Class of Service - Darren's Blog

10/6/2017 Class Of Service | Darren's Blog
Darren's Blog
Google Engineer. Dual CCIE #38070. JNCIE-SP #2227
Tag: class of service
Junos and IOS QoS – Part 4 of 4 –

Hierarchical QoS
Brad Fleming from Kanren gave me remote access to a lab MX5 router in order
to do the Junos section of this port for when I am very grateful!
There are many di erent needs for H-QoS and may di erent ways to con gure
it. I’m going to be going over one particular use case for H-QoS in which I use
on a daily basis. More so than any other type of QoS, H-QoS is very hardware
speci c. Even line-card speci c. In this post I’ll be using a Juniper MX5 and a
Cisco ME3600X, both which allow me to do H-QoS on their gig ports.
My use case is as follows. Core gig ports are not cheap. ‘Revenue ports’ as ISPs
like to call them. Most core kit has a load of gig ports, some 10Gb ports and
maybe 40Gb/100Gb ports.
Not all customers want 1 gig link. Some want 10Mb, others 50Mb, some 300Mb.
Heck some only want 4Mb. In order not to waste precious revenue ports, these
circuits are aggregated into a single physical gig port. i.e. we can put 10 X
100Mb circuits onto a single gig link.
The bigggest problem with doing this is that it gets di cult to give QoS
outbound back to the customer unless your hardware can do H-QoS. Let’s take
the following port diagram as an example:
https://mellowd.co.uk/ccie/?tag=class-of-service 1/23
The physical port is 1Gb. Here I have two customer circuits attached. Customer
A is paying for 20Mb while Customer B is paying for 70Mb. Not only do I want
to shape their respective queues, I also want to give 30% priority bandwidth to
each customer, inside each queue. So I need to shape vlan 2000 to 20Mb, and
inside that 20Mb ensure 30% is given to EF packets.
IOS
In IOS I create the child and parent policies.
policy-map 30_70
class EF
priority
police cir percent 30 conform-action transmit exceed-action drop
class class-default
queue-limit percent 100
!
policy-map 20Mb
class class-default
shape average 20000000
service-policy 30_70
!
policy-map 70Mb
class class-default
service-policy 30_70
Each policy can then attach to an EVC outbound on a physical port:
ME3600X#sh run int gi0/1

Building configuration...
Current configuration : 674 bytes

!
interface GigabitEthernet0/1
switchport trunk allowed vlan none
switchport mode trunk
mtu 9800
service instance 1 ethernet
description CUSTOMER1
encapsulation dot1q 2000
rewrite ingress tag pop 1 symmetric
service-policy output 20Mb
bridge-domain 150
!
service instance 2 ethernet
description CUSTOMER2
encapsulation dot1q 2001
rewrite ingress tag pop 1 symmetric
service-policy output 70Mb
bridge-domain 150
!
end
JUNOS
H-QoS on Junos is done using a tra c-control pro le. This allows you to shape
to a speci c rate, attach a scheduler inside that pro le, and attach that pro le
to an interface.
First let’s create our schedulers and scheduler-map:
darreno> show configuration class-of-service schedulers

EF {
transmit-rate {
percent 30;
exact;
}
priority high;
}
BE {
transmit-rate {
remainder;
}
}
darreno> show configuration class-of-service scheduler-maps

OUTBOUND {
forwarding-class expedited-forwarding scheduler EF;
forwarding-class best-effort scheduler BE;
}
Now we create our tra c pro les and attach the above scheduler-map to it;
darreno> show configuration class-of-service traffic-control-profiles

20Mb {
scheduler-map OUTBOUND;
shaping-rate 20m;
70Mb {
scheduler-map OUTBOUND;
shaping-rate 70m;
}
Attach the pro le to the interface under class-of-service:
darreno> show configuration class-of-service interfaces

ge-1/0/0 {
unit 2000 {
output-traffic-control-profile 20Mb;
}
unit 2001 {
output-traffic-control-profile 70Mb;
}
}
Note that you need to con gure hierarchical-scheduler under the interface
itself:
darreno> show configuration interfaces ge-1/0/0

hierarchical-scheduler;
vlan-tagging;
unit 2000 {
description "Customer 1";
vlan-id 2000;
}
unit 2001 {
description "Customer 2";
vlan-id 2001;
}
VERIFICATION
IOS still has much better veri cation than Junos. I don’t know why Junos makes
it so di cult to view this kind of information. When using service instances in
IOS as above, the veri cation command has changed a bit, somewhat
annoyingly.
ME3600X#sh ethernet service instance policy-map

