JUNOSe™ Internet Software for E-series™ Routing Platforms

Policy and QoS Configuration Guide

Release 6.1.x

Juniper Networks®, Inc.
1194 North Mathilda Avenue Sunnyvale, CA 94089 USA 408-745-2000

www.juniper.net
Part Number: 162-01067-00, Revision A00

Juniper Networks, the Juniper Networks logo, NetScreen, NetScreen Technologies, the NetScreen logo, NetScreen-Global Pro, ScreenOS, and GigaScreen are registered trademarks of Juniper Networks, Inc. in the United States and other countries. The following are trademarks of Juniper Networks, Inc.: ERX, ESP, E-series, Instant Virtual Extranet, Internet Processor, J2300, J4300, J6300, J-Protect, J-series, J-Web, JUNOS, JUNOScope, JUNOScript, JUNOSe, M5, M7i, M10, M10i, M20, M40, M40e, M160, M320, M-series, MMD, NetScreen-5GT, NetScreen-5XP, NetScreen-5XT, NetScreen-25, NetScreen-50, NetScreen-204, NetScreen-208, NetScreen-500, NetScreen-5200, NetScreen-5400, NetScreen-IDP 10, NetScreen-IDP 100, NetScreen-IDP 500, NetScreen-Remote Security Client, NetScreen-Remote VPN Client, NetScreen-SA 1000 Series, NetScreen-SA 3000 Series, NetScreen-SA 5000 Series, NetScreen-SA Central Manager, NetScreen Secure Access, NetScreen-SM 3000, NetScreen-Security Manager, NMC-RX, SDX, Stateful Signature, T320, T640, and T-series. All other trademarks, service marks, registered trademarks, or registered service marks are the property of their respective owners. All specifications are subject to change without notice. Products made or sold by Juniper Networks (including the ERX-310, ERX-705, ERX-710, ERX-1410, ERX-1440, M5, M7i, M10, M10i, M20, M40, M40e, M160, M320, and T320 routers, T640 routing node, and the JUNOS, JUNOSe, and SDX-300 software) or components thereof might be covered by one or more of the following patents that are owned by or licensed to Juniper Networks: U.S. Patent Nos. 5,473,599, 5,905,725, 5,909,440, 6,192,051, 6,333,650, 6,359,479, 6,406,312, 6,429,706, 6,459,579, 6,493,347, 6,538,518, 6,538,899, 6,552,918, 6,567,902, 6,578,186, and 6,590,785. Copyright © 2005, Juniper Networks, Inc. All rights reserved. Printed in USA. JUNOSe™ Internet Software for E-series™ Routing Platforms Policy and QoS Configuration Guide, Release 6.1.x Writing: Bruce Gillham, Brian Wesley Simmons, Jane Varkonyi Editing: Ben Mann, Tony Mauro, Fran Mues Illustration: Brian Wesley Simmons, Nathaniel Woodward Cover Design: Edmonds Design Revision History 7 March 2005—Revision 1 The information in this document is current as of the date listed in the revision history. Juniper Networks assumes no responsibility for any inaccuracies in this document. Juniper Networks reserves the right to change, modify, transfer or otherwise revise this publication without notice.

Software License
The terms and conditions for using this software are described in the software license contained in the acknowledgment to your purchase order or, to the extent applicable, to any reseller agreement or end-user purchase agreement executed between you and Juniper Networks. By using this software, you indicate that you understand and agree to be bound by those terms and conditions. Generally speaking, the software license restricts the manner in which you are permitted to use the software and may contain prohibitions against certain uses. The software license may state conditions under which the license is automatically terminated. You should consult the license for further details. For complete product documentation, please see the Juniper Networks Web site at www.juniper.net/techpubs.

End User License Agreement
READ THIS END USER LICENSE AGREEMENT ("AGREEMENT") BEFORE DOWNLOADING, INSTALLING, OR USING THE SOFTWARE. BY DOWNLOADING, INSTALLING, OR USING THE SOFTWARE OR OTHERWISE EXPRESSING YOUR AGREEMENT TO THE TERMS CONTAINED HEREIN, YOU (AS CUSTOMER OR IF YOU ARE NOT THE CUSTOMER, AS A REPRESENTATIVE/AGENT AUTHORIZED TO BIND THE CUSTOMER) CONSENT TO BE BOUND BY THIS AGREEMENT. IF YOU DO NOT OR CANNOT AGREE TO THE TERMS CONTAINED HEREIN, THEN (A) DO NOT DOWNLOAD, INSTALL, OR USE THE SOFTWARE, AND (B) YOU MAY CONTACT JUNIPER NETWORKS REGARDING LICENSE TERMS. 1. The Parties. The parties to this Agreement are Juniper Networks, Inc. and its subsidiaries (collectively "Juniper"), and the person or organization that originally purchased from Juniper or an authorized Juniper reseller the applicable license(s) for use of the Software ("Customer") (collectively, the "Parties"). 2. The Software. In this Agreement, "Software" means the program modules and features of the Juniper or Juniper-supplied software, and updates and releases of such software, for which Customer has paid the applicable license or support fees to Juniper or an authorized Juniper reseller. 3. License Grant. Subject to payment of the applicable fees and the limitations and restrictions set forth herein, Juniper grants to Customer a non-exclusive and non-transferable license, without right to sublicense, to use the Software, in executable form only, subject to the following use restrictions: a. Customer shall use the Software solely as embedded in, and for execution on, Juniper equipment originally purchased by Customer from Juniper or an authorized Juniper reseller, unless the applicable Juniper documentation expressly permits installation on non-Juniper equipment. b. Customer shall use the Software on a single hardware chassis having a single processing unit, or as many chassis or processing units for which Customer has paid the applicable license fees. c. Other Juniper documentation for the Software (such as product purchase documents, documents accompanying the product, the Software user manual(s), Juniper's website for the Software, or messages displayed by the Software) may specify limits to Customer's use of the Software. Such limits may restrict use to a maximum number of seats, concurrent users, sessions, subscribers, nodes, or transactions, or require the purchase of separate licenses to use particular features, functionalities, or capabilities, or provide temporal or geographical limits. Customer's use of the Software shall be subject to all such limitations and purchase of all applicable licenses. The foregoing license is not transferable or assignable by Customer. No license is granted herein to any user who did not originally purchase the applicable license(s) for the Software from Juniper or an authorized Juniper reseller.

4. Use Prohibitions. Notwithstanding the foregoing, the license provided herein does not permit the Customer to, and Customer agrees not to and shall not: (a) modify, unbundle, reverse engineer, or create derivative works based on the Software; (b) make unauthorized copies of the Software (except as necessary for backup purposes); (c) rent, transfer, or grant any rights in and to any copy of the Software, in any form, to any third party; (d) remove any proprietary notices, labels, or marks on or in any copy of the Software; (e) distribute any copy of the Software to any third party, including as may be embedded in Juniper equipment sold in the secondhand market; (f) use any 'locked' or key-restricted feature, function, or capability without first purchasing the applicable license(s) and obtaining a valid key from Juniper, even if such feature, function, or capability is enabled without a key; (g) distribute any key for the Software provided by Juniper to any third party; (h) use the Software in any manner that extends or is broader than the uses purchased by Customer from Juniper or an authorized Juniper reseller; (i) use the Software on non-Juniper equipment where the Juniper documentation does not expressly permit installation on non-Juniper equipment; (j) use the Software (or make it available for use) on Juniper equipment that the Customer did not originally purchase from Juniper or an authorized Juniper reseller; or (k) use the Software in any manner other than as expressly provided herein. 5. Audit. Customer shall maintain accurate records as necessary to verify compliance with this Agreement. Upon request by Juniper, Customer shall furnish such records to Juniper and certify its compliance with this Agreement. 6. Confidentiality. The Parties agree that aspects of the Software and associated documentation are the confidential property of Juniper. As such, Customer shall exercise all reasonable commercial efforts to maintain the Software and associated documentation in confidence, which at a minimum includes restricting access to the Software to Customer employees and contractors having a need to use the Software. 7. Ownership. Juniper and Juniper's licensors, respectively, retain ownership of all right, title, and interest (including copyright) in and to the Software, associated documentation, and all copies of the Software. Nothing in this Agreement constitutes a transfer or conveyance of any right, title, or interest in the Software or associated documentation, or a sale of the Software, associated documentation, or copies of the Software. 8. Warranty, Limitation of Liability, Disclaimer of Warranty. If the Software is distributed on physical media (such as CD), Juniper warrants for 90 days from delivery that the media on which the Software is delivered will be free of defects in material and workmanship under normal use. This limited warranty extends only to the Customer. Except as may be expressly provided in separate documentation from Juniper, no other warranties apply to the Software, and the Software is otherwise provided AS IS. Customer assumes all risks arising from use of the Software. Customer's sole remedy and Juniper's entire liability under this limited warranty is that Juniper, at its option, will repair or replace the media containing the Software, or provide a refund, provided that Customer makes a proper warranty claim to Juniper, in writing, within the warranty period. Nothing in this Agreement shall give rise to any obligation to support the Software. Any such support shall be governed by a separate, written agreement. To the maximum extent permitted by law, Juniper shall not be liable for any liability for lost profits, loss of data or costs or procurement of substitute goods or services, or for any special, indirect, or consequential damages arising out of this Agreement, the Software, or any Juniper or Juniper-supplied software. In no event shall Juniper be liable for damages arising from unauthorized or improper use of any Juniper or Juniper-supplied software. EXCEPT AS EXPRESSLY PROVIDED HEREIN OR IN SEPARATE DOCUMENTATION PROVIDED FROM JUNIPER AND TO THE EXTENT PERMITTED BY LAW, JUNIPER DISCLAIMS ANY AND ALL WARRANTIES IN AND TO THE SOFTWARE (WHETHER EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE), INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NONINFRINGEMENT. IN NO EVENT DOES JUNIPER WARRANT THAT THE SOFTWARE, OR ANY EQUIPMENT OR NETWORK RUNNING THE SOFTWARE, WILL OPERATE WITHOUT ERROR OR INTERRUPTION, OR WILL BE FREE OF VULNERABILITY TO INTRUSION OR ATTACK. 9. Termination. Any breach of this Agreement or failure by Customer to pay any applicable fees due shall result in automatic termination of the license granted herein. Upon such termination, Customer shall destroy or return to Juniper all copies of the Software and related documentation in Customer's possession or control. 10. Taxes. All license fees for the Software are exclusive of taxes, withholdings, duties, or levies (collectively "Taxes"). Customer shall be responsible for paying Taxes arising from the purchase of the license, or importation or use of the Software. 11. Export. Customer agrees to comply with all applicable export laws and restrictions and regulations of any United States and any applicable foreign agency or authority, and not to export or re-export the Software or any direct product thereof in violation of any such restrictions, laws or regulations, or without all necessary approvals. Customer shall be liable for any such violations. The version of the Software supplied to you may contain encryption or other capabilities restricting your ability to export the Software without an export license. 12. Commercial Computer Software. The Software is "commercial computer software" and is provided with restricted rights. Use, duplication, or disclosure by the United States government is subject to restrictions set forth in this Agreement and as provided in DFARS 227.7201 through 227.7202-4, FAR 12.212, FAR 27.405(b)(2), FAR 52.227-19, or FAR 52.227-14(ALT III) as applicable. 13. Miscellaneous. This Agreement shall be governed by the laws of the State of California without reference to its conflicts of laws principles. For any disputes arising under this Agreement, the Parties hereby consent to the personal and exclusive jurisdiction of, and venue in, the state and federal courts within Santa Clara County, California. This Agreement constitutes the entire and sole agreement between Juniper and the Customer with respect to the Software, and supersedes all prior and contemporaneous agreements relating to the Software, whether oral or written (including any inconsistent terms contained in a purchase order), except that the terms of a separate written agreement executed by an authorized Juniper representative and Customer shall govern to the extent such terms are inconsistent or conflict with terms contained herein. No modification to this Agreement nor any waiver of any rights hereunder shall be effective unless expressly assented to in writing by the party to be charged. If any portion of this Agreement is held invalid, the Parties agree that such invalidity shall not affect the validity of the remainder of this Agreement. If you have any questions about this agreement, contact Juniper Networks at the following address: Juniper Networks, Inc. 1194 North Mathilda Avenue Sunnyvale, CA 94089 USA Attn: Contracts Administrator

Table of Contents
About This Guide ix Objectives ....................................................................................................... ix E-series Routers ............................................................................................... x Audience.......................................................................................................... x Documentation Conventions............................................................................ x Related Juniper Networks Documentation....................................................... xi Obtaining Documentation............................................................................. xiii Documentation Feedback ............................................................................. xiii Requesting Support....................................................................................... xiii Chapter 1 Configuring Policy Management 1

Overview ......................................................................................................... 2 Policy Lists................................................................................................. 2 Secure Policies........................................................................................... 3 Classifier Control Lists ............................................................................... 4 Rate-Limit Profiles ..................................................................................... 5 One-Rate Rate-Limit Profile................................................................. 6 Two-Rate Rate-Limit Profile................................................................. 8 References ..................................................................................................... 10 Configuration Tasks ....................................................................................... 10 Creating a Rate-Limit Profile .......................................................................... 10 One-Rate ................................................................................................. 11 Two-Rate ................................................................................................. 11 Creating Classifier Control Lists...................................................................... 18 Creating Policy Lists ....................................................................................... 28 Creating a Policy List for IP...................................................................... 28 Creating a Policy List for IPv6 .................................................................. 29 Creating a Policy List for Frame Relay ..................................................... 30 Creating a Policy List for GRE Tunnels ..................................................... 32 Creating a Policy List for L2TP .................................................................33 Creating a Policy List for MPLS ................................................................ 33 Creating a Policy List for VLANs............................................................... 34 Creating Classifier Groups and Policy Rules....................................................36 Policy Rule Support ................................................................................. 37 Rules That Provide Routing Solutions ...................................................... 38 Creating Multiple Forwarding Solutions with IP Policy Lists ..................... 38 Classifier Group Command ...................................................................... 39 Policy Rule Commands............................................................................ 40 Applying Policy Lists to Interfaces and Profiles .............................................. 45 Enabling IP Options Filtering ......................................................................... 46 Using RADIUS to Create and Apply Policies ................................................... 47 Examples—Using the Ascend-Data-Filter Attribute............................ 49

Table of Contents

!

v

JUNOSe 6.1.x Policy and QoS Configuration Guide

Policy Applications......................................................................................... 54 Policy Routing ......................................................................................... 54 Security ................................................................................................... 55 Bandwidth Management.......................................................................... 56 One-Rate Rate-Limit Profile............................................................... 57 Two-Rate Rate-Limit Profile............................................................... 57 Rate Limiting Individual or Aggregate Packet Flows ................................ 58 Packet Tagging ........................................................................................ 59 Packet Flow Monitoring .................................................................... 60 Policy Management and MPLS Topology-Driven LSPs .................................... 62 Statically Configured Mapping .................................................................62 Signaled Mapping .................................................................................... 63 Policy Resources ............................................................................................ 63 FPGA Hardware Classifiers ...................................................................... 65 CAM Hardware Classifiers ....................................................................... 66 Software Classifiers ................................................................................. 67 Monitoring Policy Management ..................................................................... 68 Setting a Statistics Baseline...................................................................... 68 Policy Management show Commands ..................................................... 69 Chapter 2 Configuring Quality of Service 91

Overview ....................................................................................................... 92 Terms ...................................................................................................... 93 Features................................................................................................... 94 References ..................................................................................................... 96 Configuration Tasks ....................................................................................... 96 Traffic Classes ............................................................................................... 97 Best-Effort Forwarding............................................................................. 97 Configuring a Traffic Class ...................................................................... 97 Traffic-Class Groups ....................................................................................... 99 Configuring Traffic-Class Groups.............................................................. 99 Queue Profiles..............................................................................................100 Static Oversubscription..........................................................................101 Dynamic Oversubscription ....................................................................101 Overriding Default Queue Allocation .....................................................101 Color-Based Thresholding ......................................................................102 Configuring Queue Profiles ...................................................................103 Drop Profiles ...............................................................................................105 How RED Works ...................................................................................106 Configuring RED....................................................................................106 RED Configuration Examples ................................................................108 Configuring Average Queue Length ................................................108 Configuring Thresholds ..................................................................108 Configuring Color-Blind RED ..........................................................108 How WRED Works ................................................................................110 Configuring WRED ................................................................................110 WRED Configuration Examples ............................................................110 Configuring Different Treatment of Colored Packets ......................110 Defining Different Drop Behavior for Each Traffic Class..................111 RED and Dynamic Queue Thresholds ............................................112 Scheduler Profiles ........................................................................................114 Hierarchical Assured Rate......................................................................115 Configuring Scheduler Profiles...............................................................116

vi

!

Table of Contents

Table of Contents

Shared Shaping ............................................................................................118 Sharing Bandwidth with the SAR ...........................................................119 How Shared Shaping Works ..................................................................119 Simple Shared Shaping..........................................................................119 Simple Shared Shaping Example.....................................................120 Simple Shared Shaping on the Best-Effort Scheduler Queue............120 Simple Shared Shaping on the Best-Effort Scheduler Node..............121 Shared Shaping and Low-CDV Mode ...............................................121 Compound Shared Shaping ...................................................................122 Shared Shaping Constituents .................................................................122 Types of Shared Shapers .................................................................124 Implicit Constituent Selection..........................................................124 Implicit Bandwidth Allocation for Compound Shared Shaping ........127 Explicit Constituent Selection ..........................................................131 Explicit Shared Shaping Example....................................................132 Explicit Weighted Compound Shared Shaping Examples ................133 Simple Shared Shaping Configuration Examples ...................................135 VC Simple Shared Shaping Example ...............................................136 VP Simple Shared Shaping Example ...............................................137 Shared Shaping and Individual Shaping ..........................................139 Compound Shared Shaping Configuration Examples .............................139 Configuration Restrictions ...............................................................141 VC Compound Shared Shaping Example.........................................141 VP Compound Shared Shaping Example.........................................143 Shared Shaping Caveats ........................................................................145 Hardware Dependency ...................................................................145 Logical Interface Traffic Carried in Other Queues............................146 Traffic Starvation.............................................................................146 Oversubscription.............................................................................146 Burst Size ........................................................................................146 Statistics Profiles .........................................................................................147 Rate Statistics ........................................................................................148 Event Statistics ......................................................................................149 Memory and Processor Use ...................................................................150 Configuring Statistics Profiles ................................................................150 QoS Profiles .................................................................................................151 Configuring QoS Profiles........................................................................152 Creating QoS Profiles ......................................................................153 Adding Groups, Nodes, and Queues to QoS Profiles ........................153 Attaching QoS Profiles ....................................................................154 Configuring QoS for ATM Interfaces.............................................................155 Integrating the HRR Scheduler and SAR Scheduler ................................155 Backpressure...................................................................................156 Configuring the Integrated Scheduler.....................................................157 Configuring the SAR Scheduler Mode of Operation .........................158 Configuring the Operational QoS Shaping Mode .............................158 ATM QoS Configuration Examples.........................................................160 Default Integrated Mode..................................................................160 Low-Latency Mode ..........................................................................161 Low-CDV Mode ...............................................................................163 Configuring QoS for L2TP Interfaces ............................................................167 Configuration Procedure........................................................................168 Scheduler Hierarchies .....................................................................169

Table of Contents !

vii

JUNOSe 6.1.x Policy and QoS Configuration Guide

QoS Profile Attachments ..............................................................................170 Attaching a Profile to an Interface .........................................................170 Attaching a Profile to a Port Type ..........................................................171 Munged QoS Profile...............................................................................172 QoS Profile Configuration Examples ...........................................................174 Diffserv Configuration with Multiple Traffic-Class Groups.............................178 Strict-Priority Scheduling..............................................................................182 Relative Strict-Priority Scheduling ................................................................184 True Strict Priority Versus Relative Strict Priority ..................................185 True Strict Priority ..........................................................................185 Relative Strict Priority .....................................................................186 Relative Strict Priority on ATM Modules ................................................186 Oversubscribing ATM Ports ............................................................187 Minimizing Latency on the SAR Scheduler .....................................187 HRR Scheduler Behavior .......................................................................187 Zero-Weight Queues .......................................................................188 Setting the Burst Size in a Shaping Rate .........................................188 Special Shaping Rate for Nonstrict Queues .....................................188 Configuring Relative Strict-Priority Scheduling.......................................189 Rate Shaping................................................................................................191 Port Shaping ...............................................................................................192 Clearing Statistics.........................................................................................193 Monitoring QoS............................................................................................193 Index 211

viii

!

Table of Contents

refer to the procedures in the E-series Hardware Guide. NOTE: If the information in the latest JUNOSe Release Notes differs from the information in this guide. follow the JUNOSe Release Notes. Objectives ! ix . An E-series router is shipped with the latest system software installed. Installing JUNOSe Software. Appendix B.About This Guide This preface provides the following guidelines for using JUNOSe™ Internet Software for E-series™ Routing Platforms Policy and QoS Configuration Guide: ! ! ! ! ! ! ! ! Objectives on page ix E-series Routers on page x Audience on page x Documentation Conventions on page x Related Juniper Networks Documentation on page xi Obtaining Documentation on page xiii Documentation Feedback on page xiii Requesting Support on page xiii Objectives This guide provides the information you need to configure policy management and quality of service (QoS) on your E-series router. If you need to install a future release or reinstall the system software.

Chapter 1. Chapter 2. see JUNOSe System Basics Configuration Guide. For information about the differences between the models. and ERX-310 router refer to the specific models. E-series Overview. Similarly. Table 2 defines text conventions used in this guide and the syntax conventions used primarily in the JUNOSe Command Reference Guide. Table 1: Notice Icons Icon Meaning Informational note Caution Description Indicates important features or instructions. ERX-705 router. ERX-710 router. Indicates a situation that might result in loss of data or hardware damage. the term ERX-7xx models refers to both the ERX-710 router and the ERX-705 router.x Policy and QoS Configuration Guide E-series Routers Five models of E-series routers are available: ! ! ! ! ! ERX-1440 router ERX-1410 router ERX-710 router ERX-705 router ERX-310 router All models use the same software. Command-Line Interface. Audience This guide is intended for experienced system and network specialists working with E-series routers in an Internet access environment. For more information about command syntax.1. The terms ERX-1440 router. Warning x ! E-series Routers . the term ERX-14xx models refers to both the ERX-1440 router and the ERX-1410 router.JUNOSe 6. see E-series Hardware Guide. Alerts you to the risk of personal injury. Documentation Conventions Table 1 defines notice icons used in this guide. ERX-1410 router. In the E-series documentation.

Table 3 lists and describes the E-series document set. ! Identifies variables. Routing Process OSPF 2 with Router ID 5. ! clusterId. Represents variables. accessListName diagnostic | line [ ] (brackets) [ ]* (brackets and asterisk) [ internal | external ] [ level1 | level2 | l1 ]* Represent optional keywords or variables that can be entered more than once. System Specifications. Represent required keywords or variables. is provided in the JUNOSe System Basics Configuration Guide.) Represent optional keywords or variables.About This Guide Table 2: Text and Syntax Conventions Convention Text Conventions Bold typeface Represents commands and keywords in ! Issue the clock source command. along with their spelled-out terms. appendix. host1(config)#traffic class low-loss1 Represents information as displayed on host1#show ip ospf 2 your terminal’s screen. ! Identifies chapter. Related Juniper Networks Documentation ! xi . Syntax Conventions in the Command Reference Guide Plain typeface Italic typeface | (pipe symbol) Represents keywords. terminal length mask. This poster provides the basic procedures to help you get the router up and running quickly.0.250 Router is an Area Border Router (ABR) Description Examples Bold sans serif typeface Fixed-width font Italic typeface ! Emphasizes words.5. ipAddress. user and privileged. Plus sign (+) linking key names Indicates that you must press two or more keys simultaneously. Appendix A. book names. ! Appendix A. Abbreviations and Acronyms. and ! There are two levels of access. A complete list of abbreviations used in this document set. (The keyword or variable can be either optional or required. text. Press Ctrl+b. Represents a choice to select one keyword or variable to the left or right of this symbol. ! Specify the keyword exp-msg. { permit | deny } { in | out } { clusterId | ipAddress } { } (braces) Related Juniper Networks Documentation The E-series Installation Quick Start poster is shipped in the box with all new routers. Represents text that the user must type.

E-series Module Guide JUNOSe System Basics Configuration Guide JUNOSe Physical Layer Configuration Guide JUNOSe Link Layer Configuration Guide JUNOSe Routing Protocols Configuration Guide. and IP security. follow the Release Notes. MPLS. Provides detailed specifications for line modules and I/O modules. xii ! Related Juniper Networks Documentation . including information about installing. 1 JUNOSe Routing Protocols Configuration Guide. configuring passwords and security. JUNOSe Command Reference Guide N to Z Provides information about configuring remote access. Describes SRP modules. and applications that line modules and their corresponding I/O modules support. Describes planning and configuring your network. Includes a list of references that provide information about the protocols and features supported by the router.1. command syntax. layer 3 protocols. 2 JUNOSe Policy and QoS Configuration Guide Provides information about configuring policy management and quality of service (QoS). and system maximum values. and general troubleshooting. Release notes are included on the corresponding software CD and are available on the Web. IP routing. Describes configuring physical layer interfaces. a command’s related mode.x Policy and QoS Configuration Guide Table 3: Juniper Networks E-series Technical Publications Document E-series Hardware Guide Description Provides the necessary procedures for getting the router operational. Provides module LED information. changes. known problems.JUNOSe 6. managing the router. BGP-MPLS VPNs. and encapsulation of layer 2 services. cabling. and information about the compatibility of these modules with JUNOSe software releases. JUNOSe Broadband Access Configuration Guide JUNOSe Command Reference Guide A to M. configuring the router for management access. Vol. Release Notes JUNOSe Release Notes In the Release Notes. Use with the JUNOSe configuration guides. resolved problems. Together constitute the JUNOSe Command Reference Guide. Use to look up command descriptions. and configuring virtual routers. or a description of a command’s parameters. line modules. powering up. Contain important information about commands implemented in the system software. Describes BGP routing. you will find the latest information about features. Vol. configuring the router clock. Describes configuring link-layer interfaces. Lists the layer 2 protocols. Provides information about configuring routing policy and configuring IP. and I/O modules available for the E-series routers. If the information in the Release Notes differs from the information found in the documentation set.

comments.net/support/ or call 1-888-314-JTAC (within the United States) or 1-408-745-9500 (outside the United States). contact your sales representative.net.net/.juniper.juniper. and suggestions so that we can improve the documentation to better meet your needs. which contains this manual. open a support case using the Case Manager link at http://www. Documentation Feedback We encourage you to provide feedback. If you are using e-mail. see the products documentation page on the Juniper Networks Web site at http://www. Copies of the Management Information Bases (MIBs) available in a software release are included on the software CDs and at http://www.About This Guide Obtaining Documentation To obtain the most current version of all Juniper Networks technical documentation.html. To order printed copies of this manual and other Juniper Networks technical documents.net/techpubs/docbug/docbugreport.net/. or fill out the documentation feedback form at http://www.juniper. be sure to include the following information with your comments: ! ! ! ! Document name Document part number Page number Software release version Requesting Support For technical support. or to order a documentation CD. You can send your comments to techpubs-comments@juniper. Obtaining Documentation ! xiii .juniper.

1.x Policy and QoS Configuration Guide xiv ! Requesting Support .JUNOSe 6.

generic routing encapsulation (GRE). Layer 2 Tunneling Protocol (L2TP). and virtual local area network (VLAN) traffic. IP. This chapter discusses the following topics: ! ! ! ! ! ! ! ! ! ! ! ! ! ! Overview on page 2 References on page 10 Configuration Tasks on page 10 Creating a Rate-Limit Profile on page 10 Creating Classifier Control Lists on page 18 Creating Policy Lists on page 28 Creating Classifier Groups and Policy Rules on page 36 Applying Policy Lists to Interfaces and Profiles on page 45 Enabling IP Options Filtering on page 46 Using RADIUS to Create and Apply Policies on page 47 Policy Applications on page 54 Policy Management and MPLS Topology-Driven LSPs on page 62 Policy Resources on page 63 Monitoring Policy Management on page 68 ! 1 . You can use policy management on Frame Relay. Multiprotocol Label Switching (MPLS).Chapter 1 Configuring Policy Management This chapter provides information for configuring policy-based routing management on E-series routers. IPv6.

each of which specifies a policy action. forward forward interface forward next-hop. See Using RADIUS to Create and Apply Policies on page 47. ! ! ! ! ! ! ! Policy Lists The main tool for implementing policy management is a policy list. Packet filtering—Drops packets in a packet flow. and forward forward interface forward next-hop command. A policy list is a set of rules. See Creating a Rate-Limit Profile on page 10. See the filter command. On ingress. See Creating Classifier Control Lists on page 18.x Policy and QoS Configuration Guide Overview Policy management allows network service providers to implement packet forwarding and routing specifically tailored to their customers’ requirements.JUNOSe 6. Packet logging—Logs packets in a packet flow. A rule is a policy action optionally combined with a classification. Packet Mirroring.1. The router does not perform a routing table lookup on the packet. and forward forward interface forward next-hop commands for more details. Policy lists contain rules that associate actions with these CLACLs. the packets are classified into a packet flow and sent to the preconfigured destination port. See JUNOSe System Basics Configuration Guide. RADIUS policy support—Allows you to create and attach a policy to an interface through RADIUS. See the forward forward interface forward next-hop. secondary input policies are supported only on IP and IPv6 interfaces Leaving an interface (output policy) ! ! 2 ! Overview . Packet forwarding—Allows forwarding of packets in a packet flow. See the forward forward interface forward next-hop. on IP and IPv6 interfaces the packets arrive before route lookup Arriving at the interface. Packet mirroring—Uses secure policies to mirror packets and send them to an analyzer. Rate limiting—Enforces line rates below the physical line rate of the port and sets limits on packet flows. Policy management provides: ! Policy routing—Predefines a classified packet flow to a destination port or IP address. See the log command. Quality of service (QoS) classification and marking—Marks packets in a packet flow. Using policy management. but after route lookup (secondary input policy). you can implement policies that selectively cause packets to take different paths without requiring a routing table lookup. forward forward interface forward next-hop. You can apply policy lists to packets: ! Arriving at an interface (input policy). Chapter 8. Packets are sorted at ingress or egress into packet flows based on attributes defined in classifier control lists (CLACLs).

These rules become part of a policy list that you can attach to an interface as either an input. which are created by authorized RADIUS administrators. Overview ! 3 . Chapter 8. The secure policy is deleted from the interface when the mirroring operation is disabled or if the interface is deleted. or output policy. See JUNOSe System Basics Configuration Guide. When a secure policy is created. Packet Mirroring for information about the JUNOSe software’s packet mirroring feature. The router applies the rules in the attached policy list to the packets traversing that interface.Chapter 1: Configuring Policy Management You create a policy rule by specifying a policy action within a classifier group that references a CLACL. The policies are based on packet mirroring–related RADIUS VSAs. Figure 1 shows how a sample IP policy list is constructed. secondary-input. such as spl_0x88000008. Authorized users can use the show secure policy-list command to view information about secure policies. the router creates a name that consists of the string “spl” followed by a hexadecimal integer. Secure policies are dynamically created when the RADIUS-based mirroring session is initiated at the RADIUS server and then applied to the interface that is created for the user whose traffic is being mirrored. Figure 1: Constructing an IP Policy List tiered12MB hardlimit9MB hardlimit3MB Rate limit profiles Database AcmeCompanyUDP XYZCorpIGMP XYZCorpICMP Classifier control lists filterForHighSecurity next-interface next-hop filter forward rate-limit-profile mark color traffic class g013082 routeForAcmeCompany action routeForXYZCorp Rule 1 Rule 2 Rule 3 action Rule n Policy lists classification Rule = Action + Classification log user-packet-class Policy action Secure Policies Secure policies are used by the JUNOSe software’s RADIUS-based packet mirroring feature.

Table 4 shows the criteria that you can use to create CLACLs for different types of traffic flows.JUNOSe 6. Table 4: CLACL Criteria Type of CLACL Frame Relay Criteria ! Color ! Mark discard eligibility (DE) bit ! Traffic class ! User packet class GRE ! Color ! Traffic class ! Type-of-service (ToS) byte ! User packet class IP ! Color ! Destination IP address ! Destination port ! Destination route class ! Internet Control Message Protocol (ICMP) ! Internet Gateway Management Protocol (IGMP) ! IP flags ! IP fragmentation offset ! Locally destined traffic ! Protocol ! Source IP address ! Source port ! Source route class ! Transmission Control Protocol (TCP) ! Traffic class ! Type-of-service (ToS) byte ! User Datagram Protocol (UDP) ! User packet class 4 ! Overview .1. See Policy Resources on page 63 for more information about the hardware and software CLACLs that are supported for each interface types.x Policy and QoS Configuration Guide Classifier Control Lists CLACLs specify the criteria by which the router defines a packet flow.

you first create a rate-limit profile. To configure rate limiting. You next create a policy list with a rule that has rate limit as the action and associate a rate-limit profile with this rule. Overview ! 5 . The E-series router’s rate limits are calculated based on the layer 2 packet size. and MPLS Layer 2 transport traffic. which is a set of bandwidth attributes and associated actions. transmit. and to drop exceeded packets. Your router supports two types of rate-limit profiles—one-rate and two-rate—for IP. or mark. The default is to transmit committed and conformed packets. LT2P.Chapter 1: Configuring Policy Management Table 4: CLACL Criteria (continued) Type of CLACL IPv6 Criteria ! Color ! Destination IPv6 address ! Destination port ! Destination route class ! Internet Control Message Protocol version 6 (ICMPv6) ! IPv6 traffic class ! Locally destined traffic ! Multicast Listener Discovery (MLD) ! Next header ! Source IPv6 address ! Source port ! Source route class ! Traffic class ! Transmission Control Protocol (TCP) ! User Datagram Protocol (UDP) ! User packet class L2TP ! Color ! Traffic class ! User packet class MPLS ! Color ! Mark experimental (EXP) bit ! Traffic class ! User packet class VLAN ! Color ! Traffic class ! User packet class ! User priority Rate-Limit Profiles Rate limiting is the process of limiting a classified packet flow or a source interface to a rate that is less than the physical rate of the port. Rate-limit actions include drop. IPv6.

applicable only to IP and IPv6 rate-limit profiles EXP mask value—Mask to be applied with mark-exp values. Each packet queue has two color-based thresholds as well as a queue limit: ! Red packets are dropped when congestion causes the queue to fill above the red threshold.1. Configuring Quality of Service for information about configuring queue thresholds. or mark-exp (MPLS) when traffic flow does not exceed the rate Conformed action—Drop. Green packets are dropped when the queue limit is reached. transmit. One-Rate Rate-Limit Profile The one-rate rate-limit profile attributes are: ! ! Committed rate—Target rate for a packet flow Committed burst—Amount of bandwidth allocated to accommodate bursty traffic in excess of the rate Excess burst—Amount of bandwidth allocated to accommodate a packet in progress when the rate is in excess of the burst Committed action—Drop.JUNOSe 6. Yellow packets are dropped when the yellow threshold is reached. or mark-exp (MPLS) when traffic flow exceeds the rate Mask value—Mask to be applied with mark values for the ToS byte. mark (IP and IPv6). mark (IP and IPv6). ! ! See Chapter 2. transmit. or mark-exp (MPLS) when traffic flow exceeds the rate but not the excess burst Exceeded action—Drop. This method is called dynamic color-based threshold dropping. mark (IP and IPv6). transmit.x Policy and QoS Configuration Guide A color-coded tag is added automatically to each packet based on categories: ! ! ! Committed—Green Conformed—Yellow Exceeded—Red The queuing system uses drop eligibility to select packets for dropping when there is congestion on an egress interface. applicable only to MPLS rate-limit profiles ! ! ! ! ! ! 6 ! Overview .

The configuration values for the above attributes determine the degree of friendliness of the rate-limit process. The rate-limit algorithm is designed to avoid consecutive packet drops in the initial stages of congestion when the packet flow rate exceeds the committed rate of the token bucket. set the committed rate and committed burst to a nonzero value.0 seconds of the committed rate. the TCP-friendly bucket allows more tokens to be borrowed. Overview ! 7 . Eventually. and set the excess burst to zero.000. If the packet flow rate exceeds the committed rate for an extended period of time. committed burst. For example.0 seconds of the committed rate Excess burst—1.5 converts the rate to bits. to configure a rate-limit process with hard tail dropping of packets when tokens are unavailable. The general idea is that instead of tail dropping packets that arrive outside the committed and burst rate envelope.000 x 1. the rate limiter is consistently driven to borrow tokens because of TCP’s aggressive nature. The intention is that just a few packet drops are sufficient for TCP’s congestion control algorithm to drastically scale back its sending rate.500 bytes Multiplying the committed rate by 1. the packet flow rate falls below the committed rate.0 to 2.2 to 2. which allows the token bucket to replenish faster because of the reduced load. then multiplying the number of bits by 1/8 converts the value to bytes. Setting the excess burst to a nonzero value causes the router to drop packets in a more friendly way.0 converts the rate to bits.5 x 1/8 + 125. ! Excess burst is 1.Chapter 1: Configuring Policy Management Configuring a TCP-Friendly One-Rate Rate-Limit Profile The E-series router provides a TCP-friendly rate-limiting mechanism that is implemented with token buckets. The next packet that borrows tokens in excess of the excess burst size is deemed excessive and is dropped if the exceeded action is set to drop. resulting in a delivered rate that is very close to the rate configured in the rate-limit profile. In a properly configured scenario. but it replenishes the tokens as TCP backs off.000 bytes Multiplying the committed rate by 1. plus the committed burst For example. then multiplying the number of bits by 1/8 converts the value to bytes. The recommended burst sizes for TCP-friendly behavior are: ! ! Committed burst—0. and excess burst for the token bucket. You can configure a committed rate.000 = 312.000 x 1. if the committed rate is 1. the recommended burst sizes are as follows: ! Committed burst is 1. the rate-limit algorithm tends toward hard tail dropping. up to a limit determined by the excess burst size.000.000.000 bps.0 x 1/8 = 125.

mark (IP and IPv6).JUNOSe 6. or mark-exp (MPLS) when traffic flow exceeds the committed rate but remains below the peak rate Exceeded action—Drop. applicable only to MPLS rate-limit profiles ! ! ! ! ! ! ! Table 5 shows the interaction between the rate settings and the actual traffic rate to determine the action taken by a rate-limit rule in a policy when applied to a traffic flow. Table 5: Policy Action Applied Based on Rate Settings and Traffic Rate Peak Rate Peak rate = 0 Committed Rate = 0 ! All traffic assigned the exceeded Committed Rate Not 0 ! Traffic <= committed rate action assigned the committed action ! Traffic > committed rate assigned the exceeded action Peak rate not 0 ! Traffic <= peak rate assigned the ! Traffic <= committed rate conformed action ! Traffic > peak rate assigned the assigned the committed action ! Committed rate < Traffic < peak exceeded action rate assigned the conformed action ! Traffic > peak rate assigned the exceeded action 8 ! Overview . applicable only to IP and IPv6 rate-limit profiles EXP mask value—Mask to be applied with mark-exp values.1. transmit. or mark-exp (MPLS) when traffic flow does not exceed the committed rate Conformed action—Drop. transmit. transmit. mark (IP and IPv6).x Policy and QoS Configuration Guide Two-Rate Rate-Limit Profile The two-rate rate-limit profile attributes are: ! ! Committed rate—Target rate for a packet flow Committed burst—Amount of bandwidth allocated to accommodate bursty traffic in excess of the committed rate Peak rate—Amount of bandwidth allocated to accommodate excess traffic flow over the committed rate Peak burst—Amount of bandwidth allocated to accommodate bursty traffic in excess of the peak rate Committed action—Drop. mark (IP and IPv6). or mark-exp (MPLS) when traffic flow exceeds the peak rate Mask value—Mask to be applied with mark values for the ToS byte.

