11.2.5.4. Priority Control Setting

This section describes the setting for priority control of traffic which is output from interface.

Setting not for causing communications having a specific IP address to drop, through prioritization

Presumed case for sample setting

  • To set to traffic which is output from interface (ge-0/0/1)

  • To set the restriction bandwidth of interface (ge-0/0/1) to 10 Mbps

  • To give top priority to communications initiated from virtual server (192.168.1.11) so as not to make them drop when 10 Mbps or more traffic is output from interface (ge-0/0/1)

Setting flow in a presumed case

In the setting flow, settings are to be made so that packets are sorted by the traffic input interface and priority control is performed by the output interface in accordance with the specified priority.

1.Create filter name QOS_STRICT for communications initiated from virtual server (192.168.1.11).
2.Create filter name QOS_AF for communications initiated from virtual server (192.168.3.13).
3.For communications (packets) whose source IP address is 192.168.1.0/24, set Forwarding class to expedited-forwarding and set to QOS_STRICT.
4.For communications (packets) whose source IP address is 192.168.3.0/24, set Forwarding class to assured-forwarding and set to QOS_AF.
5.Apply the QOF_STRICT filter to interface (ge-0/0/0) and the QOS_AF filter to interface (ge-0/0/2).
6.Set scheduler STRICT and set the upper-limit bandwidth to 2.1 Mbps and the priority to strict-high.
7.Set scheduler AF and set the priority to low.
8.Set scheduler map SCHE and set scheduler STRICT to expedited-forwarding.
9.Set scheduler map SCHE and set scheduler AF to assured-forwarding.
10.For scheduler map SCHE, set the upper-limit bandwidth to 10 Mbps.
11.For interface (ge-0/0/1), make a setting for scheduler operations.

Command to be entered with CLI

user01@vSRX-02# set firewall filter QOS_STRICT term 1 from source-address 192.168.1.0/24
user01@vSRX-02# set firewall filter QOS_STRICT term 1 then loss-priority low
user01@vSRX-02# set firewall filter QOS_STRICT term 1 then forwarding-class expedited-forwarding
user01@vSRX-02# set firewall filter QOS_STRICT term 1 then accept
user01@vSRX-02# set firewall filter QOS_STRICT term 2 then accept
user01@vSRX-02# set firewall filter QOS_AF term 1 from source-address 192.168.3.0/24
user01@vSRX-02# set firewall filter QOS_AF term 1 then loss-priority high
user01@vSRX-02# set firewall filter QOS_AF term 1 then forwarding-class assured-forwarding
user01@vSRX-02# set firewall filter QOS_AF term 1 then accept
user01@vSRX-02# set firewall filter QOS_AF term 2 then accept
user01@vSRX-02# set interfaces ge-0/0/0 unit 0 family inet filter input QOS_STRICT
user01@vSRX-02# set interfaces ge-0/0/2 unit 0 family inet filter input QOS_AF
user01@vSRX-02# set class-of-service schedulers STRICT shaping-rate 2100000
user01@vSRX-02# set class-of-service schedulers STRICT priority strict-high
user01@vSRX-02# set class-of-service schedulers AF priority low
user01@vSRX-02# set class-of-service scheduler-maps SCHE forwarding-class expedited-forwarding scheduler STRICT
user01@vSRX-02# set class-of-service scheduler-maps SCHE forwarding-class assured-forwarding scheduler AF
user01@vSRX-02# set class-of-service interfaces ge-0/0/1 unit 0 scheduler-map SCHE shaping-rate 10m
user01@vSRX-02# set class-of-service interfaces ge-0/0/1 unit 0 rewrite-rules dscp default
user01@vSRX-02# set interfaces ge-0/0/1 per-unit-scheduler

The configuration after completion of appropriate settings is as follows.