GigabitEthernet0/1: EFP 1
Service-policy output: 20Mb
Class-map: class-default (match-any)

578 packets, 45186 bytes
5 minute offered rate 1000 bps, drop rate 0000 bps
Match: any
Traffic Shaping
Average Rate Traffic Shaping
Shape 20000 (kbps)
Output Queue:
Default Queue-limit 49152 bytes
Tail Packets Drop: 0
Tail Bytes Drop: 0
Service-policy : 30_70
Class-map: EF (match-all)
0 packets, 0 bytes
Match: dscp ef (46)

Strict Priority
police:
cir percent 30 % bc 250 ms
cir 6000000 bps, bc 187500 bytes
conform-action transmit
exceed-action drop
conform: 0 (packets) 0 (bytes)
exceed: 0 (packets) 0 (bytes)
conform: 0 bps, exceed: 0 bps
Queue-limit current-queue-depth 0 bytes
Output Queue:
Tail Bytes Drop: 0

Match: any
Queue-limit 100 percent
Output Queue:
Tail Bytes Drop: 0
GigabitEthernet0/1: EFP 2
Service-policy output: 70Mb

Match: any
Traffic Shaping
Average Rate Traffic Shaping
Shape 70000 (kbps)
Output Queue:
Tail Bytes Drop: 0
Service-policy : 30_70
0 packets, 0 bytes
Match: dscp ef (46)
Strict Priority
police:
cir percent 30 % bc 250 ms
cir 21000000 bps, bc 656250 bytes
conform-action transmit
exceed-action drop
conform: 0 (packets) 0 (bytes)
exceed: 0 (packets) 0 (bytes)
conform: 0 bps, exceed: 0 bps
Output Queue:
Tail Bytes Drop: 0

Match: any
Queue-limit 100 percent
Output Queue:
Tail Bytes Drop: 0
5th August 2013 / JNCIE / child, cisco, class of service, cos, IOS, jcos, jncie, jncie-sp, Juniper, junos,
parent, qos, quality of service, scheduler, sp / 4 Comments

Shaping to EVC speed with priority
An ethernet physical port can only run at certain speeds. i.e. 10/100/1Gb/etc –
Often customer will purchase a sublevel of bandwidth on that bearer speed. For
example Customer A wants to buy 30Mb of bandwidth. You can’t run the
physicla ports at 30Mb, so the ISP will have the interface run at 100Mb and
police inbound at 30Mb.
This makes QoS jus a little more complicated. All the ratios we’ve used in the
past will ratio themselves at the WAN port’s physical speed. Also the router will
not know that if 40Mb of burst comes from the LAN, that the actual bandwidth
is only 30Mb.
In this case, you need to rst shape all tra c to 30Mb, and then inside that
shaped queue give priory bandwidth to voice etc..
IOS
IOS uses the concept of parent/child policy maps. The parent will shape the
queue, while the child policy attached will give each queue their respective
bandwidths and priority.
policy-map PARENT
class class-default
service-policy CHILD
!
policy-map CHILD
class EF
priority percent 10
police cir percent 10 conform-action transmit exceed-action drop
class class-default
bandwidth remaining percent 100
!
interface FastEthernet0/0
ip address 10.0.0.1 255.255.255.0
service-policy output PARENT
In this policy the parent policy creates a queue with a bandwidth limit of 30Mb.
Inside that policy rests another that gives EF packets 10 percent of priority
bandwidth of that initial 30Mb queue. I’m also policing that queue as I don’t
want the priority queue to starve other tra c. All other tra c gets 90-100% of
the bandwidth, depending on how much priority tra c is in the queue at any
one time.
JUNOS
As with most QoS topics, the following con guration is quite hardware speci c.
I’ve done the following on an SRX210H. Your con guration might change when
doing the same sort of thing on a M/MX/DC SRX/etc so YMMV.
Create the schedulers:
darreno@JR2> show configuration class-of-service schedulers