When the peak burst token bucket is empty. Traffic is metered to measure its volume. Overview ! 9 . if tokens remain in both buckets. When the committed burst token bucket is empty but tokens remain in the peak burst bucket. and the exceeded action to drop. the conformed action to drop. Tc = size of the committed token bucket in bytes. At the beginning of each sample period. the committed action to transmit. one token is removed from each bucket for every byte of data processed. The maximum size of this bucket is the configured peak burst. the traffic is treated as committed. traffic is treated as conformed. The committed rate is the speed at which the committed token bucket is filled. Table 6 shows equations that can also represent the algorithm for the two-rate rate-limit profile. The peak rate must be set to zero. The peak rate is the speed at which the peak token bucket is filled. The committed burst sets the depth of the committed token bucket. NOTE: You can also achieve the characteristics of the single-rate hard limit by configuring a one-rate rate-limit profile with the extended burst rate set to zero. three-color marking mechanism. traffic is treated as exceeded. The maximum size of this bucket is the configured committed burst. the two buckets are filled with tokens based on the configured burst sizes.Chapter 1: Configuring Policy Management This implementation is known as a two-rate. t = time To configure a single-rate hard limit. set the committed rate and burst rate to the desired values. The token buckets provide flexibility in dealing with the bursty nature of data traffic. As long as there are still tokens in the committed burst bucket. When traffic is received. Table 6: Two-Rate Rate-Limit Profile Algorithms Step If B > Tp (t) If B < Tp (t) and B > Tc (t) If B < Tp (t) and B < Tc (t) ! Packet is marked as green and treated as committed ! Tp is decremented by B ! Tc is decremented by B Result ! Packet is marked as red and treated as exceeded ! Packet is marked as yellow and treated as conformed ! Tp is decremented by B where: B = size of packet in bytes Tp = size of peak token bucket in bytes. Token buckets control how many packets per second are accepted at each of the configured rates. The peak burst sets the depth of the peak token bucket.

Perform the required tasks and also any optional tasks that you need for your policy management configuration: ! ! ! ! ! ! (Optional) Create a rate-limit profile. The rate-limit-profile two-rate command provides a two-rate. NOTE: Mark actions and mask values are supported only on IP. three-color marking mechanism. The rate-limit-profile one-rate command provides a hard-limit rate limiter or a TCP-friendly rate limiter. Creating a Rate-Limit Profile You can create one-rate or two-rate rate-limit profiles. Create one or more policy rules within the classifier group. Create a classifier group.1.JUNOSe 6. 10 ! References . Create a policy list. see the following resources: ! RFC 2474—Definition of the Differentiated Services Field (DS Field) in the IPv4 and IPv6 Headers (December 1998) RFC 2475—An Architecture for Differentiated Services (December 1998) RFC 2697—A Single Rate Three Color Marker (September 1999) RFC 2698—A Two Rate Three Color Marker (September 1999) RFC 3198—Terminology for Policy-Based Management (November 2001) ! ! ! ! Configuration Tasks Several of the following tasks are optional.x Policy and QoS Configuration Guide References For more information about policy management. Apply a policy list to an interface or profile. (Optional) Create a CLACL. IPv6. and MPLS rate-limit profiles.

sets a TCP-friendly rate for a specified flow: host1(config)#ip rate-limit-profile tcpFriendly8Mb one-rate host1(config-rate-limit-profile)#committed-rate 8000000 host1(config-rate-limit-profile)#committed-burst 1500000 host1(config-rate-limit-profile)#excess-burst 3000000 host1(config-rate-limit-profile)#committed-action transmit host1(config-rate-limit-profile)#conformed-action transmit host1(config-rate-limit-profile)#exceeded-action drop host1(config-rate-limit-profile)#mask-val 255 Two-Rate To create or modify a two-rate rate-limit profile. This rate-limit profile. when included as part of a rule in a policy list. This rate-limit profile. when included as part of a rule in a policy list. sets a hard limit on the specified committed rate with no peak rate or peak burst ability: host1(config)#ip rate-limit-profile hardlimit9Mb two-rate host1(config-rate-limit-profile)#committed-rate 9000000 host1(config-rate-limit-profile)#committed-burst 20000 host1(config-rate-limit-profile)#committed-action transmit host1(config-rate-limit-profile)#conformed-action drop host1(config-rate-limit-profile)#exceeded-action drop host1(config-rate-limit-profile)#mask-val 255 Creating a Rate-Limit Profile ! 11 . use the following commands with the two-rate keyword: ! ! ! ! ip rate-limit-profile ipv6 rate-limit-profile mpls rate-limit-profile l2tp rate-limit-profile The following example creates a rate-limit profile named hardlimit9Mb. use the following commands with the one-rate keyword: ! ! ! ! ip rate-limit-profile ipv6 rate-limit-profile mpls rate-limit-profile l2tp rate-limit-profile The following example creates a rate-limit profile named tcpFriendly8Mb.Chapter 1: Configuring Policy Management One-Rate To create or modify a one-rate rate-limit profile.

x Policy and QoS Configuration Guide The following example modifies the rate-limit profile named hardlimit9Mb to include an exceeded action that marks the packets that exceed the peak rate. The mark value is masked with the default 255 unless it is overridden by the mask-val command to specify a different mask. committed-burst ! ! Use to set the committed burst in bytes for a rate-limit profile.1. mark the packet by setting the ToS byte (IP) or traffic class field (IPv6) to the specified 8-bit value. transmit. mark-exp—For MPLS rate-limit profiles. the burst size is automatically calculated for a 100-ms burst as described below for the committed-rate command. use the mask value of 0xE0. 8192 bytes. Example host1(config-rate-limit-profile)#committed-action transmit ! Use the no version to restore the default value. Example host1(config-rate-limit-profile)#committed-burst 1500000 ! ! ! Use the no version to restore the default value. If the calculated burst size is less than the default value of 8 KB.JUNOSe 6. This marking action sets the DS field in the ToS byte (the six most significant bits) to the decimal value of 7 using a mask value of 0xFC: host1(config)#ip rate-limit-profile hardlimit9Mb two-rate host1(config-rate-limit-profile)#exceeded-action mark 7 host1(config-rate-limit-profile)#mask-val 252 To set IP precedence in the ToS byte. ! ! ! Packets are colored green. the default value is used. for visibility into the three most significant bits. When you specify a nonzero value for the rate. Valid committed actions are: ! ! ! drop—Drop the packet. set the EXP bits of MPLS packets to the specified value in the range 0–7. During a software upgrade. the committed burst size in a rate-limit profile is automatically set to 8192 bytes if it was less than that value before the upgrade. and transmit the packet. 12 ! Creating a Rate-Limit Profile . committed-action ! ! Use to set the committed action for a rate-limit profile. transmit—Transmit the packet. and transmit the packet. The mark EXP value is masked with the default 7 unless you use the exp-mask command to specify a different mask. mark—For IP and IPv6 rate-limit profiles.

displaying the rate-limit profile shows: committed-rate 8000000 committed-burst 100000 If the calculated burst value is less than the default burst size of 8 KB. ! Example host1(config-rate-limit-profile)#committed-rate 800000 ! Use the no version to restore the default value. When you specify a nonzero value for the committed rate. and transmit the packet. making it optional for you to configure a value for the associated committed burst size. the burst size is 100 ms x 8 Mbps = 800. and transmit the packet. Creating a Rate-Limit Profile ! 13 . The mark EXP value is masked with the default 7 unless you use the exp-mask command to specify a different mask. Valid conformed actions are: ! ! ! drop—Drop the packet. conformed-action ! ! Use to set the conformed action for a rate-limit profile.000.000 bits or 100.000 bps x 100 ms) ÷ 8 = 100. For example. ! ! ! Packets are colored yellow. For most configurations this value should be sufficient. the committed burst size is calculated based on a 100-ms burst as follows: committed burst in bytes = (committed rate in bps x 100 ms) ÷ 8 bits per byte The router displays committed rate in bits per second and committed burst in bytes. Example host1(config-rate-limit-profile)#conformed-action transmit ! Use the no version to restore the default value.Chapter 1: Configuring Policy Management committed-rate ! ! Use to set the committed rate in bits per second for a rate-limit profile. mark-exp—For MPLS rate-limit profiles. set the EXP bits of MPLS packets to the specified value in the range 0–7. if the rate is 8 Mbps. The mark value is masked with the default 255 unless it is overridden by the mask-val command to specify a different mask. 0.000 bytes For this example.000 bytes: committed burst = (8. mark the packet by setting the ToS byte (IP) or traffic class field (IPv6) to the specified 8-bit value. mark—For IP and IPv6 rate-limit profiles. transmit. transmit—Transmit the packet. the default burst size is used.

The mark value is masked with the default 255 unless it is overridden by the mask-val command to specify a different mask.JUNOSe 6. ! ! ! Packets are colored red. mark the packet by setting the ToS byte (IP) or traffic class field (IPv6) to the specified 8-bit value. use to set the excess burst in bytes for a rate-limit profile. 14 ! Creating a Rate-Limit Profile .1.x Policy and QoS Configuration Guide exceeded-action ! ! Use to set the exceeded action for a rate-limit profile. 7. and transmit the packet. mark-exp—For MPLS rate-limit profiles. drop. This command is associated with the following commands: ! ! ! committed-action conformed-action exceeded-action ! Example host1(config-rate-limit-profile)#exp-mask 5 ! Use the no version to restore the default value. 0. The mark EXP value is masked with the default 7 unless you use the exp-mask command to specify a different mask. exp-mask ! ! Use to set the mask value used for MPLS rate-limit profiles. Valid exceeded actions are: ! ! ! drop—Drop the packet. Example host1(config-rate-limit-profile)#excess-burst 3000000 ! ! Use the no version to restore the default value. Example host1(config-rate-limit-profile)#exceeded-action drop ! Use the no version to restore the default value. set the EXP bits of MPLS packets to the specified value in the range 0–7. mark—For IP and IPv6 rate-limit profiles. excess-burst ! For one-rate rate-limit profiles only. and transmit the packet. transmit—Transmit the packet.

8192 bytes. the burst size is 100 ms x 8 Mbps = 800. use to set the peak rate in bits per second for a rate-limit profile. the peak burst size is calculated based on a 100-ms burst as follows: peak burst in bytes = (peak rate in bps x 100 ms) ÷ 8 bits per byte ! The CLI displays peak rate in bits per second and peak burst in bytes. 255. If the calculated peak burst size is less than the default value of 8192 bytes. peak-burst ! For two-rate rate-limit profiles only. the committed burst size in a rate-limit profile is automatically set to 8192 bytes if it was less than that value before the upgrade. if the rate is 8 Mbps.000 bytes Creating a Rate-Limit Profile ! 15 . use to set the peak burst in bytes for a rate-limit profile.000 bits or 100. When you specify a nonzero value for the peak rate. Example host1(config-rate-limit-profile)#peak-burst 96256 ! ! ! ! Use the no version to restore the default value.000 bps x 100 ms) ÷ 8 = 100. When you specify a nonzero value for the peak rate.Chapter 1: Configuring Policy Management mask-val ! ! Use to set the mask value used for IP and IPv6 rate-limit profiles. This command is associated with the following commands: ! ! ! committed-action conformed-action exceeded-action ! Use the following mask values to set the appropriate bits in the ToS field of the IP packet header or in the traffic class field of the IPv6 packet header: ! ! ! IP precedence—0xE0 (three most significant bits) DS field—0xFC (six most significant bits) TOS (IP) or Traffic Class field (IPv6)—0xFF (default) ! Example host1(config-rate-limit-profile)#mask-val 0XFC ! Use the no version to restore the default value. peak-rate ! For two-rate rate-limit profiles only. the default value is used.000. the peak burst size is automatically calculated for a 100-ms burst as described below for the peak-rate command. For example.000 bytes: peak burst = (8. During a software upgrade.

! During a software upgrade. the router creates an IP rate-limit profile by default. or mpls keywords in front of the command to specify the type of rate-limit-profile you want to create or modify. the peak rate in a rate-limit profile is automatically set to 0 if it was nonzero but less than the committed rate before the upgrade. ipv6. For most configurations this value is sufficient. from which you can configure attributes for the rate-limit profile. If you enter a rate-limit-profile command with the one-rate keyword and then type exit. rate-limit-profile one-rate ! Use to create a rate-limit profile and enter Rate Limit Profile Configuration mode.JUNOSe 6.x Policy and QoS Configuration Guide For this example. ! Use one of the ip. the router creates a rate-limit profile with the default values shown in Table 7: Table 7: One-Rate Rate-Limit-Profile Defaults Policy Attribute type committed-rate committed-burst excess-burst committed-action conformed-action exceeded-action mask (IP and IPv6 rate-limit profiles) exp-mask (MPLS rate-limit profiles) ! ! Default Value one-rate 0 8192 0 transmit transmit drop 255 7 16 ! Creating a Rate-Limit Profile . NOTE: The JUNOSe software includes the layer 2 headers in the calculations it uses to enforce the rates that you specify in rate-limit profiles. If you do not include one of the keywords.1. the default burst size is used. Example host1(config-rate-limit-profile)#peak-rate 0 ! ! Use the no version to restore the default value. See Table 5 on page 8. making it optional to configure the associated peak burst size. the default is a two-rate rate-limit profile. If you do not include a one-rate or two-rate keyword. l2tp. displaying the rate-limit profile shows: peak-rate 8000000 peak-burst 100000 If the calculated peak burst value is less than the default peak burst size of 8 KB. 0.

the router creates a rate-limit profile with the default values shown in Table 8: Table 8: Two-Rate Rate-Limit-Profile Defaults Policy Attribute type committed-rate committed-burst peak-rate peak-burst committed-action conformed-action exceeded-action mask (IP and IPv6 rate-limit profiles) exp-mask (MPLS rate-limit profiles) ! ! Default Value two-rate 0 8192 0 8192 transmit transmit drop 255 7 ! During a software upgrade. ipv6. from which you can configure attributes for the rate-limit profile. If you do not include one of the keywords. If you enter a rate-limit-profile command and then type exit.Chapter 1: Configuring Policy Management ! Example host1(config)#ip rate-limit-profile tcpFriendly10Mb one-rate ! Use the no version to remove a rate-limit profile. rate-limit-profile two-rate ! Use to create a rate-limit profile and enter Rate Limit Profile Configuration mode. If you do not include a one-rate or two-rate keyword. l2tp. the default is a two-rate rate-limit profile. or mpls keywords in front of the command to specify the type of rate-limit profile you want to create or modify. NOTE: The JUNOSe software includes the layer 2 headers in the calculations it uses to enforce the rates that you specify in rate-limit profiles ! Use one of the ip. See Table 5 on page 8. certain values are set as follows: ! Committed burst size—Set to 8192 if it was less than that value before the upgrade Peak burst size—Set to 8192 if it was less than that value before the upgrade Peak rate—Set to 0 if it was nonzero but less than the committed rate before the upgrade ! ! Creating a Rate-Limit Profile ! 17 . the router creates an IP rate-limit profile by default.

Creating Classifier Control Lists Use the following commands to create or modify CLACLs: ! ! ! ! ! ! ! frame-relay classifier-list gre-tunnel classifier-list ip classifier-list ipv6 classifier-list l2tp classifier-list mpls classifier-list vlan classifier-list frame-relay classifier-list ! Use to create or modify a Frame Relay classifier control list.JUNOSe 6.x Policy and QoS Configuration Guide ! Example host1(config)#ip rate-limit-profile hardlimit9Mb two-rate ! Use the no version to remove a rate-limit profile. NOTE: Do not use the asterisk (*) for the name of a classifier list. indicating a high drop preference " " ! user-packet-class—Matches packets with the specified user packet class value de-bit—Matches Frame Relay packets with the specified DE bit value. indicating a medium drop preference red—Matches packets with color red. ! Use the following keywords to configure the list: ! traffic-class—Matches packets with a class that you defined using the traffic-class command color " ! green—Matches packets with color green.1. either 0 or 1 ! 18 ! Creating Classifier Control Lists . NOTE: Commands that you issue in Rate Limit Profile Configuration mode do not take effect until you exit from that mode. The asterisk is used as a wildcard for the classifier-group command. indicating a low drop preference yellow—Matches packets with color yellow.

The asterisk is used as a wildcard for the classifier-group command.Chapter 1: Configuring Policy Management ! Example host1(config)#frame-relay classifier-list frclassifier color red user-packet-class 10 de-bit 1 ! Use the no version to remove the classifier control list. indicating a medium drop preference red—Matches packets with color red. and precedence specify the ToS byte in the IP header " " " ! user-packet-class—Matches packets with the specified user packet class value ! Example host1(config)#gre-tunnel classifier-list greClassifier50 color yellow user-packet-class 7 dsfield 40 ! Use the no version to remove the classifier control list. range is 0–7 " " ! tos. The asterisk is used as a wildcard for the classifier-group command. gre-tunnel classifier-list ! Use to create or modify a GRE tunnel classifier control list. host1(config)#ip classifier-list YourListName ip any any NOTE: Do not use the asterisk (*) for the name of a classifier list. ! Use the user-packet-class keyword to match packets with the specified user packet class value. indicating a high drop preference tos—Specifies the use of the whole 8 bits of the ToS byte. range is 0–255 dsfield—Specifies the use of the upper 6 bits of the ToS byte. indicating a low drop preference yellow—Matches packets with color yellow. Creating Classifier Control Lists ! 19 . NOTE: Do not use the asterisk (*) for the name of a classifier list. range is 0–63 precedence—Specifies the use of the upper 3 bits of the ToS byte. dsfield. ip classifier-list ! Use to create or modify an IP classifier control list. ! Use the following keywords to configure the list: ! traffic-class—Matches traffic with a class that you defined using the traffic-class command color " ! green—Matches packets with color green.

100. such as source and destination IP address and mask icmp—ICMP protocol attributes. such as source and destination IP address and mask.52 any ! Use the protocol option to match a specific protocol number or to match only packets of one of the following protocol types: ! ip—IP protocol attributes.x Policy and QoS Configuration Guide ! Use the notProtocol.x. traffic is classified on source host address 10.10. ! In the following example.100.10. and source and destination UDP operator and port ! ! ! ! ! Use the sourceAddress and destinationAddress options to classify traffic based on source and destination addresses.1. ICMP type and code igmp—IGMP protocol attributes. to match a non-TCP packet originating from IP address 172. The sourceQualifier option is composed of: ! portNumber—Single port number or the beginning of a range of port numbers portOperator—One of the following: " " " ! eq—equal to lt—less than gt—greater than 20 ! Creating Classifier Control Lists .10.10.10 any ! In the following example. matching traffic for any address. or a wildcard.28.10. such as source and destination IP address and mask.10. followed by a series of contiguous ones. You can specify the address as a host address.10. and source and destination TCP operator and port udp—UDP protocol attributes. and IGMP type tcp—TCP protocol attributes.10.JUNOSe 6.255.10 and any destination address: host1(config)#ip classifier-list YourListName ip host 10. The any keyword is the address wildcard. notSourceIpAddr.10.2: host1(config)#ip classifier-list YourListName ip 10. and notDestinationIpAddr options to cause a match when those attributes in the packet being compared have different values. must be a series of contiguous zeros. traffic is classified on any source or destination address: host1(config)#ip classifier-list YourListName ip any any ! In the following example. traffic is classified on source address subnet 10. a subnet. For example.52: host1(config)#ip classifier-list YourListName not tcp host 172. such as source and destination IP address and mask.255 host 10.28.0.0.2 ! Use the sourceQualifier option to specify a single TCP or UDP port or a range of ports. such as source and destination IP address and mask.0 0.10.x and destination host address 10. the mask. If you specify the address as a subnet. in binary notation.

default is 0.168. For example.30.30.168. ! ! ! For example: host1(config)#ip classifier-list svale20 source-route-class 1 ip any any host1(config)#ip classifier-list svale30 destination-route-class 1 ip any any tos 10 host1(config)#ip classifier-list svale40 source-route-class 1 local true ip any any host1(config)#ip classifier-list west25 source-route-class 1 local false ip any any In the previous example.168. default is 0.168.168. the following command matches packets with source address 198. local true—Matches packets that are destined to a local interface.200: host1(config)#ip classifier-list boston5 ip host 192. local false—Matches packets that are traversing the router.100 range 1 10 any ! Use multiple elements in classifier lists to configure classification to match any of multiple field combinations.30. destination-route-class—Classifies on incoming packets associated with a route class based on the packet’s destination address.200. route-class range is 0–255. route-class range is 0–255.30. svale30 matches the destination address lookup route-class value of 1 and a ToS byte value of 10.30.168. ! Use the following keywords to configure classification to match route-class values: ! source-route-class—Classifies on packets associated with a route class based on the packet’s source address.Chapter 1: Configuring Policy Management " " ! neq—not equal to range—range of ports toPortNumber—End of a range of port numbers For example.30. svale40 matches the source address lookup route-class value of 1 and the packets destined to a local interface.168.100 or have a destination IP address of 192.30. The behavior of multiple-element classifier-list classification is the logical OR of the elements in the CLACL.168.100 any host1(config)#ip classifier-list boston5 ip any host 192. this is the default setting.100 and UDP source port numbers in the range 1–10: host1(config)#ip classifier-list YourListName udp host 192. ! Creating Classifier Control Lists ! 21 .30. to match all packets that have a source IP address of 192. classifier control lists match route-class values as follows: ! ! svale20 matches the source address lookup route-class value of 1.200 The classifier control list boston5 matches all packets with the source IP address of 192.100 or with the destination IP address of 192.

fin.30.100 any 2 10 ! Use the tcp-flags keyword and a logical equation (a quotation-enclosed string using ! for NOT.10. for example: host1(config)#ip classifier-list tos128 ip any any tos 128 ! Use the following keywords to match the ToS byte in the IP header: ! ! dsfield—Specifies the use of the upper 6 bits of the ToS byte. The destinationQualifier option is composed of the following suboptions: ! portNumber—Single port number or the beginning of a range of port numbers (TCP and UDP only) portOperator—One of the following (TCP and UDP only): " " " " " ! eq—Equal to lt—Less than gt—Greater than neq—Not equal to range—Range of ports ! ! ! ! toPortNumber—End of a range of port numbers (TCP and UDP only) icmpType—ICMP message type (ICMP only) icmpCode—ICMP message code (ICMP only) igmpType—IGMP message type (IGMP only) For example. the following command matches packets with source address 198. or an IGMP type.100 and ICMP type 2 and code 10: host1(config)#ip classifier-list YourListName icmp host 192.0.1. range is 0–255.168. range is 0–63.JUNOSe 6. syn.168.0. range is 0–7. for example: host1(config)#ip classifier-list low-drop-prec ip any any dsfield 10 ! precedence—Specifies the use of the upper 3 bits of the ToS byte. rst. an ICMP code and optional type. For example: host1(config)#ip classifier-list telnetConnects tcp 192. urg.255 host 10. psh.0 0.x Policy and QoS Configuration Guide ! west20 matches the source address lookup route-class value of 1 and packets that are not destined for a local interface (packets destined for remote interfaces). for example: host1(config)#ip classifier-list priority ip any any precedence 1 ! Use the destinationQualifier option to specify a single TCP or UDP port or range of ports. tos—Specifies the use of the whole 8 bits of the ToS byte.10.30.10.168. & for AND) to match one or more of the following TCP flags: ack.10 eq 23 tcp-flags "syn & !ack" 22 ! Creating Classifier Control Lists .

10. For example. Examples: IP CLACLs To set up a CLACL to accept IP traffic from all source addresses on the subnet of XYZ Corp: host1(config)#ip classifier-list XYZCorpPermit ip 192.0.255. indicating a medium drop preference red—Matches packets with color red.1 0.168.0 0.Chapter 1: Configuring Policy Management ! Use the ip-flags keyword and a logical equation (a quotation-enclosed string using ! for NOT.0. For example: host1(config)#ip classifier-list dontFragment ip any any ip-flags "dont-fragment" ! For both IP flags and TCP flags.0.2. if you specify only a single flag. the following commands configure a policy to filter fragmentation offsets equal to 1: host1(config)#ip classifier-list fragOffsetAttack ip any host 10. indicating a low drop preference yellow—Matches packets with color yellow.10.255 any To create a CLACL that filters all ICMP echo requests headed toward an access link for XYZ Corp under a denial-of-service attack: host1(config)#ip classifier-list XYZCorpIcmpEchoReqs icmp any any 8 0 To create a CLACL that matches all IGMP type 1 packets: host1(config)#ip classifier-list XYZCorpIgmpType1 igmp any any 1 To create a CLACL that matches all traffic on UDP source ports greater than 100: host1(config)#ip classifier-list XYZCorpUdp udp any gt 100 172.255. more-fragments. 1. & for AND) to match one or more of the following IP flags: dont-fragment. reserved.255 Creating Classifier Control Lists ! 23 .10 ip-frag-offset eq 1 host1(config)#ip policy-list dosProtect host1(config-policy-list)#filter classifier-group fragOffsetAttack host1(config-policy-list)#forward ! ! Use the traffic-class keyword to match packets with a traffic class that you defined using the traffic-class command.17. Use the color keyword to match on one of the following: ! ! ! green—Matches packets with color green. Use the ip-frag-offset keyword and the eq or gt operator to match an IP fragmentation offset equal to 0. indicating a high drop preference user-packet-class—Matches packets with the specified user packet class value ! ! ! Use the no version to remove the classifier control list. the logical equation does not require quotation marks. or greater than 1.

syn. such as source and destination port. the following command matches packets from port 75: host1(config)#ipv6 classifier-list YourListName udp destination-port eq 75 ! For TCP.1. and source and destination TCP operator and port udp—UDP protocol attributes. use the tcp-flags keyword and a logical equation (a quotation-enclosed string using ! for NOT. NOTE: Do not use the asterisk (*) for the name of a classifier list. psh. indicating a high drop preference " " ! user-packet-class—Matches packets with the specified user packet class value ! Use the protocol option to match a specific protocol number and specify protocol attributes: ! ! icmpv6—ICMP type and code tcp—TCP protocol attributes. & for AND) to match one or more of the following TCP flags: ack. rst. indicating a medium drop preference red—Matches packets with color red. use the portQualifier option to specify a single port or a range of source or destination ports. The asterisk is used as a wildcard for the classifier-group command. fin. The portQualifier option is composed of: ! portNumber—Single port number or the beginning of a range of port numbers toPortNumber—End of a range of port numbers portOperator—One of the following: " " " " " ! ! eq—equal to lt—less than gt—greater than neq—not equal to range—range of ports For example.x Policy and QoS Configuration Guide ipv6 classifier-list ! Use to create or modify an IPv6 classifier control list. indicating a low drop preference yellow—Matches packets with color yellow. ! Use the following keywords to configure the list: ! traffic-class—Matches packets with a traffic class that you defined using the traffic-class command color " ! green—Matches packets with color green. For example: host1(config)#ipv6 classifier-list telnetConnects tcp destination-port eq 23 tcp-flags "syn & !ack" 24 ! Creating Classifier Control Lists . urg.JUNOSe 6. such as source and destination port ! ! For TCP and UDP.

traffic is classified on source host address 2001:db8:1::8001 and destination address 2001:db8:3::/48: host1(config)#ipv6 classifier-list YourClaclList source-host 2001:db8:1::8001 destination-address 2001:db8:3::/48 Creating Classifier Control Lists ! 25 . local true—Matches packets that are destined to a local interface. svale40 matches the source address lookup route-class value of 1 and the packets destined to the local interface. svale30 matches the destination address lookup route-class value of 1 and a traffic-class value of 10. source-host. default is 0. west25 matches the source address lookup route-class value of 1 and packets that are not destined for the local interface (packets destined for remote interfaces). this is the default setting.Chapter 1: Configuring Policy Management ! For ICMPv6. You can specify the address as an IPv6 address or an IPv6 prefix. destination-route-class—Classifies on incoming packets associated with a route class based on the packet’s destination address. use the icmp-type option to specify the icmpType and icmpCode parameters: ! ! icmpType—ICMP message type. In the following example. default is 0. and destination-host options to classify traffic based on source and destination addresses. classifier control lists match route-class values as follows: ! ! svale20 matches the source address lookup route-class value of 1. route-class range is 0–255. route-class range is 0–255. local false—Matches packets that are traversing the router. in the range 0–255 For example. the following command matches ICMPv6 packets with an ICMP type of 3 and code of 6: host1(config)#ipv6 classifier-list listname icmpv6 icmp-type 3 icmp-code 6 ! Use the following keywords to configure classification to match route-class values: ! source-route-class—Classifies on packets associated with a route class based on the packet’s source address. ! ! ! For example: host1(config)#ipv6 classifier-list svale20 source-route-class 1 host1(config)#ipv6 classifier-list svale30 destination-route-class 1 tcfield 10 host1(config)#ipv6 classifier-list svale40 source-route-class 1 local true host1(config)#ipv6 classifier-list west25 source-route-class 1 local false In the previous example. in the range 0–255 icmpCode—ICMP message code. destination-address. ! ! ! Use the source-address.

range is 0–7 ! ! ! Example host1(config)#ipv6 classifier-list ipv6classifier color red user-packet-class 5 tcfield 10 ! Use the no version to remove the classifier control list. The asterisk is used as a wildcard for the classifier-group command. NOTE: Do not use the asterisk (*) for the name of a classifier list.x Policy and QoS Configuration Guide ! Use the following keywords to specify traffic class information in the IPv6 header: ! tcfield—Specifies the use of the whole 8 bits of the traffic-class byte. mpls classifier-list ! Use to create or modify an MPLS classifier control list.JUNOSe 6. ! Use the following keywords to configure the list: ! traffic-class—Matches packets with a traffic class that you defined using the traffic-class command color " ! green—Matches packets with color green. l2tp classifier-list ! Use to create or modify an L2TP classifier control list. indicating a medium drop preference red—Matches packets with color red. indicating a high drop preference " " ! user-packet-class—Matches packets with the specified user packet class value ! Example host1(config)#l2tp classifier-list l2tpclassifier color red user-packet-class 7 ! Use the no version to remove the classifier control list. range is 0–63 precedence—Specifies the use of the upper 3 bits of the traffic-class byte. indicating a low drop preference yellow—Matches packets with color yellow. ! Use the following keywords to configure the list: ! traffic-class—Matches packets with a traffic class that you defined using the traffic-class command 26 ! Creating Classifier Control Lists . range is 0–255 dsfield—Specifies the use of the upper 6 bits of the traffic-class byte.1. NOTE: Do not use the asterisk (*) for the name of a classifier list. The asterisk is used as a wildcard for the classifier-group command.

indicating a low drop preference yellow—Matches packets with color yellow. Creating Classifier Control Lists ! 27 . vlan classifier-list ! Use to create or modify a VLAN classifier control list. The asterisk is used as a wildcard for the classifier-group command. indicating a medium drop preference red—Matches packets with color red. indicating a low drop preference yellow—Matches packets with color yellow. which you define in the policy list classifier-list classifier-list classifier-list classifier-list classifier-list classifier-list classifier-list classifier-list lowLatencyLowDrop user-priority 7 lowLatencyLowDrop user-priority 6 lowLatency user-priority 5 excellentEffort user-priority 4 bestEffort user-priority 3 bestEffort user-priority 2 bestEffort user-priority 1 bestEffort user-priority 0 ! ! Example host1(config)#vlan host1(config)#vlan host1(config)#vlan host1(config)#vlan host1(config)#vlan host1(config)#vlan host1(config)#vlan host1(config)#vlan ! Use the no version to remove the classifier control list. NOTE: Do not use the asterisk (*) for the name of a classifier list. indicating a high drop preference " " ! user-packet-class—Matches packets with the specified user packet class value exp-bits—Specifies the value of the EXP bit to match in the range 0–7 exp-mask—Specifies the mask applied to the EXP bits in the range 1–7 ! ! ! Example host1(config)#mpls classifier-list mplsClass user-packet-class 10 exp-bits 3 exp-mask 5 ! Use the no version to remove the classifier control list. indicating a medium drop preference red—Matches packets with color red.Chapter 1: Configuring Policy Management ! color " green—Matches packets with color green. ! Use the following keywords to configure the list: ! traffic-class—Matches packets with a traffic class that you defined using the traffic-class command color " ! green—Matches packets with color green. indicating a high drop preference " " ! user-packet-class—Matches packets with the specified user packet class value user-priority—Specifies the value of the user-priority bits.

0. GRE tunnels. IPv6. Add a rule that filters packets based on classifier list ipCLACL20. Create the classification group for the CLACL named ipCLACL10 and assign the precedence to the classification group. host1(config-policy-list-classifier-group)#rate-limit-profile ipRLP25 6.x Policy and QoS Configuration Guide Creating Policy Lists You can create a policy list with an unlimited number of classifier groups.5 order 30 host1(config-policy-list-classifier-group)#forward interface ip 3/1 order 40 4. Add a rule that sets a ToS byte value of 125 for packets based on classifier list ipCLACL10. L2TP. Creating a Policy List for IP The following example creates an IP policy list named routeForABCCorp. MPLS. Add a rule that uses rate-limit profile ipRLP25.120. Create the policy list routeForABCCorp. These rules can reference up to 512 classifier entries. Exit Classifier Group Configuration mode for ipCLACL10.12 order 10 host1(config-policy-list-classifier-group)#forward next-hop 192. Exit Policy List Configuration mode to save the configuration.100.109 order 20 host1(config-policy-list-classifier-group)#forward next-hop 192. 1. Add a rule that specifies a group of forwarding solutions based on classifier list ipCLACL10. then create a new classification group for classifier list ipCLACL20. host1(config-policy-list-classifier-group)#mark tos 125 5. host1(config-policy-list)#classifier-group ipCLACL10 precedence 75 host1(config-policy-list-classifier-group)# 3.0. and VLANs. host1(config-policy-list-classifier-group)#forward next-hop 192.17. For information about creating the CLACLs and rate-limit profile used in this example. each containing an unlimited number of rules. host1(config)#ip policy-list routeForABCCorp host1(config-policy-list)# 2. host1(config-policy-list-classifier-group)#exit host1(config-policy-list)#exit host1(config)# 28 ! Creating Policy Lists . IP.1. You can create policy lists for Frame Relay.JUNOSe 6. see the previous sections. host1(config-policy-list-classifier-group)#exit host1(config-policy-list)#classifier-group ipCLACL20 precedence 125 host1(config-policy-list-classifier-group)#filter 7.2.

1. Creating a Policy List for IPv6 The following example creates an IPv6 policy list named routeForIPv6.0. Add a rule to color packets as red. and a second rule that sets the traffic class field of the packets to 7. rule 5 mark tos 125 rate-limit-profile ipRLP25 Classifier control list: ipCLACL20.2.109. rule 3 (reachable) next-hop 192. rule 2 (active) next-hop 192. Create the policy list routeForIPv6. order 40. order 30.17. order 10. Display the policy list. host1#show policy-list routeForABCCorp Policy Table -----. host1(config-policy-list-classifier-group)#exit host1(config-policy-list)#exit host1(config)# Creating Policy Lists ! 29 . precedence 125 filter NOTE: Commands that you issue in Policy Configuration mode do not take effect until you exit from that mode.0. order 20. rule 4 (reachable) interface ip3/1. host1(config)#ipv6 policy-list routeForIPv6 host1(config-policy-list)# 2. Create the classification group for the CLACL named ipv6tc67 and assign the precedence to the classification group.100. host1(config-policy-list)#classifier-group ipv6tc67 precedence 75 host1(config-policy-list-classifier-group)# 3. For information about creating the CLACL used in this example. see the previous sections. Exit Policy List Configuration mode to save the configuration.12.5. host1(config-policy-list-classifier-group)#color red host1(config-policy-list-classifier-group)#mark tcfield 7 4.120. precedence 75 forward Virtual-router: default List: next-hop 192.Chapter 1: Configuring Policy Management 8.----IP Policy routeForABCCorp Administrative state: enable Reference count: 0 Classifier control list: ipCLACL10.

----IPv6 Policy routeForIPv6 Administrative state: enable Reference count: 0 Classifier control list: ipv6tc67. Add a rule that marks the DE bit as 1.255. and on ingress colors frames with a DE bit of 1 as red. 1. Create the policy list used to mark egress traffic.1 host1(config-subif)#frame-relay policy output frOutputPolicy statistics enabled host1(config-subif)#ip address 10.0 host1(config-subif)#exit host1(config)#interface serial 5/1:1/1. Display the policy list. and create the classifier group conforming to CLACL frMatchDeSet. Add a rule that colors the ingress traffic. then create the classifier group for packets conforming to CLACL frMatchDeSet. Apply the policy lists. host1(config)#interface serial 5/0:1/1.1. Create the policy list used for the ingress traffic.1. host1(config)#frame-relay policy-list frOutputPolicy host1(config-policy-list)#classifier-group frMatchDeSet host1(config-policy-list-classifier-group)#mark-de 1 host1(config-policy-list-classifier-group)#exit host1(config-policy-list)#exit 2. Display interface information to view the applied policies.1 255.JUNOSe 6.255. host1#show frame-relay subinterface Frame relay sub-interface SERIAL5/0:1/1.0. precedence 75 color red mark tc-precedence 7 NOTE: Commands that you issue in Policy Configuration mode do not take effect until you exit from that mode. Creating a Policy List for Frame Relay The following example creates a Frame Relay policy that on egress marks the DE bit to 1. status is up Number of sub-interface down transitions is 0 Time since last status change 03:04:59 No baseline has been set ! 30 Creating Policy Lists . host1#show policy-list routeForIPv6 Policy Table -----.0.1 host1(config-subif)#frame-relay policy input frInputPolicy statistics enabled host1(config-subif)#exit 4. host1(config)#frame-relay policy-list frInputPolicy host1(config-policy-list)#classifier-group frGroupA host1(config-policy-list-classifier-group)#color red host1(config-policy-list-classifier-group)#exit host1(config-policy-list)#exit 3.x Policy and QoS Configuration Guide 5.

640 bytes mark-de 1 Frame relay sub-interface SERIAL5/1:1/1. host1#show policy-list Policy Table -----.1.---. Display the policy lists. status is up Number of sub-interface down transitions is 0 Time since last status change 03:05:09 No baseline has been set In bytes: 660 Out bytes: 660 In frames: 5 Out frames: 5 In errors: 0 Out errors: 0 In discards: 0 Out discards: 0 In unknown protos: 0 Frame relay policy input frInputPolicy classifier-group frMatchDeSet entry 1 5 packets. precedence 100 mark-de 1 Frame relay Policy frInputPolicy Administrative state: enable Reference count: 0 Classifier control list: frGroupA. Display the classifier list. 660 bytes color red 5.------.----Frame relay Classifier Control List frMatchDeSet Reference count: 1 Entry count: 1 Classifier-List frMatchDeSet Entry 1 DE Bit: 1 6. host1#show classifier-list detailed Classifier Control List Table ---------.Chapter 1: Configuring Policy Management In bytes: 660 Out bytes: 660 In frames: 5 Out frames: 5 In errors: 0 Out errors: 0 In discards: 0 Out discards: 0 In unknown protos: 0 Frame relay policy output frOutputPolicy classifier-group frGroupA entry 1 5 packets.----Frame relay Policy frOutputPolicy Administrative state: enable Reference count: 0 Classifier control list: frMatchDeSet. Creating Policy Lists ! 31 . precedence 100 color red NOTE: Commands that you issue in Policy Configuration mode do not take effect until you exit from that mode.