interfaces {
    ge-0/0/0 {
        unit 0 {
            family inet {
                filter {
                    input QOS_STRICT;
                }
                address 192.168.1.102/24;
            }
        }
    }
    ge-0/0/1 {
        per-unit-scheduler;
        unit 0 {
            family inet {
                address 192.168.2.102/24;
            }
        }
    }
    ge-0/0/2 {
        unit 0 {
            family inet {
                filter {
                    input QOS_AF;
                }
                address 192.168.3.102/24;
            }
        }
    }
}
class-of-service {
    interfaces {
        ge-0/0/1 {
            unit 0 {
                scheduler-map SCHE;
                shaping-rate 10m;
                rewrite-rules {
                    dscp default;
                }
            }
        }
    }
    scheduler-maps {
        SCHE {
            forwarding-class expedited-forwarding scheduler STRICT;
            forwarding-class assured-forwarding scheduler AF;
        }
    }
    schedulers {
        STRICT {
            shaping-rate 2100000;
            priority strict-high;
        }
        AF {
            priority low;
        }
    }
}
firewall {
    filter QOS_STRICT {
        term 1 {
            from {
                source-address {
                    192.168.1.0/24;
                }
            }
            then {
                loss-priority low;
                forwarding-class expedited-forwarding;
                accept;
            }
        }
        term 2 {
            then accept;
        }
    }
    filter QOS_AF {
        term 1 {
            from {
                source-address {
                    192.168.3.0/24;
                }
            }
            then {
                loss-priority high;
                forwarding-class assured-forwarding;
                accept;
            }
        }
        term 2 {
            then accept;
        }
    }
}

Operation check result

The verification result log below allowed to confirm that packets of the prioritized traffic do not drop when traffic was sent from virtual server (192.168.3.13) to virtual server (192.168.2.14), prioritized traffic was sent from virtual server (192.168.1.11) to virtual server (192.168.2.12) for interruption and the restriction bandwidth (10 Mbps) was exceeded.

Output status from interface (ge-0/0/1) regarding vSRX

user01@vSRX-02> show interfaces queue ge-0/0/1 | no-more
Physical interface: ge-0/0/1, Enabled, Physical link is Up
  Interface index: 136, SNMP ifIndex: 520
Forwarding classes: 8 supported, 4 in use
Egress queues: 8 supported, 4 in use
Queue: 0, Forwarding classes: best-effort
  (中略)
Queue: 1, Forwarding classes: expedited-forwarding
  Queued:
    Packets              :                  5105                     0 pps
    Bytes                :               7718760                     0 bps
  Transmitted:
    Packets              :                  5105                     0 pps
    Bytes                :               7718760                     0 bps
    Tail-dropped packets :                     0                     0 pps
    RL-dropped packets   :                     0                     0 pps
    RL-dropped bytes     :                     0                     0 bps
    RED-dropped packets  :                     0                     0 pps
     Low                 :                     0                     0 pps
     Medium-low          :                     0                     0 pps
     Medium-high         :                     0                     0 pps
     High                :                     0                     0 pps
    RED-dropped bytes    :                     0                     0 bps
     Low                 :                     0                     0 bps
     Medium-low          :                     0                     0 bps
     Medium-high         :                     0                     0 bps
     High                :                     0                     0 bps
  Queue Buffer Usage:
    Reserved buffer      :                625000 bytes
  Queue-depth bytes      :
    Current              :                     0
Queue: 2, Forwarding classes: assured-forwarding
  Queued:
    Packets              :                 51025                    15 pps
    Bytes                :              77149800                193432 bps
  Transmitted:
    Packets              :                 44792                   230 pps
    Bytes                :              67725504               2792776 bps
    Tail-dropped packets :                  2877                     0 pps
    RL-dropped packets   :                     0                     0 pps
    RL-dropped bytes     :                     0                     0 bps
    RED-dropped packets  :                  3356                     0 pps
     Low                 :                     0                     0 pps
     Medium-low          :                     0                     0 pps
     Medium-high         :                     0                     0 pps
     High                :                  3356                     0 pps
    RED-dropped bytes    :               5074272                  6040 bps
     Low                 :                     0                     0 bps
     Medium-low          :                     0                     0 bps
     Medium-high         :                     0                     0 bps
     High                :               5074272                  6040 bps
  Queue Buffer Usage:
    Reserved buffer      :                625000 bytes
  Queue-depth bytes      :
    Current              :                     0
Queue: 3, Forwarding classes: network-control
  (省略)

Log resulted when 2 Mbps traffic was applied from virtual server (192.168.1.11) to virtual server (192.168.2.12)

Log resulted when 10 Mbps traffic was applied from virtual server (192.168.3.13) to virtual server (192.168.2.14)