EF10 {
transmit-rate {
percent 10;
exact;
}
}
BE_REST {
transmit-rate {
remainder {
100;
}
}
}
Put the above schedulers into a schedule-map:
darreno@JR2> show configuration class-of-service scheduler-maps

SCHEDULE {
forwarding-class expedited-forwarding scheduler EF10;
forwarding-class best-effort scheduler BE_REST;
}
Finally apply that map to the interface under class-of-service and con gure the
interface shape rate:
darreno@JR2> show configuration class-of-service interfaces ge-0/0/1

unit 2001 {
scheduler-map SCHEDULE;
shaping-rate 30m;
}
In order for the above to work I need to con gure per-unit-scheduler on the
physical interface:
darreno@JR2> show configuration interfaces ge-0/0/1

per-unit-scheduler;
VERIFICATION
Simple again in IOS:
R1#sh policy-map int fa0/0

FastEthernet0/0
Service-policy output: PARENT

Match: any
Queueing
queue limit 64 packets
(queue depth/total drops/no-buffer drops) 0/0/0
(pkts output/bytes output) 106/6360
shape (average) cir 30000000, bc 120000, be 120000
target shape rate 30000000
Service-policy : CHILD
queue stats for all priority classes:

Queueing
0 packets, 0 bytes
Match: dscp ef (46)
Priority: 10% (3000 kbps), burst bytes 75000, b/w exceed drops:
0
police:
cir 10 %
cir 3000000 bps, bc 93750 bytes
conformed 0 packets, 0 bytes; actions:
transmit
exceeded 0 packets, 0 bytes; actions:
drop
conformed 0000 bps, exceeded 0000 bps

Match: any
Queueing
bandwidth remaining 100%
We can see the entire queue is 30Mb. Inside that queue EF tra c has priority
bandwidth of 3000kbps (10% of 30Mb) – All other tra c has anything left up to
30Mb
On Junos its a bit cryptic again:
darreno@JR2> show class-of-service interface ge-0/0/1

Physical interface: ge-0/0/1, Index: 135
Queues supported: 8, Queues in use: 4
Scheduler map: , Index: 2
Congestion-notification: Disabled
Logical interface: ge-0/0/1.2001, Index: 71

Shaping rate: 30000000
Object Name Type
Index
Scheduler-map SCHEDULE Output
2878
I wanted to do a more in-depth post on H-QoS but this SRX doesn’t support it. I
don’t currently have an MX in the lab (only in the eld) so hopefully soon…
1st August 2013 / JNCIE / child, cisco, class of service, cos, IOS, jcos, jncie, jncie-sp, Juniper, junos,
parent, qos, quality of service, scheduler, sp / 1 Comment

Schedulers and policy-maps
Going back to the diagram we used in part 1. Let’s say that we want to shape
certain tra c to certain bandwidths under congestion. I want EF packets to get
20Mb priority, AF31 packets to get 50Mb and whatever is left to get 30Mb. I
want to enable WRED in the BE queue, and also modify the default WRED
pro le.
I’m going to take the assumption that packets have already been marked
correctly as shown in my rst post.
IOS
IOS is very simple in it’s con guration:
policy-map OUTBOUND_QOS
class EF
priority 20000
class AF31
bandwidth 50000
class class-default
random-detect dscp-based
random-detect dscp 0 20 40 5
!
ip address 10.0.0.1 255.255.255.252
service-policy output OUTBOUND_QOS
There are three classes in the service policy. Class EF has priority 20Mb, class
AF31 has bandwidth 50Mb, and class-default has all that’s left. I’ve also set up
WRED and it will start to drop packets when the queue level hits 20. One it hits
40 it’ll be dropping 20% of all packets (1/5) and any more packets will cause
tail-drop.
Junos
In Junos, we rst create our RED pro le:
darreno@JR2> show configuration class-of-service drop-profiles

relaxed {
fill-level 50 drop-probability 10;
}
We then create our schedulers, which tells Junos how to treat each queue:
darreno@JR2> show configuration class-of-service schedulers