1. Display the policy list. see the previous sections. 1. Add two rules for traffic based on the CLACL named gre8: one rule to color packets as red. Exit Policy List Configuration mode to save the configuration. For information about creating the CLACL used in this example. host1(config-policy-list-classifier-group)#color red host1(config-policy-list-classifier-group)#mark dsfield 20 host1(config-policy-list-classifier-group)# 4. host1(config-policy-list-classifier-group)#exit host1(config-policy-list)#exit host1(config)# 5.x Policy and QoS Configuration Guide Creating a Policy List for GRE Tunnels The following example creates a GRE tunnel policy list named routeGre50. host1(config)#gre-tunnel policy-list routeGre50 2.JUNOSe 6. host1(config-policy-list)#classifier-group gre8 precedence 150 host1(config-policy-list-classifier-group)# 3. and a second rule that specifies the ToS DS field value to be assigned to the packets.----GRE Tunnel Policy routeGre50 Administrative state: enable Reference count: 0 Classifier control list: gre8. Create the classification group for the CLACL named gre8 and assign a precedence of 150 to it. precedence 150 color red mark dsfield 20 NOTE: Commands that you issue in Policy Configuration mode do not take effect until you exit from that mode. host1#show policy-list routeGre50 Policy Table -----. 32 ! Creating Policy Lists . Create the policy list routeGre50.

1.Chapter 1: Configuring Policy Management Creating a Policy List for L2TP The following example creates an L2TP policy list. Create the policy list routeForl2tp. host1#show policy-list routeForl2tp Policy Table -----. host1(config-policy-list)#classifier-group * precedence 200 host1(config-policy-list-classifier-group)# Creating Policy Lists ! 33 . host1(config)#l2tp policy-list routeForl2tp host1(config-policy-list)# 2. Creating a Policy List for MPLS The following example creates an MPLS policy list. precedence 100 color red rate-limit-profile l2tpRLP20 NOTE: Commands that you issue in Policy Configuration mode do not take effect until you exit from that mode. Create the classification group to match all packets.----L2TP Policy routeForl2tp Administrative state: enable Reference count: 0 Classifier control list: *. Create the policy list routeForMpls. Create the classification group. and a second rule that uses the rate-limit profile l2tpRLP10. host1(config-policy-list-classifier-group)#color red host1(config-policy-list-classifier-group)#rate-limit-profile l2tpRLP10 4. Display the policy list. host1(config-policy-list)#classifier-group * host1(config-policy-list-classifier-group)# 3. host1(config)#mpls policy-list routeForMpls host1(config-policy-list)# 2. host1(config-policy-list-classifier-group)#exit host1(config-policy-list)#exit host1(config)# 5. Add a rule to color packets as red. Exit Policy List Configuration mode to save the configuration. 1.

----MPLS Policy routeForMpls Administrative state: enable Reference count: 0 Classifier control list: *. The classifier group lowLatencyLowDrop uses the default precedence of 100. host1(config-policy-list-classifier-group)#exit host1(config-policy-list)#exit host1(config)# 5. host1(config-policy-list-classifier-group)#traffic-class lowLatencyLowDrop 4. and a second rule that uses the rate-limit profile mplsRLP5. 1.1. host1(config)#vlan policy-list routeForVlan host1(config-policy-list)# 2. Create a rule that adds the lowLatencyLowDrop traffic class for all packets that fall into the lowLatencyLowDrop classification. Creating a Policy List for VLANs The following example creates a VLAN policy list named routeForVlan. host1(config-policy-list-classifier-group)#color green 34 ! Creating Policy Lists . host1#show policy-list routeForMpls Policy Table -----. host1(config-policy-list-classifier-group)#mark-exp 2 host1(config-policy-list-classifier-group)#rate-limit-profile mplsRLP5 4.JUNOSe 6. Add a rule that sets the drop precedence for all packets that fall into the lowLatencyLowDrop classification to green. Create the policy list routeForVlan. precedence 200 mark-exp 2 mask 7 rate-limit-profile mplsRLP5 NOTE: Commands that you issue in Policy Configuration mode do not take effect until you exit from that mode. Create the classification group. host1(config-policy-list)#classifier-group lowLatencyLowDrop host1(config-policy-list-classifier-group)# 3. Exit Policy List Configuration mode to save the configuration. Display the policy list. Add one rule that sets the EXP bits for all packets to 2.x Policy and QoS Configuration Guide 3.

Display the policy list. Exit to Policy List Configuration mode. host1(config-policy-list-classifier-group)#mark-user-priority 7 6. precedence 100 traffic-class bestEffort NOTE: Commands that you issue in Policy Configuration mode do not take effect until you exit from that mode. then add traffic class rules for packets that conform to different CLACLs. Add a rule that sets the user-priority bits for all packets that fall into the lowLatencyLowDrop classification to 7. host1#show policy-list routeForVlan Policy Table -----. Exit Policy List Configuration mode to save the configuration. host1(config-policy-list-classifier-group)#exit host1(config-policy-list)#classifier-group lowLatency host1(config-policy-list-classifier-group)#traffic-class lowLatency host1(config-policy-list-classifier-group)#exit host1(config-policy-list)#classifier-group excellentEffort host1(config-policy-list-classifier-group)#traffic-class excellentEffort host1(config-policy-list-classifier-group)#exit host1(config-policy-list)#classifier-group bestEffort host1(config-policy-list-classifier-group)#traffic-class bestEffort 7. precedence 100 traffic-class lowLatency Classifier control list: excellentEffort. Creating Policy Lists ! 35 . host1(config-policy-list-classifier-group)#exit host1(config-policy-list)#exit host1(config)# 8. precedence 100 traffic-class lowLatencyLowDrop color green mark-user-priority 7 Classifier control list: lowLatency.----VLAN Policy routeForVlan Administrative state: enable Reference count: 0 Classifier control list: lowLatencyLowDrop. precedence 100 traffic-class excellentEffort Classifier control list: bestEffort.Chapter 1: Configuring Policy Management 5.

it inserts a default filter rule. NOTE: If you do not specify one of the frame-relay.1. Creating Classifier Groups and Policy Rules Classifier groups contain the policy rules that make up a policy list. If you enter a policy-list command and then enter exit.18. l2tp. NOTE: For IP policies.x Policy and QoS Configuration Guide frame-relay policy-list gre-tunnel policy-list ip policy-list ipv6 policy-list l2tp policy-list mpls policy-list vlan policy-list ! ! Use to create or modify a policy list and to enter Policy List Configuration mode.JUNOSe 6. the router creates a policy list with no rules. If the router does not find any rules in a policy. Classifier groups with equal precedence are evaluated in the order of creation. (See Creating Multiple Forwarding Solutions with IP Policy Lists on page 38. Classifier groups are evaluated starting with the lowest precedence value. gre-tunnel. For example: host1(config-policy-list-classifier-group)#forward next-hop 172. which enables you to order multiple forward rules within a single classifier group. ipv6. The CLACL defines the packet flow on which the policy action is taken. you can assign a precedence value to a CLACL by using the precedence keyword when you create a classifier group. A policy list might contain multiple classifier groups—you can specify the precedence in which classifier groups are evaluated. Attaching this policy list to an interface filters all packets on that interface. In this mode you configure the policy rules that make up the policy list. the forward command supports the order keyword. A policy rule is an association between a policy action and an optional CLACL.) From Policy Configuration mode. ip. ! Example host1(config)#ip policy-list routeForXYZCorp host1(config-policy-list)# ! Use the no version to remove a policy list. For example: host1(config-policy-list)#classifier-group ipCLACL25 precedence 21 host1(config-policy-list-classifier-group)# The classifier-group command puts you in Classifier Group Configuration mode. or vlan keywords. mpls.20. The default precedence value is 100. the router creates an IP policy list.54 36 ! Creating Classifier Groups and Policy Rules .

you can suspend the rule. remove. Yes and No indicate whether the command is supported. you can suspend a rule by using the suspend version of that policy rule command. From Classifier Group Configuration mode. Table 9: Policy Rule Commands Policy Command color filter forward log mark mark-de mark-exp mark-user-priority next-hop next-interface Frame Relay Yes Yes Yes No NA Yes NA NA NA NA GRE Yes Yes Yes No Yes NA NA NA No No IP Yes Yes Yes Yes Yes NA NA NA Yes (input policies only) Yes (input and secondary input policies only) Yes Yes Yes IPv6 Yes Yes Yes No Yes NA NA NA No No L2TP Yes Yes Yes No NA NA NA NA NA NA MPLS Yes Yes Yes No NA NA Yes NA NA NA VLAN Yes Yes Yes No NA NA NA Yes NA NA rate-limit-profile traffic-class user-packet-class No Yes Yes No Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes No Yes Yes Creating Classifier Groups and Policy Rules ! 37 . The modified policy takes effect once you exit Policy Configuration mode.54 You can add. Policy Rule Support Table 9 shows the policy rule commands that you can use for each type of policy list.Chapter 1: Configuring Policy Management To stop and start a policy rule without losing statistics. NA indicates that the command does not apply to that type of interface. Suspending a rule maintains the policy rule with its current statistics.20.20. The no suspend version reactivates a suspended rule.54 host1(config-policy-list-classifier-group)#no suspend forward next-hop 172. but the rule no longer affects packets in the forwarding path. For example: host1(config-policy-list-classifier-group)#suspend forward next-hop 172. or suspend policy rules while the policy is attached to one or more interfaces.18.18.

If only next-hop elements exist and you do not use the virtual router option. and the rule configured last replaces the previous rule. the router uses a single route table lookup to determine the forwarding solution for packets. the interface must be the correct interface for the next-hop address. The router evaluates the forwarding solutions in the group. If no order value is specified. If no solutions are reachable. A classifier can have only one action that provides a routing solution.x Policy and QoS Configuration Guide Rules That Provide Routing Solutions The next interface. The null interface is always considered unreachable. For IP policy lists only. starting at the solution with the lowest order value. you can ensure that there is a reachable solution for the packets. filter. then the default order of 100 is assigned to a solution. the router displays a warning message. and then uses the first reachable solution. If you specify a next-hop address. If you configure two routing solution rules. If you delete the target (interface or next-hop address) referenced in a rule. a solution must be a reachable interface or a next-hop address that has a route in the routing table. the traffic is dropped. and forward rules provide routing solutions for traffic matching a classifier. The following guidelines apply when you create a group of forwarding solutions in an IP policy list: ! ! You can specify a maximum of 20 forwarding solutions for a classifier. Also. You can use the order keyword to specify the order of the group of forwarding solutions within a single forward rule. ! ! ! If you specify both an interface element and a next-hop address element. then you can optionally specify that the default route be ignored. ! ! 38 ! Creating Classifier Groups and Policy Rules . that solution is replaced by the null interface but retains the same order number in the policy list. To be considered a reachable solution.JUNOSe 6. By creating a group of forwarding solutions. next hop. the forward command enables you to configure one or more unique forwarding solutions (interfaces or next-hop addresses) that override the route table lookup. then the policy assumes the virtual router context of the command-line interface (CLI).1. then they both must be reachable to be used. You can include an optional parameter to specify the virtual router when you define next-hop elements. Creating Multiple Forwarding Solutions with IP Policy Lists By default. The interface and next-hop elements of a forwarding solution must exist within a single virtual router: ! Next-interface elements are associated with the virtual router where that interface exists. such as filter and forward. in the same classifier group.

Chapter 1: Configuring Policy Management

!

When a forwarding solution with a lower order value than the currently active solution becomes reachable, the router switches to the lower-ordered solution. If two rules that have the same order value are reachable, then the rule that was created first is used.

!

NOTE: The forward interface and forward next-hop commands are replacing the next-interface and next-hop commands, which do not support multiple forwarding solutions in a single forward rule.

In the following sample classifier group of a policy list, the forwarding solution of ATM interface 0/0.1 has the lowest order value in the group, and would therefore be selected as the solution for the policy list. However, if this interface is not reachable, the router then attempts to use the solution with the next higher order; which would be ATM interface 12/0.1. If none of the solutions in the group is reachable, the traffic is dropped.
host1(config-policy-list)#classifier-group westfordClacl precedence 200 host1(config-policy-list-classifier-group)#forward interface atm 0/0.1 order 10 host1(config-policy-list-classifier-group)#forward interface atm 12/0.1 order 50 host1(config-policy-list-classifier-group)#forward interface atm 3/0.25 order 300 NOTE: You can use the suspend version of the command to suspend an individual entry in a group of forwarding solutions. The forward rule remains “active” as long as there is a reachable or active entry in the group of forwarding solutions. If you suspend all entries in the group, the status of the forward rule is changed to “suspended.”

Classifier Group Command
Use the command described in this section to create classifier groups. See Rate Limiting Individual or Aggregate Packet Flows on page 58 for examples of using this command to rate limit traffic flows. classifier-group
!

Creates a classifier group for a policy list and assigns precedence to the specific CLACL that is referenced in the group; enters Classifier Group Configuration mode, in which you create policy rule configurations related to the specified CLACL. Use the precedence keyword to specify the order in which a classifier group is evaluated compared to other classifier groups. Classifier groups are evaluated from lowest to highest precedence value (for example, a classifier group with a precedence of 1 is used before a classifier group with a precedence of 2). Classifier groups with equal precedence are evaluated in the order of creation, with the group created first having precedence. A default value of 100 is used if no precedence is specified. Example
host1(config-policy-list)#classifier-group westfordClacl precedence 150

!

!

Creating Classifier Groups and Policy Rules

!

39

JUNOSe 6.1.x Policy and QoS Configuration Guide

!

Use the no version to remove the classifier group and its rules from a policy list.

NOTE: Empty classifier groups have no effect on the router’s classification of packets and are ignored by the router. You might inadvertently create empty classifier groups in a policy if you use both the newer CLI style and the older CLI style, which used the Policy List Configuration mode version of the classifier list commands.

Policy Rule Commands
Use the commands described in this section to specify policy rules for classifier groups.
NOTE: The commands listed in this section replace the Policy List Configuration mode versions of the command. For example, the color command replaces the Policy List Configuration mode version of the color command. The original command may be removed completely in a future release.

color
!

Use to color a packet matching the current CLACL as green, yellow, or red:
! ! !

green—Highest precedence yellow—Intermediate precedence red—Lowest precedence

!

Example
host1(config-policy-list-classifier-group)#color green

! !

Use the suspend version to suspend the color rule within the classifier group. Use the no version to remove the color rule from the classifier group.

filter
! !

Use to define a rule that drops all packets matching the current CLACL. You can enter the filter command while the policy list is referenced by interfaces. Example
host1(config-policy-list-classifier-group)#filter

!

! !

Use the suspend version to suspend a filter rule within the classifier group. Use the no version to remove the filter rule from the classifier group.

40

!

Creating Classifier Groups and Policy Rules

Chapter 1: Configuring Policy Management

forward forward interface forward next-hop
!

Use to define a rule that creates the forwarding solution for packets matching the current CLACL. The forward command can be used while the policy list is referenced by interfaces.
!

!

Example

host1(config-policy-list-classifier-group)#forward
! !

Use the suspend version to suspend the forward rule within the classifier group. For IP policy lists only:
!

You can use the forward interface command to specify multiple interfaces and the forward next-hop command to specify next-hop addresses as possible forwarding solutions. If you define multiple forwarding solutions for a single CLACL, use the order keyword to specify the order in which the router chooses the solutions. The router uses the first reachable solution in the list, starting with the solution with the lowest order value. The default order value is 100.

NOTE: The forward interface and forward next-hop commands are replacing the next-interface and next-hop commands.

The switch route processor (SRP) module Fast Ethernet port cannot be the destination of the forward next-hop and forward next-interface commands.
!

If you specify a next-hop address as the forwarding solution, you can specify that the default route is not used as a routing solution for the next-hop address when selecting a reachable forward rule entry.

!

Example
host1(config-policy-list-classifier-group)#forward interface atm 0/0.1 order 10 host1(config-policy-list-classifier-group)#forward interface atm 3/1.2 order 20

!

Use the no version to remove the forward rule from the classifier group.

log
! !

Use to define a rule that logs all packets conforming to the current CLACL. Example
host1(config-policy-list-classifier-group)#log

! !

Use the suspend version to suspend the log rule within the classifier group. Use the no version to remove the log rule from the classifier group.

Creating Classifier Groups and Policy Rules

!

41

JUNOSe 6.1.x Policy and QoS Configuration Guide

mark
!

Use to set the ToS field in the IP header or the traffic-class field in the IPv6 header to a specified value for packets conforming to the current CLACL. For IPv4, you must specify one of the following:
! ! ! !

!

A ToS byte value in the range 0–255 and a mask value in the range 1–255 tos-precedence keyword and a value in the range 0–7 tos keyword and a value in the range 0–255 dsfield keyword and a value in the range 0–63 A traffic-class byte in the range 0–255 and a mask in the range 1–255 tc-precedence keyword and a value in the range 0–7 tcfield keyword and a value in the range 0–255 dsfield keyword and a value in the range 0–63

!

For IPv6, you must specify one of the following:
! ! ! !

!

Only one mask value is allowed per policy. Multiple mark rules are allowed with various mark values, but the mask for each of these rules must be the same. Example
host1(config-policy-list-classifier-group)#mark tos-precedence 3

!

! !

Use the suspend version to suspend the mark rule within the classifier group. Use the no version to remove the mark rule from the classifier group.

mark-de
!

Use to assign a value of 0 or 1 to the Frame Relay DE bit for packets conforming to the current CLACL. Example
host1(config-policy-list-classifier-group)#mark-de 1

!

!

Use the suspend version to suspend the mark DE rule within the classifier group. Use the no version to remove the mark DE rule from the classifier group.

!

mark-exp
!

Use to assign a value in the range 0–7 to the MPLS EXP field for packets conforming to the current CLACL. Example
host1(config-policy-list-classifier-group)#mark-exp 5

!

!

Use the suspend version to suspend the mark EXP rule within the classifier group. Use the no version to remove the mark EXP rule from the classifier group.

!

42

!

Creating Classifier Groups and Policy Rules

Example host1(config-policy-list-classifier-group)#mark-user-priority 5 ! ! Use the suspend version to suspend the mark-user-priority rule within the classifier group. ! next-hop ! Use to define the IP address of the next hop to which the packets are forwarded for packets conforming to the current CLACL. ! ! For IP interfaces.1p VLAN priority field for packets conforming to the current CLACL. this command is supported only on input policies. The next-hop command may be removed in a future release. See the forward forward interface forward next-hop command for details. IP interfaces referenced with this command can be tracked if they move. See the forward forward interface forward next-hop command for details.10.10. ! ! For IP interfaces.1 ! Use the suspend version to suspend the next-hop rule within the classifier group. The SRP module Fast Ethernet port cannot be the destination of the next-interface command. this command is supported only on input policies. The next-interface command may be removed in a future release. Use the no version to remove the next-hop rule from the classifier group. ! next-interface ! Use to define an output interface to which the packets conforming to the current CLACL are forwarded.Chapter 1: Configuring Policy Management mark-user-priority ! Use to assign a value in the range 0–7 to the 802. NOTE: The forward forward interface forward next-hop interface command is replacing the next-interface command. Example host1(config-policy-list-classifier-group)#next-hop 10. Creating Classifier Groups and Policy Rules ! 43 . statistics are not maintained across the move. Policies attached to an interface also move if the interface moves. NOTE: The forward forward interface forward next-hop next-hop command is replacing the next-hop command. Use the no version to remove the mark-user-priority rule from the classifier group. The SRP module Fast Ethernet port cannot be the destination of the next-hop command. However.

Example host1(config-policy-list-classifier-group)#user-packet-class 3 ! ! ! Use the suspend version to temporarily suspend the rule within the classifier group. The user packet class is associated with every packet that is forwarded through the router.1 ! Use the suspend version to suspend the next-interface rule within the classifier group. ! traffic-class ! ! Use to specify a traffic-class rule for packets conforming to the current CLACL. ! 44 ! Creating Classifier Groups and Policy Rules .x Policy and QoS Configuration Guide ! Example host1(config-policy-list-classifier-group)#next-interface atm 0/0. Use the no version to remove the rate-limit-profile from the classifier group. Example host1(config-policy-list-classifier-group)#rate-limit-profile tcpFriendly8MB ! ! Use the suspend version to suspend the rate-limit-profile rule within the classifier group. the packet will be associated with this traffic class within the router. Example host1(config-policy-list-classifier-group)#traffic-class goldClass ! ! Use the suspend version to temporarily suspend the traffic class within the classifier group. ! rate-limit-profile ! Use to specify a rate-limit rule for packets conforming to the current CLACL. When this rule is applied to a packet.1. ! user-packet-class ! Use to add a user packet class rule that sets the use-packet-class attribute of packets that match the current CLACL. Use the no version to remove the user-packet-class rule from the classifier group. You can modify the value by using this command and then classify packets based on the value. It is a value in the range 0–15 that the router initializes to zero when it receives the packet on an ingress interface. See Rate Limiting Individual or Aggregate Packet Flows on page 58 for examples of using this command to rate limit traffic flows.JUNOSe 6. Use the no version to remove the traffic class from the classifier group. The value travels with the packet throughout the router until the packet is transmitted out an egress interface. Use the no version to remove the next-interface rule from the classifier group.

IPv6. In either case. and next-interface commands. and VLAN interfaces. and L2TP policies in profiles to assign a policy list to an interface. which then assigns the policy to the interfaces to which the profile is attached. MPLS layer 2. ! Use the input or output keyword to assign the policy list to the ingress or egress of the interface. The router supports secondary input policies whose principal applications are: ! ! To defeat denial-of-service attacks directed at a router’s local IP or IPv6 stack Applying Policy Lists to Interfaces and Profiles ! 45 .Chapter 1: Configuring Policy Management Applying Policy Lists to Interfaces and Profiles You can assign a policy list to supported interfaces and profiles. to data destined to local or remote destinations. use the secondary-input keyword to assign the policy list. nor can the module be the destination for the forward next-hop. IP. IP. IPv6. NOTE: The mpls policy command is used to attach policies to MPLS Layer 2 circuits only. Also use to specify an IP. NOTE: The SRP module Fast Ethernet port does not support policy attachments. GRE tunnel. MPLS. Policy lists are supported on Frame Relay. or L2TP policy list to a profile. next-hop. forward next-interface. you can enable or disable the recording of statistics for bytes and packets affected by the assigned policy. You can also specify IP.1 host1(config-subif)#ip policy input routeForXYZCorp statistics enabled To create an L2TP profile that applies the policy list routeForABCCorp to the egress of an interface: host1(config)#profile bostonProfile host1(config-profile)#l2tp policy output routeForABCCorp frame-relay policy gre-tunnel policy ip policy ipv6 policy mpls policy l2tp policy vlan policy ! Use to assign a Frame Relay. GRE tunnel. For IP and IPv6 policy lists. NOTE: You can apply policies to MPLS topology-driven label-switched paths (LSPs) by using the mpls ldp lsp-policy command. after route lookup. IPv6. or VLAN policy list to an interface. Examples To assign the policy list named routeForXYZCorp with statistics enabled to the ingress IP interface over an ATM subinterface: host1(config)#interface atm 12/0. IPv6. See Policy Management and MPLS Topology-Driven LSPs on page 62.

that packet is dropped. IP options filtering is disabled by default. ! ! NOTE: The gre-tunnel policy command does not support the baseline keyword. Enabling IP Options Filtering You can filter packets with IP options on an interface. you can enable or disable baselining of the statistics. The keyword should be removed from scripts. You should recreate any local input policies using the ip classifier-list local true command and attaching the policies using the ip policy secondary-input command. ip filter-options all ! ! Use to enable filtering of packets with IP options. If it does and if IP options filtering is enabled. and may be completely removed in a future release. The router implements the baseline by reading and storing the statistics at the time the baseline is set and then subtracting this baseline whenever baseline-relative statistics are retrieved. ! Example 1 host1(config-if)#vlan policy input VlanPolicy33 statistics disabled ! Example 2 host1(config-if)#ipv6 policy secondary-input my-policy ! Use the no version to remove the association between a policy list and an interface or a profile.x Policy and QoS Configuration Guide ! ! To protect a router from being overwhelmed by legitimate local traffic To apply policies on packets associated with the route class NOTE: The local-input keyword for the ip policy and ipv6 policy commands is deprecated. 46 ! Enabling IP Options Filtering . You must also enable baselining on the interface with the appropriate baseline command. When a packet arrives on an interface.1. the router checks to see if the packet contains IP options. If you enable statistics. Example host1(config-if)#ip filter-options all ! Use the no version to disable filtering of packets with IP options.JUNOSe 6. ! You can enable or disable the recording of routing statistics for bytes and packets affected by the policy.

When you use RADIUS to apply policies. The supported actions and classification fields are: ! Actions ! ! ! ! ! Filter Forward Packet marking Rate limit Traffic class ! Classifiers ! ! ! ! ! Destination address Destination port Protocol Source address Source port NOTE: The E-series router dynamically assigns names to the new classifier list and policy list based on information such as the interface and direction of the policy. you use hexadecimal format to configure the Ascend-Data-Filter attribute on the RADIUS server. The hexadecimal field is encoded with policy attachment. and policy action information. This feature supports the Ascend-Data-Filter attribute [242] through a RADIUS VSA that specifies a hexadecimal field. classification. a subset of the router’s classification fields and actions is supported. To create a policy. For example: Ascend-Data-Filter="01000100 0A020100 00000000 18000000 00000000 00000000" Using RADIUS to Create and Apply Policies ! 47 .Chapter 1: Configuring Policy Management Using RADIUS to Create and Apply Policies The E-series router enables you to use RADIUS to create and apply policies on IP interfaces. The policy defined in the Ascend-Data-Filter attribute is applied when RADIUS receives a client authorization request and replies with an Access-Accept message.

JUNOSe 6. Table 10: Ascend-Data-Filter Policy Format Action or Classifier Type Filter or forward Indirection Spare Source IP address Destination IP address Source IP prefix Destination IP prefix Protocol Established Source port Destination port Source port qualifier Format 1 byte 1 byte 1 byte 1 byte 4 bytes 4 bytes 1 byte 1 byte 1 byte 1 byte 2 bytes 2 bytes 1 byte Comments 0 = generic 1 = IP 0 = filter 1 = forward 0 = egress 1 = ingress – – – Count of leading zeros in wildcard mask Count of leading zeros in wildcard mask – Not implemented – – 0 = no compare 1 = less than 2 = equal to 3 = greater than 4 = not equal to 0 = no compare 1 = less than 2 = equal to 3 = greater than 4 = not equal to – – 0 = no packet marking ! 0 = no traffic class (required if there is no Destination port qualifier 1 byte Reserved Marking value Marking mask Traffic class 2 bytes 1 byte 1 byte 1–41 bytes profile) ! First byte specifies the length of the ASCII string. followed by the ASCII name of the traffic class ! Traffic class must be statically configured ! Name can optionally be null terminated. which consumes 1 byte 48 ! Using RADIUS to Create and Apply Policies . which consumes 1 byte Rate-limit profile 1–41 bytes ! 0 = no rate limit (required if there is no profile) ! First byte specifies the length of the ASCII string.x Policy and QoS Configuration Guide Table 10 shows the fields in the order in which they are specified in the hexadecimal Ascend-Data-Filter attribute.1. followed by the ASCII name of the profile ! Profile must be statically configured ! Name can optionally be null terminated.

0. the following Ascend-Data-Filter attribute creates a RADIUS record that configures an input policy.1.Chapter 1: Configuring Policy Management NOTE: To create a rate-limit profile.0.----IP clin_5_00. A single RADIUS record can contain two policies—one ingress policy and one egress policy. The policy filters all packets from network 10. Ascend-Data-Filter="01000100 0A020100 00000000 18000000 00000000 00000000" Table 11: Ascend-Data-Filter Example 1 Values Action or Classifier Type Forward Indirection Spare Source IP address Destination IP address Source IP mask Destination IP mask Protocol Established Source port Destination port Source port qualifier Destination port qualifier Reserved Hex Value 01 00 01 00 0a020100 00000000 18 00 00 00 0000 0000 00 00 0000 Actual Value IP Forward Ingress None 10. you must first configure the filter/forward field as forward.------.255 to any destination.2.1.0.0.1 ip 10. Each policy can have a maximum of 512 ascend-data filters.255) 0 (255. or marking rule.1.255) None None None None None None None Use the show classifier-list and show policy-list commands to view information about the policy: host1#show classifier-list Classifier Control List Table ---------.2.0 0.255. The values specified in the Ascend-Data-Filter attribute are shown in Table 11. Example 1 In this example.0.0 Any 24 (0.255.0 with wildcard mask 0. Each ascend data-filter creates a classifier group and the action associated with the classifier group.---. traffic class.0.2.255 any Using RADIUS to Create and Apply Policies ! 49 . Examples—Using the Ascend-Data-Filter Attribute This section provides examples showing the configuration of policies that use the Ascend-Data-Filter attribute.

2.---.0 output policy. statistics enabled.0 input policy.----IP clin_6.1 eq 3090 host1#show policy-list Policy Table -----. statistics enabled.1 tcp 10.JUNOSe 6.1 gt 9000 any IP clout_6.1.2.1 udp 20.1.255. statistics enabled.2. precedence 100 filter Referenced by interface(s): ATM4/0.0.1 and that go to any destination.0 input policy. virtual-router default Referenced by profile(s): No profile references 50 ! Using RADIUS to Create and Apply Policies .------. precedence 100 filter Referenced by interface(s): ATM4/0.1.0 0. port 3090. Ascend-Data-Filter = "01000100 0A020101 00000000 20000600 23280000 03000000" Ascend-Data-Filter = "01000000 14010000 0A020101 10201100 00000C12 00020000" Using the show classifier-list and show policy-list commands produces the following information about the new policies: host1#show classifier-list Classifier Control List Table ---------. The first policy is an input policy that filters all TCP packets that come from a port greater than 9000 on host 10.2.1. The second policy is an output policy that filters all UDP packets from network 20.1.0.1.----IP Policy plin_6 Administrative state: enable Reference count: 1 Classifier control list: clin_6_00.x Policy and QoS Configuration Guide host1#show policy-list Policy Table -----.1. precedence 100 filter Referenced by interface(s): ATM4/0. virtual-router default Referenced by profile(s): No profile references Example 2 In this example.1. the Ascend-Data-Filter attribute is used to create RADIUS records that configure two policies.255 10. virtual-router default Referenced by profile(s): No profile references IP Policy plout_6 Administrative state: enable Reference count: 1 Classifier control list: clout_6_01.0 to host 10.0.----IP Policy plin_5 Administrative state: enable Reference count: 1 Classifier control list: clin_5_00.

2.1 to any destination.255 clin_7_01.255 host 10.255.1 tcp host 10.1.1 tcp any host 10.1.255.----clin_7_00.2.255.2.1.2. each with multiple rules. Forward all packets from host 10.1. ! ! ! The rules for the input policy translate to the following VSAs.0.1.2.1 any clout_7_04.1.2.1 ip host 10.1 to any destination.0 0.1.1.0.1.2.2.---.0.1. The rules for the input policy translate to the following VSAs.1.0. Forward all packets from any source to host 10.255 to host 10. Filter all TCP packets from host 10.0.1. The rules for the two policies are shown in the following list: ! Input policy rules ! Forward all TCP packets from host 10.2. Filter all other traffic.1 IP IP IP IP IP IP Using RADIUS to Create and Apply Policies ! 51 .1 tcp host 10.255.1 ip any host 10.255. Filter all TCP packets from any source to host 10.0.1 20.2.0 0.1 clout_7_05.255. Filter all other traffic.1 tcp 20.1.0.1 clout_7_06.0 0.Chapter 1: Configuring Policy Management Example 3 This example creates an input policy and an output policy. The VSAs must be specified in this order: Ascend-Data-Filter Ascend-Data-Filter Ascend-Data-Filter Ascend-Data-Filter = = = = "01010000 "01000000 "01010000 "01000000 14000000 00000000 00000000 00000000 0A020101 0A020101 0A020101 00000000 08200600 00200600 00200000 00000000 00000000 00000000 00000000 00000000 00000000" 00000000" 00000000" 00000000" Using the show classifier-list and show policy-list commands produces the following information about the new policies: host1:vr0#show classifier-list Classifier Control List Table ---------.2.1 to destination 20.255.0 0.0. The VSAs must be specified in this order: Ascend-Data-Filter Ascend-Data-Filter Ascend-Data-Filter Ascend-Data-Filter ! = = = = "01010100 "01000100 "01010100 "01000100 0A020101 0A020101 0A020101 00000000 14000000 00000000 00000000 00000000 20080600 20000600 20000000 00000000 00000000 00000000 00000000 00000000 00000000" 00000000" 00000000" 00000000" Output policy rules ! ! ! ! Forward all TCP packets from 20.------.1 any clin_7_02.1.2.255.255.1.

1. precedence 100 filter Classifier control list: clin_7_02. precedence 100 forward Classifier control list: *. precedence 100 forward Classifier control list: *. statistics enabled. statistics enabled. precedence 100 filter Classifier control list: clout_7_06.1. Ascend-Data-Filter="01010100 0a020102 00000000 20000600 045708ae 02010000 05aa0773 6f6d6554 636c0773 6f6d6552 6c70" Table 12: Ascend-Data-Filter Example 4 Values Action or Classifier Type Forward Indirection Spare Source IP address Hex Value 01 01 01 00 0a020102 Actual Value IP Filter Ingress None 10. precedence 100 filter Referenced by interface(s): ATM4/0. The policy marks the packets with a ToS byte of 5 and a mask of 170. The policy also applies a traffic class named someTcl and a rate-limit profile named someRlp.2.1. The values specified in the Ascend-Data-Filter attribute are shown in Table 12. the following Ascend-Data-Filter attribute creates a RADIUS record that configures an input policy.----IP Policy plin_7 Administrative state: enable Reference count: 1 Classifier control list: clin_7_00.2 52 ! Using RADIUS to Create and Apply Policies .x Policy and QoS Configuration Guide host1:vr0#show policy-list Policy Table -----. virtual-router default Referenced by profile(s): No profile references Example 4 In this example.JUNOSe 6. precedence 100 forward Classifier control list: clin_7_01.0 output policy. The policy filters TCP packets from host address 10. virtual-router default Referenced by profile(s): No profile references IP Policy plout_7 Administrative state: enable Reference count: 1 Classifier control list: clout_7_04.0 input policy.2 to any destination. precedence 100 forward Classifier control list: clout_7_05. precedence 100 filter Referenced by interface(s): ATM4/0.2.

255.2.0) 0 (255. precedence 100 mark 5 mask 170 traffic-class someTcl rate-limit-profile someRlp Referenced by interface(s): ATM11/0.----IP Policy plin_8 Administrative state: enable Reference count: 1 Classifier control list: clin_8_00.2 host1#show policy-list Policy Table -----.Chapter 1: Configuring Policy Management Table 12: Ascend-Data-Filter Example 4 Values (continued) Action or Classifier Destination IP address Source IP mask Destination IP mask Protocol Established Source port Destination port Source port qualifier Destination port qualifier Reserved Marking value Marking mask Traffic class Rate-limit profile Hex Value 00000000 20 00 06 00 0000 0000 00 00 0000 05 aa 0773 6f6d6554 636c 0773 6f6d6552 6c70 Actual Value Any 32 (0.------.----IP clin_8_00. statistics enabled.255.1 tcp host 10.0.1. virtual-router default Referenced by profile(s): No profile references Using RADIUS to Create and Apply Policies ! 53 .255) TCP None None None None None None 5 170 someTcl someRlp Use the show classifier-list and show policy-list commands to view information about the policy: host1#show classifier-list Classifier Control List Table ---------.0.0 input policy.---.

JUNOSe 6.1 any host1(config)#ip classifier-list claclB ip host 2. To configure this routing policy.0 so that they area handled as indicated: ! ! ! Packets from source 1.1. For IP policy lists.2.1. without performing the normal routing table processing.1 host1(config-policy-list-classifier-group)#exit host1(config-policy-list)#classifier-group * host1(config-policy-list-classifier-group)#filter host1(config-policy-list-classifier-group)#exit host1(config)#interface atm 0/0.2 are forwarded out of interface ATM 2/1.1. policy rules are available to allow you to make a forwarding decision that includes the next interface and next hop: ! Forward next interface—Causes an interface to forward all packets that satisfy the classification associated with that rule to the next interface specified Forward next hop—Causes an interface to forward all packets that satisfy the classification associated with that rule to the next-hop address specified ! For example.x Policy and QoS Configuration Guide Policy Applications The following sections describe several practical applications of policy management.0 host1(config-subif)#ip policy input IpPolicy100 statistics enabled 54 ! Policy Applications .1 are forwarded out of interface ATM 0/0.2.1 host1(config-policy-list-classifier-group)#exit host1(config-policy-list)#classifier-group claclB host1(config-policy-list-classifier-group)#forward interface atm 2/1.1. issue the following commands: host1(config)#ip classifier-list claclA ip host 1.1. All other packets are dropped.1. This feature provides superior performance for real-time applications.1. Packets from source 2. you can route packets arriving at IP interface ATM 0/0.2.2.2 any host1(config)#ip policy-list IpPolicy100 host1(config-policy-list)#classifier-group claclA host1(config-policy-list-classifier-group)#forward interface atm 0/0. Policy Routing Policy routing allows the router to classify a packet on ingress and make a forwarding decision based on that classification.

! ! To configure this policy.2. You need to construct the classifier list associated with the filter rule so that it isolates the attacker’s traffic into a flow. you can use a policy with a filter rule. TCP packets from source 2.2. describes how to capture packets into a log.0) so that they are handled as indicated: ! ! Packets from source 1. All other packets are dropped. you can route packets entering an IP interface (ATM 0/0.2. You should determine the criteria for this classifier list by analyzing the traffic received on an interface. For example.1.2.2 any ip-frag-offset eq 1 host1(config)#ip classifier-list claclC tcp any any host1(config)#ip policy-list IpPolicy100 host1(config-policy-list)#classifier-group claclA host1(config-policy-list-classifier-group)#forward host1(config-policy-list-classifier-group)#exit host1(config-policy-list)#classifier-group claclB host1(config-policy-list-classifier-group)#filter host1(config-policy-list-classifier-group)#exit host1(config-policy-list)#classifier-group claclC host1(config-policy-list-classifier-group)#forward host1(config-policy-list-classifier-group)#exit host1(config-policy-list)#classifier-group * host1(config-policy-list-classifier-group)#filter host1(config-policy-list-classifier-group)#exit host1(config)#interface atm 0/0.Chapter 1: Configuring Policy Management Security You can configure policy management to provide a level of network security by using policy rules that selectively forward or filter packet flows: ! Forward—Causes the packet flows that satisfy the classification associated with the rule to be routed by the virtual router Filter—Causes the interface to drop all packets of the packet flow that satisfy the classification associated with the rule ! To stop a denial-of-service attack. All other TCP packets are routed. issue the following commands: host1(config)#ip classifier-list claclA ip host 1. Packet Flow Monitoring on page 60.1.0 host1(config-subif)#ip policy input IpPolicy100 statistics enabled Policy Applications ! 55 .1 any host1(config)#ip classifier-list claclB tcp host 2.1.1.1 are routed.2 with the IP fragmentation offset set to one are dropped.

