Where Junos3 is a Juniper, and R1 and R2 are Cisco. Configuration CLASSI FI CATI ON lab@Junos3# show firewall family inet filter classify-traffic { term sip { from { protocol [ tcp udp ]; port 5060; } then { forwarding-class voip; accept; } } term rtp { from { protocol udp; port 16384-32767; } then { forwarding-class voip; accept; } } term telnet { from { protocol tcp; port 23; } then { forwarding-class admin; accept; } } term ping { from { protocol icmp; } then { forwarding-class admin; accept; } } term accept-all { then accept; } } QUEUES AND SCHEDULER MAPS lab@Junos3# show class-of-service forwarding-classes { queue 1 admin; queue 2 voip; }
interfaces { ge-0/0/1 { scheduler-map my-sched-map; } ge-1/0/1 { scheduler-map my-sched-map; } } lab@Junos3# show firewall family inet | display set set firewall family inet filter classify-traffic term sip from protocol tcp set firewall family inet filter classify-traffic term sip from protocol udp set firewall family inet filter classify-traffic term sip from port 5060 set firewall family inet filter classify-traffic term sip then forwarding- class voip set firewall family inet filter classify-traffic term sip then accept set firewall family inet filter classify-traffic term rtp from protocol udp set firewall family inet filter classify-traffic term rtp from port 16384- 32767 set firewall family inet filter classify-traffic term rtp then forwarding- class voip set firewall family inet filter classify-traffic term rtp then accept set firewall family inet filter classify-traffic term telnet from protocol tcp set firewall family inet filter classify-traffic term telnet from port 23 set firewall family inet filter classify-traffic term telnet then forwarding- class admin set firewall family inet filter classify-traffic term telnet then accept set firewall family inet filter classify-traffic term ping from protocol icmp set firewall family inet filter classify-traffic term ping then forwarding- class admin set firewall family inet filter classify-traffic term ping then accept set firewall family inet filter classify-traffic term accept-all then accept
lab@Junos3# show class-of-service | display set set class-of-service forwarding-classes queue 1 admin set class-of-service forwarding-classes queue 2 voip set class-of-service interfaces ge-0/0/1 scheduler-map my-sched-map set class-of-service interfaces ge-1/0/1 scheduler-map my-sched-map set class-of-service scheduler-maps my-sched-map forwarding-class best-effort scheduler best-effort-sched set class-of-service scheduler-maps my-sched-map forwarding-class admin scheduler admin-sched set class-of-service scheduler-maps my-sched-map forwarding-class voip scheduler voip-sched set class-of-service scheduler-maps my-sched-map forwarding-class network- control scheduler network-control-sched set class-of-service schedulers best-effort-sched transmit-rate percent 40 set class-of-service schedulers best-effort-sched buffer-size percent 40 set class-of-service schedulers best-effort-sched priority low set class-of-service schedulers admin-sched transmit-rate percent 45 set class-of-service schedulers admin-sched buffer-size percent 45 set class-of-service schedulers admin-sched priority medium-low set class-of-service schedulers voip-sched transmit-rate percent 10 set class-of-service schedulers voip-sched buffer-size percent 10 set class-of-service schedulers voip-sched priority high set class-of-service schedulers network-control-sched transmit-rate percent 5 set class-of-service schedulers network-control-sched buffer-size percent 5 set class-of-service schedulers network-control-sched priority medium-high VERIFICATION Clear interface queue statistic with the following command lab@Junos3> clear interfaces statistics all
lab@Junos3> show interfaces queue ge-0/0/1 Physical interface: ge-0/0/1, Enabled, Physical link is Up Interface index: 134, SNMP ifIndex: 508 Description: DEVNET-R6-6509 GE1/21 Forwarding classes: 8 supported, 4 in use Egress queues: 8 supported, 4 in use Queue: 0, Forwarding classes: best-effort Queued: Packets : 0 0 pps Bytes : 0 0 bps Transmitted: Packets : 0 0 pps Bytes : 0 0 bps Tail-dropped packets : 0 0 pps RED-dropped packets : 0 0 pps Low : 0 0 pps Medium-low : 0 0 pps Medium-high : 0 0 pps High : 0 0 pps RED-dropped bytes : 0 0 bps Low : 0 0 bps Medium-low : 0 0 bps Medium-high : 0 0 bps High : 0 0 bps ... Generating VOIP traffic from R2 to R1 with SIP signalling by telnetting to R1 port TCP=5060, and confirm that the the traffic get queued on the Junos3 outbound interface to R1. R2#telnet 13.0.0.1 5060 Trying 13.0.0.1, 5060 ... % Connection refused by remote host
lab@Junos3> show interfaces queue ge-0/0/1 | find voip Queue: 2, Forwarding classes: voip Queued: Packets : 3 0 pps Bytes : 180 0 bps Transmitted: Packets : 3 0 pps Bytes : 180 0 bps Tail-dropped packets : 0 0 pps RED-dropped packets : 0 0 pps Low : 0 0 pps Medium-low : 0 0 pps Medium-high : 0 0 pps High : 0 0 pps RED-dropped bytes : 0 0 bps Low : 0 0 bps Medium-low : 0 0 bps Medium-high : 0 0 bps High : 0 0 bps Generating admin traffic by telnetting from R2 to R1 via normal telnet TCP port=23, and confirm the same: R2#telnet 13.0.0.1 Trying 13.0.0.1 ... Open
lab@Junos3> show interfaces queue ge-0/0/1 | find admin Queue: 1, Forwarding classes: admin Queued: Packets : 51 0 pps Bytes : 3066 0 bps Transmitted: Packets : 51 0 pps Bytes : 3066 0 bps Tail-dropped packets : 0 0 pps RED-dropped packets : 0 0 pps Low : 0 0 pps Medium-low : 0 0 pps Medium-high : 0 0 pps High : 0 0 pps RED-dropped bytes : 0 0 bps Low : 0 0 bps Medium-low : 0 0 bps Medium-high : 0 0 bps High : 0 0 bps For the demonstration purpose, ICMP is classified into the admin, so we can generate a lot of admin traffic with extended ping packets from R2 to R1 as well. In practice, surely ICMP should not be part of admin traffic. Note: By default, J series routers come with default Firewall setting. To remove this totally, we need to delete the state full firewall function, and enable the packet based mode. delete security set security forwarding-options family mpls mode packet-based
Evaluation of Some Websites that Offer Virtual Phone Numbers for SMS Reception and Websites to Obtain Virtual Debit/Credit Cards for Online Accounts Verifications