EF {
transmit-rate 20m;
priority strict-high;
}
AF31 {
transmit-rate 50m;
}
BE {
transmit-rate 30m;
drop-profile-map loss-priority any protocol any drop-profile relaxed;
}
We then create a scheduler-map, which tells Junos what tra c belongs in each
queue:
darreno@JR2> show configuration class-of-service scheduler-maps

OUTBOUND-QOS {
forwarding-class expedited-forwarding scheduler EF;
forwarding-class assured-forwarding scheduler AF31;
forwarding-class best-effort scheduler BE;
}
Finally this is applied to the interface. Note that this happens under the class-
of-service stanza and NOT the actual interface stanza:
darreno@JR2> show configuration class-of-service interfaces

fe-0/0/7 {
scheduler-map OUTBOUND-QOS;
}
Veri cation
The best command for checking a service policy applied to an interface is show
policy-map interface interface-name:
R1#sh policy-map interface fa0/0

FastEthernet0/0
Service-policy output: OUTBOUND_QOS
queue stats for all priority classes:

Queueing
0 packets, 0 bytes
Match: dscp ef (46)
Priority: 20000 kbps, burst bytes 500000, b/w exceed drops: 0
Class-map: AF31 (match-all)

0 packets, 0 bytes
Match: dscp af31 (26)
Queueing
bandwidth 50000 kbps

Match: any

Exp-weight-constant: 9 (1/512)
Mean queue depth: 0 packets
dscp Transmitted Random drop Tail drop
Minimum Maximum Mark
pkts/bytes pkts/bytes pkts/bytes
thresh thresh prob
default 554/33240 0/0 0/0

20 40 1/5
This shows each of the queues as well as our RED pro le attached to the class-
default queue.
On Junos its a bit more cryptic. To see the bandwidth attached to each queue:
darreno@JR2> show interfaces fe-0/0/7 extensive | find "CoS information"

CoS information:
Direction : Output
CoS transmit queue Bandwidth Buffer
Priority Limit
% bps % usec
0 best-effort 30 30000000 r 0
low none
1 expedited-forwarding 20 20000000 r 0
strict-high none
2 assured-forwarding 50 50000000 r 0
low none
Interface transmit statistics: Disabled
Logical interface fe-0/0/7.0 (Index 75) (SNMP ifIndex 520) (Generation

140)
Flags: Device-Down SNMP-Traps 0x0 Encapsulation: ENET2
Traffic statistics:
Input bytes : 2426330700
Output bytes : 90196588
Input packets: 1770438
Output packets: 872568
etc etc etc
To see the bits in each queue:
darreno@JR2> show interfaces queue fe-0/0/7

Physical interface: fe-0/0/7, Enabled, Physical link is Down
Interface index: 141, SNMP ifIndex: 519
Forwarding classes: 8 supported, 4 in use
Egress queues: 8 supported, 4 in use
Queue: 0, Forwarding classes: best-effort
Queued:
Packets : 863884 0
pps
Bytes : 106578924 0
bps
Transmitted:
Packets : 863884 0
pps
Bytes : 106578924 0
bps
Tail-dropped packets : 0 0
pps
RED-dropped packets : 0 0
pps
Low : 0 0
pps
Medium-low : 0 0
pps
Medium-high : 0 0
pps
High : 0 0
pps
RED-dropped bytes : 0 0
bps
Low : 0 0
bps
Medium-low : 0 0
bps
Medium-high : 0 0
bps
High : 0 0
bps
Queue: 1, Forwarding classes: expedited-forwarding
Queued:
Packets : 0 0
pps
Bytes : 0 0
bps
Transmitted:
Packets : 0 0
pps
Bytes : 0 0
bps
pps
pps
Low : 0 0
pps
Medium-low : 0 0
pps
Medium-high : 0 0
pps
High : 0 0
pps
bps
Low : 0 0
bps
Medium-low : 0 0
bps
Medium-high : 0 0
bps
High : 0 0
bps
Queue: 2, Forwarding classes: assured-forwarding
Queued:
Packets : 0 0
pps
Bytes : 0 0
bps
Transmitted:
Packets : 0 0
pps
Bytes : 0 0
bps
pps
pps
Low : 0 0
pps
Medium-low : 0 0
pps
Medium-high : 0 0
pps
High : 0 0
pps
bps
Low : 0 0
bps
Medium-low : 0 0
bps
Medium-high : 0 0
bps
High : 0 0
bps
Queue: 3, Forwarding classes: network-control
Queued:
Packets : 8684 0
pps
Bytes : 451568 0
bps
Transmitted:
Packets : 8684 0
pps
Bytes : 451568 0
bps
pps
pps
Low : 0 0
pps
Medium-low : 0 0
pps
Medium-high : 0 0
pps
High : 0 0
pps
bps
Low : 0 0
bps
Medium-low : 0 0
bps
Medium-high : 0 0
bps
High : 0 0
bps
I must admit, I much prefer the Cisco implementation of show policy-map