The default is to transmit committed and conformed packets. or mark. The rate-limit profile defines the attributes of the desired rate. Yellow packets are dropped when the yellow threshold is reached. This method is called dynamic color-based threshold dropping. ! ! Figure 2 illustrates congestion management. Figure 2: Congestion Management Queue Queue limit Yellow drop threshold Red drop threshold 56 ! Policy Applications g013024 . A rate-limit profile with a policy rate-limit profile rule provides this capability.1.x Policy and QoS Configuration Guide Bandwidth Management To enforce ingress data rates below the physical line rate of a port. Each packet queue has two color-based thresholds as well as a queue limit: ! Red packets are dropped when congestion causes the queue to fill above the red threshold. you can rate limit a classified packet flow at ingress. Green packets are dropped when the queue limit is reached.JUNOSe 6. transmit. and to drop exceeded packets. These actions include drop. You can set an action based on one rate or two rates. A color-coded tag is added automatically to each packet based on the following categories: ! ! ! Committed—Green Conformed—Yellow Exceeded—Red The queuing system uses drop eligibility to select packets for dropping when there is congestion on an egress interface.

This configuration is implemented with token buckets. Policy Applications ! 57 . See RFC 2698 for more details.1. Packets can be categorized as committed. conformed. that are used to define a two-rate. issue the following commands: host1#configure terminal host1(config)#ip rate-limit-profile oneMegRlp one-rate host1(config-rate-limit-profile)#committed-rate 1000000 host1(config-rate-limit-profile)#exit host1(config)#ip classifier-list claclA ip host 1. packets are considered to be exceeded. we recommend that you set the committed burst to allow for 1 second of data at the specified rate. After the peak rate. or exceeded: ! ! ! Up to the committed rate.1. Example 1 You can configure a one-rate rate-limit profile to hard limit a packet flow to a specified rate. committed and peak. packets are considered to be conformed. packets are considered to be committed.1 to 1 Mbps. conformed. and the excess burst to allow 1.5 seconds of data at the specified committed rate plus the committed burst. three-color marking mechanism. or exceeded.Chapter 1: Configuring Policy Management One-Rate Rate-Limit Profile A one-rate rate-limit profile can be configured for hard tail drop rate-limit or TCP-friendly behavior.0 host1(config-subif)#ip policy input testPolicy statistics enabled Example 2 You can also configure a one-rate rate-limit profile to provide a TCP-friendly rate limiter.1. For example: host1(config)#ip rate-limit-profile tcpFriendly8MB one-rate host1(config-rate-limit-profile)#committed-rate 8000000 host1(config-rate-limit-profile)#committed-burst 1000000 host1(config-rate-limit-profile)#excess-burst 2500000 host1(config-rate-limit-profile)#committed-action transmit host1(config-rate-limit-profile)#exceeded-action drop Two-Rate Rate-Limit Profile You can configure a two-rate rate-limit profile for two different rates. You can categorize packets as committed.1. To configure a rate limiter with TCP-friendly characteristics.1 any host1(config)#ip policy-list testPolicy host1(config-policy-list)#classifier-group claclA host1(config-policy-list-classifier-group)#rate-limit-profile oneMegRlp host1(config-policy-list-classifier-group)#exit host1(config-policy-list)#exit host1(config)#interface atm 0/0. From the committed to peak rate. To rate limit the traffic on an interface from source IP address 1.

if you have traffic from multiple sources. use a separate classifier list to classify each flow. See Example 1: Individual Packet Flows. See Example 2: Multiple Traffic Flows.1.1. host1(config)#classifier-list clFlow1 ip host 10.JUNOSe 6.1.1 any host1(config)#classifier-list clFlow2 ip host 10. ! To rate limit individual packet flows.2 any host1(config)#classifier-list clFlow3 ip host 10. To rate limit the aggregate of multiple traffic flows.3 any host1(config)#policy-list plRateLimit host1(config-policy-list)#classifier-group clFlow1 host1(config-policy-list-classifier-group)#rate-limit-profile rl1Meg host1(config-policy-list-classifier-group)#exit host1(config-policy-list)#classifier-group clFlow2 host1(config-policy-list-classifier-group)#rate-limit-profile rl1Meg host1(config-policy-list-classifier-group)#exit host1(config-policy-list)#classifier-group clFlow3 host1(config-policy-list-classifier-group)#rate-limit-profile rl1Meg host1(config-policy-list-classifier-group)#exit host1(config-policy-list)#exit host1(config)#interface atm 3/1.1. ! Example 1: Individual Packet Flows In the following example. or you can rate limit the aggregate flow for the traffic from all sources.1.x Policy and QoS Configuration Guide Example The following example rate limits traffic on an interface from source IP address 1.1 host1(config-subif)#ip policy input plRateLimit statistics enabled 58 ! Policy Applications .1.1 so that traffic at a rate up to 1 Mbps is colored green and transmitted.1. use a single classifier list for the multiple entries.1. host1(config)#ip rate-limit-profile 1MbRLP host1(config-rate-limit-profile)#committed-rate 1000000 host1(config-rate-limit-profile)#peak-rate 2000000 host1(config-rate-limit-profile)#committed-action transmit host1(config-rate-limit-profile)#conformed-action transmit host1(config-rate-limit-profile)#exceeded-action drop host1(config-rate-limit-profile)#exit host1(config)#ip classifier-list claclA ip host 1.1. traffic at a rate from 1 Mbps to 2 Mbps is colored yellow and transmitted. and traffic at a rate above 2 Mbps is dropped.1 any host1(config)#ip policy-list testPolicy host1(config-policy-list)#classifier-group claclA host1(config-policy-list-classifier-group)#rate-limit-profile 1MbRLP host1(config-policy-list-classifier-grouip)#exit host1(config-policy-list)#exit host1(config)#interface atm 0/0. Each traffic flow is rate limited to 1MB (which is defined by the rate-limit profile rl1Meg).1.0 host1(config-subif)#ip policy input testPolicy statistics enabled Rate Limiting Individual or Aggregate Packet Flows You can construct policies to provide rate limiting for individual packet flows or for the aggregate of multiple packet flows.1. For example. you can either rate limit each traffic flow individually.1 classifies on three traffic flows from different sources. interface ATM 3/1.

and applies the policy to the interface: host1(config)#ip classifier-list video ip any any dsfield 16 host1(config)#ip classifier-list data ip any any dsfield 32 host1(config)#ip policy-list colorVideoGreen host1(config-policy-list)#classifier-group video host1(config-policy-list-classifier-group)#color green host1(config-policy-list-classifier-group)#exit host1(config-policy-list)#classifier-group data host1(config-policy-list-classifier-group)#color yellow host1(config-policy-list-classifier-group)#exit host1(config-policy-list)#exit Policy Applications ! 59 . interface ATM 3/1. and the ISP wants to guarantee that the video traffic gets priority treatment relative to the data traffic.1.1.1.5 Mbps virtual circuit (VC) terminating on a digital subscriber line access multiplexer (DSLAM). this policy rate limits the aggregate of the three flows to 1MB. Explicit packet coloring lets you configure prioritized packet flows without having to configure a rate-limit profile. The ISP’s users have a 1. however.1 any host1(config)#classifier-list clFlowAll ip host 10.1.1 again classifies on three traffic flows.2 any host1(config)#classifier-list clFlowAll ip host 10.1.1 host1(config-subif)#ip policy input plRateLimit statistics enabled host1(config-subif)#exit host1(config)# Packet Tagging You can use the traffic-class rule in policies to tag a packet flow so that the QoS application can provide traffic-class queuing. host1(config)#classifier-list clFlowAll ip host 10. and Frame Relay policies use the mark-de rule to modify the DE bit. For example. if there is a video stream. The ISP wants to allocate 800 Kbps of this link for video. The router uses the color to queue packets for egress queue threshold dropping as described in Bandwidth Management on page 56.Chapter 1: Configuring Policy Management host1(config-subif)#exit host1(config)# Example 2: Multiple Traffic Flows In the following example. ! Example Suppose an Internet service provider (ISP) provides a Broadband Remote Access Server (B-RAS) service that has both video and data components. IP policies use the mark rule to modify an IP packet heard ToS field.3 any host1(config)#policy-list plRateLimit host1(config-policy-list)#classifier-group clFlowAll host1(config-policy-list-classifier-group)#exit host1(config-policy-list)#exit host1(config)#interface atm 3/1. The ISP creates a classifier list to define a video packet flow. creates a policy to color the packets. Policies perform out-of-band tagging by using the traffic class or color rule. Policies can perform both in-band and out-of-band packet tagging: ! Policies perform in-band tagging by using their respective mark rule to modify a packet header field.1.

host1:vr2(config)#classifier-list icmpEchoReq icmp any any 8 0 host1:vr2(config)#policy-list pingAttack host1:vr2(config-policy-list)#classifier-group icmpEchoReq host1:vr2(config-policy-list-classifier-group)#log host1:vr2(config-policy-list-classifier-group)#exit host1:vr2(config-policy-list)#exit 60 ! Policy Applications . ToS. source address. The router maintains a count of the total number of matching packets. See JUNOSe System Basics Configuration Guide. the logging of the output of the classification operation. protocol. source port. The procedure includes the creation of the classifier and policy lists to specify the desired packet flow to monitor. flags. In this example. host1(config)#ip policy-list testPolicy host1(config-policy-list)#classifier-group logA host1(config-policy-list-classifier-group)#log host1(config-policy-list-classifier-group)#exit host1(config-policy-list)#exit host1(config)#interface atm 0/0. a customer has reported to their ISP that an attack is occurring on their internal servers. and destination port. because the count exceeds the 512-packet threshold). Chapter 13. Example 1: Logging Ingress Packets on an Interface This example shows how you might use classification to specify the ingress packets that are logged on an interface. 1. destination address. To capture the version. To capture the interface. set the policyMgrPacketLog event category to log at severity info and at low verbosity. and the output of the show command. This count is incremented even if the packet cannot be stored in the log (for example. No more than 512 packets will be logged every three seconds. len ID. When the policy is configured.JUNOSe 6.0 host1(config-subif)#ip policy input testPolicy statistics enabled host1(config-subif)#exit host1(config)#log destination console severity info host1(config)#log severity info policyMgrPacketLog host1(config)#log verbosity low policyMgrPacketLog host1(config)#log here Example 2: Logging a Ping Attack This example provides a more detailed procedure that an ISP might use to log information during a ping attack on the network. Logging System Events for information about logging. The ISP creates a classifier list to define an ICMP echo request packet flow. and checksum in addition to the information captured at low verbosity. protocol. set the verbosity to medium or high.x Policy and QoS Configuration Guide host1(config)#interface atm 12/1.1. The attack is a simple ping flood.1 host1(config-if)#ip policy input colorVideoGreen statistics enabled Packet Flow Monitoring The policy log rule provides a way to monitor a packet flow by capturing a sample of the packets that satisfy the classification of the rule in the system log. time to live (TTL). all packets are examined and the matching packets are placed in the log.

Bytes 62232048 Policy Applications ! 61 .10.10.10.255. Bytes 62517888 Multicast Packets 0.1 255.10.255 Operational MTU = 1500 Administrative MTU = 0 Operational speed = 1000000000 Administrative speed = 0 Discontinuity Time = 1092358 Router advertisement = disabled Proxy Arp = enabled Network Address Translation is disabled Administrative debounce-time = disabled Operational debounce-time = disabled Access routing = disabled Multipath mode = hashed Auto Configure = disabled Auto Detect = disabled Inactivity Timer = disabled In Received Packets 488421.1 forwarded INFO 12/16/2003 12:59:50 policyMgrPacketLog (): icmpEchoReq GigabitEthernet0/0 number of hits = 21851 INFO 12/16/2003 12:59:53 policyMgrPacketLog (): icmpEchoReq icmp GigabitEthernet0/0 10.10.0 host1:vr2(config-if)#exit host1:vr2(config)#virtual-router vr1 host1:vr1(config)#interface gigabitEthernet 0/0 host1:vr1(config-if)#ip address 10.2 10.255.10.255. host1:vr1#show ip interface gigabitEthernet 0/0 GigabitEthernet0/0 line protocol Ethernet is up.255.10.1 forwarded INFO 12/16/2003 12:59:53 policyMgrPacketLog (): icmpEchoReq GigabitEthernet0/0 number of hits = 22151 3.10.1/255.2 10. host1(config)#log destination console severity info host1(config)#log severity info policyMgrPacketLog host1(config)#log here INFO 12/16/2003 12:59:47 policyMgrPacketLog (): icmpEchoReq icmp GigabitEthernet0/0 10.10.Chapter 1: Configuring Policy Management host1:vr2(config)#interface gigabitEthernet 2/0 host1:vr2(config-if)#ip address 10.10. The ISP displays statistics for the interface.255.10. Bytes 62517888 Unicast Packets 488421.10. The ISP configures standard logging on the E-series router. Bytes 0 In Error Packets 0 In Invalid Source Address Packets 0 In Discarded Packets 0 Out Forwarded Packets 486152.10.10.0 Broadcast address is 255.0 host1:vr1(config-if)#ip policy input pingAttack statistics enabled host1:vr1(config-if)#exit host1:vr1(config)#exit 2. ip is up Network Protocols: IP Internet address is 10.10. Bytes 0 In Policed Packets 0.1 forwarded INFO 12/16/2003 12:59:47 policyMgrPacketLog (): icmpEchoReq GigabitEthernet0/0 number of hits = 21551 INFO 12/16/2003 12:59:50 policyMgrPacketLog (): icmpEchoReq icmp GigabitEthernet0/0 10.255.255.10.10.255.10.2 255.2 10.

Use the output keyword to have the policy applied to the outgoing LSP (for which a label was received) to set the EXP bits of outgoing packets. bytes 70954248 Dropped committed packets 0. Chapter 2. you must manually configure certain policy features for topology-driven LSPs only. 2. Statically Configured Mapping You can specify a policy to be attached to all topology-driven LSPs in a VR. See Applying Policy Lists to Interfaces and Profiles on page 45.JUNOSe 6. bound to ip GigabitEthernet0/0 Queue length 0 bytes Forwarded packets 485988. Bytes 0 Out Discarded Packets 2269 IP policy input pingAttack classifier-group icmpEchoReq entry 1 488421 packets. However. Use the input keyword to have the policy applied to the incoming LSP (for which a label was advertised) to match on the EXP bits of incoming packets. Example host1(config)#mpls ldp lsp-policy input ingold access-list xyzcorp ! ! ! ! Use the no version to halt the attachment of the policy to subsequently created topology-driven LSPs. Configuring MPLS for more information about and application of this feature. if the destination matches the access list. See JUNOSe Routing Protocols Configuration Guide. Vol. 62 ! Policy Management and MPLS Topology-Driven LSPs . in the case of both statically configured and signaled mapping between EXP bits and per-hop behavior (PHB).x Policy and QoS Configuration Guide Unicast Packets 486152. The policy is automatically attached when the LSP is created if the destination matches the access list. bytes 0 Dropped exceeded packets 0. bytes 0 Dropped conformed packets 0. Bytes 62232048 Multicast Routed Packets 0. bytes 0 Policy Management and MPLS Topology-Driven LSPs Most policy management for MPLS is handled automatically by MPLS. 69355782 bytes log queue 0: traffic class best-effort. Bytes 0 Out Scheduler Dropped Packets 0. NOTE: You apply policies to MPLS layer 2 interfaces by using the mpls policy command. mpls ldp lsp-policy ! Use to specify a policy that is automatically attached to all topology-driven LSPs in a VR when the LSP is created. Bytes 0 Out Policed Packets 0.1.

policies apply the EXP bits matching and setting on a per-LSP basis rather than a per-VR basis. Use the input version to have the policy applied to the incoming LSP (for which a label was advertised) to match on the EXP bits of incoming packets. mpls classifier-list ! Use to create or modify an MPLS classifier control list to match on traffic class/color combination or EXP bits. Policy Resources ! 63 . For a topology-driven LSP. you must manually create the policies and specify the association between policies and LSPs. A policy can be made up of any combination of software and hardware classifiers. Example host1(config)#mpls classifier-list be-green traffic-class best-effort color yellow ! ! Use the no version to remove the classifier control list from the LSP. OC48/STM16 and GE-2 line modules support content-addressable memory (CAM) hardware classifiers—all other line modules support FPGA hardware classifiers. There are two categories of hardware classifiers. Table 13 lists the classifiers supported on OC48/STM16 and GE-2 line modules. if the destination matches on the access list. depending on the type of line module being used. mpls ldp lsp-policy ! Use to specify a policy that is automatically attached to the topology-driven LSP when the LSP is created. You use the classifier-list command to configure all classifiers. Policy Resources The maximum number of policies that you can attach to interfaces on the E-series router depends on the classifier entries that make up the policy. Use the output keyword to have the policy applied to the outgoing LSP (for which a label was received) to set the EXP bits of outgoing packets. The E-series router supports software and hardware classifiers. Example host1(config)#mpls ldp lsp-policy input ingold access-list xyzcorp ! ! ! ! Use the no version to halt the attachment of the policy to subsequently created topology-driven LSPs. Table 14 lists the classifiers supported on all other line modules.Chapter 1: Configuring Policy Management Signaled Mapping For signaled mapping between EXP bits and PHB.

x Policy and QoS Configuration Guide Table 13: Classifier Support (OC48/STM16 and GE-2 Line Modules) Interface Type All interface types (except IP and IPv6) Hardware Classifier Software Classifier ! Color ! Traffic class ! User packet class Frame Relay GRE tunnels IP Not supported Not supported ! Color ! Destination address ! Destination port ! Destination route class ! ICMP type and code ! IGMP type ! IP flags ! IP fragmentation ! Local ! Protocol ! Source address ! Source port ! Source route class ! TCP flags ! ToS ! Traffic class ! User packet class ! ! DE bit ! ToS Not supported IPv6 MPLS VLAN Not supported Not supported Not supported Not supported ! EXP ! User priority 64 ! Policy Resources .1.JUNOSe 6.

255.Chapter 1: Configuring Policy Management Table 14: Classifier Support (All Line Modules Except OC48/STM16 and GE-2) Interface Type All interface types Hardware Classifier Software Classifier ! Color ! Traffic class ! User packet class Frame Relay GRE tunnels IP Not supported Not supported ! Destination address ! Destination port ! ICMP type and code ! IGMP type ! Protocol ! Source address ! Source port ! DE bit ! ToS ! Destination route class ! IP flags ! IP fragmentation ! Local ! Source route class ! TCP flags ! ToS ! Destination route class ! Local ! Source route class ! TC field ! TCP flags ! EXP ! User priority IPv6 ! Destination address ! Destination port ! Protocol ! Source address ! Source port MPLS VLAN Not supported Not supported FPGA Hardware Classifiers FPGA hardware classifiers are supported on all line modules except the OC48/STM16 and GE-2 line modules. The line module supports 16. Policy Resources ! 65 . The E-series router supports two versions of policies that are based on FPGA hardware classifiers. The router allows you to configure a combination of the two versions of FPGA hardware classifier-based policies—you can have some that contain 16 or fewer classifier entries and others with more than 16 entries. One version has a maximum of 16 classifier entries per policy.255 policies when all policies have 16 hardware classifier entries or fewer. depending on the actual configuration. the number of policies that is supported will be between 8127 and 16. In this case. and the second version has 16 to 32 classifier entries per policy. Table 14 lists the FPGA classifiers and software classifiers supported for each interface type. and supports 8127 policies if all policies have 16 to 32 hardware classifier entries.

the policy referencing that classifier list would consume only a single hardware classifier resource.JUNOSe 6. Note that the group with 4 classifier entries actually consumes 16 classifier resources.1. For example. and the GE-2 line module supports 64. such as destination address. and protocol. the policy consumes a total of four CAM entries: two entries for clacl1.000 CAM entries.1 host 192. policies that are based on FPGA hardware classifiers consume resources at a rate of one resource per policy. the router views this as three policies that have 32 classifier entries and one policy with 4 classifier entries. one for clacl2. For example. then still only one classifier entry would be consumed.168.000 CAM entries. a policy that has only the default classifier consumes no CAM resources.2. The router groups the classifiers into blocks of 32. and one for the default classifier. regardless of the number of different hardware classifier categories in the policy.168. if you configure a policy with 100 classifier entries.x Policy and QoS Configuration Guide You can also configure hardware classifier-based policies that have more than 32 classifier entries. if a classifier list has three hardware classifiers. CAM Hardware Classifiers CAM hardware classifiers are supported on the OC48/STM16 and GE-2 line modules. which is the minimum number consumed for a group in a mixed-mode hardware classifier configuration.168.1. However. Example In this example.1 host 192. For example. Unlike policies that are based on software classifiers.2 tos 2 host1(config)#ip classifier-list clacl2 tcp any any tcp-flags "SYN" host1(config)#ip policy-list policy1 host1(config-policy-list)#classifier-group clacl1 host1(config-policy-list-classifier-group)#forward host1(config-policy-list-classifier-group)#exit host1(config-policy-list)#classifier-group clacl2 host1(config-policy-list-classifier-group)#forward host1(config-policy-list-classifier-group)#exit host1(config-policy-list)#classifier-group * host1(config-policy-list-classifier-group)#filter host1(config-policy-list-classifier-group)#exit host1(config-policy-list)#exit host1(config)# 66 ! Policy Resources .168. The OC48/STM16 line module supports 128. For most configurations.1. if four policy rules reference the same classifier list (which contains three hardware classifiers). Table 13 lists CAM hardware classifiers and the software classifiers supported for each interface type.2 tos 1 host1(config)#ip classifier-list clacl1 ip host 192. The same is true if multiple policy rules reference the classifier list. host1(config)#ip classifier-list clacl1 ip host 192. source address. each classifier entry in a policy consumes one CAM entry.2.

Chapter 1: Configuring Policy Management There are two exceptions in which a single classifier entry will consume more than one CAM entry. host1(config)#ip classifier-list clacl4 ip not host 1. For example: host1(config)#ip classifier-list clacl3 tcp any any range 5 8 2. Example In this example. When a classifier entry contains the not keyword.1.1 any Software Classifiers The E-series router supports a variety of software classifiers.1.1.1. Software classifiers are consumed at a rate of one resource per classifier category per policy. then because all three rules are for the same classifier category.1. the actual number of entries that are consumed depends on the configuration. Although this keyword is supported for IP classifier lists. A line module supports 16. if you configure a policy that requires classification on three different classifier categories.2 host1(config)#classifier-list clacl300 color green user-packet-class 5 ip any any host1(config)#classifier-list clacl400 color red ip host 10. and TCP flags.1. such as ToS. then that policy would consume three of the available 16. In these cases. depending on the type of interface. For example. Table 13 and Table 14 list the supported software classifiers for each interface type. NOTE: Policy consumption is per policy definition per line card.10 any host1(config)#policy-list polWestford5 host1(config-policy-list)#classifier-group clacl100 host1(config-policy-list-classifier-group)#forward host1(config-policy-list-classifier-group)#exit host1(config-policy-list)#classifier-group clacl200 host1(config-policy-list-classifier-group)#forward host1(config-policy-list-classifier-group)#exit host1(config-policy-list)#classifier-group clacl300 host1(config-policy-list-classifier-group)#forward host1(config-policy-list-classifier-group)#exit host1(config-policy-list)#classifier-group clacl400 host1(config-policy-list-classifier-group)#forward host1(config-policy-list-classifier-group)#exit host1(config-policy-list)#classifier-group * host1(config-policy-list-classifier-group)#filter Policy Resources ! 67 . When a classifier entry contains a port range. the policy list named polWestford5 references four classifier lists with a combination of software and hardware classifiers: host1(config)#classifier-list clacl100 color red ip any any host1(config)#classifier-list clacl200 color yellow user-packet-class 6 ip host 10.1.383 software classifier resources. that policy would consume only one software classifier resource. However.1. color. The two exceptions are: 1.1 host 10. if you configure a policy that has three different destination route class rules.383 software classifiers. it is recommended that you not use it—you can usually achieve the desired behavior without this field.

mpls policy.1/255. line protocol is up Network Protocols: IP Internet address is 200. the policy list named polWestford5 consumes a total of one FPGA hardware classifier resource and two software classifier resources. and vlan policy commands.255.1 is up.255. To enable a baseline for the statistics for the attachment of the policy list named routeForXYZCorp with statistics enabled to the ingress of an interface. as shown in Table 15.0 Broadcast address is 255.255. When you set baseline statistics. you can retrieve statistics beginning at the time when the baselining is set.1 delta atm12/0. run the show ip interface command with the delta keyword: host1#show ip interface atm 12/0. show command output fields for baseline counters display the contents of the regular statistics counters. l2tp policy.255 Operational MTU = 9180 Administrative MTU = 0 Operational speed = 155520000 Administrative speed = 0 Discontinuity Time = 1251181 Router advertisement = disabled Administrative debounce-time = disabled 68 ! Monitoring Policy Management . ip policy. use the following commands: host1(config)#interface atm 12/0. ipv6 policy.x Policy and QoS Configuration Guide host1(config-policy-list-classifier-group)#exit host1(config-policy-list)#exit For a given line module.1 host1(config-subif)#ip policy input routeForXYZCorp statistics enabled baseline enabled To show baseline counters. Table 15: Resource Consumption Number of Resources Consumed 1 hardware Classifier Category ! Protocol ! Destination address ! Source address 1 software 1 software Color User-packet-class Monitoring Policy Management This section shows how to set a statistics baseline and use the show command to view your policy configuration and monitor policy statistics.JUNOSe 6. If you do not enable baselining.1.200.255.1. Setting a Statistics Baseline You can set a baseline for policy statistics by using the baseline interface command and the frame-relay policy.

Command-Line Interface for details.Chapter 1: Configuring Policy Management Operational debounce-time Access routing = disabled Multipath mode = hashed = disabled In Received Packets 5. Bytes 540 Out Scheduler Drops Packets 0. Bytes 0 In Error Packets 0 In Invalid Source Address Packets 0 In Discarded Packets 0 Out Forwarded Packets 5. Bytes 540 Out Discarded Packets 0 IP Policy input routeForXYZCorp classifier-group * filter 5 Packets 540 Bytes dropped Policy Management show Commands Use the following show commands to display statistics for policy lists: ! ! ! ! ! ! ! ! ! ! ! ! show classifier-list show frame-relay subinterface show gre-tunnel show interfaces show ip interface show ipv6 interface show l2tp tunnel show mpls interface show policy-list show rate-limit-profile show secure policy-list show vlan subinterface You can use the output filtering feature of the show command to include or exclude lines of output based on a text string you specify. Monitoring Policy Management ! 69 . See JUNOSe System Basics Configuration Guide. Chapter 2. Bytes 540 In Policed Packets 0. Bytes 0 Out Policed Packets 5.

JUNOSe 6. If you issue the baseline interface command for an interface without first enabling policy statistics baselining on that interface. Field descriptions—Fields displayed vary depending on the type and configuration of the CLACL: ! ! ! ! ! ! ! Reference count—Number of times the CLACL is referenced by policies Entry count—Number of entries in the classifier list Classifier-List—Name of the classifier list Entry—Entry number of the classifier list rule Color—Packet color to match Protocol—Protocol type Not Protocol—If true.x Policy and QoS Configuration Guide frame-relay policy ip policy ipv6 policy mpls policy l2tp policy vlan policy ! Use to assign a policy list to an interface and enable or disable the recording of routing statistics for bytes and packets affected by the policy. matches any source IP address and mask except the preceding source IP address and mask. a warning message indicates: Policy baseline statistics are not enabled ! ! ! ! Example host1(config-if)#ip policy secondary-input my-policy statistics enabled baseline enabled ! Use the no version to remove the association between a policy list and an interface. if false. The router implements the baseline by reading and storing the statistics at the time the baseline is set and then subtracting this baseline when baseline-relative statistics are retrieved. Unlike other baseline statistics. policy baseline statistics are not stored in nonvolatile storage (NVS). matches the preceding protocol Source IP Address—Number of the network or host from which the packet is sent Source IP WildCardMask—Mask that indicates addresses to be matched when specific bits are set Not Source Ip Address—If true. matches the preceding source IP address and mask ! ! ! 70 ! Monitoring Policy Management . show classifier-list ! ! Use to display CLACL configurations. if false. Baselining must also be enabled on the interface with the appropriate baseline interface command. If you enable statistics.1. you can enable or disable baselining of the statistics. matches any protocol except the preceding protocol.

1 VLAN lowLatency.1 user-packet-class 10 exp-bits 3 exp-mask 7 Frame relay frMatchDeSet.1 VLAN excellentEffort.1 VLAN lowLatencyLowDrop. matches the preceding destination IP address and mask Traffic Class—Name of the traffic class to match User Packet Class—User packet value to match DS Field—DS field value to match TOS Byte—ToS value to match Precedence—Precedence value to match User Priority bits—User priority bits value to match Traffic Class Field—Traffic class field value to match EXP Bits—MPLS EXP bit value to match EXP Mask—Mask applied to EXP bits before matching DE Bit—Frame Relay DE bit value to match Destination Route Class—Route class used to classify packets based on the packet’s destination address Source Route Class—Route class used to classify packets based on the packet’s source address Local—If true.1 udp any any IPv6 IPv6Precedence.----GRE Tunnel greClass.1 IP wstFd.1 L2TP l2tpclass. if false. matches packets destined to a local interface.7 user-packet-class 8 de-bit 0 Monitoring Policy Management ! 71 . matches any destination IP address and mask except the preceding destination IP address and mask.------.1 color red tcp any any IP XYZCorpIcmpEchoRequests.1 local true color green ip any any IP routeForXYZCorp.1 VLAN bestEffort. matches packets that are traversing the router ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! Example 1 host1#show classifier-list Classifier Control List Table ---------.1 color green user-packet-class 8 MPLS mplsClass.---.Chapter 1: Configuring Policy Management ! Destination IP Address—Number of the network or host from which the packet is sent Destination IP WildCardMask—Mask that indicates addresses to be matched when specific bits are set Not Destination Ip Address—If true.1 ip any any IP XYZCorpPrecedence.1 tcp any any tos 5 IP XYZCorpPrecedence67. if false.1 color yellow IPv6 IPv6Precedence67.1 source-route-class 44 destination-route-class 55 3 any any IP XYZCorpPermit.

1.255.JUNOSe 6.255 Not Destination Ip Address: false GRE Tunnel Classifier Control List greClass Reference count: 0 Entry count: 2 Classifier-List greClass Entry 1 User Packet Class: 8 DS Field: 3 Classifier-List greClass Entry 2 Color: yellow VLAN Classifier Control List bestEffort Reference count: 0 Entry count: 1 Classifier-List bestEffort Entry 1 Color: red User Packet Class: 15 User Priority bits: 7 IPv6 Classifier Control List IPv6Classifier Reference count: 0 Entry count: 1 Classifier-List IPv6Classifier Entry 1 User Packet Class: 3 Traffic Class Field: 200 L2TP Classifier Control List l2tpclass Reference count: 0 Entry count: 1 Classifier-List l2tpclass Entry 1 Color: green User Packet Class: 8 MPLS Classifier Control List mplsClass Reference count: 0 Entry count: 1 72 ! Monitoring Policy Management .255.255 Not Source Ip Address: false Destination IP Address: 0.----IP Classifier Control List XYZCorpPermit Reference count: 1 Entry count: 1 Classifier-List XYZCorpPermit Entry 1 Color: green Protocol: ip Not Protocol: false Source IP Address: 0.255.---.0.0 Source IP WildcardMask: 255.------.0.255.0.0 Destination IP WildcardMask:255.0.x Policy and QoS Configuration Guide ! Example 2 host1#show classifier-list detailed Classifier Control List Table ---------.

640 bytes mark-de 1 Frame relay sub-interface SERIAL5/1:1/1. 660 bytes color red Monitoring Policy Management ! 73 . yellow.Chapter 1: Configuring Policy Management Classifier-List mplsClass Entry 1 User Packet Class: 10 EXP Bits: 3 EXP Mask: 7 Frame relay Classifier Control List frMatchDeSet Reference count: 2 Entry count: 1 Classifier-List frMatchDeSet Entry 7 Traffic Class: toBoston User Packet Class: 8 DE Bit: 0 show frame-relay subinterface ! Use to display information about a subinterface’s Frame Relay policy lists. or red classifier-group—Name of the classifier control list used by the policy filter—Filter policy action forward—Forward policy action traffic class—Traffic class in the policy list user-packet-class—User packet class in the policy list ! Example host1#show frame-relay subinterface Frame relay sub-interface SERIAL5/0:1/1. status is up Number of sub-interface down transitions is 0 Time since last status change 03:04:59 No baseline has been set In bytes: 660 Out bytes: 660 In frames: 5 Out frames: 5 In errors: 0 Out errors: 0 In discards: 0 Out discards: 0 In unknown protos: 0 Frame relay policy output frOutputPolicy classifier-group frGroupA entry 1 5 packets.1. status is up Number of sub-interface down transitions is 0 Time since last status change 03:05:09 No baseline has been set In bytes: 660 Out bytes: 660 In frames: 5 Out frames: 5 In errors: 0 Out errors: 0 In discards: 0 Out discards: 0 In unknown protos: 0 Frame relay policy input frInputPolicy classifier-group frMatchDeSet entry 1 5 packets.1. ! Field descriptions related to policy lists ! ! ! ! ! ! ! ! Frame Relay policy—Type and name of the VLAN policy mark-de—DE bit value color—Color applied to packet flow for queuing: green.

0' Tunnel destination address is '0. To display information about a specific tunnel. include the name of the virtual router. 0 bytes traffic-class best-effort mark 4 mask 255 errors 0 0 74 ! Monitoring Policy Management .x Policy and QoS Configuration Guide show gre tunnel ! ! Use to display information about GRE tunnels. 0 bytes traffic-class best-effort mark 4 mask 255 GRE tunnel policy output routeGre35 classifier-group gre14 entry 1 0 packets. Field descriptions related to policies ! ! ! ! ! ! ! ! ! ! ! ! ! GRE tunnel policy input—Policy for outbound traffic GRE tunnel policy output—Policy for inbound traffic traffic-class—Name of traffic class classifier-group—Name of classifier group entry—Identifier for the entry in the classifier group packets—Number of packets bytes—Number of bytes mark—ToS byte setting for the classifier control list mask—Mask value corresponding to the ToS ! Example host1#show gre tunnel detail tunnelGre50 GRE tunnel tunnelGre50 is Down Tunnel operational configuration Tunnel mtu is '10240' Tunnel source address is '0. Use the ip keyword to display tunnels associated with an IP address.0. or up. enabled. To display information about tunnels on a specific virtual router.1.0.0' Tunnel transport virtual router is source Tunnel checksum option is disabled Tunnel sequence number option is disabled Tunnel up/down trap is enabled Tunnel-server location is 6/0 Tunnel administrative state is Up Statistics packets octets discards Data rx 0 0 0 Data tx 0 0 0 GRE tunnel policy input routeGre25 classifier-group gre6 entry 1 0 packets. not-present.JUNOSe 6.0.0. down. include the name of the tunnel. Use the state keyword to display tunnels that are in a specific state: disabled.

Administrative status is Up VLAN ID: 100 In: Bytes 4156.1 is Up. broadcast. Discards 0 VLAN policy input vlanPol1 classifier-group vlan20 entry 1 5 packets. Packets 30 Errors 0. Packets 45 Errors 0. Discards 0 Out: Bytes 6406. 730 bytes filter Monitoring Policy Management ! 75 . and multicast packets received on the VLAN or S-VLAN subinterface In Errors—Value is always 0 (zero) In Discards—Value is always 0 (zero) Out Bytes—Number of bytes sent on the VLAN or stacked VLAN (S-VLAN) subinterface Out Packets—Number of packets sent on the VLAN or S-VLAN subinterface Out Errors—Value is always 0 (zero) Out Discards—Value is always 0 (zero) VLAN policy—Type and name of the VLAN policy ! Field descriptions related to policies ! ! ! ! ! ! ! ! ! ! ! ! ! Example host1#show interfaces fastEthernet 1/0.Chapter 1: Configuring Policy Management show interfaces ! ! Use to display information about a subinterface and its VLAN policy lists.1 FastEthernet1/0. You can specify the following keywords: ! ! delta—Specifies that baselined statistics are to be shown brief—Displays the operational status of all configured interfaces Subinterface number—Location of the subinterface that carries the VLAN traffic Administrative status—Operational state that you configured for this interface: up or down VLAN ID—Domain number of the VLAN In Bytes—Number of bytes received on the VLAN subinterface In Packets—Sum of all unicast.

conformed. the router advertises its presence via the ICMP Router Discovery Protocol (IRDP) Administrative debounce-time—Administrative time delay that an interface must remain in a new state before the routing protocols react to the state change Operational debounce-time—Time delay that an interface must remain in a new state before the routing protocols react to the state change Access routing—When enabled.x Policy and QoS Configuration Guide show ip interface ! ! Use to display information about an IP interface (including policy list statistics). indicates whether packets are unicast or multicast Out Forwarded Bytes—Bytes forwarded from the interface. otherwise inherited from the lower layer Administrative speed—Configured speed known to the IP layer in bits per second Discontinuity Time—Time since the counters on the interface became invalid—for example. indicates whether bytes are unicast or multicast Out Scheduler Drops Packets—Packets dropped by the out scheduler. discarded because they exceeded a traffic contract to their destination In Error Packets—Packets determined to be in error at the interface In Invalid Source Address Packets—Packets determined to have originated from an invalid source address Out Forwarded Packets—Packets forwarded from the interface. indicates whether bytes are unicast or multicast In Policed Packets—Packets policed on the interface. or exceeded ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! 76 ! Monitoring Policy Management .1. when the line module was reset Router Advertisement—When enabled by the ip irdp command. equal to the administrative speed if configured. discarded because they exceeded a traffic contract to their destination In Policed Bytes—Bytes policed on the interface. an access route is installed to the host on the other end of the interface In Received Packets—Packets received on the interface. Field descriptions related to policy management only ! ! ! ! Network Protocols—Protocols configured on the interface Internet address—IP address of the interface Broadcast address—Broadcast address used by the interface Operational MTU—Operational maximum transmission unit (MTU) for packets sent on this interface Administrative MTU—Administrative maximum transmission unit for packets sent on this interface Operational speed—Speed known to the IP layer in bits per second. indicates whether packets are unicast or multicast In Received Bytes—Bytes received on the interface. indicates whether packets are committed.JUNOSe 6.

