rules dscp DSCP-MARK forwarding-class EF loss-priority low code-point 101110
    set class-of-service rewrite-rules dscp DSCP-MARK forwarding-class CS7 loss-priority low code-point 111000
    set class-of-service rewrite-rules dscp DSCP-MARK forwarding-class CS5 loss-priority low code-point 101000
    set class-of-service rewrite-rules dscp DSCP-MARK forwarding-class CS4 loss-priority low code-point 100000
    set class-of-service rewrite-rules dscp DSCP-MARK forwarding-class CS3 loss-priority low code-point 011000
    set class-of-service rewrite-rules dscp DSCP-MARK forwarding-class CS2 loss-priority low code-point 010000
    set class-of-service rewrite-rules dscp DSCP-MARK forwarding-class CS1 loss-priority low code-point 001000
    set class-of-service rewrite-rules dscp DSCP-MARK forwarding-class BE loss-priority high code-point 000000

    set class-of-service scheduler-maps map01 forwarding-class EF scheduler ef-scheduler
    set class-of-service scheduler-maps map01 forwarding-class BE scheduler be-scheduler
    set class-of-service scheduler-maps map01 forwarding-class CS1 scheduler cs1-scheduler
    set class-of-service scheduler-maps map01 forwarding-class CS2 scheduler cs2-scheduler
    set class-of-service scheduler-maps map01 forwarding-class CS3 scheduler cs3-scheduler
    set class-of-service scheduler-maps map01 forwarding-class CS4 scheduler cs4-scheduler
    set class-of-service scheduler-maps map01 forwarding-class CS5 scheduler cs5-scheduler
    set class-of-service scheduler-maps map01 forwarding-class CS7 scheduler cs7-scheduler

    set class-of-service schedulers ef-scheduler transmit-rate percent 25
    set class-of-service schedulers ef-scheduler buffer-size percent 25
    set class-of-service schedulers ef-scheduler priority strict-high
    set class-of-service schedulers cs7-scheduler transmit-rate percent 5
    set class-of-service schedulers cs7-scheduler buffer-size percent 5
    set class-of-service schedulers cs7-scheduler priority high
    set class-of-service schedulers cs5-scheduler transmit-rate percent 15
    set class-of-service schedulers cs5-scheduler buffer-size percent 15
    set class-of-service schedulers cs5-scheduler priority medium-high
    set class-of-service schedulers cs4-scheduler transmit-rate percent 20
    set class-of-service schedulers cs4-scheduler buffer-size percent 20
    set class-of-service schedulers cs4-scheduler priority medium-low
    set class-of-service schedulers cs3-scheduler transmit-rate percent 5
    set class-of-service schedulers cs3-scheduler buffer-size percent 5
    set class-of-service schedulers cs3-scheduler priority high
    set class-of-service schedulers cs2-scheduler transmit-rate percent 5
    set class-of-service schedulers cs2-scheduler buffer-size percent 5
    set class-of-service schedulers cs2-scheduler priority low
    set class-of-service schedulers cs1-scheduler transmit-rate percent 20
    set class-of-service schedulers cs1-scheduler buffer-size percent 20
    set class-of-service schedulers cs1-scheduler priority medium-low
    set class-of-service schedulers be-scheduler transmit-rate remainder
    set class-of-service schedulers be-scheduler buffer-size remainder
    set class-of-service schedulers be-scheduler priority low

    set firewall family inet filter vlan242_in term SIP_Mark_DSCP from source-address 172.22.105.0/24
    set firewall family inet filter vlan242_in term SIP_Mark_DSCP from destination-address 172.22.140.10/32
    set firewall family inet filter vlan242_in term SIP_Mark_DSCP from destination-port 5060-5064
    set firewall family inet filter vlan242_in term SIP_Mark_DSCP then forwarding-class CS3
    set firewall family inet filter vlan242_in term SIP_Mark_DSCP then accept
    set firewall family inet filter vlan242_in term RTP_Mark_DSCP from source-address 172.22.105.0/24
    set firewall family inet filter vlan242_in term RTP_Mark_DSCP from destination-address 172.22.140.10/32
    set firewall family inet filter vlan242_in term RTP_Mark_DSCP from protocol udp
    set firewall family inet filter vlan242_in term RTP_Mark_DSCP from destination-port 10000-20000
    set firewall family inet filter vlan242_in term RTP_Mark_DSCP then forwarding-class EF
    set firewall family inet filter vlan242_in term RTP_Mark_DSCP then accept
    set firewall family inet filter vlan242_in term default then forwarding-class CS1
    set firewall family inet filter vlan242_in term default then accept

    set interfaces reth1 unit 242 description VoIP
    set interfaces reth1 unit 242 vlan-id 242
    set interfaces reth1 unit 242 family inet filter input vlan242_in
    set interfaces reth1 unit 242 family inet address 172.22.105.1/24

    When I try to capture traffic on HQ Router, I see only DSCP '0' traffic.
    Please help.






    ------------------------------
    Aleksandr Korobkin
    ------------------------------