interfaces
31st July 2013 / JNCIE / child, cisco, class of service, cos, IOS, jcos, jncie, jncie-sp, Juniper, junos,
parent, qos, quality of service, scheduler, sp / 3 Comments

Marking traf c
While the concepts of QoS on vendor platforms are similar, the actual
con guration is very di erent. I wanted to do a few posts on the di erences
between Junos and IOS on the normal QoS things that I do on a day to day basis.
For this rst post I’m going to use a very simple diagram:
On the LAN are hosts with soft-phones. These phones use speci c ports but do
not mark packets sent with DSCP EF. Our goal here is to ensure voice packets
are marked. Any UDP packet with a port number of 5060 I will mark with DSCP
EF.
IOS
IOS is very simple indeed. You match the kind of tra c you want in an ACL,
create a service-policy using that ACL, mark the packets in that policy:
access-list 100 permit udp any eq 5060 any eq 5060

!
class-map match-all VOICE
match access-group 100
!
policy-map MARK-TRAFFIC
class VOICE
set dscp ef
!
ip address 10.0.0.1 255.255.255.0
service-policy input MARK-TRAFFIC
Junos
Junos is more complicated. Juniper call marking via matching on parts of a

packet a multi eld classi cation. Multi eld classi cation works by matching
terms in a rewall lter. The DSCP value is not directly set in the rewall lter.
Rather the lter places a packet in a speci c queue. It’s the queue outbound that
sets the actual dscp value in the packet.
First let’s create the classi cation I need:
darreno@JR2> show configuration class-of-service

classifiers {
dscp MARK-TRAFFIC {
forwarding-class expedited-forwarding {
loss-priority low code-points ef;
}
}
}
There is a built-in queue called expedited-forwarding. You cna rename these if

you wish and add more queues. In the con guration above it states that any
packet in this queue will be marked with DSCP EF.
darreno@JR2> show configuration firewall

family inet {
filter VOICE {
term VOICE {
from {
protocol udp;
source-port 5060;
destination-port 5060;
}
then {
forwarding-class expedited-forwarding;
accept;
}
}
term CATCH-ALL {
then accept;
}
}
}
In the rewall statement, any packet that matches UDP with source and
destination port equal to 5060 will be placed in the expedited-forwarding
queue. As this is a rewall lter, I need to still allow the packets through. I also
need a catch-all at the end otherwise any packet not matching the rst
statement is dropped.
Finally the lter will be applied inbound on the LAN interface:
darreno@JR2> show configuration interfaces fe-0/0/7.0

family inet {
filter {
input VOICE;
}
address 10.2.2.1/24;
}
Both terms above will mark the needed packets as DSCP EF. All others will not
be changed.
Certain Juniper platforms do support the setting of the DSCP value inbound, but
it seems to be very hardware speci c
UPDATE (03/09/2013)
As a few have pointed out, I’m not actually marking anything here, I’m only
classifying. My bad. In order to actually mark a packet you need to use rewrite
rules. Junos has a few built-in, but you can make your own as well:
darreno@JR1> show class-of-service rewrite-rule