101/255. indicates whether bytes are committed. conformed. or red: " " ! ! ! ! Packets logged—Number of packets colored Bytes logged—Number of bytes colored Packets transmitted—Number of packets sent to the next-hop address Bytes transmitted—Number of bytes sent to the next-hop address ! next hop—Address of the next-hop destination: " " ! ! forward—Number of packets and bytes forwarded because of the CLACL rate-limit-profile—Name of the rate-limit profile " committed—Number of packets and bytes within the committed rate limit conformed—Number of packets and bytes exceeding the committed rate limit but within the peak rate exceeded—Number of packets and bytes exceeding the peak rate action—Action performed on the packets matched by the rules in the rate-limit profile " " " ! Example 1 host1#show ip interface serial 2/1:28/24.255.1. Bytes 3135 In Policed Packets 0. Bytes 0 In Error Packets 0 In Invalid Source Address Packets 0 Out Forwarded Packets 0. yellow.255.255 Operational MTU = 1600 Administrative MTU = 0 Operational speed = 155520000 Administrative speed = 0 Discontinuity Time = 14695 Router advertisement = disabled Administrative debounce-time = disabled Operational debounce-time = disabled Access routing = disabled In Received Packets 15. Bytes 0 Monitoring Policy Management ! 77 . line protocol is up Network Protocols: IP Internet address is 172. Bytes 0 Out Scheduler Drops Packets 0.1 is up.24.1 serial2/1:28/24.0 Broadcast address is 255.Chapter 1: Configuring Policy Management ! Out Scheduler Drops Bytes—Bytes dropped by the out scheduler. or exceeded Policy—Indicates which policy is attached and whether it is on the input or output of the interface classifier-group—Name of a CLACL attached to the interface and number of entry filter—Number of packets and bytes dropped because of the CLACL color—Explicit color applied to packet flow for queuing. green.255.255.

2.2.2.x Policy and QoS Configuration Guide IP Policy input pl28241 Classifier-group clacl28241X01 0 packets. 0 bytes action: drop exceeded: 0 packets.201 78 ! Monitoring Policy Management .255 Operational MTU = 1600 Administrative MTU = 0 Router advertisement = disabled Administrative debounce-time = disabled Operational debounce-time = disabled Access routing = disabled In Received Packets 464. 1596 bytes next-hop 192.1.2. Bytes 256728 Out Scheduler Drops Packets 0. 144716 bytes action: drop conformed: 0 packets.101 is up. 1016 bytes action: drop exceeded: 89 packets.2. Bytes 0 In Error Packets 0 In Invalid Source Address Packets 0 Out Forwarded Packets 350. 204 bytes filter Classifier-group clacl28241X05 1 packets. 25440 bytes next-hop 192.2.2. 30440 bytes next-hop 192.255. line protocol is up Network Protocols: IP Internet address is 192. Bytes 686788 In Policed Packets 0. Bytes 0 Policy input pl02001 classifier-group clacl02001 entry 1 1 packets.0 Broadcast address is 255. 205 bytes filter ! entry 1 entry 1 entry 1 entry 1 entry 1 Example 2 host1#show ip interface serial 2/1:2/1.255.2.1.201 classifier-group clacl02004 entry 1 20 packets. 202 bytes filter Classifier-group clacl28241X03 1 packets.2.255.201 classifier-group clacl02002 entry 2 rate-limit-profile rlp02002 committed: 98 packets. 140956 bytes action: drop classifier-group clacl02002 entry 1 98 packets.201 classifier-group clacl02005 entry 1 20 packets. 0 bytes action: drop classifier-group clacl02003 entry 1 15 packets.255.101/255. 0 bytes filter Classifier-group clacl28241X02 1 packets. 1596 bytes action: drop conformed: 2 packets. 144716 bytes next-hop 192.JUNOSe 6.201 classifier-group clacl02001 entry 2 rate-limit-profile rlp02001 committed: 1 packets.101 serial2/1:2/1. 20340 bytes next-hop 192.2.2. 203 bytes filter Classifier-group clacl28241X04 1 packets.

1 delta Partial results might be: Policy output 2egress classifier-group claclWst10 entry 1 10 packets. consider the difference in standard and baselined statistics. 12544 bytes forward Now display baselined statistics: host1#show ip interface atm 9/1. for a particular IPv6 interface or for all interfaces. including policy and classifier information. The default for the show ipv6 interface command is all interface types and all interfaces.1 Partial results might be: Policy output 2egress classifier-group claclWst10 entry 1 98 packets. Field descriptions ! ! ! ! ! ! ! ! ! Description—Optional description for the interface or address specified Network Protocols—Network protocols configured on this interface Link local address—Local IPv6 address of this interface Internet address—External address of this interface Operational MTU—Value of the MTU Administrative MTU—Value of the MTU if it has been administratively overridden using the configuration Operational speed—Speed of the interface Administrative speed—Value of the speed if it has been administratively overridden using the configuration Creation type—Method by which the interface was created (static or dynamic) ND reachable time—Amount of time (in milliseconds) that the neighbor is expected to remain reachable ! ! ! ! Monitoring Policy Management ! 79 . 1280 bytes forward show ipv6 interface ! Use to display detailed or summary information. First display standard policy statistics: host1#show ip interface atm 9/1. Use the brief or detail keywords with the show ipv6 interface command to display different levels of information.Chapter 1: Configuring Policy Management ! Example 3 If you have enabled policy statistics and baselining.

JUNOSe 6. Bytes—Number of outbound packets and bytes dropped by the scheduler 80 ! Monitoring Policy Management . and invalid source address " " " ! Out Forwarded Packets. Bytes—Total number of inbound packets and bytes dropped on this interface " In Policed Packets—Packets that were received and dropped because of rate limits In Invalid Source Address Packets—Packets received with invalid source address (for example. Bytes—Unicast packets and bytes that were sent from this interface Multicast Routed Packets. Bytes—Total number of packets and bytes received on this interface " ! ! ! ! ! ! ! ! ! Unicast Packets. Bytes—Multicast packets and bytes received on the IPv6 interface. spoofed packets) In Error Packets—Number of packets received with errors In Discarded Packets—Packets received that were discarded for reasons other than rate limits. Bytes—Unicast packets and bytes received on the IPv6 interface. which are then multicast-routed and counted as multicast packets " ! In Total Dropped Packets.x Policy and QoS Configuration Guide ! ND duplicate address detection attempts—Number of times that the router attempts to determine a duplicate address ND neighbor solicitation retransmission interval—Interval in which the router retransmits neighbor solicitations ND proxy—Indicates whether the router will reply to solicitations on behalf of a known neighbor ND RA source link layer—Indicates whether the RA includes the link layer ND RA interval—Interval (in seconds) of the neighbor discovery router advertisement ND RA lifetime—Lifetime (in seconds) of the neighbor discovery router advertisement ND RA managed flag—State of the neighbor discovery router advertisement managed flag ND RA other config flag—State of the neighbor discovery router advertisement other config flag ND RA advertising prefixes—Configured advertisement prefixes for neighbor discovery router advertisement In Received Packets. Bytes—Total number of packets and bytes that were sent from this interface " Unicast Packets.1. Bytes—Multicast packets and bytes that were sent from this interface " ! Out Total Dropped Packets—Total number of outbound packets and bytes dropped by this interface " Out Scheduler Dropped Packets. link-local received multicast packets (non-multicast-routed frames) are counted as unicast packets Multicast Packets. errors.

bytes—Total number of committed packets and bytes dropped by this interface Dropped conformed packets. Bytes 0 In Total Dropped Packets 0. other config flag is disabled ND RA advertising prefixes configured on interface In Received Packets 0.6 FastEthernet9/0. bytes—Total number of conformed packets and bytes dropped by this interface Dropped exceeded packets. Bytes 0 Unicast Packets 0. output. Bytes—Number of outbound packets and bytes dropped because of rate limits Out Discarded Packets—Number of outbound packets that were discarded for reasons other than those dropped by the scheduler and those dropped because of rate limits rate-limit-profile—Name of the profile classifier-group entry—Entry index Committed—Number of packets and bytes that conform to the committed access rate Conformed—Number of packets and bytes that exceed the committed access rate but conform to the peak access rate Exceeded—Number of packets and bytes that exceed the peak access rate " ! IPv6 policy—Type (input. local-input) and name of the policy " " " " " ! queue. bytes—Total number of exceeded packets and bytes dropped by this interface " " ! Example host1#show ipv6 interface FastEthernet 9/0. bound to ipv6—Queue and traffic class bound to the specified IPv6 interface " " Queue length—Number of bytes in the queue Dropped committed packets. traffic class. ipv6 is up Description: IPv6 interface in Virtual Router Hop6 Network Protocols: IPv6 Link local address: fe80::90:1a00:740:31cd Internet address: 2001:db8:1::/48 Operational MTU 1500 Administrative MTU 0 Operational speed 100000000 Administrative speed 0 Creation type Static ND reachable time is 3600000 milliseconds ND duplicate address detection attempts is 100 ND neighbor solicitation retransmission interval is 1000 milliseconds ND proxy is enabled ND RA source link layer is advertised ND RA interval is 200 seconds. Bytes 0 Multicast Packets 0.Chapter 1: Configuring Policy Management " Out Policed Packets. lifetime is 1800 seconds ND RA managed flag is disabled. Bytes 0 In Policed Packets 0 In Invalid Source Address Packets 0 In Error Packets 0 In Discarded Packets 0 Monitoring Policy Management ! 81 .6 line protocol VlanSub is up.

0 bytes rate-limit-profile Rlp5Mb Committed: 0 packets. Bytes 768 Multicast Routed Packets 0. Bytes 0 Out Total Dropped Packets 5. ! When the keyword l2transport is specified. Bytes 768 Unicast Packets 8.1. Bytes 0 Out Scheduler Dropped Packets 0. 0 bytes IPv6 policy output ipv6PolOut2 rate-limit-profile RlpOutA classifier-group clgB entry 1 Committed: 0 packets. Field descriptions ! ! ! Interface—Specifier and status of each interface base-LSP/remote-addr—Identifies either the tunnel that is selected to forward the traffic or the address of the router at the other end group-id—Group ID number for the interface vc-id—VC ID number for the interface mtu—Maximum transmission unit for the interface ! ! ! 82 ! Monitoring Policy Management . bytes 0 Dropped exceeded packets 0. only Layer 2 circuits for the specified interface are displayed. 0 bytes Conformed: 0 packets. 0 bytes rate-limit-profile RlpOutB Committed: 0 packets.JUNOSe 6. 0 bytes Exceeded: 0 packets.x Policy and QoS Configuration Guide Out Forwarded Packets 8. bytes 0 show mpls l2transport interface ! Use to display status and configuration information about MPLS Layer 2 interfaces. 0 bytes rate-limit-profile Rlp8Mb Committed: 0 packets. 0 bytes IPv6 policy local-input ipv6PolLocIn5 rate-limit-profile Rlp1Mb classifier-group clgC entry 1 Committed: 0 packets. 0 bytes Conformed: 0 packets. 0 bytes Exceeded: 0 packets. 0 bytes Conformed: 0 packets. 0 bytes Exceeded: 0 packets. 0 bytes queue 0: traffic class best-effort. bytes 0 Dropped conformed packets 0. bound to ipv6 FastEthernet9/0.6 Queue length 0 bytes Forwarded packets 0. 0 bytes Conformed: 0 packets. 0 bytes Exceeded: 0 packets. 0 bytes Conformed: 0 packets. 0 bytes Exceeded: 0 packets. Bytes 0 Out Policed Packets 0 Out Discarded Packets 5 IPv6 policy input ipv6InPol25 rate-limit-profile Rlp2Mb classifier-group clgA entry 1 Committed: 0 packets. 0 bytes Conformed: 0 packets. 0 bytes Exceeded: 0 packets. bytes 0 Dropped committed packets 0.

0 errors. bytes—Total number of conformed packets and bytes dropped by this interface Dropped exceeded packets.1 routed to 222.1. bytes—Total number of exceeded packets and bytes dropped by this interface " " " ! ! MPLS policy—Type (input. traffic class. 0 errors. 0 discardPkts Out Label 49 on tun mpls:lsp-de090100-24-37 0 pkts.1 Monitoring Policy Management ! 83 . 0 hcPkts. 0 hcPkts. 0 octets 0 hcOctets. bytes—Total number of packets and bytes forwarded by this interface Dropped committed packets. 0 discardPkts queue 0: traffic class best-effort.9.Chapter 1: Configuring Policy Management ! state/in/out-label—Status of the Layer 2-over-MPLS connection or the incoming/outgoing VC label Mpls Statistics " " " " " ! pkts—Number of packets received or sent hcPkts—Number of high-capacity (64-bit) packets received or sent octets—Number of octets received or sent hcOctets—Number of high-capacity (64-bit) octets received or sent errors—Number of packets that are dropped for some reason at receipt or before being sent discardPkts—Number of packets that are discarded due to lack of buffer space at receipt or before being sent " ! queue.3 on base LSP tun mpls:lsp-de090100-24-37 group-id 2 vc-id 900001 mtu 1500 State UP In Label 48 on stack 0 pkts. bound to atm-vc ATM1/0. bound to—Queue and traffic class bound to the specified interface " " Queue length—Number of bytes in queue Forwarded packets. output) and name of policy classifier-group—Name of a CLACL attached to the interface and number of entry " " rate-limit-profile—Name of profile Committed—Number of packets and bytes conforming to the committed access rate Conformed—Number of packets and bytes that exceed the committed access rate but conform to the peak access rate Exceeded—Number of packets and bytes exceeding the peak access rate " " ! Example host1#show mpls l2transport interface FastEthernet9/0. bytes—Total number of committed packets and bytes dropped by this interface Dropped conformed packets. 0 octets 0 hcOctets.

x Policy and QoS Configuration Guide Queue length 0 bytes Forwarded packets 0. Referenced by interface(s)—List of interfaces to which policy is attached. green. indicates whether the attachment is at input or output of interface. disabled. 0 bytes. 0 bytes. Referenced by profile(s)—List of profiles to which policy is attached. bytes 0 MPLS policy input mplsInputPolicy classifier-group claclWst50 entry 1 0 packets. action drop MPLS policy output mplsOutputPolicy classifier-group claclWst75 entry 1 0 packets. Classifier control list—Name of the classifier control list containing policy rules and the precedence assigned to the classifier control list. action: drop show policy-list ! ! Use to display information about policy lists. 0 bytes rate-limit-profile rlp committed: 0 packets. 0 bytes. action: transmit conformed: 0 packets. yellow. Statistics—Enabled. or output of interface created by the profile. 0 bytes. goes to enable when the policy list is created. action: transmit exceeded: 0 packets. 0 bytes rate-limit-profile rlp committed: 0 packets. Administrative state—For SNMP use.1.JUNOSe 6. bytes 0 Dropped conformed packets 0. Users modifying the policy list commands via telnet see the state as disabled. Field descriptions—Fields displayed vary depending on the type of policy and the rules assigned to the policy: ! ! Policy—Name of the policy list. action: transmit conformed: 0 packets. 0 bytes. Rule types are: " " " " " " " " ! ! ! ! ! ! filter—Filter policy action forward—Forward policy action next-interface—Next-interface policy action next-hop—Next-hop policy action rate-limit-profile—Rate-limit-profile policy action color—Color of a packet. bytes 0 Dropped exceeded packets 0. Modifications of a policy are not applied to an interface until the administrative state is disabled and enabled. 0 bytes. bytes 0 Dropped committed packets 0. secondary-input. or red traffic-class—Traffic class in a policy list log—Log policy action 84 ! Monitoring Policy Management . indicates whether the attachment is at input. action: transmit exceeded: 0 packets. Reference count—Number of attachments to interfaces or profiles.

precedence 100 color red GRE Tunnel Policy routeGre50 Administrative state: enable Reference count: 0 Classifier control list: gre8.----IP Policy routeForABCCorp Administrative state: enable Reference count: 0 Classifier control list: ipCLACL10.0. precedence 100 mark-de 1 Frame relay Policy frInputPolicy Administrative state: enable Reference count: 0 Classifier control list: frMatchDeSet. rule 5 mark tos 125 rate-limit-profile ipRLP25 Classifier control list: ipCLACL20.120.109. rule 4 (reachable) interface ip3/1.100. precedence 75 forward Virtual-router: default List: next-hop 192.1p VLAN user priority bit mark DE—DE bit action " " " ! ! Rule status—Indicates if the rule is suspended. order 20. precedence 150 color red mark dsfield 20 filter L2TP Policy routeForl2tp Monitoring Policy Management ! 85 .12. rule 2 (active) next-hop 192. order 10. Example host1#show policy-list Policy Table -----.2.Chapter 1: Configuring Policy Management " " " mark tos—ToS byte in the IP header to a specified value mark DS field—DS field value in the IP header to a specified value mark TC precedence—Traffic class value in the IPv6 header to a specified value mark EXP—Value assigned to EXP bits action mark user priority—Value assigned to 802. precedence 125 filter IPv6 Policy routeForIPv6 Administrative state: enable Reference count: 0 Classifier control list: ipv6tc67. order 30. precedence 75 color red mark tc-precedence 7 Frame relay Policy frOutputPolicy Administrative state: enable Reference count: 0 Classifier control list: frMatchDeSet.0.5. order 40. rule 3 (reachable) next-hop 192.17.

precedence 200 mark-exp 2 mask 7 rate-limit-profile mplsRLP5 VLAN Policy routeForVlan Administrative state: enable Reference count: 0 Classifier control list: lowLatencyLowDrop. in bytes Excess burst—Amount of bandwidth allocated to accommodate a packet in progress when the rate is in excess of the burst Peak rate—Amount of bandwidth allocated to accommodate traffic flow in excess of the committed rate. transmit. or mark) taken when traffic flow exceeds the peak rate ! ! ! ! ! ! ! ! ! 86 ! Monitoring Policy Management . in bits per second Peak burst—Amount of bandwidth allocated to accommodate bursty traffic in excess of the peak rate. transmit. transmit. precedence 100 traffic-class excellentEffort Classifier control list: bestEffort. precedence 100 traffic-class lowLatencyLowDrop color green mark-user-priority 7 Classifier control list: lowLatency. precedence 100 color red rate-limit-profile l2tpRLP20 MPLS Policy routeForMpls Administrative state: enable Reference count: 0 Classifier control list: *. precedence 100 traffic-class lowLatency (suspended) Classifier control list: excellentEffort. in bytes Mask—Value of mask applied to ToS byte in IP packet header Committed rate action—Policy action (drop.JUNOSe 6. precedence 100 traffic-class bestEffort show rate-limit-profile ! ! Use to display information about rate-limit profiles. Field descriptions ! ! ! Rate-Limit-Profile—Name of the rate-limit profile Profile Type—One-rate or two-rate profile Reference Count—Number of policy lists that reference this rate-limit profile Committed rate—Target rate for the traffic. in bits per second Committed burst—Amount of bandwidth allocated to accommodate bursty traffic.x Policy and QoS Configuration Guide Administrative state: enable Reference count: 0 Classifier control list: *. or mark) taken when traffic flow does not exceed the committed rate Conformed rate action—Policy action (drop.1. or mark) taken when traffic flow exceeds the committed rate but remains below the peak rate Exceeded rate action—Policy action (drop.

Reference count—Number of attachments to interfaces or profiles Classifier control list—Name of the classifier control list. which is always *.----.------. (contains mirror policy rule and has precedence value to determine order within policy) precedence—Precedence assigned to the classifier control list mirror—Mirror action analyzer-ip-address—IP address of analyzer device ! ! ! Monitoring Policy Management ! 87 .----IP Rate-Limit-Profile: rlp Profile Type: one-rate Reference count: 0 Committed rate: 0 Committed burst: 8192 Excess burst: 0 Mask: 255 Committed rate action: transmit Conformed rate action: transmit Exceeded rate action: drop IP Rate-Limit-Profile: rlp Profile Type: two-rate Reference count: 0 Committed rate: 0 Committed burst: 8192 Peak rate: 0 Peak burst: 8192 Mask: 255 Committed rate action: transmit Conformed rate action: transmit Exceeded rate action: drop L2TP Rate-Limit-Profile: L2tpRlp Profile Type: Reference count: Committed rate: Committed burst: Peak rate: Peak burst: Committed rate action: Conformed rate action: Exceeded rate action: two-rate 0 0 8192 0 8192 transmit transmit drop show secure policy-list ! Use to display information about secure policy lists. Field descriptions ! ! ! ! ! ! Policy—Type (IP or L2TP) and name of the policy list Administrative state—Set to enable when the policy list is created. the level can be modified by an administrator.Chapter 1: Configuring Policy Management ! Example host1#show rate-limit-profile Rate Limit Profile Table ---. which are used for packet mirroring. You must have CLI access level 13 or above to use this command.

statistics disabled.com/1 Referenced by profile(s): No profile references secure-input policy.1 analyzer-virtual-router default analyzer-udp-port 3000 mirror-id 6789 session-id 6543 Referenced by interface(s): ATM5/0.168.1 secure-output policy. statistics disabled. always null statistics—Not currently supported.x Policy and QoS Configuration Guide ! analyzer-virtual-router—Virtual router where the analyzer interface is configured analyzer-udp-port—UDP port used to communicate with analyzer device mirror-id—Unique identifier of the mirrored session session-id—Unique identifier of the user session ! ! ! NOTE: A status of unreachable after the session-id indicates that the analyzer interface is either not in analyzer mode or that it is in a down state. statistics disabled 88 ! Monitoring Policy Management . precedence 100 mirror analyzer-ip-address 192.com/1 TUNNEL l2tp:1/msn. virtual-router default Referenced by profile(s): No profile references L2TP Secure Policy secureL2tpPolicy Administrative state: enable Reference count: 2 Classifier control list: *.1 analyzer-virtual-router default analyzer-udp-port 3000 mirror-id 6789 session-id 6543 (unreachable) Referenced by interface(s): TUNNEL l2tp:1/msn.168. also indicates the virtual router at which the interface attachment exists Referenced by profile(s)—Not currently supported.1 secure-input policy. statistics disabled secure-output policy. indicates whether the attachment is at secure input or secure output of interface. virtual-router default ATM5/0.pwh.1.1. ! Referenced by interface(s)—Interfaces to which policy is attached. always disabled ! ! ! Example host1#show secure policy-list Policy Table -----.JUNOSe 6.pwh.2.----Secure IP Policy secureIpPolicy Administrative state: enable Reference count: 2 Classifier control list: *. precedence 100 mirror analyzer-ip-address 192.

Chapter 1: Configuring Policy Management show vlan subinterface ! ! Use to display information about a subinterface’s VLAN policy lists. 730 bytes filter Monitoring Policy Management ! 89 . Field descriptions ! Subinterface number—Location of the subinterface that carries the VLAN traffic VLAN ID—Domain number of the VLAN VLAN policy—Type and name of the VLAN policy filter—Number of packets and bytes that have been policed by the policy ! ! ! ! Example host1#show vlan subinterface fastEthernet 1/0.1 VLAN ID is 100 VLAN policy input vlanPol1 classifier-group claclVlanBos entry 1 5 packets.

x Policy and QoS Configuration Guide 90 ! Monitoring Policy Management .1.JUNOSe 6.

QoS topics are discussed in the following sections: ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! Overview on page 92 References on page 96 Configuration Tasks on page 96 Traffic Classes on page 97 Traffic-Class Groups on page 99 Queue Profiles on page 100 Drop Profiles on page 105 Scheduler Profiles on page 114 Shared Shaping on page 118 Statistics Profiles on page 147 QoS Profiles on page 151 Configuring QoS for ATM Interfaces on page 155 Configuring QoS for L2TP Interfaces on page 167 QoS Profile Attachments on page 170 QoS Profile Configuration Examples on page 174 Diffserv Configuration with Multiple Traffic-Class Groups on page 178 Strict-Priority Scheduling on page 182 ! 91 .Chapter 2 Configuring Quality of Service This chapter provides information for configuring quality of service (QoS) on the E-series router. and loss. jitter. The QoS feature enables your router to distinguish traffic with strict timing requirements from traffic that can tolerate delay.

The E-series router supports QoS on the 5-. The E-series router supports: ! ! ! IETF architecture for differentiated services Assured forwarding per-hop-behavior (PHB) groups Expedited forwarding PHB groups See References on page 96 for a list of related RFCs. The Juniper Networks QoS architecture extends DiffServ to support edge features such as high-density queuing.1. delay. or throughput. QoS provides a level of predictability and control beyond the best-effort delivery that the router provides by default. jitter. 92 ! Overview . Separate queues enable fair access to buffers and bandwidth for each subscriber connected to the router. 10-. Allocating queues per interface allows an Internet service provider (ISP) to shape an individual subscriber’s traffic flows to specified rates independent of the underlying Layer 2 network type.JUNOSe 6. and 40-Gbps fabric boards.x Policy and QoS Configuration Guide ! ! ! ! ! Relative Strict-Priority Scheduling on page 184 Rate Shaping on page 191 Port Shaping on page 192 Clearing Statistics on page 193 Monitoring QoS on page 193 Overview QoS is a suite of features that configure queuing and scheduling on the forwarding path of the E-series router. DiffServ networks classify packets into one of a small number of aggregated flows or traffic classes for which you can configure different QoS characteristics. QoS as developed for E-series routers conforms to the IETF Differentiated Services (DiffServ) model (RFCs 2597 and 2598). It has an application-specific integrated circuit (ASIC) scheduler that supports thousands of queues in a hierarchical round-robin (HRR) scheduler. The scheduler allows the router to allocate separate queues for each forwarding interface. It supports egress line module functions only on ASIC-based line modules. The router supports configurable queuing and scheduling. Best-effort service provides packet transmission with no assurance of reliability.

Overview ! 93 . Supported on the E-series router. is translated into a weight. Dynamically adjusts bandwidth for scheduler nodes. The result of a weight or an assured rate. traffic-class group} pair. Measures the difference between a cell’s expected and actual transfer delay. in bits per second. and where the traffic class group contains the best-effort traffic class. CDV CDVT Effective weight Cell delay variation. Figure 3: Traffic Flow Through an E-series Router Ingress Line module Switch fabric Line module Egress g013025 E-series router Terms Table 16 defines terms used in this discussion of QoS. Cell delay variation tolerance. A scheduler node associated with a {port interface. This is the default per-hop behavior (PHB) for packet transmission. Group node HAR HRR Latency Proprietary QoS Management Information Base (MIB) Queue First-in-first-out (FIFO) set of buffers that control packets on the data path. Hierarchical assured rate. This node aggregates all traffic for traffic classes in the group. Because the logical interface is the port. Specifies the acceptable tolerance of CDV (jitter). Network forwards as many packets as possible in as reasonable a time as possible. Best-effort queue Best-effort scheduler node The scheduler node associated with a logical interface and traffic class group pair. For a logical interface. Delay in the transmission of a packet through a network from beginning to end. Determines the amount of jitter.Chapter 2: Configuring Quality of Service Figure 3 shows the traffic flow through the router. the queue associated with the best-effort traffic class for that logical interface. Allocates bandwidth to queues in proportion to their weights. Table 16: QoS Terminology Used in This Chapter Term Assured rate Best effort Description Bandwidth guaranteed until oversubscribed. Hierarchical round-robin. Users configure the scheduler node by specifying either an assured rate or a weight within a scheduler profile. The resultant weight is referred to as an effective weight. Also known as best-effort node. only one such scheduler node can exist for each traffic-class group above the port. An assured rate.

QoS profile that is automatically attached to ports of the corresponding type if you do not explicitly attach a QoS profile. Features Table 17 describes the major QoS features that the E-series router provides. Shapes the aggregate traffic through a port or channel to a rate that is less than the line or port rate. Packets that are not assigned to a specific traffic class are assigned to the best-effort traffic class. ! Expedited forwarding—See RFC 2598. A traffic-class group uses a scheduler level at level 1. Queue profile 94 ! Overview .JUNOSe 6. scheduler profiles. Weight WRED Specifies the relative weight for queues in the traffic class. Weighted random early detection congestion avoidance technique. and statistics profiles in combination with interface types.1. Differentiated services Drop profile Port shaping QoS port-type profile QoS profile Template that specifies active queue management in the form of WRED behavior of an egress queue. Random early detection congestion avoidance technique. Scheduler node Shared shaper constituent All nodes and queues that are associated with a logical interface that is being shared shaped are considered potential constituents of the shared shaper. Collection of QoS commands that specify queue profiles. A hierarchical. ! Assured forwarding—See RFC 2597. Queues are stacked above scheduler nodes in a hierarchy. Table 17: QoS Features Feature Best effort Description Default traffic class for packets being forwarded across the device. The root node is associated with a channel or physical port. drop profiles. An element within the hierarchical scheduler that implements bandwidth controls for a group of queues. with a final level of queues stacked above the nodes. Allows you to throttle a queue to a specified rate. Template that specifies the buffering and tail-dropping behavior of an egress queue. tree-like arrangement of scheduler nodes and queues. Applies the rules in the QoS profile to a specific interface.x Policy and QoS Configuration Guide Table 16: QoS Terminology Used in This Chapter (continued) Term QoS port-type profile QoS profile attachment Rate shaping RED Scheduler hierarchy Description Supplies the QoS information for forwarding interfaces stacked above ports of the associated interface type. The router supports up to three levels of scheduler nodes stacked above a port (level 0).

A traffic-class group uses one level of the scheduler hierarchy. Scheduler profile Shared rate shaping Statistics profile Strict-priority scheduling Traffic class Traffic-class group Separate hierarchy of scheduler nodes and queues over a port. All queues are stacked in a single scheduler hierarchy above the physical port. Relative strict-priority scheduling Provides strict-priority scheduling within a shaped aggregate rate. When you configure a traffic class inside a group.Chapter 2: Configuring Quality of Service Table 17: QoS Features (continued) Feature Rate shaping Description Mechanism that throttles the rate at which an interface can transmit packets. and shaping rate. with up to 500 Kbps of the bandwidth for low-latency traffic.0 is deprecated and converted to QoS profiles and scheduler profiles. Overview ! 95 . its queues are stacked separately. For example. A chassis-wide grouping of queues and buffers that support transmission of a designated set of traffic across the chassis. Template that specifies rate statistics and event-gathering characteristics. It is implemented with a special strict-priority scheduler node that is stacked directly above the port. The intent is to trigger TCP congestion avoidance in a random set of TCP flows before congestion becomes severe and causes tail dropping on a large number of flows. A traffic class cannot belong to more than one group. level 1. it lets you provide 1 Mbps of aggregate bandwidth to a subscriber. Mechanism that enables dynamic sharing of logical interface bandwidth for traffic that is queued through separate scheduler hierarchies. Designates the traffic class (queue) that receives top priority for transmission of its packets through a port. If there is no strict-priority traffic. and onto the egress line module. and therefore up to eight queues per logical interface. from ingress line module. WRED Signals end-to-end protocols such as TCP that the router is becoming congested along a particular egress path. The most common reason for creating separate scheduler hierarchies is to implement strict priority scheduling for all queues in the group. The router supports up to eight traffic classes. Note: Rate shaping as presented in policy management in releases before JUNOSe 4. assured rate. the low-latency traffic can use up to the full aggregate rate of 1 Mbps. Traffic classes belong to the default group unless they are specifically assigned to a named group. through the switch fabric. Configures the bandwidth at which queues drain as a function of relative weight. The router supports up to four traffic-class groups.

(Optional) To gather rate statistics.JUNOSe 6. create a queue profile. (Optional) To configure nondefault buffer management. or specify the profile as a QoS port-type profile for a given interface type. Random Early Detection for Congestion Avoidance. and scheduler profiles. Create a scheduler profile.x Policy and QoS Configuration Guide References For more information about QoS. 5. 6. and Jacobson. statistics. S.1. 2. (Optional) Create one or more traffic-class groups. Attach the QoS profile to one or more interfaces. create a statistics profile. Perform the required tasks and also any optional tasks that you need for your QoS configuration: 1. August 1993 ! ! ! ! ! ! ! ! ! Configuration Tasks Several of the following tasks are optional. (Optional) To configure RED or WRED. create a drop profile. 7. QoS profiles reference queue. Create a QoS profile. V. IEEE/ACM Transactions on Networking 1(4). 8. Create and configure a traffic class. drop. 96 ! References . 3. 4.. see the following resources: ! RFC 2474—Definition of the Differentiated Services Field (DS Field) in the IPv4 and IPv6 Headers (December 1998) RFC 2475—An Architecture for Differentiated Services (December 1998) RFC 2597—Assured Forwarding PHB Group (June 1999) RFC 2598—An Expedited Forwarding PHB (June 1999) RFC 2698—A Two Rate Three Color Marker (September 1999) RFC 2990—Next Steps for the IP QoS Architecture (November 2000) RFC 2998—A Framework for Integrated Services Operation over Diffserv Networks (November 2000) RFC 3246—An Expedited Forwarding PHB (Per-Hop Behavior) (March 2002) RFC 3260—New Terminology and Clarifications for Diffserv (April 2002) Floyd.

Packets arrive at an egress line module that has no queues allocated for their traffic class. host1(config)#traffic class low-loss1 host1(config-traffic-class)# 2. Traffic classes are global to the router. (Optional) For ERX-1440 routers. You can add the best-effort class to a traffic-class group. The router assigns packets to the best-effort class in each of the following cases: ! ! ! You do not create any other traffic classes. host1(config-traffic-class)#fabric-weight 12 3. the packets are placed into traffic class–specific queues on the egress line module. and the scheduler schedules the packets for transmission. Create a traffic class and enter Traffic Class Configuration mode. host1(config-traffic-class)#fabric-strict-priority Traffic Classes ! 97 . You cannot delete this class. queues. Configuring a Traffic Class To configure a traffic class: 1. (Optional) Specify strict-priority scheduling across the fabric. Packets are: ! ! ! ! Classified into a traffic class on ingress or egress Queued on fabric queues that are specific to the traffic class Queued on the egress line module on queues that are specific to the traffic class Scheduled for transmission Input policies classify packets into the traffic class. A traffic class corresponds to what the IETF DiffServ working group calls a traffic class in RFC 2597—Assured Forwarding PHB Group (June 1999). and bandwidth that you can allocate to provide a defined level of service to packets in the traffic class. Packets are not classified into a traffic class. specify the relative weight for queues in the traffic class in the fabric.Chapter 2: Configuring Quality of Service Traffic Classes A traffic class is a systemwide collection of buffers. the fabric carries the packets to an egress line module in a fabric queue that is specific to the traffic class. Best-Effort Forwarding The router has a default traffic class called best-effort.

1. Zero is not a valid weight. It does not control the weight of egress queues associated with the traffic class.x Policy and QoS Configuration Guide fabric-strict-priority ! Use to specify strict-priority scheduling across the fabric for queues in the traffic class. fabric-weight ! ! Use to specify the relative weight for queues in the traffic class in the fabric. Example host1(config)#traffic class low-loss1 host1(config-traffic-class)# ! ! Use the no version to delete a specified traffic class. If multiple traffic classes are strict priority. the traffic class is considered to be ungrouped. ! Example host1(config-traffic-class)#fabric-weight 12 ! Use the no version to set the fabric to the default weight value. Example host1(config-traffic-class)#fabric-strict-priority ! ! ! Use the no version to delete the strict-priority setting. Fabric weight controls the bandwidth of fabric queues associated with the traffic class. The weight value is in the range 1–63. The router supports up to eight global traffic classes. 8. The traffic class name can be up to 32 characters. traffic-class ! ! ! ! Use to configure a traffic class and enter Traffic Class Configuration mode.JUNOSe 6. If not explicitly added to a traffic-class group. It cannot include spaces. Each traffic class can appear in only one traffic-class group. the fabric weight determines which class gets more bandwidth. ! NOTE: The fabric-weight command works only with ERX-1440 routers. 98 ! Traffic Classes .

Add traffic classes to the traffic-class group. Create a traffic-class group and enter Traffic Class Group Configuration mode. You must put traffic classes that require strict priority scheduling in the auto-strict group.Chapter 2: Configuring Quality of Service Traffic-Class Groups You can put traffic classes into a group to create a hierarchy of scheduler nodes and queues. host1(config-traffic-class-group)#traffic-class low-latency-traffic-class traffic-class ! ! Use to add a traffic class to the traffic-class group. ATM VC nodes that are configured in the default group (which is the factory default configuration) receive backpressure from the segmentation and reassembly (SAR) feature. you may wish to manage certain traffic classes through particular line modules. Previous releases of the JUNOSe software supported a single strict-priority traffic-class group. Traffic classes in a local traffic-class group cannot belong to any other group. A traffic-class group contains one or more traffic classes. for only that line module. Configuring Traffic-Class Groups To configure a traffic-class group: 1. However. Traffic classes are placed in the default traffic-class group when the classes are configured—you can then move a class to another traffic-class group. If you have already created a traffic-class group. the class is automatically moved to the default traffic-class group. Characteristics configured for the local group on the line module override those of the global group. but a particular traffic class can belong to a single group—either the default group or one named group. you can subsequently specify a slot number to create a local instance of the group that is restricted to the module occupying that slot. Traffic-Class Groups ! 99 . Traffic-class groups are global in scope by default. Traffic classes in a globally scoped traffic-class group cannot belong to any other group. host1(config)#traffic-class-group assuredForwarding host1(config-traffic-class-group)# 2. You can optionally put traffic classes that need a separate round robin (for example. A traffic class that is not contained in any named group is considered to belong to the default group. for example—when the traffic classes are distributed across different VCs. When you delete a traffic-class from a named group. Organizing traffic into multiple traffic-class groups enables you to manage and shape traffic—by service class. Now you can configure an auto-strict group and up the three extended traffic-class groups. Example host1(config-traffic-class-group)#traffic-class low-latency-traffic-class ! Use the no version to delete a traffic class from a traffic-class group. video) in an extended group.

the scheduler for the extended groups may not specify strict-priority scheduling.x Policy and QoS Configuration Guide traffic-class-group ! Use to configure a traffic-class group and enter Traffic Class Group Configuration mode. the group is strict-priority by default. When egress packet memory is in low demand. Characteristics configured for the local group on the line module override those of the global group. You can use the extended keyword to configure up to three extended traffic-class groups.JUNOSe 6. Scheduling for these groups is determined by the scheduler profile associated with the group node.1. When egress packet memory is in high demand and aggregate utilization of the 32-MB memory is high. You can use the auto-strict-priority keyword to explicitly configure a single traffic-class group with strict-priority scheduling. For example. if you create 4. Queue Profiles A queue is a set of FIFO buffers that buffer packets on the data path. This conservative buffer-management strategy reserves a fair share of buffers for each queue. The E-series router dynamically manages the shared memory on egress line modules to provide a good balance between sharing the memory among queues and protecting an individual queue’s claim on its fair share of the egress memory. You must remove all local (slot-based) instances of a traffic-class group before you can remove the global group. If an explicitly configured strict-priority group exists. QoS associates queues with a traffic class/interface pair. 100 ! Queue Profiles .000 IP interfaces and configure each interface with four traffic classes. from which you can add classes to or delete classes from the group. Use the slot slotNumber option to associate a pre-existing global traffic-class group with the module occupying that slot. then 16. queue lengths are set to lengths that strictly partition egress memory into per-queue memory sections. You can configure limits to prevent the router from setting queue lengths too low or too high. so that high bandwidth consumers cannot starve out moderate traffic consumers by allocating all the shared memory resource for themselves. If you do not specify a keyword. The router dynamically varies queue lengths for all queues as the real-time demand on the egress packet memory changes. a more liberal buffer management strategy is used to provide active queues with more access to the shared memory resource. regardless of the scheduler profile associated with the group node. Example host1(config)#traffic-class-group assured slot 9 extended host1(config-traffic-class-group)# ! ! ! ! ! ! Use the no version to remove the selected traffic-class group.000 queues are created.

It is unnecessary and wasteful to reserve buffer space for all queues when many are expected to be idle. Dynamic Oversubscription Dynamic oversubscription lets the router vary queue thresholds based on the amount of egress buffer memory in use. You can also specify the conformed length and exceeded length as percentages of the committed length. The forfeited buffers are allocated to other queues. host1(config)#queue-profile multicast host1(config-queue)#committed-length 0 20000 host1(config-queue)#exit You can also set the buffer weight to ensure that some sets of queues get higher thresholds than others. and when a large number of queues are configured. You may want to limit latency of your multicast traffic by bounding the queue length. buffer memory is strictly partitioned between queues to ensure that buffers are available for all queues. it is likely that many of the queues will be active at the same time. when a few queues are configured. For example. suppose a line module with 4000 IP interfaces is configured with four queues per IP interface. When few queues are configured. Suppose that queues in two of the traffic classes are configured with a buffer weight of 24 to increase burst tolerance. Static oversubscription is based on the assumption that. buffer memory is increasingly oversubscribed to allow more buffer sharing.Chapter 2: Configuring Quality of Service Static Oversubscription Static oversubscription lets the router vary queue thresholds based on the number of queues currently configured. The following example configures the video queue: host1(config)#queue-profile video host1(config-queue)#buffer-weight 24 host1(config-queue)#exit host1(config)# Queue Profiles ! 101 . As the number of configured queues increases. As the demand for buffer memory increases. queues are given large amounts of buffer memory. corresponding to four traffic classes. queues are given progressively smaller amounts of buffer memory. it is likely that fewer queues will be active at the same time. which is relatively static. The router divides egress buffer memory into eight regions of 4 MB each. even when the egress memory is lightly loaded. Overriding Default Queue Allocation To prevent the router from setting queue thresholds too low or too high. When buffer memory is in low demand. It directs the router to set the queue thresholds proportionately. The following example configures the multicast queues so that the committed threshold never exceeds 20 KB. Buffer weight is analogous to weight in a scheduler profile. you can specify minimum and maximum queue thresholds.

the router drops red packets. 102 ! Queue Profiles . leaving 75 percent of the memory for the queues weighted 24 (corresponding to the ratio 75 percent:25 percent. based on dynamic oversubscription. When the queue fills above the conformed drop threshold. keep the following guidelines in mind: ! Specifying a maximum queue length of 0 bytes disables queuing of packets on the queue. any unused memory is redistributed to queues whose thresholds are not constrained. If the queue thresholds are constrained by committed or conformed threshold settings. and queues with the buffer weight of 24 have committed thresholds of 3 KB each. For example. JUNOSe software uses 128-byte buffers. but the queues with buffer weight 24 are always set with thresholds three times larger than the default thresholds. Specifying a maximum queue length of 1–128 bytes creates a single 128-byte buffer for the queue. but still queues yellow and green packets.x Policy and QoS Configuration Guide When the egress memory is fully loaded. If you specify a maximum queue length of 256 bytes. Specifying a maximum queue length of 129–256 bytes creates two 128-byte buffers for the queue. When setting very small queue thresholds. Packets and cells consume at least one buffer. and the 8000 queues with the default buffer weight strictly partition 25 percent of the 32-MB memory. Therefore. ! ! ! Color-Based Thresholding Packets within the router are tagged with a drop precedence: ! ! ! Committed—Green Conformed—Yellow Exceeded—Red When the queue fills above the exceeded threshold. all the queue thresholds increase proportionally. then either two packets of 64–128 bytes in length or a single packet of 129–256 bytes can be queued.JUNOSe 6. NOTE: All color-based thresholds vary in proportion to the dynamic queue length. the router queues only green packets. or 24:8). This use of thresholds is analogous to the way that shaping rates constrain bandwidth and cause bandwidth redistribution to unconstrained queues. these queues have committed thresholds of 1 KB each. As the egress memory becomes progressively less loaded. a 64-byte packet consumes a single 128-byte buffer.1. dynamic oversubscription is 0 percent.

1. set a minimum queue length. (Optional) Set the conformed drop threshold as a percentage of the committed threshold. (Optional) Set the exceeded drop threshold as a percentage of the committed threshold. (Optional) Set a minimum or maximum queue length for exceeded packets. Set the queue lengths as follows: ! To oversubscribe buffer memory. host1(config-queue)#buffer-weight 16 3. host1(config-queue)#conformed-fraction 60 7. If you do not set the queue lengths. and the constraints on queue lengths. set a maximum queue length. set a maximum queue length. (Optional) Set a minimum or maximum queue length for committed packets. (Optional) Set the buffer weight of the queue. host1(config-queue)#exceeded-length 9000 10000 6. then the egress buffer memory is oversubscribed. the drop thresholds. host1(config-queue)#conformed-length 10000 14000 5. To limit the buffering in queues. host1(config-queue)#exceeded-fraction 40 Queue Profiles ! 103 . Create a queue profile and enter Queue Configuration mode. the router varies the queue length dynamically between 1 KB and 7 MB.Chapter 2: Configuring Quality of Service Configuring Queue Profiles A queue profile controls the buffering and dropping behavior of a set of egress queues by letting you set the buffer weight of the queue. (Optional) Set a minimum or maximum queue length for conformed packets. ! ! To guarantee a minimum level of buffering. host1(config)#queue-profile video host1(config-queue)# 2. host1(config-queue)#committed-length 11000 15000 4. NOTE: If the sum of the queue minimum lengths is greater than the amount of egress buffer memory.

The conformed-length command sets a minimum or maximum queue length for conformed packets. 8. You can set minimum and maximum constraints.x Policy and QoS Configuration Guide buffer-weight ! Use to set the buffer weight of the queue. By default.JUNOSe 6. Example host1(config-queue)#buffer-weight 16 ! ! ! Use the no version to return the buffer weight to the default. there is no minimum or maximum length. For both. The committed-length command sets a minimum or maximum queue length for committed packets.1. conformed-fraction exceeded-fraction ! Use to set the conformed and exceeded drop thresholds as a percentage of the committed threshold. or exceeded packets. 104 ! Queue Profiles . the default is 8. ! ! exceeded fraction: range is 0–100. The range is 1–63. default is 25 conformed fraction: range is 0–100. default is 50 ! Example host1(config-queue)#exceeded-fraction 30 ! Use the no version to return the fraction to its default setting. The exceeded-length command sets a minimum or maximum queue length for exceeded packets. conformed. The color for exceeded packets is red. Queues with a buffer weight of 16 are twice as long as queues with a buffer weight of 8. committed-length conformed-length exceeded-length ! Use to set minimum or maximum constraints on queue lengths for committed. the range of lengths is 0–1 GB. The color for conformed packets is yellow. Example host1(config-queue)#committed-length 8000 10000 ! ! ! ! ! ! Use the no version to remove constraints on the queue length. The color for committed packets is green.

Drop Profiles Drop profiles control the dropping behavior of a set of egress queues. such as TCP.Chapter 2: Configuring Quality of Service queue-profile ! ! ! Use to configure a queue profile and enter Queue Configuration mode. You can configure 16 queue profiles on a router. tail dropping occurs when the length of a queue exceeds a threshold. You can combine drop profiles and queue profiles within a queue rule of a QoS profile to specify up to 256 unique queuing behaviors within the router. Drop profiles allow you to employ active queue management by specifying RED/WRED parameters to be applied to an egress queue. By default. Drop Profiles ! 105 . RED and WRED monitor average queue length over time to detect incipient congestion. and tail dropping on a large number of flows results in global synchronization. Congestion of an egress queue occurs when the rate of traffic destined for the queue exceeds the rate of traffic draining from the queue. You can then associate these queuing behaviors in any combination with any of the egress queues. the queue fills to its limit. the maximum percentage of packets to drop. Example host1(config)#queue-profile video host1(config-queue)#exit host1(config)#queue-profile multicast host1(config-queue)#exit host1(config)#queue-profile internet host1(config-queue)# ! Use the no version to remove the queue profile. The intent is to trigger TCP congestion avoidance in a random set of TCP flows before congestion becomes severe and causes tail dropping on a large number of flows. that the router is becoming congested along a particular egress path. Tail dropping can lead to TCP slow-starts. and sensitivity to bursts of packets. and any further traffic destined to it must be discarded until there is room in the queue. They define the range within the queue where RED operates. WRED is an extension to RED that allows you to assign different RED drop profiles to each color of traffic. The purpose of RED and WRED is to signal end-to-end protocols.

1.x Policy and QoS Configuration Guide How RED Works The scheduler maintains an average queue length for each queue configured for RED. When a packet is enqueued. Figure 4: Packets Dropped as Queue Length Increases Drop none 100% Drop randomly Drop all Maximum drop probability Drop profile maximum minimum 0% 0 Average queue length queue limit Configuring RED To configure RED. host1(config-drop-profile)#average-length-exponent 9 3. Figure 4 shows this behavior. ! Small exponent values weight the current queue length heavily.JUNOSe 6. perform the following steps: 1. RED begins randomly dropping packets. so the average queue length is more responsive to transient bursts. up to the maximum drop probability. the current queue length is weighted into the average queue length based on the average-length exponent in the drop profile. (Optional) Set the minimum and maximum threshold for committed traffic. host1(config)#drop-profile internetDropProfile host1(config-drop-profile)# 2. RED drops packets with increasing frequency. When the average queue length exceeds the maximum drop threshold. so the average queue length is less responsive to bursts. all packets are dropped. Create a drop profile and enter Drop Profile Configuration mode. Set the average-length exponent. ! When the average queue length exceeds the minimum threshold. As the average queue length increases toward the maximum threshold. Large exponent values weight the current queue length lightly. host1(config-drop-profile)#committed-threshold percent 30 90 4 106 ! Drop Profiles g013618 .

(Optional) Set the minimum and maximum threshold for conformed traffic. Too low a value can cause overreaction to short bursts. which specifies the exponent used to weight the average queue length over time. accommodating short bursts without dropping. Example host1(config)#drop-profile dp1 host1(config-drop-profile)# ! Use the no version to remove the drop profile. committed-threshold conformed-threshold exceeded-threshold ! Use to specify the minimum and maximum queue thresholds and maximum drop probability for WRED. controlling WRED responsiveness. host1(config-drop-profile)#conformed-threshold percent 25 90 5 5. Too large a value can smooth the average to the point that WRED does not react at all. A higher value smooths out the average and slows WRED reaction to congestion and decongestion. Specifying an average-length exponent enables the RED average queue length computation. The thresholds specify a linear relationship between average queue length and drop probability. or as absolute byte values by omitting the keyword. drop-profile ! ! ! Use to configure a drop profile. Example host1(config-drop-profile#committed-threshold percent 10 20 30 ! ! ! ! Use the no version to remove the threshold. dropping packets unnecessarily. Drop Profiles ! 107 . (Optional) Set the minimum and maximum threshold for exceeded traffic.Chapter 2: Configuring Quality of Service 4. You can express thresholds as either percentages of maximum queue size by including the keyword percent. A lower value speeds up WRED reaction. host1(config-drop-profile)#exceeded-threshold percent 20 90 6 average-length-exponent ! Use to set the average-length exponent. You can configure up to 16 drop profiles. Example host1(config-drop-profile)#average-length-exponent 5 ! ! ! ! ! Use the no version to negate the average-length exponent.

you combine a drop profile that has a committed threshold configured with a queue profile that specifies the same queue length for committed.JUNOSe 6. if you specify a conformed threshold without an exceeded threshold. and configure RED so that packets are dropped without regard to color. The following drop profile enables the average queue length calculation. configure RED for colored traffic. By default. conformed and exceeded traffic is treated like committed traffic. and maximum drop probability for each color of traffic.x Policy and QoS Configuration Guide RED Configuration Examples This section describes how to configure the RED average queue length computation. conformed (yellow). The following drop profiles result in identical behavior: host1(config)#drop-profile colorblind1 host1(config-drop-profile)#committed-threshold percent 30 90 5 host1(config-drop-profile)#exit host1(config)#drop-profile colorblind2 host1(config-drop-profile)#committed-threshold percent 30 90 5 host1(config-drop-profile)#conformed-threshold percent 30 90 5 host1(config-drop-profile)#exit host1(config)#drop-profile colorblind3 host1(config-drop-profile)#committed-threshold percent 30 90 5 host1(config-drop-profile)#conformed-threshold percent 30 90 5 host1(config-drop-profile)#exceeded-threshold percent 30 90 5 Configuring Color-Blind RED You can configure RED so that packets are dropped without regard to color.1. reference the drop profile within a QoS profile. Configuring Average Queue Length To enable calculation of average queue length. To do so. create a drop profile with a nonzero average-length exponent. if you specify only a committed threshold. conformed. Similarly. conformed threshold and exceeded threshold take the same values as the committed threshold. exceeded traffic is treated like committed traffic. 108 ! Drop Profiles . as shown in Figure 5. and exceeded (red) packets by specifying a minimum queue threshold. Therefore. but does not initiate RED dropping behavior: host1(config)#drop-profile averageOnly host1(config-drop-profile)#average-length-exponent 10 Configuring Thresholds You can specify different dropping behavior for committed (green). maximum queue threshold. and attach the QoS profile to an interface. and exceeded packets.

When the average queue length is greater than 90 percent. the drop profile and queue profile combine to specify the following: ! When the average queue length is between 30 percent full (30 KB) and 90 percent full (90 KB). Therefore. the drop profile and queue profile combine to specify the following: ! When the average queue length is between 30 percent full (30 KB) and 90 percent full (90 KB). up to 5 percent of the packets are randomly dropped regardless of their color.5 KB Yellow packets when the average queue length is between 15 KB and 45 KB Green packets when the average queue length is between 30 KB and 90 KB Drop Profiles ! 109 . all packets are dropped regardless of color. the router randomly drops: ! ! ! Red packets when the average queue length is between 7. you can specify color-blind RED in combination with a color-sensitive queue profile. In this case. as shown in Figure 6. Figure 6: Color-Blind RED Drop Profile with Color-Sensitive Queue Profile Queue Drop % Maximum threshold g013616 Queue limits In the example below.Chapter 2: Configuring Quality of Service Figure 5: Color-Blind RED Drop Profile with Colorless Queue Profile Queue Drop % g013617 Queue limits Maximum threshold In the following example.5 KB and 22. the maximum queue length is 100 KB for green packets. host1(config)#drop-profile nocolor host1(config-drop-profile)#committed-threshold percent 30 90 5 host1(config-drop-profile)#exit host1(config)#queue-profile colorless host1(config-queue)#committed-length 100000 100000 host1(config-queue)#conformed-fraction 100 host1(config-queue)#exceeded-fraction 100 ! To achieve the same drop treatment for each color. up to 5 percent of the packets are dropped randomly. and 25 KB for red packets. 50 KB for yellow packets.

different drop behavior for each queue. RED and dynamic queue thresholds. the router drops: ! ! ! Red packets when the average queue length is greater than 22. Exceeded traffic is dropped over a wider range and with greater maximum drop probability than conformed or committed traffic. all packets are dropped. Committed means green. the router drops red packets. but still queues yellow and green packets. As previously discussed. Configuring Different Treatment of Colored Packets Figure 7 shows a WRED drop profile that yields progressively more aggressive drop treatment for each color. The router assigns a color to each packet.1.5 KB Yellow packets when the average queue length is greater than 45 KB Green packets when the average queue length is greater than 90 KB host1(config)#drop-profile colorblindRed host1(config-drop-profile)#committed-threshold percent 30 90 5 host1(config-drop-profile)#exit host1(config)#queue-profile colorSensitive host1(config-queue)#committed-length 100000 100000 How WRED Works WRED is an extension of RED that allows you to assign different RED drop thresholds to each color of traffic. the router queues only green packets. The commands to configure this example are: host1(config)#drop-profile wredColored host1(config-drop-profile)#committed-threshold percent 30 90 3 host1(config-drop-profile)#conformed-threshold percent 25 90 5 host1(config-drop-profile)#exceeded-threshold percent 20 90 10 110 ! Drop Profiles . conformed means yellow.JUNOSe 6.x Policy and QoS Configuration Guide ! When the average queue length is greater than 90 percent of the maximum queue length. Configuring WRED You configure WRED by creating a drop profile using the same steps in Configuring RED on page 106. and exceeded means red. WRED Configuration Examples This section shows how to configure different treatment of colored packets. you can configure E-series RED by using a subset of its QoS capabilities. Conformed traffic is dropped over a wider range and with greater maximum drop probability than committed traffic. When the queue fills above the conformed drop threshold. When the queue fills above the exceeded threshold. and average queue lengths for WRED. The main difference between RED and WRED is that WRED deals with different colored packets. Therefore.

Chapter 2: Configuring Quality of Service Figure 7: Different Treatment of Colored Packets Queue Drop % Maximum threshold g013615 Queue limits Defining Different Drop Behavior for Each Traffic Class You can define different dropping behaviors for each traffic class in the router. Figure 8 shows an example that classifies packets into one of four traffic classes. Figure 8: Defining Different Drop Behavior for Each Queue Traffic class 1 queue Drop % Flow 1 Flow 2 Flow 3 Classifier marker Drop % Queue limits Traffic class 3 queue Queue limits Traffic class 2 queue DWRR scheduler Port Flow 4 Flow 5 Flow N Drop % Queue limits Priority queue Strictpriority scheduler g013614 Drop Profiles ! 111 . Each traffic class has a different queueing behavior. By doing so. you can assign less aggressive drop profiles to higher-priority queues and more aggressive drop profiles to lower-priority queues. drop treatment. and scheduler treatment.

To configure WRED to run on queues whose limits dynamically expand and contract. and contract to strictly partition memory when memory utilization is high. Fixed-size queues become problematic as the number of configured queues scales into the thousands. by default. ! As shown in Figure 9. However. you use queues as follows: ! Fixed-size queues on core routers and core-facing interfaces where the number of queues is relatively small (tens or hundreds. In general.1. and you can configure the router to use fixed-size queues. the router employs dynamic queue thresholds to provide a good balance between sharing the egress buffer memory between queues and protecting an individual queue’s claim on its fair share of the egress memory. Figure 9 illustrates WRED behavior with dynamic queue thresholding. but not thousands).x Policy and QoS Configuration Guide RED and Dynamic Queue Thresholds RED typically operates on fixed-size queues.JUNOSe 6. because allocating disjointed partitions of buffer memory to each queue means the allocations become quite small. For example: host1(config)#drop-profile internetDropProfile host1(config-drop-profile)#average-length-exponent 9 host1(config-drop-profile)#committed-threshold percent 30 90 4 host1(config-drop-profile)#conformed-threshold percent 25 90 5 host1(config-drop-profile)#exceeded-threshold percent 20 90 6 112 ! Drop Profiles . queue lengths extend to oversubscribe memory when aggregate memory utilization is low. Dynamic queues on edge-facing interfaces where the number of queues is relatively large (thousands). Dynamic queue thresholds are discussed in Queue Profiles on page 100. Dynamic thresholding enforces fairness when free buffers are scarce and promotes sharing when buffers are plentiful. and most likely not all queues are simultaneously active. use the percent keyword when you configure thresholds in a drop profile.

Chapter 2: Configuring Quality of Service Figure 9: WRED and Dynamic Queue Thresholding Drop % Queue Queue limits Region 0 Maximum threshold Drop % 1 Queue limits Drop % 2 Queue limits Drop % 3 Queue limits Drop % 4 Queue limits Drop % 5 Queue limits Drop % 6 Queue limits Drop % 7 Queue limits Drop % Queue limits All packets dropped 8 g013613 Drop Profiles ! 113 .

hierarchical or assured rates. second-level node. relative weights. ! The scheduler supports hierarchical and static assured rates. This selection is also based on the allocated bandwidth. and queue. The scheduler then selects a second-level node from the group of nodes that are stacked above the selected first-level node. 114 ! Scheduler Profiles g014334 . the queues feeding a physical port are organized in a hierarchy. and shaping rates on all three levels of the hierarchy: first-level node.2 ATM 2/0. the scheduler uses shaping rates. Finally. The bandwidth delivered from a given node or queue is a function of the shaping rate and either the assured rate or relative weight: ! When the scheduler is not congested. At each level in the hierarchy.1 ATM 2/0. Figure 10 is an example of a QoS scheduler’s hierarchy.x Policy and QoS Configuration Guide Scheduler Profiles The egress line module scheduler is an HRR scheduler.2 Scheduler level 2 (Bandwidth management) (Default group) Strict-priority group Scheduler level 1 ATM 2/0 port As shown in Figure 10. and relative weights to determine the allocated bandwidth: ! ! The scheduler selects a first-level node based on the allocated bandwidth. The shaping rate specifies the maximum bandwidth to the node or queue.JUNOSe 6.1 ATM 2/0. the scheduler selects a queue from the group of queues stacked above the second-level node. Figure 10: QoS Scheduler Hierarchy Besteffort traffic class Lowloss I traffic class Besteffort traffic class Lowloss I traffic class Lowlatency I traffic class Lowlatency II traffic class Lowlatency I traffic class Lowlatency II Queues/traffic classes traffic (Buffer management) class Scheduler level 3 ATM 2/0. the shaping rates determine which node or queue can claim the bandwidth.1.

the weight setting is used to determine the bandwidth. The static assured rate specifies the desired bandwidth. all adjustments are made in proportion to the original assured-rate specification. to ensure that a queue receives its specified assured rate. this amount would also be allocated to the two nodes at the 2-to-1 ratio. Therefore. the scheduler dynamically adjusts the amount of allocated bandwidth for service delivery based on the sum of the assured rates of all child nodes and queues.or undersubscribed. and the weight setting is ignored. NOTE: For E-series ASIC modules. either the hierarchical or static assured rate or the weight specifies the minimum bandwidth. Scheduler Profiles ! 115 . If the assured rate is zero. ! If the scheduler is configured to use a static assured rate and the assured rate is other than none (the default). a queue is guaranteed to receive its assured rate only when its parent node is configured with an assured rate that equals the sum of all its child assured rates. this complicated manual recalculation process becomes unreasonable and virtually impossible. For example. if the bandwidth were oversubscribed and only 30 Mbps were available. Similarly. you might use HAR to increase the effective weight of an ATM-VC scheduler node when a video queue is created. it is used to determine the allocated bandwidth. HAR replaces the manual recalculation process by directing the router to dynamically calculate the assured rate for a scheduler node based on the sum of the assured rates of all its child nodes and queues. with Node A getting 20 Mbps and Node B getting 10 Mbps. you must frequently recalculate the assured rates on all parent nodes in the queue’s hierarchy. strict priority is supported only for a single first-level scheduler node. For a description of hierarchical assured rate (HAR). When you use static assured rates. ! If the scheduler is configured to use hierarchical assured rate. This rate is guaranteed until the bandwidth becomes oversubscribed. if Node A is configured to receive 40 Mbps and Node B receives 20 Mbps. Eventually. This recalculation is necessary because of the number of scheduler nodes and queues that may be dynamically created or deleted through applications such as bandwidth-on-demand. any available bandwidth above the subscribed total of 60 Mbps would be allocated to the two nodes at the same 2-to-1 ratio.Chapter 2: Configuring Quality of Service ! When the scheduler is congested. ! For example. The assured rate also specifies that if bandwidth is over. see Hierarchical Assured Rate on page 115. Hierarchical Assured Rate The JUNOSe hierarchical assured rate (HAR) feature provides a more powerful and efficient method of configuring assured rates than static assured rates. and to later restore the effective rate of the node when the video queue is deleted.

The VCs share equal portions of their parent VP's bandwidth.x Policy and QoS Configuration Guide HAR is applicable only to level 1 and level 2 scheduler nodes. (Optional) Set the effective weight of the scheduler node or queue. or an HAR. which have only a data queue. host1(config-scheduler-profile)#assured-rate 56000 116 ! Scheduler Profiles g013391 . (Optional) Set the shaping rate of the scheduler node or queue in bits per second. The VP nodes are in turn stacked over an OC-3 ATM port. and enter Scheduler Profile Configuration mode. host1(config-scheduler-profile)#shaping-rate 128000 3. Create a scheduler profile. However. the changes take place immediately. VCs. Each VC has a best-effort data queue. and is not applicable to queues or ports. The bandwidth of sibling VC nodes. When you disable HAR. is decreased in equal proportions. host1(config)#scheduler-profile sp-1mbs host1(config-scheduler-profile)# 2. In the example. a static assured rate. when the video queue is added to VC2. you can set the HRR weight. are stacked over virtual path (VP) nodes. HAR enables VC2's share of the VP bandwidth to increase in proportion to the 1-Mbps video queue that was created. perform the following steps: 1. Figure 11 shows an application of HAR for VC nodes. When you configure HAR.1. Figure 11: Hierarchical Assured Rate Best-effort data AR = 20 Kbps Best-effort data AR = 20 Kbps Video AR = 1 Mbps Best-effort data AR = 20 Kbps VC1 VC2 VCn VP VP VP OC3 Configuring Scheduler Profiles To configure a scheduler profile.JUNOSe 6. the scheduler node’s previous weight is restored. which are configured for HAR. which currently has an assured rate of 20 Kbps.

The router supports up to 1. The router rounds the rate to the next higher 8 Kbps. Example host1(config-scheduler-profile)#assured-rate 128000 ! ! Use the no version to delete the assured rate and revert to using the HRR weight specification. the range is 0–522240. Specifying 0 enables the router to select an applicable default value. traffic shaping is replaced with the rate-shaping feature. the default is none (no assured rate). Example host1(config-scheduler-profile)#assured-rate hierarchical ! ! ! For a static assured rate. Example host1(config)#scheduler-profile sp-1mbs host1(config-scheduler-profile)# ! ! ! Use the no version to remove the scheduler profile. default is no shaping rate. ! Scheduler Profiles ! 117 .000 scheduler profiles. scheduler-profile ! Use to configure a scheduler profile and enter Scheduler Profile Configuration mode. Use the hierarchical keyword to specify that the HAR is used for scheduler nodes (HAR is not used for queues or ports). assured-rate ! Use to set the assured rate of the scheduler node or queue. Shaping rate range is 64000–1000000000 bps (64 Kbps to 1 Gbps). shaping-rate ! ! Use to set the shaping rate of the scheduler node or queue in bits per second. host1(config-scheduler-profile)#strict-priority NOTE: If you configured traffic shaping through traffic shape profiles in JUNOSe releases before 4. HAR dynamically adjusts the available bandwidth for a scheduler node based on the creation and deletion of other scheduler nodes. Burst is the catch-up number associated with the shaper. If the assured rate setting is other than none (the default). which is configured when you configure a scheduler profile.0.Chapter 2: Configuring Quality of Service 4. specify the bits per second value in the range 25000–1000000000 bps (25 Kbps to 1 Gbps). then the assured rate is used instead of the HRR weight setting for the scheduler node or queue. (Optional) Set strict-priority scheduling.

In this scenario. QoS supports up to five user-configurable. Shared Shaping In the JUNOSe QoS implementation. The weight value is used when there is no assured rate set. With the factory default configuration. Traffic classes in a traffic-class group are queued through a scheduler hierarchy dedicated to that group. Traffic classes that do not belong to any named group are considered to belong to the default traffic-class group. Shared shaping is a mechanism for shaping a logical interface's aggregate traffic to a rate when the traffic for that logical interface is queued through more than one scheduler hierarchy. Shared shaping is typically enabled on the access-facing line module. Example host1(config-scheduler-profile)#weight 8 ! ! Use the no version to return to the default weight. but you can enable the feature for any interface type recognized by QoS. When less voice and video traffic is being forwarded. 8.x Policy and QoS Configuration Guide ! Example host1(config-scheduler-profile)#shaping-rate 128000 burst 32767 ! Use the no version to delete the shaping rate. 118 ! Shared Shaping . video. and data traffic on a single ATM VC. which is discussed in Relative Strict-Priority Scheduling on page 184. the data traffic needs to be dynamically shaped so that its rate matches the bandwidth available after the voice and video bandwidth requirements are met. weight ! ! Use to set the HRR weight of the scheduler node or queue.JUNOSe 6. you configure a traffic-class group to create a separate scheduler hierarchy. then the data traffic should expand to fill the line rate. on any line module and any JUNOSe router. Example host1(config-scheduler-profile)#strict-priority ! Use the no version to delete the strict-priority setting. named traffic-class groups.1. The video traffic and the voice traffic are placed in separate scheduler hierarchies from the data traffic to provision the low latency that is required for voice traffic and the higher bandwidth that is required for video traffic. a service provider may configure QoS for voice. For example. the best-effort traffic class is in the default traffic-class group. Weight 0 (zero) is a special weight used for relative strict-priority scheduling. The weight value is in the range 0–4080. strict-priority ! ! Use to set strict-priority scheduling for the scheduler node.

the SAR backpressures the VC node in the default traffic-class group. the shared shaper is said to be queue controlled. The shared-shaping rate is the total bandwidth for the logical interface. providers need to configure shared shaping on more than just ATM VCs. In the absence of voice and video traffic. For example. when a heavily oversubscribed VP becomes congested. Simple Shared Shaping Simple shared shaping shapes the best-effort node or queue associated with a logical interface to a shared rate. thus sharing the bandwidth. How Shared Shaping Works You can configure the shared-shaping rate on either the best-effort scheduler node or the best-effort queue for the logical interface. providers can use the SAR to implement bandwidth sharing for VCs. When the SAR is operating in default mode (that is. Shared Shaping ! 119 . so that shared shaping of excess bandwidth is moot. The bandwidth for the voice and video queues is determined by the configuration of the hierarchical scheduler. The data traffic is usually queued in the best-effort traffic class in the default traffic-class group. depending on your hardware. The constraints of both the legacy hierarchical scheduler and the shared shaper affect the bandwidth of scheduler objects. but traffic that is queued through a named traffic-class group is unaffected by VC backpressure. when the no qos-mode-port command is in effect). Once per second. When voice and video traffic start streaming. the legacy scheduler is dominant. Compound shared shaping is a hardware-assisted mode that controls bandwidth for all scheduler objects associated with the subscriber logical interface. Two types of shared shaping are available. the shared shaper is said to be node controlled. If you specify shared shaping for the best-effort queue. and shapes the best-effort queue for the data traffic to the shared rate minus the video and voice queue rates. the simple shared shaper calculates the combined rate of the voice and video queues for the logical interface. The shared shaper implemented in the HRR scheduler can support shared shaping for all these different configurations. The router locates the queues in named traffic-class groups that are associated with the logical interface and shapes that set of queues to the shared rate. the VC runs data traffic at the shared rate. If you specify shared shaping for the best-effort node. The shared shaper limits the bandwidth even when the port or VP is not congested. The shared shaper does not actively manage the video and voice queues. the legacy hierarchical scheduler may limit the VP bandwidth to a lower rate. However. and there is no SAR on Ethernet line modules. When the port or VP is congested. The SAR cannot support shared shaping per virtual path on ATM. A typical configuration places the low-latency voice traffic in the auto-strict-priority traffic-class group and video traffic in a separate extended traffic-class group. the SAR backpressures just the VC node in the default traffic-class group.Chapter 2: Configuring Quality of Service Sharing Bandwidth with the SAR On ATM line modules. Simple shared shaping can shape the best-effort node or queue associated with a logical interface to a shared rate.

Because the voice.x Policy and QoS Configuration Guide Simple Shared Shaping Example In Figure 12.JUNOSe 6. and video. VC 1 is configured for voice and data. ! ! 120 ! Shared Shaping g014335 Port . the shared shaper is queue controlled.1. the legacy scheduler can still allocate bandwidth to queues above the best-effort node based on their relative weights. Figure 12: Simple Shared Shaping Voice TC voice Voice TC voice Video TC video Video TC video Data TC best-effort Data TC best-effort Data TC best-effort VC 1 Group EF VC 3 Group EF VC 2 Group AF VC 3 Group AF VC 1 Default group VC 2 Default group * VC 3 Default group Group EF Group AF * TC = traffic class Group = traffic-class group = best-effort scheduler node for VC 2 Port = logical interface Simple Shared Shaping on the Best-Effort Scheduler Queue If you configure shared shaping for the best-effort queue. The shared shaper is configured on the best-effort node or queue for VC 1. even if they are for interfaces stacked above the shared shaper logical interface. Queues stacked above the best-effort node will still be shaped. VC 3 is configured for data. you must use the shared shaper to shape the logical interface aggregate to a single rate. In this example. and data queues are stacked in separate scheduler hierarchies. video. The best-effort traffic class remains outside any traffic-class group. The EF traffic-class group contains the voice traffic class. Node-controlled shared shaping is generally preferable for the following reasons: ! With this configuration. the AF traffic-class group contains the video traffic class. the corresponding voice queue for VC 1 shares the configured rate. voice. the shared-shaping rate for ATM VCs and VPs is also applied in the SAR. VC 2 is configured for data and video. For ATM in low-CDV mode.

the shaping rates of the VC nodes in each group were added together. the router synchronizes the SAR rate for a VC or VP to the shared-shaping rate for the best-effort scheduler node for the VC or VP. This implementation forced a strict-priority carve-out model for a logical interface. If you are configuring VC shared shaping and the SAR is operating in low-CDV mode.1. Shaping the best-effort scheduler node for the VP has the effect of shaping all the VC best-effort queues for that VP.Chapter 2: Configuring Quality of Service Simple Shared Shaping on the Best-Effort Scheduler Node If you have a second traffic class for data in addition to the best-effort data traffic class. low-CDV mode causes SAR shaping of VCs and VPs only when you specify the shared-shaping-rate command for the best-effort VC or VP node in the HRR scheduler. If you configured multiple scheduler nodes for a VC or VP.1. the router added together the shaping rates for each scheduler node and shaped the corresponding VC or VP tunnel in the SAR to the sum of the rates. This is known as node-controlled shared shaping.1. This behavior implements a carve-out model for scheduling into VPs and VCs and generally is not as desirable as the shared shaping model supported in JUNOSe 6. then the shared shaper may have a tendency to starve the best-effort queue in favor of the second data queue. the hierarchical scheduler will allocate bandwidth between multiple data queues based on their relative weight and assured rate. you should configure shared shaping on the best-effort scheduler node for the VP. A shared shaper configured on the best-effort queue does not trigger the matching shaper in the SAR. In those releases. In this scenario. If you configure the shared-shaping rate on the best-effort queue. If you are configuring VP shared shaping. because the best-effort traffic cannot share unused bandwidth from the strict-priority traffic-class group. one for the best-effort traffic class and the other for the second data traffic class. The same algorithm was used for shaping VP tunnels in the SAR—the shaping rates of all VP nodes in the hierarchical scheduler were added together to shape the VP tunnel in the SAR. JUNOSe releases before 6. Beginning with the JUNOSe 6. This enables you to retain the advantages of per-VC queuing in the hierarchical scheduler.0. you should configure shared shaping on the best-effort scheduler node. and the corresponding VC queue in the SAR was shaped to the sum. two weighted queues are stacked above the best-effort scheduler node. so that the default behavior for low-CDV mode becomes shared shaping. The router sets the SAR shaper for the VC or VP to match the shared-shaping rate on VC and VP nodes in the hierarchical scheduler.0 had a different behavior when multiple traffic-class groups were configured in low-CDV mode.0 implemented a carve-out scheduling model. this is usually the desired behavior. Shared Shaping ! 121 . Beginning with JUNOSe 6.0 release. Shared Shaping and Low-CDV Mode JUNOSe releases before 6.0 and higher releases. you generally should configure the shared-shaping rate on the best-effort scheduler node for the VP or VC. Applying shared shaping to the best-effort queue does not synchronize the rate for the corresponding VC or VP in the SAR.0. If you instead configure the shared-shaping rate on the best-effort node.

the ATM VC node might be an active constituent. With implicit selection. on the order of milliseconds. This capability makes it possible to implement hierarchical shared shaping by configuring shared shaping on VP nodes and simultaneously configure shared shaping for the VC queues stacked above the node. then the ATM VC node is inactive. For example. In this case. Thus it can manage voice and video queues in addition to data queues. Compound shared shaping can shape scheduler nodes in addition to scheduler queues. but compound implicit shared shapers activate the nodes in the named groups. QoS shapes the aggregate of traffic for the logical interface that owns the best-effort queue or node. For example. The nodes and queues owned by the interface are called the constituents of the shared shaper instance.x Policy and QoS Configuration Guide Compound Shared Shaping Compound shared shaping is a hardware-assisted mode that can control bandwidth for all scheduler objects associated with the subscriber logical interface. 122 ! Shared Shaping . the CLI displays the following message: host1config)#ERROR 02/08/2005 14:06:36 qos: line card in slot 11: EFA2 hardware not installed. Compound shared shaping responds to changes in traffic rates more rapidly than simple shared shaping. you configure a shared-shaping rate on the best-effort node or queue and QoS locates the other constituents automatically.1. Implicit constituent selection is the easier of the two methods and works well for most cases. if the logical interface type is VC. If you configure a compound shared shaper on hardware that does not support it. The mechanism that determines which constituents are considered active differs for simple and compound shared shapers. Active constituents are those that are actively controlled by the shared shaper mechanism. making the queues inactive constituents of the shared shaper. If the ATM VC queues are the active constituents. Shared shaping supports both implicit and explicit constituent selection. Inactive constituents are those that are not controlled. so that the shared rate cannot be exceeded. the queues stacked above the node are shaped to the shared rate indirectly by the hierarchical scheduler. 1 compound shared shaper(s) converted to simple.JUNOSe 6. QoS automatically converts the erroneously configured compound shared shaper to a supported simple shared shaper. QoS locates the queues and nodes owned by that logical interface and applies the shared shaper to them. when ATM VC queues are stacked above an ATM VC node. simple implicit shared shapers activate the queues in named traffic-class groups. the constituents are all VC objects: VC nodes and VC queues. Shared Shaping Constituents When you specify a shared-shaping rate on a best-effort node or queue. A shared-shaping rule in a profile can apply to up to eight constituents. Generally.

The other case for inactive constituents is when you use explicit constituent selection and some of the nodes and queues are explicitly not included in the shared shaper. For more information and examples about implicit selection. For both of these situations. Shared Shaping ! 123 . queues above that node are not active constituents. Active constituents of the compound shared shaper can be nodes or queues. If you want instead to shape a subset of the queues for a subscriber to the shared rate. Active constituents are selected either implicitly by QoS or explicitly by the user. This method is appropriate for the mainstream case where the intent is to shape all subscriber queues to the shared rate. see Explicit Constituent Selection on page 131. but want video traffic to be exempt from the shared shaping rate. For more information and examples about explicit selection. you specify only the shared-shaping rate and the logical interface. Explicit selection is also useful when you want queues as the active constituents instead of the node below them. Inactive constituents are queues that are stacked above an active node or nodes stacked below active queues. A node that is not a best-effort node cannot be an active constituent of the simple shared shaper. By choosing queues you can assign appropriate priority or weights. If you choose a node as an active constituent. the explicit selection process is appropriate. and the legacy scheduler indirectly controls the inactive constituents to achieve the shared rate. The router identifies the constituents associated with the logical interface type and their allocated bandwidth. see Implicit Constituent Selection on page 124.Chapter 2: Configuring Quality of Service Explicit selection is important if you want to shape a subset of the interface traffic to the shared rate. If you choose the best-effort node as an active constituent. To use implicit constituent selection. queues above it are not active constituents. An example of this is when you want the sum of best-effort and voice traffic to be shaped to the shared rate. Active constituents of the simple shared shaper can be the best-effort node and any queues in named traffic-class groups. the shared shaper controls the active constituents.

but it cannot activate scheduler nodes in the named traffic-class groups. The weight and priority attributes of the shared-shaping-constituent command are ignored. The best-effort queue is selected if you configure queue-based shared shaping. The best-effort node is selected if you configure node-based shared shaping. and so on. VP. because the simple shared shaper does not allocate bandwidth among constituents. For the compound shared shaper only. 4. The shared-shaping-constituent command does not affect constituent selection. Compound explicit—The software selects constituents based on the shared priority and shared weight configured with the shared-shaping-constituent command. VC. Non-best-effort queues are selected. 2.x Policy and QoS Configuration Guide Types of Shared Shapers The shared-shaping-constituent command in a scheduler profile specifies constituents and their attributes. the node is active and the queues stacked above it are inactive constituents. Logical interface types include IP. However. then the best-effort node is selected over the best-effort queue. ! ! ! Implicit Constituent Selection The implicit selection process for simple shared shaping operates according to the following rules: 1. the software supplies a shared priority consistent with the legacy scheduler configuration. Simple explicit—The software selects constituents based on the shared-shaping-constituent command. All nodes and queues for the same logical interface are potential constituents. Compound implicit—Constituents are selected automatically by the software. If you configure both.1. If a node exists in a given traffic-class group. instead it controls just the best-effort queue or node.JUNOSe 6. The command has two aspects. If no attributes are specified. the software configures that constituent with the shared priority and shared weight as indicated. For explicit constituent selection. Nodes in named groups are not constituents. The shared-shaping-constituent command is ignored. this command specifies scheduling attributes of shared shaping: the shared priority and the shared weight. 124 ! Shared Shaping . if the command is present for a constituent that was implicitly selected. A shared shaper can be one of the following four types: ! Simple implicit—Constituents are the best-effort node or queues. 3. this command specifies the constituents. The point at which the scheduler profile that contains a shared-shaping-rate command is associated with a best-effort node or best-effort queue determines the logical interface type that the shared shaper applies to. and all queues in named traffic-class groups. VLAN. The constituents in named groups are monitored but not controlled.