Rewrite rule: dscp-default, Code point type: dscp, Index: 31
Forwarding class Loss priority Code point
best-effort low 000000
best-effort high 000000
expedited-forwarding low 101110
expedited-forwarding high 101110
assured-forwarding low 001010

assured-forwarding high 001100
network-control low 110000
network-control high 111000
etc etc etc
The default will ensure that EF tra c is marked 101110 which is DSCP value 46.
We apply this rewrite to an interface like so:
darreno@JR1> show configuration class-of-service

interfaces {
ge-0/0/0 {
unit 50 {
rewrite-rules {
dscp default;
}
}
}
}
Of course you can create your own rewrite rules, but I’m just going for the easy
way out above.
30th July 2013 / JNCIE / child, cisco, class of service, cos, IOS, jncie, jncie-sp, Juniper, junos, parent,
qos, quality of service, scheduler / 6 Comments
Darren's Blog / Proudly powered by WordPress
© 2009-2017 Darren O'Connor All Rights Reserved -- Copyright notice by Blog Copyright

Class of Service - Darren's Blog

Încărcat de

Informații document

Titlu original

Drepturi de autor

Formate disponibile

Partajați acest document

Partajați sau inserați document

Opțiuni de partajare

Vi se pare util acest document?

Este necorespunzător acest conținut?

Drepturi de autor:

Formate disponibile

Class of Service - Darren's Blog

Încărcat de

Drepturi de autor:

Formate disponibile

10/6/2017 Class Of Service | Darren's Blog

Tag: class of service

Junos and IOS QoS – Part 4 of 4 –

In IOS I create the child and parent policies.

Each policy can then attach to an EVC outbound on a physical port:

ME3600X#sh run int gi0/1

Current configuration : 674 bytes

darreno> show configuration class-of-service schedulers

darreno> show configuration class-of-service scheduler-maps

darreno> show configuration class-of-service traffic-control-profiles

Attach the pro le to the interface under class-of-service:

darreno> show configuration class-of-service interfaces

darreno> show configuration interfaces ge-1/0/0

ME3600X#sh ethernet service instance policy-map

Service-policy output: 20Mb

Class-map: class-default (match-any)

Match: dscp ef (46)

Class-map: class-default (match-any)

Service-policy output: 70Mb

Class-map: class-default (match-any)

Class-map: class-default (match-any)

Junos and IOS QoS – Part 3 of 4 –

Create the schedulers:

darreno@JR2> show configuration class-of-service schedulers

Put the above schedulers into a schedule-map:

darreno@JR2> show configuration class-of-service scheduler-maps

darreno@JR2> show configuration class-of-service interfaces ge-0/0/1

darreno@JR2> show configuration interfaces ge-0/0/1

Simple again in IOS:

R1#sh policy-map int fa0/0

Service-policy output: PARENT

Class-map: class-default (match-any)

queue stats for all priority classes:

Class-map: class-default (match-any)

On Junos its a bit cryptic again:

darreno@JR2> show class-of-service interface ge-0/0/1

Logical interface: ge-0/0/1.2001, Index: 71

Junos and IOS QoS – Part 2 of 4 –

IOS is very simple in it’s con guration:

darreno@JR2> show configuration class-of-service drop-profiles

darreno@JR2> show configuration class-of-service schedulers

darreno@JR2> show configuration class-of-service scheduler-maps

darreno@JR2> show configuration class-of-service interfaces

R1#sh policy-map interface fa0/0

Service-policy output: OUTBOUND_QOS

queue stats for all priority classes:

Class-map: AF31 (match-all)

Class-map: class-default (match-any)

queue limit 64 packets

default 554/33240 0/0 0/0

darreno@JR2> show interfaces fe-0/0/7 extensive | find "CoS information"

Logical interface fe-0/0/7.0 (Index 75) (SNMP ifIndex 520) (Generation

etc etc etc

To see the bits in each queue:

darreno@JR2> show interfaces queue fe-0/0/7

I must admit, I much prefer the Cisco implementation of show policy-map

Junos and IOS QoS – Part 1 of 4 –

access-list 100 permit udp any eq 5060 any eq 5060

Junos is more complicated. Juniper call marking via matching on parts of a

First let’s create the classi cation I need:

darreno@JR2> show configuration class-of-service

There is a built-in queue called expedited-forwarding. You cna rename these if

darreno@JR2> show configuration firewall