A node for that interface type is present and has a queue for that interface type stacked above it. the queue is not selected. VLAN. Figure 13: Implicit Constituent Selection for Compound Shared Shaper at Best-Effort Node Voice TC voice Voice TC voice Video TC video Video TC video Data TC best-effort Data TC best-effort Data TC best-effort VC 1 Group EF VC 3 Group EF VC 2 Group AF VC 3 Group AF A VC 1 Default group VC 2 Default group * VC 3 Default group Group EF Group AF * A = scheduler-profile a shared-shaping-rate 1000000 g014387 TC = traffic class Group = traffic-class group = best-effort scheduler node for VC 2 Port = logical interface Port Shared Shaping ! 125 . so the implicitly selected active constituents are the VC 2 default group node. In Figure 13. Now suppose a shared shaper is associated with a logical interface at the best-effort node. The point at which the scheduler profile that contains a shared-shaping-rate command is associated with a best-effort node or best-effort queue determines the logical interface type that the shared shaper applies to. VC. scheduler profile A includes a shared-shaping rule. Nodes are selected over queues. 2. and so on. and the VC 2 Group AF node. Nodes are selected over queues. Logical interface types include IP. because nodes are selected over queues. and a second shared shaper is simultaneously associated with the same interface at the best-effort queue. The constituents are all the scheduler objects associated with VC 2: VC 2 nodes and VC 2 queues. suppose a shared shaper is associated with a particular interface type.Chapter 2: Configuring Quality of Service The implicit selection process for compound shared shaping operates according to the following rules: 1. the node is selected as the constituent. and is associated with the best-effort node for VC 2. VP. 3. The node is selected and becomes an active constituent. the VC 2 Group EF node. All nodes and queues for the same logical interface are potential constituents. For example. In this case.

the VC 3 Group EF node. and the VC 3 Group AF node. Nodes are selected over queues. The VC 3 default group queue is selected instead of the VC 3 default group node because the shared shaper is associated with that best-effort queue. Figure 14: Implicit Constituent Selection for Compound Shared Shaper at Best-Effort Queue Voice TC voice Voice TC voice Video TC video Video TC video Data TC best-effort Data TC best-effort Data TC best-effort * VC 1 Default group VC 2 Default group VC 3 Default group VC 1 Group EF VC 3 Group EF VC 2 Group AF VC 3 Group AF B Group EF Group AF * TC = traffic class Group = traffic-class group = best-effort scheduler queue for VC 3 Port = logical interface B = scheduler-profile b shared-shaping-rate 1000000 126 ! Shared Shaping g014388 Port . scheduler profile B is associated with the best-effort queue for VC 3.x Policy and QoS Configuration Guide In Figure 14. so the implicitly selected active constituents for profile B’s shared shaper are the VC 3 default group queue. The constituents are all the scheduler objects associated with VC 3: VC 3 nodes and VC 3 queues.JUNOSe 6. This association indicates that the logical interface type being shared is VC.1.

or implicitly. the IP 1 TC voice queue. but includes a mixture of interface types: IP. Constituents are either priority constituents or weighted constituents. Finally. g014389 TC = traffic class Group = traffic-class group = best-effort scheduler queue for IP 1 Port = logical interface A = scheduler-profile a shared-shaping-rate 1000000 B = scheduler-profile b shared-shaping-rate 1000000 C = scheduler-profile c shared-shaping-rate 1000000 Shared Shaping ! 127 . The selected constituents then consist of the IP 1 best-effort queue. independent of the hierarchical scheduler. If only scheduler profile A is applied.Chapter 2: Configuring Quality of Service Figure 15 illustrates some other examples of implicit constituent selection. and VP. Figure 15: Implicit Constituent Selection for Compound Shared Shaper: Mixed Interface Types IP 1 TC best-effort VC 1 TC data VC 2 TC best-effort VC 3 TC best-effort IP 1 TC voice VC 1 TC voice VP 1 TC voice IP 1 TC video VC 1 TC video * A B VC 1 best effort VC 2 best effort VC 3 best effort VP 1 Group EF VP 1 Group AF VP 1 Default group Group EF Group AF C Port * Implicit Bandwidth Allocation for Compound Shared Shaping After selecting the implicit constituents for compound shared shaping. These attributes are specified either explicitly. the associated interface is VP 1. the router places the constituents in an order that determines how the constituents can claim a share of the available shared bandwidth. and the VP 1 Group AF node. The selected constituents then consist of the VC 1 best-effort node. The selected constituents then consist of the VP 1 default group node. If instead only scheduler profile B is applied. based on its own rules. the associated interface is VC 1. and the IP 1 TC video queue. VC. the VC 1 TC voice queue. The compound shared shaper mechanism actively allocates the bandwidth it receives from the hierarchical scheduler to each active constituent. the VP 1 Group EF node. the associated interface is IP 1. using the shared-shaper-constituent command. It does not reflect typical configurations. if only scheduler profile C is applied. and the VC 1 TC video queue.

The shared shaper has three active constituents: the best-effort node. With the shared shaper in effect. and the best-effort node the last priority. Strict constituents in the auto-strict-priority traffic-class group. and a video queue in an extended traffic-class group. the software selects attributes for the active constituents consistent with the hierarchical scheduler. The compound shared shaper orders constituents. Auto-strict nodes and queues have the highest priority. As a general way of predicting the scheduler behavior. For multiple strict-priority traffic-class groups. Nodes and queues in the default traffic-class group have the lowest priority. 2. subject to the bandwidth allocated to them by the hierarchical scheduler. You can issue the show traffic-class-groups command to view this order. Another view of the compound shared shaper mechanism is the following. bandwidth allocation order is the same order in which the additional strict traffic class groups were configured. bandwidth allocation order is the same order in which the traffic class groups were configured. Priority constituents are ordered according to their priority. and allocates shared bandwidth to them. weight and shaping rate are independent attributes that together determine bandwidth allocation. or deny. Priority constituents consume as much of the shared bandwidth as they can. the shared shaper assigns the voice queue all the 2MB. A deficit in either type of shaping will bound the bandwidth. the video queue the next priority.1. the legacy weights and shaping rates will dominate the scheduler outcome. For multiple extended traffic class groups. bandwidth to its constituents. suppose a compound shared shaper has a rate of 2 Mbps. You can issue the show traffic-class-groups command to view this order. if the physical port is congested because there are many queues and nodes competing in the hierarchical scheduler. and the shaper can deny that bandwidth when the shaping rate is reached. For compound implicit shared shaping. 128 ! Shared Shaping . there are two independent shaping rates that must be satisfied in order for the queue or node to dequeue. The video queue is less likely to drop. Strict constituents in extended traffic-class groups. Nodes and queues in extended traffic-class groups are next. In the legacy scheduler. The shared shaper can shape. When it implements compound implicit shared shapers. For example. The voice queue is unlikely to drop because it has highest priority in the hierarchical scheduler as well as highest priority within its shared shaper. a shared shaper configured for a logical interface will dominate the outcome for the traffic scheduled through that logical interface.x Policy and QoS Configuration Guide Compound shared shaper scheduling allocates bandwidth as follows. a voice queue in the auto-strict traffic-class group.JUNOSe 6. but you must still take care that the hierarchical scheduler is provisioned to allocate the proper assured bandwidth to video. The scheduler allocates bandwidth based on relative weights. according to the following rules: 1. but it cannot allocate assured bandwidth in the hierarchical scheduler. The weighted constituents subdivide the remaining shared bandwidth in proportion to their shared weights. If the hierarchical scheduler is not congested. again subject to the bandwidth allocated to them by the hierarchical scheduler.

the first four are treated as weighted constituents but the remainder are handled as strict constituents. 4. The sum of all constituent rate credits does not have to be less than the shared rate. which can consume bandwidth up to the legacy shaping rate or the shared-shaping rate. Shared Shaping ! 129 . Weighted constituents in the auto-strict-priority traffic class group. This behavior is the default. Weighted Compound Shared Shaping Example Weighted shared shaping is most useful for sharing bandwidth between traffic classes carrying TCP data. making them ineligible for legacy weighted scheduling. Strict constituents in the default group. or because the class is policed at some point in the path. Unlike strict constituents. 6. generating a warning message. Although a shared shaper can be applied to up to eight constituents. Individual strict constituents can be allocated any bandwidth value less than the shared rate. because it is often the case that a particular traffic class won't exceed a limit because of admission control. Best-effort data and premium data constituents are weighted. Strict constituents transmit traffic at a rate up to the lesser of their shared-shaping rate or the legacy shaping rate. Weighted constituents in extended traffic class groups. Figure 16 shows an application of weighted shared shaping where weighted constituents span multiple traffic class groups. 5. Individual constituent rates are not capped. weighted constituents share bandwidth with their peers solely in proportion to their shared-shaping-weight. If you configure more than four weighted constituents as part of the same shared shaper. A higher weight value grants the constituent a greater proportion of the available bandwidth. only four of these can be weighted constituents.Chapter 2: Configuring Quality of Service 3. Weighted constituents in the default group.

the VC 1 AF group node. Bandwidth is allocated as follows: ! The VC 1 EF group node is strict and can transmit up to the shared-shaping rate of 1Mbps. The VC 1 AF group node is weighted with the VC 1 best-effort node. the VC 1 AF group node can transmit 31/32nds of the available bandwidth when both constituents are competing for bandwidth. The implicitly selected constituents of the shared shaper are the VC 1 best-effort node. The sum of the constituent weights is 32. The sum of the constituent weights is 32. With a weight of 1. and the VC 1 EF group node. the VC 1 best-effort node can transmit 1/32 of the available bandwidth when both constituents are competing for bandwidth. ! ! 130 ! Shared Shaping g014388 .JUNOSe 6.x Policy and QoS Configuration Guide Figure 16: Weighted Shared Shaping Data TC best-effort Data TC best-effort Voice TC voice Voice TC voice Data Data TC premium data TC premium data A VC 1 best effort VC 2 best effort VC 1 Group EF VC 2 Group EF B VC 1 Group AF VC 2 Group AF Group EF Group AF TC = traffic class Group = traffic-class group Port = logical interface Port A = scheduler-profile a shared-shaping-rate 1000000 shared-shaping-constituent weight 1 B = scheduler-profile b shared-shaping-constituent weight 31 Scheduler profile A specifies the shared-shaping rate of 1Mbps for the best-effort node. The VC 1 best-effort node is weighted with VC 1 AF group node.1. which is associated with a VC logical interface. The node is further configured with a weight of 1. Any remaining bandwidth is available to the remaining constituents. With a weight of 31. Scheduler profile B specifies the VC 1 AF node as a weighted constituent with a weight of 31.

Table 18: Comparison of Implicit and Explicit Shared Shaping Implicit Shared Shaping ! To specify the logical interface for shared Explicit Shared Shaping ! To specify the logical interface for shared shaping. then the constituent is not active and is not shaped by the shared shaper. associate a scheduler profile that includes the shared-shaping-rate command or the shared-shaping-rate simple command with a best-effort node or queue shaping. ! If the scheduler profile associated with a constituent does not include this command. ! Active constituents are explicitly selected selected from all constituents according to the implicit shared shaping rules.Chapter 2: Configuring Quality of Service Explicit Constituent Selection If you want only a subset of the queues for a subscriber to be shaped to the shared rate. For compound shared shaping. Table 18 compares implicit and explicit shared shaping. Objects that are not explicitly selected are exempt from the shared shaper. then you must explicitly identify the desired constituents rather than accepting the implicitly selected constituents. only scheduler objects associated with a scheduler profile that includes a shared-shaping-constituent command are considered constituents. For a compound shared shaper. associate a scheduler profile that includes the shared-shaping-rate rate explicit-constituents command or the shared-shaping-rate rate simple explicit-constituents command with a best-effort node or queue ! Constituents consist of all nodes and queues ! Constituents consist of all nodes and queues for the same logical interface type. For compound shared shaping. you can further designate the explicit constituents as strict or weighted. include the explicit-constituents keyword with the shared-shaping-rate simple command in a scheduler profile that you associate with a best-effort node or queue to identify the logical interface. from all constituents by association with a scheduler profile that includes the shared-shaper-constituent command. ! Active constituents are automatically for the same logical interface type. omit the simple keyword. In the set of nodes and queues for a logical interface. explicit selection is also useful when you want queues as the active constituents instead of the node below them. Shared Shaping ! 131 . By choosing queues you can assign appropriate priority or weights. To identify the constituents for simple shared shaping.

By default. VC 1 AF node. 132 ! Shared Shaping . the association of the shared shaper with the VC 1 best-effort node would have selected the VC 1 best effort node. The shared-shaping-constituent command in each profile specifies that the associated object is an explicit constituent of the shared shaper. the VC 1 best effort node and the VC 1 Group EF node. and VC 1 EF node. Figure 17: Explicit Constituent Selection Data TC best-effort Data TC best-effort Voice TC voice Voice TC voice Video TC video Video TC video A VC 1 best effort VC 2 best effort VC 1 Group EF VC 2 Group EF B VC 1 Group AF VC 2 Group AF Group EF Group AF TC = traffic class Group = traffic-class group Port = logical interface Port g014386 A = scheduler-profile a shared-shaping-rate 1000000 compound explicit-constituents shared-shaping-constituent B = scheduler-profile b shared-shaping-constituent In this example. the VC 1 Group EF node. and the VC 1 Group AF node.x Policy and QoS Configuration Guide Explicit Shared Shaping Example In Figure 17.JUNOSe 6. these constituents are considered to be strict constituents with a priority of 8.1. If implicit selection rules were followed in this example. the VC shared shaper has two explicit constituents. two scheduler profiles are applied to scheduler objects VC 1 best effort node.

C.Chapter 2: Configuring Quality of Service Explicit Weighted Compound Shared Shaping Examples Figure 18 illustrates a case where scheduler profiles A. Weighted constituent that shares bandwidth with its weighted shared shaper siblings in a proportion of 3/10. B. Table 19 lists the explicit constituents of the shared shaper and the bandwidth allocated to each constituent: Table 19: Bandwidth Allocation for Case 1 Explicit Constituents Explicit Constituent VLAN 1 TC voice1 queue VLAN 1 TC voice2 queue VLAN 1 TC video queue VLAN 1 TC data queue VLAN 1 TC best-effort queue Bandwidth Allocation Strict constituent that can consume up to its legacy shaping-rate or the shared-shaping rate. Figure 18: Case 1: Explicit Constituent Selection with Weighted Constituents VLAN 1 VLAN 2 VLAN 2 VLAN 1 TC voice1 TC voice2 TC voice1 TC voice2 VLAN 1 VLAN 1 TC best-effort TC data VLAN 2 VLAN 2 TC best-effort TC data VLAN 1 TC video VLAN 2 TC video A B VLAN 1 Group BE C VLAN 1 Group EF VLAN 2 Group BE D VLAN 2 Group EF VLAN 1 Group AF E VLAN 2 Group AF Default group Group EF Group AF TC = traffic class Group = traffic-class group Port = logical interface Port A = scheduler-profile a shared-shaping-rate 1000000 compound explicit-constituents shared-shaping-constituent weight 1 B = scheduler-profile b shared-shaping-rate 1000000 compound explicit-constituents shared-shaping-constituent weight 3 C = scheduler-profile c shared-shaping-constituent weight 2 D = scheduler-profile d shared-shaping-constituent weight 4 E = scheduler-profile e shared-shaping-constituent weight 3 In Case 1. scheduler profile A associates the shared-shaping rate with the VLAN 1 best-effort queue. Weighted constituent that shares bandwidth with its weighted shared shaper siblings in a proportion of 2/10. g014384 Shared Shaping ! 133 . Weighted constituent that shares bandwidth with its weighted shared shaper siblings in a proportion of 4/10. Weighted constituent that shared bandwidth with weighted shared shaper siblings in a proportion of 1/10. D and E are applied to scheduler objects.

Weighted constituent that shares bandwidth with its weighted shared shaper siblings in a proportion of 4/10. Weighted constituent that shares bandwidth with its weighted shared shaper siblings in a proportion of 3/10. Y. scheduler profile B associates the shared-shaping rate with the VLAN 1 best-effort queue.1. Table 20 lists the explicit constituents of the shared shaper and the bandwidth allocated to each constituent: Table 20: Bandwidth Allocation for Case 2 Explicit Constituents Explicit Constituent VLAN 1 TC voice1 queue VLAN 1 TC voice2 queue VLAN 1 TC video queue VLAN 1 TC best-effort node Bandwidth Allocation Strict constituent that can consume up to its legacy shaping-rate or the shared-shaping rate.JUNOSe 6. Figure 19: Case 2: Explicit Constituent Selection with Weighted Constituents VLAN 1 VLAN 1 VLAN 2 VLAN 2 TC voice1 TC voice2 TC voice1 TC voice2 VLAN 1 VLAN 1 TC best-effort TC data VLAN 2 VLAN 2 TC best-effort TC data VLAN 1 TC video VLAN 2 TC video B VLAN 1 Group BE X VLAN 1 Group EF VLAN 2 Group BE Y VLAN 2 Group EF VLAN 1 Group AF Z VLAN 2 Group AF Default Group Group EF Group AF TC = traffic class Group = traffic-class group Port = logical interface Port B = scheduler-profile b shared-shaping-rate 1000000 compound explicit-constituents shared-shaping-constituent weight 3 X = scheduler-profile x shared-shaping-constituent weight 2 Y = scheduler-profile y shared-shaping-constituent weight 4 Z = scheduler-profile z shared-shaping-constituent weight 3 In Case 2. X. 134 ! Shared Shaping g014383 . Weighted constituent that shared bandwidth with weighted shared shaper siblings in a proportion of 3/10. and Z are applied to scheduler objects.x Policy and QoS Configuration Guide Figure 19 illustrates another case where scheduler profiles B. Each profile assigns a weight to an explicit constituent.

If you issue the keyword for modules that do not support compound shared shaping. The explicit-constituents keyword overrides automatic selection of compound shared-shaping constituents and enables you to explicitly specify constituents and bandwidth allocation. this command must appear in the scheduler profile for either the best-effort queue or the best-effort scheduler node. You can configure individual shaping rates on the other queues that are less than the shared rate. an error message is generated and the router applies simple shared shaping. If you specify compound for line modules that do not support it. By default. Example host1(config-scheduler-profile)#shared-shaping-rate 128000 burst 32767 simple ! ! ! ! ! ! Use the no version to delete the shared-shaping rate. the range is 0–522240 (0–510 KB). shared-shaping-rate ! ! Use to set shared-shaping rate and burst size for the logical interface. You can specify 0 to enable the router to select an applicable default value. the router selects the type of shared shaping that is applied according to the type of line module. You do not explicitly specify shared shaping on the other queues for the logical interface. Shared Shaping ! 135 . the default is no shaping rate. To configure the shared shaping feature. Burst is the catch-up number associated with the shaper. These individual shapers have the effect of reserving some of the shared bandwidth for the other queues. You can specify simple to shape data queue rates to the the value of the shared rate minus the combined voice and video traffic rate. shared shaping is set to auto. The range for the shared-shaping rate is 64000–100000000 bps (64 Kbps–1 Gbps).Chapter 2: Configuring Quality of Service Simple Shared Shaping Configuration Examples Configure the shared shaper by specifying a shared-shaping rate for either the best-effort queue or the best-effort scheduler node for the logical interface. Compound shared shaping is hardware-dependent. In this mode. The router locates the other queues associated with the logical interface and shapes that set of queues to the shared rate. the CLI generates an error message and the keyword has no effect. This keyword does not apply to simple shared shaping.

but only up to its individual shaping rate of 200 Kbps. Configure the shared shaper.x Policy and QoS Configuration Guide VC Simple Shared Shaping Example The following commands configure a simple shared shaper for a VC. config)#qos-profile atm-default (config-qos-profile)#no ip queue traffic-class best-effort (config-qos-profile)#exit 136 ! Shared Shaping . the best-effort queue for logical interface VC 3 is shaped to a shared rate of 1 Mbps. (config)#scheduler-profile 200kbps (config-scheduler-profile)#shaping-rate 200000 (config-scheduler-profile)#exit (config)#scheduler-profile 300kbps (config-scheduler-profile)#shaping-rate 300000 (config-scheduler-profile)#exit (config)#scheduler-profile shared-1mbps (config-scheduler-profile)#shared-shaping-rate 1000000 simple (config-scheduler-profile)#exit (config)#qos-profile subscriber-default-mode (config-qos-profile)#atm-vc node (config-qos-profile)#atm-vc node group AF (config-qos-profile)#atm-vc node group EF (config-qos-profile)#atm-vc queue traffic-class best-effort scheduler-profile shared-1mbps (config-qos-profile)#atm-vc queue traffic-class video scheduler-profile 300kbps (config-qos-profile)#atm-vc queue traffic-class voice scheduler-profile 200kbps (config-qos-profile)#exit 3. (config)#traffic-class voice (config-traffic-class)#fabric-strict-priority (config-traffic-class)#exit (config)#traffic-class video (config-traffic-class)#exit (config)#traffic-class-group EF auto-strict-priority (config-traffic-class-group)#traffic-class voice (config-traffic-class-group)#exit ((config)#traffic-class-group AF extended (config-traffic-class-group)#traffic-class video (config-traffic-class-group)#exit 2. The best-effort queue obtains whatever bandwidth remains of the 1 Mbps after the voice and video traffic have made their claims.1. In this example. The video queue claims up to the next 300 Kbps. 1.JUNOSe 6. Delete the rule in the default port type profile that creates IP best-effort queues by default. The voice queue has first claim on the shared 1 Mbps. Configure the traffic classes and traffic-class groups. The voice and video queues for VC 3 share the 1 Mbps with the best-effort traffic. as shown in Figure 12 on page 120.

If this QoS profile were attached in low-CDV mode. VP 1 is shaped to a shared rate of 5 Mbps. (config)#interface atm 11/0. Here the VC will be reshaped to 1 Mbps in the SAR.Chapter 2: Configuring Quality of Service 4. If this QoS profile were attached in the SAR default mode. (config)#qos-profile subscriber-low-cdv-mode (config-qos-profile)#atm-vc node scheduler-profile shared-1mbps (config-qos-profile)#atm-vc node group AF (config-qos-profile)#atm-vc node group EF (config-qos-profile)#atm-vc queue traffic-class best-effort (config-qos-profile)#atm-vc queue traffic-class video scheduler-profile 300kbps (config-qos-profile)#atm-vc queue traffic-class voice scheduler-profile 200kbps (config-qos-profile)#exit VP Simple Shared Shaping Example In the example shown in Figure 20. because the VC will not be reshaped in the SAR. the 1-Mbps shaper would be disabled by VC backpressure from the SAR.10 (config-subif)#qos-profile subscriber-default-mode (config-scheduler-profile)#exit The qos-profile subscriber-default-mode command shown in this example is appropriate if you have configured the SAR to be in default mode (by issuing the no qos-mode-port command). Shared Shaping ! 137 . VP-level queuing does not guarantee fairness to the voice and video traffic for each VC. the best-effort scheduler node for VC 3 is shaped to a shared rate of 1 Mbps. In this example. This example assumes the same traffic class and traffic-class group configurations that were used in VC Simple Shared Shaping Example on page 136. The qos-profile subscriber-low-cdv-mode command is appropriate if you configure the SAR in low-CDV mode (by issuing the qos-mode-port low-cdv command). Attach the profile to the ATM subinterface for VC 3. The following commands configure a QoS profile different from the one shown above. which in this scenario is the VP. the shaper would be effective but the CDV would not be correctly bounded. but fairness is not a major issue because admission control guarantees that the voice and video queues will not become congested. The shared shaper requires that voice and video traffic be carried in queues associated with the logical interface.

JUNOSe 6.x Policy and QoS Configuration Guide Figure 20: VP Shared Shaping Data TC best-effort Data TC best-effort Data TC best-effort VC 1 Default group VC 2 Default group VC 3 Default group Video TC video VP 1 Voice TC voice VP 1 VP 1 * Group AF Group EF * TC = traffic class Group = traffic-class group = best-effort scheduler node for VP 1 Port = logical interface The following set of commands configures the shared shaper in Figure 20.1. (config)#scheduler-profile 2mbps (config-scheduler-profile)#shaping-rate 2000000 (config-scheduler-profile)#exit (config)#scheduler-profile 400kbps (config-scheduler-profile)#shaping-rate 400000 (config-scheduler-profile)#exit (config)#scheduler-profile shared-5mbps (config-scheduler-profile)#shared-shaping-rate 5000000 simple (config-scheduler-profile)#exit (config)#qos-profile vp-subscriber1 (config-qos-profile)#atm-vp node scheduler-profile shared-5mbps (config-qos-profile)#atm-vp node group AF (config-qos-profile)#atm-vp node group EF (config-qos-profile)#atm-vc node (config-qos-profile)#atm-vc queue traffic-class best-effort scheduler-profile default (config-qos-profile)#atm-vp queue traffic-class video scheduler-profile 2mbps (config-qos-profile)#atm-vp queue traffic-class voice scheduler-profile 400kbps (config-qos-profile)#exit 138 ! Shared Shaping g014336 Port .

If the provider configures a shapeless VP tunnel in the SAR. The EF queue has first claim on the shared 5 Mbps. shared-shaping-rate ! ! Use to set shared-shaping rate and burst size for the logical interface. The EF and AF queues for the VP share the 5 Mbps with the best-effort traffic. the best-effort scheduler node for the VP is shaped to a shared rate of 5 Mbps. the rate will never exceed the shared rate anyway. The AF queue claims up to the next 2 Mbps. You can let the router implicitly select the constituents of the shared shaper. and the CDV will be bounded for the VP tunnel. QoS sets the SAR shaper for the VP to match the 5-Mbps shared-shaping rate. or you can explicitly select the constituents by issuing the explicit-constituents keyword when you set the shared-shaping rate. To configure the shared shaping feature. For example. Specify the compound keyword to actively shape voice and video traffic so that the shared rate cannot be exceeded. you can shape the best-effort node or queue to accept less than the remainder of the shared-shaping rate as in the following commands: (config)#scheduler-profile shared-1mbps (config-scheduler-profile)#shared-shaping-rate 1000000 simple (config-scheduler-profile)#shaping-rate 500000 If you configure a shaping rate higher than the shared-shaping rate. This QoS profile is appropriate for low-CDV mode. The VC-level best-effort queues obtain whatever bandwidth remains of the 5 Mbps after the AF traffic and EF traffic have made their claims. ! Shared Shaping ! 139 . so the router issues the following error message: % shaping-rate cannot be greater than the shared-shaping-rate Compound Shared Shaping Configuration Examples Compound shared shaping requires that you set a shared-shaping rate in a scheduler profile associated with a best-effort node or queue. Shared Shaping and Individual Shaping You can use both the shared-shaping-rate command and the shaping-rate command in a single scheduler profile. and shape data queue rates to the value of the shared rate minus the combined voice and video traffic rate. Use the same command to set attributes for both implicit and explicit constituents that determine how bandwidth is allocated among the constituents. The shared-shaping-constituent command enables you to identify specific explicit constituents.Chapter 2: Configuring Quality of Service In this example. but only up to its individual shaping rate of 400 Kbps. this command must appear in the scheduler profile for either the best-effort queue or the best-effort scheduler node.

shared-shaping-constituent ! Use to specify explicit constituents and to set the attributes of both implicit and explicit shared-shaping constituents that determine how bandwidth is allocated to them. By default the router identifies the shared shaper constituents associated with the logical interface. where the router selects the type of shared shaping that is configured. An error message is generated if you specify compound for line modules that do not support it. The range for the shared-shaping rate is 64000–100000000 bps (64 Kbps–1 Gbps). 140 ! Shared Shaping . and the router applies simple shared shaping. depending on the line module. The weights of all sibling weighted constituents are added together. The simple keyword is appropriate for simple shared shaping. Burst is the catch-up number associated with the shaper. the range is 1–31 and the default value is 8. You can override this automatic selection by issuing the explicit-constituents keyword. ! ! ! For strict-priority constituents. Example host1(config-scheduler-profile)#shared-shaping-rate 128000 burst 32767 compound explicit-constituents ! ! ! ! ! Use the no version to delete the shared-shaping rate.JUNOSe 6. the range is 0–522240 (0–510 KB). You can specify a constituent as strict or weighted. where you want to shape data queue rates to the the value of the shared rate minus the combined voice and video traffic rate.x Policy and QoS Configuration Guide ! By default. constituents are considered to be strict-priority with a value of 8. For weighted constituents. ! ! ! By default. Strict-priority constituents are allocated bandwidth ahead of weighted constituents. Specify the desired subset of the potential constituents and their bandwidth with the shared-shaping-constituents command. shared shaping is set to auto. the default is no shaping rate. the range is 1–8 and the default value is 8.1. Example host1(config-scheduler-profile)#shared-shaping-constituent weight 28 ! Use the no version to delete the attributes of a constituent or to delete an explicit constituent. Specifying 0 enables the router to select an applicable default value. You can optionally set a value that determines the precedence of a constituent among its peers (strict or weighted) for claiming bandwidth. Then each weighted constituent is allocated bandwidth according to the proportion of its weight to the total. A lower value correlates to a higher claim.

and best-effort data traffic associated with the VC 1 logical interface. VC Compound Shared Shaping Example The following commands configure the network shown in Figure 21. involving voice. A scheduler profile that includes a shared-shaping rate command cannot be associated with a group node. 1 Mbps of bandwidth is allocated to voice.Chapter 2: Configuring Quality of Service Configuration Restrictions Although you can configure a shared-shaping rate and a shaping rate in the same scheduler profile. A scheduler profile that includes a shared-shaping rate cannot be associated with a queue other than the best-effort queue or a node other than the best-effort node. The voice queue in the EF traffic-class group for VC 1 is a strict constituent that has first claim on up to 200 Kbps of the shared bandwidth. the shaping-rate must not exceed the shared-shaping rate. This example illustrates a typical DSL “triple play” configuration. A scheduler profile that is referenced by nodes or queues that are not best effort cannot be modified to include a shared-shaping rate command. The video queue in the AF traffic-class group is a strict constituent that can claim up to 300 Kbps of the remaining 800–1000 Kbps of shared bandwidth. The best-effort queue for logical interface VC 1 is a strict constituent that has the last claim to the remaining 500–1000 Kbps of shared bandwidth. A scheduler profile that includes a shaping rate must not contain a shared-shaping rate that specifies a constituent as weighted. Figure 21: VC Compound Shared Shaping Example Data TC best-effort Data TC best-effort Voice TC voice Voice TC voice Video TC video Video TC video A VC 1 best effort VC 2 best effort B VC 1 Group EF VC 2 Group EF C VC 1 Group AF VC 2 Group AF Group EF Group AF TC = traffic class Group = traffic-class group Port = logical interface g014382 Port A = Compound shared shaper B = Legacy shaper 200Kbps C = Legacy shaper 300Kbps Shared Shaping ! 141 . video. video. In this example. and data traffic.

The available bandwidth is strictly allocated in the following order: 1. host1(config-qos-profile)#atm group AF scheduler-profile default host1(config-qos-profile)#atm group EF scheduler-profile default 5.x Policy and QoS Configuration Guide 1.JUNOSe 6. Configure the traffic classes. Create VC nodes for each group and for traffic in the default group.1. host1(config)#qos-profile vcSharedShaping 4. traffic-class groups. Configure the scheduler profile that defines the shared shaper and the profiles that apply the legacy shaper.1 host1(config-interface)#qos-profile vcSharedShaping host1(config-interface)#exit In this example. host1(config-qos-profile)#atm-vc queue traffic-class best-effort scheduler-profile shared-1mbps host1(config-qos-profile)#atm-vc queue traffic-class video scheduler-profile 300Kbps host1(config-qos-profile)#atm-vc queue traffic-class voice scheduler-profile 200Kbps host1(config-qos-profile)#exit 7. video. the VC 1 Group EF node. Attach the QoS profile to an ATM subinterface. and voice traffic. Create queues for the best-effort. and the VC 1 Group AF node. Apply the scheduler profile that defines the shared shaping rate to the best-effort queue. VC 1 EF group node 2. Apply the legacy shaper profiles to the voice and video traffic queues. host1(config)#interface atm 11/0. host1(config-qos-profile)#atm-vc node host1(config-qos-profile)#atm-vc node group AF host1(config-qos-profile)#atm-vc node group EF 6. Configure the QoS profile. VC 1 best effort node 142 ! Shared Shaping . host1(config)#scheduler-profile shared-1Mbps host1(config-scheduler-profile)#shared-shaping-rate 1000000 burst 32768 auto host1(config)#scheduler-profile 300Kbps host1(config-scheduler-profile)#shaping-rate 300000 host1(config)#scheduler-profile 200Kbps host1(config-scheduler-profile)#shaping-rate 200000 3. and additional scheduler profiles. 2. VC 1 AF group node 3. Create group nodes. the constituents of the VC shared shaper are the VC 1 best effort node.

------atm-vc ATM11/0.------------------------. as shown in Figure 22. If the provider configures a shapeless VP tunnel in the SAR. The voice traffic gets strict priority scheduling for up to 400 Kbps of the shared rate on the VP. The QoS profile used in this example is appropriate for low-CDV mode.Chapter 2: Configuring Quality of Service To display the sample shared shaper configuration: host1#show shared-shaper atm 11/0. When both voice and video are quiescent. and the CDV is bounded for the VP tunnel.1 1000000 current shaping shaping rate resource rate ------. Shared Shaping ! 143 .6–3 Mbps of shared VP bandwidth. VP shared shaping enables a shared shaper to apply to all the aggregate rates of all VCs within the VP.6 Mbps when voice and video are both using their limit. In this example.6–5 Mbps on the VP. Finally. VP-level queuing does not guarantee fairness to the voice and video for each VC. QoS sets the SAR shaper for the VP to match the 5 Mbps shared-shaping rate. data can flow at the full 5 Mbps shared rate. The video traffic gets up to 2 Mbps of the remaining 4. the VP is shaped to a compound shared rate of 5 Mbps.------compound best-effort atm-vc queue atm-vc best-effort node EF voice atm-vc queue 200000 AF video atm-vc queue 300000 atm-vc ATM11/0.1 shared shaping interface rate ---------------. This configuration enables data traffic to flow at 2. the data traffic has the last claim to the remaining 2.2 1000000 compound best-effort atm-vc queue atm-vc best-effort node EF voice atm-vc queue 200000 AF video atm-vc queue 300000 Total shared shapers: 2 Total constituents: 8 Total failovers: 0 VP Compound Shared Shaping Example The following commands configure a compound shared shaper for a VP interface.

and additional scheduler profiles. Configure the QoS profile. Create group nodes. host1(config-qos-profile)#atm group AF scheduler-profile default host1(config-qos-profile)#atm group EF scheduler-profile default 144 ! Shared Shaping .1. Configure the scheduler-profile for EF (voice) traffic. 2.JUNOSe 6. traffic-class groups. host1(config)#scheduler-profile shared-5Mbps host1(config-scheduler-profile)#shared-shaping-rate 5000000 burst 32768 auto host1(config-scheduler-profile)#exit 3. Configure the scheduler-profile for AF (video) traffic. host1(config)#scheduler-profile 400Kbps host1(config-scheduler-profile)#shaping-rate 400000 host1(config-scheduler-profile)#exit 5. host1(config)#scheduler-profile 2Mbps host1(config-scheduler-profile)#shaping-rate 2000000 4. host1(config)#qos-profile vpSharedShaping 6.x Policy and QoS Configuration Guide Figure 22: VP Compound Shared Shaping Example VC 2 TC voice VC 1 TC voice VC 3 TC voice VC 2 TC video VC 1 TC video VC 3 TC video VC 1 TC best-effort VC 2 TC best-effort VC 3 TC best-effort VC 1 best effort VC 2 best effort VC 3 best effort VP 1 Group EF VP 1 Group AF VP 1 Default group B Group EF C Group AF A TC = traffic class Group = traffic-class group Port = logical interface g014381 Port A = Compound shared shaper B = Legacy shaper 400Kbps C = Legacy shaper 2Mbps 1. Configure the traffic classes. Configure the scheduler profile that defines the shared shaper and the profiles that apply the legacy shaper.

If you configure compound shared shaping on modules that do not support this feature. be sure to consider the following behaviors. host1(config)#interface atm 11/0. and the VP 1 Group AF node. host1(config-qos-profile)#atm-vc node 9. the VP 1 Group EF node. VP1 default group node Shared Shaping Caveats When you configure shared shaping. Attach the QoS profile to an ATM subinterface. video. The available bandwidth is strictly allocated in the following order: 1. host1(config-qos-profile)#atm-vp node scheduler-profile shared-5Mbps host1(config-qos-profile)#atm-vp node group AF scheduler-profile 2Mbps host1(config-qos-profile)#atm-vp node group EF scheduler-profile 400Kbps 8. host1(config-qos-profile)#atm-vc queue traffic-class best-effort host1(config-qos-profile)#atm-vc queue traffic-class AF host1(config-qos-profile)#atm-vc queue traffic-class EF host1(config-qos-profile)#exit 10. VP1 EF group node 2. the constituents of the VP shared shaper are the VP 1 default group node. Shared Shaping ! 145 .1 host1(config-interface)#qos-profile vpSharedShaping In this example. VP1 AF group node 3. an error message is generated. You can contact your Juniper Networks account representative for more information. and voice traffic. Hardware Dependency Compound shared shaping requires new hardware that will be available in a future release.Chapter 2: Configuring Quality of Service 7. Create VP nodes for each group and for traffic in the default group. The scheduler profile containing the shared-shaping rate is applied to the VP node that is in the default group and contains the best-effort queue. Create a VC node for the default group. Create queues for the best-effort.

x Policy and QoS Configuration Guide Logical Interface Traffic Carried in Other Queues A shared shaper affects only the queues and nodes for a single interface. If scheduler profile strictOne specified a shaping rate greater than or equal to 1. The static oversubscribed configuration on the router removes the need for the provider to signal voice or video traffic to the router. the shared shaper for VC 1 does not constrain the bandwidth of a VP queue. But if the IP 1 queue is not stacked above a VC 1 node.1. 146 ! Shared Shaping . If the IP queue is stacked above a node for VC 1. For example. is controlling traffic flows such that the offered load will not ever really oversubscribe the shared rate. This behavior should cause no problems if you configure all queues for a single logical interface type. However. then the shared shaper indirectly controls the queue bandwidth through the VC 1 node. the following scheduler profiles limit the subscriber's strict priority traffic to 1. host1(config)#scheduler-profile strictOne host1(config-scheduler-profile)#shaping-rate 1000000 host1(config-scheduler-profile)#exit host1(config)#scheduler-profile nonStrictOne host1(config-scheduler-profile)#shared-shaping-rate 1500000 Oversubscription Many providers configure voice and video queues that combine to oversubscribe the shared rate. nonstrict traffic might face starvation.5 Mbps. You can override this burst for a particular constituent by applying another scheduler profile to that constituent and specifying the burst value with the shaping-rate command. thus reserving the remaining shared bandwidth for nonstrict traffic.0 Mbps and limits the subscriber's aggregate traffic to 1. Traffic Starvation Traffic in the strict-priority traffic-class group can starve out other traffic competing within the shared shaper. a shared shaper for VC 1 does not directly constrain the rate for a queue for IP 1 unless that queue is stacked above a node for VC 1 in the scheduler hierarchy. You may wish to configure an individual shaping rate for strict-priority queues.5 Mbps. Figure 15 on page 127 illustrates an example of mixed interface shaping and its implications for implicit constituent selection for compound shared shaping. Queues associated with other interfaces are not constrained by the shared shaper. The total bandwidth for VC 1 may again exceed the shared rate. such as RADIUS. The intent is that an external admission control agent. For example. As another example. Burst Size The burst size for constituents is typically shaped by the burst value that you specify in the scheduler profile with the shared-shaping-rate command. and the total bandwidth for VC 1 may exceed the shared rate. you may have problems with shared shaping. if you configure queues for multiple interface types. it is immune to the shared shaper. if a shared queue exists for VP 1 where VC 1 is contained within VP 1.JUNOSe 6.

host1(config)#scheduler-profile bestEffortBurst host1(config-scheduler-profile)#shared-shaping-rate 1000000 burst 30000 host1(config-scheduler-profile)#exit host1(config)#scheduler-profile voiceBurst host1(config-scheduler-profile)#shaping-rate 300000 burst 16384 host1(config-scheduler-profile)#exit Configure the QoS profile that applies the scheduler profiles: host1(config)#qos-profile burstExample host1(config-qos-profile)#atm-vc node host1(config-qos-profile)#atm-vc node group EF host1(config-qos-profile)#atm-vc queue traffic-class best-effort scheduler-profile bestEffortBurst host1(config-qos-profile)#atm-vc queue traffic-class voice scheduler-profile voiceBurst Statistics Profiles Statistics profiles enable you to gather statistics for the rate at which packets are forwarded out of a queue and for the rate at which committed. When you create a statistics profile. The best-effort constituent has a burst of 30000 and the voice constituent has a burst of 16384. Forwarding rate threshold—Threshold for forwarding rate events. A forwarding-rate event is counted whenever the forwarding rate exceeds the specified threshold.Chapter 2: Configuring Quality of Service The following commands configures a VC shared shaper with two constituents. ! ! ! ! Statistics Profiles ! 147 . conformed. you specify the time period over which statistics are gathered. For example. in seconds. or exceeded packets are dropped. ! Rate period—Time period. Exceeded drop threshold—Threshold above which exceeded drop rate events are counted. The profiles are referenced by a queue rule within a QoS profile. Statistics profiles also enable you to use events to monitor the rate statistics. a 30-second rate period results in rate statistics being gathered over 30-second time segments. You can create up to 250 statistics profiles on the E-series router. To gather event statistics. you configure the thresholds for triggering rate-event reporting. Conformed drop threshold—Threshold above which conformed drop rate events are counted. Committed drop threshold—Threshold above which committed drop rate events are counted. best effort and voice. You can then use show commands to view the results of the statistics gathering. over which statistics are gathered.

Reference the statistics profile by a QoS profile. To gather rate statistics.1. (Optional) Display the rate statistics. Cell encapsulation and padding are referred to as the cell tax. ! NOTE: If you change the QoS shaping mode value in the middle of a rate period. rates for a queue on Ethernet include the Ethernet and VLAN encapsulations. cell rates include ATM Adaptation Layer 5 (AAL5) encapsulation and cell padding. host1(config)#statistics-profile statpro-5 host1(config-statistics-profile)#rate-period 45 host1(config-statistics-profile)#exit 2. perform the following steps: 1.and frame-based rates for that one rate period. You then reference the statistics profile in a QoS profile. the egress queue statistics measure cell rates.x Policy and QoS Configuration Guide Rate Statistics You can configure the E-series router to gather statistics for the rate at which queues forward and drop packets. All bytes in the Layer 2 encapsulation are included in the rate calculation. the gathered rates are a mixture of cell. you use the show egress-queue rates command to display statistics that have been gathered. an ATM cell tax is not included. you create the statistics profile and configure the rate period for the profile. host1#show egress-queue rates 148 ! Statistics Profiles . the egress queue statistics measure frame rates. The next rate period will use a rate based on the new QoS shaping mode setting. you can optionally configure queue statistics and queue rates to include the cell encapsulation and padding. Configure the statistics profile. and attach the QoS profile to an interface. For example.JUNOSe 6. host1(config)#interface gigabitEthernet 1/0 host1(config-subif)#qos-profile qospro-3 host1(config-subif)#exit 4. If you use the qos-shaping-mode cell command. Finally. For ATM modules. The QoS shaping mode that you set on ATM line modules determines whether queue rate statistics include cell tax. Queue rate statistics measure the forwarding and drop rates of each queue in bits per second. host1(config)#qos-profile qospro-3 host1(config-qos-profile)#ip queue traffic-class tc1 scheduler-profile sp1 statistics-profile statpro-5 3. To configure the router to gather rate statistics on a queue. ! If you use the qos-shaping-mode frame command. Attach the QoS profile to the appropriate interface.

Events can be useful when you are monitoring service level agreements. Configure the statistics profile. host1(config)#statistics-profile statpro-1 host1(config-statistics-profile)#rate-period 30 host1(config-statistics-profile)#forwarding-rate-threshold 10000000 host1(config-statistics-profile)#committed-drop-threshold 2000000 host1(config-statistics-profile)#conformed-drop-threshold 4000000 host1(config-statistics-profile)#exceeded-drop-threshold 6000000 host1(config-statistics-profile)#exit 2. you might count the number of times that the drop rate of a queue is nonzero. To count rate events. Attach the QoS profile to the appropriate interface. host1#show egress-queue events Statistics Profiles ! 149 . (Optional) Display the rate statistics. host1(config)#qos-profile qospro-1 host1(config-qos-profile)#ip queue traffic-class tc1 scheduler-profile sp1 statistics-profile statpro-1 3. You then reference the statistics profile in a QoS profile. host1(config)#interface gigabitEthernet 1/0 host1(config-subif)#qos-profile qospro-1 host1(config-subif)#exit 4. Reference the statistics profile by a QoS profile. perform the following steps: 1. you use the show egress-queue events command to display the event statistics that you have gathered. To configure the router to count rate events on a queue. For example. and attach the QoS profile to an interface. Finally.Chapter 2: Configuring Quality of Service Event Statistics You can configure the E-series router to count the number of times that forwarding or drop rates exceed a specific threshold. you create the statistics profile and configure the event thresholds for the profile.

You can set thresholds for committed drop.x Policy and QoS Configuration Guide Memory and Processor Use The E-series router uses shared processing and memory when it gathers egress queue rate statistics and events. This can result in longer rate periods than you have configured. perform the following steps: 1. NOTE: When an extremely large number of statistics is being gathered over a short period of time.000 queues to gather statistics every second on a line card. The show egress-queue command displays the number of queues that are disabled due to no resources. default is no threshold. Example host1(config-scheduler-profile)#committed-drop-rate 50000 ! ! ! ! ! ! Use the no version to delete the drop rate threshold. exceeded drop. (Optional) Set the threshold for logging events. The exceeded-drop-threshold command sets a threshold for exceeded (red) packets. Configuring Statistics Profiles To configure a statistics profile. 150 ! Statistics Profiles . If sufficient memory is not available. if you’ve configured 10. Create a statistics profile. and enter Statistics Profile Configuration mode. A drop event occurs each time the number of packets dropped exceeds the threshold during the specified rate period. The router displays a CLI message whenever queues are put into failover mode and when they recover from failover mode. the statistics gathering is temporarily disabled and the queues are considered to be in failover mode until memory becomes available. host1(config)#statistics-profile statpro-1 host1(config-statistics-profile)# 2.1. the router might actually lengthen the rate to 2 seconds or more. (Optional) Set the time period for calculating queue rate statistics. and forwarding rate events. For example. host1(config-statistics-profile)#committed-drop-threshold 50000 committed-drop-threshold conformed-drop-threshold exceeded-drop-threshold ! Use to set the threshold above which drop events are counted. The conformed-drop-threshold command sets a threshold for conformed (yellow) packets. the router might release the processor to perform more important tasks.JUNOSe 6. The committed-drop-threshold command sets a threshold for committed (green) packets. conformed drop. host1(config-statistics-profile)#rate-period 30 3. Drop rate threshold range is 0–1073741824 bps.

Example host1(config-scheduler-profile)#forwarding-rate-exceeded 100000 ! ! ! Use the no version to delete the threshold. statistics will not be gathered. This type of event occurs each time the forwarding rate exceeds the threshold during the specified rate period. QoS Profiles ! 151 . Forwarding rate threshold range is 0–1073741824 bps. QoS Profiles A QoS profile specifies queue profiles. drop statistics gathering. statistics-profile ! Use to configure a statistics profile and enter Statistics Profile Configuration mode. Example host1(config)#statistics-profile statpro-1 host1(config-statistics-profile)# ! ! ! Use the no version to remove the statistics profile. A QoS profile is attached to the interface at the base of the subtree hierarchy. and scheduler profiles in combination with interface types. NOTE: QoS profile commands affect only ASIC modules.Chapter 2: Configuring Quality of Service forwarding-rate-threshold ! Use to set the threshold above which forwarding rate events are counted. A QoS profile specifies the queue. Example host1(config-scheduler-profile)#rate-period 30 ! Use the no version to delete the rate period. and scheduler configuration for a subtree of the interface hierarchy. The QoS profile controls the way scheduler nodes and queues are bound to the interfaces above its attachment point in the interface hierarchy. default is no threshold. rate-period ! ! ! Use to set the length of time during which statistics are counted. For example. The router supports up to 250 statistics profiles. Rate period range is 1–43200 seconds. a QoS profile attached to an ATM port specifies queuing attributes for interfaces of all types that are stacked over the port. statistics profiles. drop profiles.

Table 21: Interface Types and Supported Commands Interface Type atm atm-vc atm-vp bridge cbf ethernet fr-vc ip ip-tunnel ipv6 l2tp-session l2tp-tunnel lsp serial server-port vlan Queue x x x x x x x x x x x x x x x x Node x x x x x x x x x x x x x x x x Group x x x x To configure a QoS profile. (Optional) Add a traffic-class group. or traffic-class group that belongs to the QoS profile. drop profile.x Policy and QoS Configuration Guide Configuring QoS Profiles To configure a QoS profile. you name the profile and also name the traffic class and/or the queue profile. host1(config-qos-profile)#atm queue traffic-class strict-priority scheduler-profile scheduler1 152 ! QoS Profiles . scheduler profile. perform the following steps: 1. host1(config-qos-profile)#atm group groupA scheduler-profile scheduler1 statistics-profile statpro-1 3. Each command begins with a keyword that designates an interface type. Create a QoS profile and enter QoS Profile Configuration mode.JUNOSe 6.1. a scheduler profile. statistics profile. Table 21 lists the interface types and the commands that you can use with them. and a statistics profile to the QoS profile. (Optional) Configure a queue for interfaces in the specified traffic class. host1(config)#qos-profile qosp-vc-queuing host1(config-qos-profile)# 2.

---------scheduler1 default default statpro-1 scheduler1 groupA Creating QoS Profiles Use the following command in Configuration mode to create QoS profiles. The group defaults to default group.Chapter 2: Configuring Quality of Service 4. host1#show qos-profile qos-profile qosp-vc-queuing: interface rule type type traffic class --------. Examples To create a group node in the default group: host1(config-qos-profile)#atm group default ! To create a group node in a named group: host1(config-qos-profile)#atm group groupA To associate a scheduler profile with a named group: host1(config-qos-profile)#atm group groupA scheduler-profile scheduler1 ! Use the no version to remove this rule from the QoS profile.----. Example host1(config)#qos-profile qosp-vc-queuing host1(config-qos-profile)# ! Use the no version to remove the QoS profile. qos-profile ! ! Use to create a QoS profile and to enter QoS Profile Configuration mode. Nodes. Adding Groups.------. nodes. and Queues to QoS Profiles Use the commands in this section in QoS Profile Configuration mode to add groups. QoS Profiles ! 153 .------. and queues to QoS profiles. The router supports only one named traffic-class group above a given port. (Optional) Display the components of the QoS profile. Each traffic class can belong to only one traffic-class group (either the default group or a named group).------.--------------atm queue strict-priority atm group scheduler queue t-class drop statistics profile profile group profile profile ---------. group ! ! ! ! Use to configure a group node for each interface of the specified type.

The queue profile supplies threshold information for the queue if the router defaults are not appropriate. Example host1(config)#interface atm 3/0 host1(config-if)#host1(config-if)#atm-vp 50 qos-profile qosp-vp-strictbw ! ! Use the no version to detach the QoS profile from a given VP. Example host1(config-qos-profile)#atm queue traffic-class strictPriority ! Use the no version to remove this rule from the QoS profile. The optional scheduler profile supplies a relative weight and potentially a shaping rate to be applied at the scheduler node. The drop profile supplies dropping behavior of a set of egress queues. IP interfaces. you cannot associate a scheduler profile with a port-type interface unless you also specify the strict-priority group. 154 ! QoS Profiles . ! ! ! ! Each queue traffic class can appear in only one traffic-class group. for example. ! Example host1(config-qos-profile)#ip node scheduler-profile scheduler1 group strict-priority ! Use the no version to remove this rule from the QoS profile. atm-vp qos-profile ! ! Use to attach a QoS profile to the specified VP on the ATM interface. queue ! ! Use to configure a queue for each interface in the specified traffic class. You can include any of the following profiles: ! The scheduler profile supplies a relative weight and potentially a shaping rate to be applied at the queue. Attaching QoS Profiles Use the commands in this section in Configuration mode to attach QoS profiles to interfaces. NOTE: For ASIC modules. and L2TP session stacked above the VP. The profile applies to all VCs in the VP.JUNOSe 6.x Policy and QoS Configuration Guide node ! ! Use to configure a scheduler node for each interface of the specified type. the profile specifies the hierarchy of scheduler nodes and queues for all VCs.1.

or might cause the scheduler to underuse the link. Integrating the HRR Scheduler and SAR Scheduler The proper integration of the two schedulers is an important element of the router’s ATM QoS support. NOTE: The term HRR scheduler is used in this chapter to describe the scheduling performed by the ASIC on the ATM line module. To configure integration of the schedulers. The integrated scheduler consists of two schedulers in series—the hierarchical round robin (HRR) scheduler and the segmentation and reassembly (SAR) scheduler. The integrated scheduler enables you to configure QoS on your ATM networks using the HRR scheduler that is used on all E-series ASIC-enabled line modules. Configuring QoS for ATM Interfaces The E-series router provides extended ATM QoS functionality through its integrated scheduler. you can use the commercial SAR scheduler to configure traditional ATM cell-based QoS. Example host1(config)#interface atm 2/0 host1(config-if)#qos-profile low-latency-q-p ! Use the no version to remove the QoS profile. Low-CDV QoS port mode—HRR scheduler and the SAR scheduler operate in concert. ! ! Improper configuration of the two schedulers might create an inefficient scenario in which extra latency is introduced. In addition. Configuring QoS for ATM Interfaces ! 155 . use the qos-mode-port commands shown in Table 22.Chapter 2: Configuring Quality of Service qos-profile ! ! Use to attach a QoS profile to an interface. Low-latency QoS port mode—HRR scheduler controls the traffic rate. with both contributing to the traffic scheduling. There are three QoS port modes that control integration of the two schedulers: ! Default integrated QoS port mode—ATM application controls the scheduling facilities of the SAR scheduler.

To manage the integration of the HRR and the SAR schedulers. When the SAR VC queues start to back up. the SAR scheduler could become congested and block the entire port. and the ERX-310. NOTE: The default QoS profile for ATM (atm-default) contains the atm-vc node command. Without backpressure from the SAR scheduler. which ensures that the HRR and SAR schedulers are configured at the same rate.1. which creates the scheduler node that is required by the SAR VC backpressure mechanism. If a SAR VC queue begins to fill up. It is important that you ensure that the HRR and the SAR schedulers shape packets at the same rate. Backpressure is a critical mechanism that allows the two schedulers in series to operate as a single integrated scheduler.JUNOSe 6. from where the cells are scheduled onto the circuit. If the SAR scheduler is operating in default integrated mode. Backpressure ATM packets are initially scheduled through the HRR scheduler and then sent to the SAR scheduler. The E-series router then ensures that VPs and VCs are shaped to the same rates in both schedulers. ERX-14xx models. Backpressure ensures that packets do not drain over internal data paths at an unmanageable rate from the HRR scheduler to the SAR scheduler.x Policy and QoS Configuration Guide Table 22: qos-mode-port Commands Command Backpressure SAR Buffering Scheduling significant normal minimal minimal SAR SAR and HRR HRR HRR no qos-mode-port (default integrated mode) VC and port qos-mode-port low-cdv qos-mode-port low-latency qos-mode-port port port port NOTE: For ERX-7xx models. The SAR scheduler can also exert port backpressure on the HRR scheduler. In this mode you configure both schedulers using scheduler profiles and QoS profiles. use the qos-mode-port low-cdv command to configure low-CDV QoS port mode. the SAR scheduler issues VC backpressure messages to the HRR scheduler. The backpressure messages control the amount of traffic the HRR scheduler sends to the SAR scheduler. If the HRR scheduler sends packets at a higher rate than the SAR scheduler shapes them. the HRR scheduler would see no congestion even if the SAR scheduler is completely saturated. Finally. 156 ! Configuring QoS for ATM Interfaces . first use the qos-shaping-mode cell command to specify the cell-based shaping mode. Next. configure the QoS application to control the SAR scheduler’s operation. the qos-mode-port commands are valid only for the major interface on port 0. Figure 23 shows the HRR and SAR schedulers working together to form the integrated scheduler. this command must be in QoS profiles that are attached to ATM ports. the SAR exerts VC backpressure to the corresponding VC node in the HRR scheduler.

Chapter 2: Configuring Quality of Service VC backpressure affects only VC nodes that are in the default traffic-class group. and one best-effort class queue for each IP interface. The HRR scheduler is configured by default with per-VC and per-IP interface scheduler nodes. The SAR scheduler implements weighted round-robin scheduling with one queue per VC. Configuring QoS for ATM Interfaces ! 157 . As a consequence. The VC queues are grouped into round robins based on the ATM service classes and the VP tunnels you have configured. Figure 23: Integrated ATM Scheduler IP1 IP2 IP3 Per-packet round-robin VC1 VC2 VC backpressure OC3 rate HRR scheduler SAR scheduler VC1 VC2 Per-VC round-robin OC3 rate Queue IP1 Scheduler node Traffic shaper g014356 Data flow Backpressure message Configuring the Integrated Scheduler The HRR scheduler and the SAR scheduler work together as an integrated scheduler for ATM traffic. VC nodes that are in named traffic-class groups within the scheduler hierarchy are not affected by VC backpressure.

When the HRR scheduler receives a backpressure message from the SAR scheduler. Using cell shaping also reduces the number of packet drops in the ATM network. When you use cell shaping mode to configure the shaping or policing rate. while at the same time making the SAR scheduler more transparent. In port queuing mode. you use the QoS application to configure the three levels of the HRR scheduler.JUNOSe 6. VC backpressure is disabled. Because the SAR scheduler is running with minimal buffering. controlled by the ATM application. including the no version. Configuring the SAR Scheduler Mode of Operation You use the qos-mode-port command to configure port queuing on the SAR scheduler. port backpressure is set as aggressive. ERX-14xx models. which are effectively disabled in default integrated mode. Port queuing mode allows you to use more of the facilities of the HRR scheduler. the scheduler node is reenabled.1. When the HRR scheduler receives a backpressure release. and the SAR scheduler does minimal buffering. but not both. the resulting traffic stream conforms exactly to the policing rates configured in downstream ATM switches. The SAR scheduler performs significant buffering. in which the ATM SAR scheduler does the scheduling. Configuring the Operational QoS Shaping Mode The E-series router enables you to shape ATM traffic based on either frames or cells. ! ! NOTE: For ERX-7xx models. All QoS configurations are supported. there is no head-of-line blocking. This mode allows you to configure shaping in both the SAR scheduler and the HRR scheduler. The qos-mode-port commands. traffic shaping. This mode enables the lowest latency for packets scheduled in the HRR scheduler with strict priority. VC backpressure is disabled. enabling per-packet rather than per-circuit scheduling. qos-mode-port low-cdv—The HRR and SAR schedulers both perform scheduling. including weighted round robin. and the HRR scheduler does minimal scheduling. and the ERX-310. the SAR scheduler controls the scheduling via the VC backpressure messages it sends to the HRR scheduler. 158 ! Configuring QoS for ATM Interfaces . are described in the following list: ! no qos-mode-port—The default integrated mode. and port backpressure is set to the default thresholds of 6 MB per OC3 port and 24 MB per OC12 port. and strict priority scheduling. The SAR scheduler performs normal buffering and can shape either the VC or VP. qos-mode-port low-latency—The HRR scheduler does the scheduling.x Policy and QoS Configuration Guide In the default integrated mode. the qos-mode-port commands are valid only for the major interface on port 0. QoS synchronizes the rates of the two schedulers. Both VC and port backpressure are enabled. The default frame shaping mode provides compatibility with previous versions of the E-series software. All QoS configurations are supported. low-cdv mode works with cell shaping mode only and enables relative weighted VCs and hierarchical shaping in the HRR scheduler. the HRR scheduler disables the node regardless of the node weight or shaping rate.

Frame shaping reports QoS statistics such as transmitted bytes and dropped bytes based on bytes within frames. which is based on the following two commands: ! The QoS shaping mode you set with the qos-shaping-mode command on port 0 and on the specific port The port queuing mode you set with the qos-mode-port command on port 0 ! The router uses the following rules to determine the operational shaping mode used for a port.Chapter 2: Configuring Quality of Service ATM policing is sensitive to cell delay variation tolerance (CDVT). if one is configured. 1. The router enables you to use techniques such as WRR on the HRR scheduler to achieve the proper packet scheduling. You accomplish this by using the qos-shaping-mode cell command to configure the QoS shaping mode. the operational shaping mode for that port is the same as the QoS shaping mode. the operational shaping mode is cell. The QoS shaping mode also determines how QoS statistics are reported. Cell shaping reports the statistics in bytes within cells and also accounts for cell encapsulation and padding overhead. Table 23 lists the possible combinations of the two commands and the resultant operational shaping mode. If the specific port has no QoS shaping mode configured. the operational shaping mode is the same as the QoS shaping mode for port 0. Table 23: Operational Shaping Modes Rule Rule 1 qos-shaping-mode for the Specific Port Cell Frame qos-shaping-mode for Port 0 Cell Frame Cell Frame No shaping mode No shaping mode qos-mode-port for Port 0 low-cdv low-latency or none low-cdv low-latency or none low-cdv low-latency or none Operational Shaping Mode for the Specific Port Cell Frame Cell Frame Cell Frame Rule 2 No shaping mode No shaping mode Rule 3 No shaping mode No shaping mode Configuring QoS for ATM Interfaces ! 159 . the operational shaping mode is based on the port 0 queuing mode. However. otherwise the operational shaping mode is frame. and the qos-mode-port low-cdv command to configure the port queuing mode. the cell scheduler reduces CDVT by ensuring cell spacing. If the port 0 queuing mode (set by the qos-mode-port command) is low-cdv. 2. 3. The router uses an operational shaping mode. If both the specific port and port 0 have no QoS shaping mode configured. an ATM switch might drop cells. If the cells on a particular VC or VP arrive too closely spaced. If the specific port has a QoS shaping mode configured. You use the SAR scheduler in series with the HRR scheduler to even out cell bursts into smoother per-VC and per-VP traffic profiles that bound CDVT.

1.1. Default Integrated Mode In the default integrated mode. Each VC buffers only a few hundred bytes. you must use port 0. and it backpressures the first-stage (HRR) scheduler per VC. From the desired port. Figure 24: Default Integrated Mode IP1 IP2 IP3 Per-packet round-robin VC1 VC2 VC backpressure OC3 rate HRR scheduler SAR scheduler VC1 VC2 Per-VC round-robin OC3 rate Queue IP1 Scheduler node Traffic shaper g014356 Data flow Backpressure message The following example creates the default integrated mode. ERX-14xx models. (For ATM interfaces on ERX-7xx models. the SAR scheduler is the dominant scheduler.JUNOSe 6. Figure 24 shows the default integrated mode.) host1(config)#interface atm 2/0 host1(config-if)#no qos-mode-port 160 ! Configuring QoS for ATM Interfaces . set the QoS port mode to default integrated mode.x Policy and QoS Configuration Guide ATM QoS Configuration Examples This section provides configuration examples for the three modes for QoS on ATM interfaces. and the ERX-310.

1. the SAR scheduler is neutralized and the HRR scheduler is dominant.5 host1(config-subif)#atm-pvc 5 0 5 aal5snap 768 Low-Latency Mode In low-latency mode. Specify the shaping rate for the ATM subinterface. Figure 25: Low-Latency Mode IP1 IP2 IP3 Per-packet round-robin VC1 VC2 No VC backpressure OC3 rate HRR scheduler Port backpressure SAR scheduler OC3 rate In the following example. host1(config-if)#interface atm 2/0. low-latency mode configuration is used with a strict-priority queue and a best-effort queue. Specify the VP shaping rate. In this mode. host1(config)#traffic-class-group strict host1(config-traffic-class-group)#traffic-class strict host1(config-traffic-class-group)#exit Configuring QoS for ATM Interfaces ! g014357 161 . Set the traffic class in the traffic-class group. Figure 25 shows the low-latency mode. Configure the traffic class.Chapter 2: Configuring Quality of Service 2. the SAR scheduler backpressures the HRR scheduler per physical port. host1(config)#traffic-class strict host1(config-traffic-class)#exit 2. each physical port buffers only a few kilobytes. host1(config-if)#atm vp-tunnel 0 2000 3.

ERX-14xx models. Configure the QoS profile with two ATM VC queues.JUNOSe 6. host1(config)#qos-profile low-latency-q-p host1(config-qos-profile)#atm-vc node host1(config-qos-profile)#atm-vc queue traffic-class best-effort host1(config-qos-profile)#atm group strict scheduler-profile strict host1(config-qos-profile)#atm-vc queue traffic-class strict host1(config-qos-profile)#exit 5. (For ATM interfaces on ERX-7xx models.) host1(config)#interface atm 2/0 host1(config-if)#qos-mode-port low-latency host1(config-if)#qos-profile low-latency-q-p 162 ! Configuring QoS for ATM Interfaces . Define the scheduler profile for the traffic-class group.1. and the ERX-310. set the QoS port mode to low latency. you must use port 0.x Policy and QoS Configuration Guide 3. host1(config)#scheduler-profile strict host1(config-scheduler-profile)#strict-priority host1(config-scheduler-profile)#exit 4. From the desired port.

The SAR scheduler shapes VPs. Figure 26 shows low-CDV mode with per-VP CDVT.Chapter 2: Configuring Quality of Service Low-CDV Mode In low-CDV mode. and the port backpressure is loose. There is no VC backpressure. or both according to the QoS scheduler shaping rate. the QoS shaping mode must be set to the cell mode. so several megabytes of cells can reside in the SAR buffer pool. the HRR scheduler and the SAR scheduler operate in concert. In low-CDV mode. the SAR scheduler converts frame-atomic bursts of cells to CDVT-conformant streams of interleaved cells. and Figure 27 shows low-CDV mode with per-VC CDVT. Therefore. Figure 26: Low-CDV Mode (per-VP CDVT) VC1 VC2 VC3 VC4 VP1 VP2 no VC backpressure OC3 rate HRR scheduler SAR scheduler VP1 VP2 Shapeless VP tunnels g014359 VP tunnel round-robins OC3 rate Configuring QoS for ATM Interfaces ! 163 . VCs.

JUNOSe 6. Configure the traffic class. host1(config)#traffic-class strict host1(config-traffic-class)#exit 2. low-CDV mode is used with a strict-priority queue and a best-effort queue. host1(config)#traffic-class-group strict host1(config-traffic-class-group)#traffic-class strict host1(config-traffic-class-group)#exit 3. Define the scheduler profiles for the traffic-class group. host1(config)#scheduler-profile strict host1(config-scheduler-profile)#strict-priority host1(config-scheduler-profile)#exit host1(config)#scheduler-profile 500k host1(config-scheduler-profile)#shaping-rate 500000 host1(config-scheduler-profile)#exit 164 ! Configuring QoS for ATM Interfaces .x Policy and QoS Configuration Guide Figure 27: Low-CDV Mode (per-VC CDVT) VC1 VC2 VC3 VC4 VC5 Per-packet round-robin VP1 VP2 no VC backpressure OC3 rate HRR scheduler SAR scheduler VC1 VC2 VC3 VC4 VC5 VC cell shaping g014358 OC3 rate In the following example.1. Set the traffic class in the traffic-class group. 1.

you must use port 0. configure shapeless VP tunnels and set the QoS port mode to low CDV. QoS automatically configures the shaping rate of the tunnel based on the QoS profile and the scheduler profile. Example host1(config)#interface atm 1/0 host1(config-if)#atm vp-tunnel 0 0 ! ! Use the no version to remove the VP tunnel specification. Configure the QoS profile with two ATM VC queues. host1(config)#qos-profile low-cdv-q-p host1(config-qos-profile)#atm-vc node scheduler-profile 1m host1(config-qos-profile)#atm-vp node scheduler-profile 2m host1(config-qos-profile)#atm-vc queue traffic-class best-effort host1(config-qos-profile)#atm group strict scheduler-profile strict host1(config-qos-profile)#atm-vc queue traffic-class strict scheduler-profile 500k host1(config-qos-profile)#exit 5.5 host1(config-subif)#atm pvc 5 0 5 aal5snap host1(config-subif)#interface atm 2/0.) host1(config)#interface atm 2/0 host1(config-if)#atm vp-tunnel 0 0 host1(config-if)#atm vp-tunnel 1 0 host1(config-if)#qos-mode-port low-cdv host1(config-if)#qos-profile low-cdv-q-p host1(config-subif)#interface atm 2/0.Chapter 2: Configuring Quality of Service host1(config)#scheduler-profile 1m host1(config-scheduler-profile)#shaping-rate 1000000 host1(config-scheduler-profile)#exit host1(config)#scheduler-profile 2m host1(config-scheduler-profile)#shaping-rate 2000000 host1(config-scheduler-profile)#exit 4. From the desired port. In low-CDV QoS port mode.7 host1(config-subif)#atm pvc 7 1 7 aal5snap host1(config-subif)#interface atm 2/0. (For ATM interfaces on ERX-7xx models.6 host1(config-subif)#atm pvc 6 0 6 aal5snap host1(config-subif)#interface atm 2/0. ERX-14xx models. Configuring QoS for ATM Interfaces ! 165 . and the ERX-310.8 host1(config-subif)#atm pvc 8 1 8 aal5snap atm vp-tunnel ! Use to configure a shapeless virtual path tunnel that is used when the QoS application controls SAR scheduler shaping. Configure shapeless virtual path tunnels by specifying a VP tunnel shaping rate of 0.

166 ! Configuring QoS for ATM Interfaces . For ATM interfaces on ERX-7xx models. can be used with tunnels with rates of zero (shapeless tunnels) ! When the low-cdv keyword is used: ! ! ! ! ! ! The following restrictions apply to this command: ! ! ! ! ! Example host1(config)#interface atm 1/0 host1(config-if)#qos-mode-port low-latency ! Use the no version to remove per-port queuing on the ATM port and restore the default integrated mode setting. and the ERX-310. ERX-14xx models. ERX-14xx models. PCR. SAR scheduler performs more buffering than in low-latency mode. Port backpressure is enabled as aggressive. QoS synchronizes the shaping rates for VPs and VCs in the HRR and SAR schedulers. HRR scheduler does minimal scheduling. When per-port queuing is disabled: ! ! ! ! Both VC and port backpressure are enabled.x Policy and QoS Configuration Guide qos-mode-port ! Use to configure an ATM port for per-port queuing.1. When the low-latency keyword or no keyword is used: ! ! ! ! ! VC backpressure is disabled. you can configure per-port queuing only on port 0 (zero). nrtVBR. VC backpressure is disabled. however. The atm-vc node command must appear in the QoS profile attached to the ATM port. SAR scheduler performs significant buffering. Port backpressure is set to default thresholds of 6 MB per OC3 port and 24 MB per OC12 port. and enable certain scheduling features for the HRR scheduler that are effectively disabled in default integrated mode. Cell QoS shaping mode should be used. For ATM interfaces on ERX-7xx models. this command must be issued on ATM port 0 Excludes non-UBR ATM QoS services on any VC on the ATM module.JUNOSe 6. and CBR Cannot be used if shaping is currently configured on the SAR scheduler Cannot be used with ATM VP tunnels with nonzero rates. SAR scheduler performs minimal buffering. and the ERX-310. for example.

and the ERX-310.---------queue best-effort default default default default Configuring QoS for L2TP Interfaces ! 167 . L2TP QoS profiles are attached at the IP interface. Example host1(config)#interface atm 1/0 host1(config-if)#qos-shaping-mode cell ! ! Use the no version to restore the default setting. L2TP QoS support gives you the ability to shape tunneled users through L2TP interfaces. The routers can be configured as either an LAC or LNS. Shaping is based on the number of bytes in cells. enabling a QoS profile to be attached to a dynamic L2TP session interface when the newly created interface has the QoS-Profile-Name [26-26] RADIUS VSA associated with it. Configuring QoS for L2TP Interfaces The JUNOSe software supports QoS queues and scheduler nodes for L2TP session interfaces. this is the default mode. Shaping is based on the number of bytes in the frame.Chapter 2: Configuring Quality of Service qos-shaping-mode ! ! Use to configure the ATM QoS shaping mode. NOTE: We recommend that you clear the statistics counters whenever you change the QoS shaping mode. ERX-14xx models. The dynamic attachment process uses RADIUS and AAA. and accounts for the ATM cell encapsulation and padding overhead. frame. Specify one of the following shaping modes: ! frame—SAR shaping is controlled by the ATM application.----------. The queues and scheduler node are built at the L2TP client interface on the line module. cell—SAR shaping is controlled by the QoS application. except on the LNS with nonmultilink interfaces. L2TP QoS provides per–L2TP session queuing and allows QoS profiles to be dynamically attached to L2TP session interfaces on E-series routers.-----------l2tp-session rule traffic scheduler queue drop statistics type class profile profile profile profile ----. L2TP session interfaces have default QoS profiles and scheduler nodes. On the LNS with nonmultilink interfaces. L2TP QoS profiles are attached at the L2TP session interface. The default configuration includes the following settings: host1(config)#show qos-profile l2tp-session-default t-class interface group type -------. Otherwise. the statistics contain a mixture of frame-based and cell-based values. ! ! For ATM interfaces on ERX-7xx models.--------.------. this command must be issued on ATM port 0. without regard to cell encapsulation or padding overhead.------.

and 400k) have already been created. a. (Optional) Verify the new QoS profile configuration. The configuration steps are identical for QoS on an LAC or an LNS. Create a traffic-class group. Remove the best-effort traffic class rule from the IP interface type of the server-default QoS profile. it is not required for QoS on an LAC. Scheduler Hierarchies on page 169 shows the scheduler hierarchies that the configuration example would create for different environments.1. this enables you to create L2TP session queues. however. host1(config-qos-profile)#lt2p-session queue traffic-class best-effort scheduler-profile 400k host1(config-qos-profile)#lt2p-session queue traffic-class voice scheduler-profile 100k host1(config-qos-profile)#exit host1(config)# 4. The following example assumes that the traffic class (voice) and the two scheduler profiles (100k. Create the QoS profile. Add two queues for L2TP session interfaces to the QoS profile. 1. host1(config)#show qos-profile l2tpQpro25 qos-profile l2tpQpro25: t-class interface rule traffic scheduler group type type class profile -------. Configure the QoS profile. (Optional) This step is required if you are configuring QoS on an LNS.JUNOSe 6.x Policy and QoS Configuration Guide Configuration Procedure This section describes a sample procedure that configures L2TP QoS.--------l2tp-session queue best-effort 400k tcGroup1 l2tp-session queue voice 100k queue profile ------default default drop profile ------default default statistics profile ---------default default 168 ! Configuring QoS for L2TP Interfaces . the resulting scheduler hierarchy depends on the type of environment.----------. and enter Traffic Class Group Configuration mode. Add the traffic class voice to the new group. host1(config)#traffic-class-group tcGroup1 host1(config-traffic-class-group)#traffic-class voice host1(config-traffic-class-group)#exit 3. and enter QoS Profile Configuration mode. host1(config)#qos-profile l2tpQpro25 host1(config-qos-profile)# b.------------. host1(config)#qos-profile server-default host1(config-qos-profile)#no ip queue traffic-class best-effort host1(config-qos-profile)#exit 2.

Figure 28 through Figure 32 show scheduler hierarchies for different networking architectures.Chapter 2: Configuring Quality of Service Scheduler Hierarchies This section shows the different scheduler hierarchies that might be built by the procedure shown in Configuration Procedure on page 168. The type of networking architecture in which the QoS profile is used determines the actual hierarchy that is built. Figure 28: LNS (Non-MLPPP) Scheduler Hierarchy Best-effort queue Voice queue 400 L2TP session 100 tcGroup1 Service port Figure 29: LNS (MLPPP) QoS Scheduler Hierarchy Best-effort queue Best-effort queue Voice queue Voice queue 400 L2TP session 400 L2TP session 100 100 tcGroup1 g014371 Server port Figure 30: LAC over Ethernet (Without VLANs) Scheduler Hierarchy Best-effort queue Voice queue L2TP session tcGroup1 Ethernet g014375 g014368 Configuring QoS for L2TP Interfaces ! 169 .

or you can associate a QoS profile with all the ports of a certain interface type. host1(config-if)#qos-profile qosp-vc-queuing 170 ! QoS Profile Attachments g014377 g014373 .0/1 2. host1(config)#interface atm 1.x Policy and QoS Configuration Guide Figure 31: LAC over Ethernet (With LANs) Scheduler Hierarchy Best-effort queue Voice queue L2TP session VLAN tcGroup1 Ethernet Figure 32: LAC over AT Best-effort queue Voice queue L2TP session ATM-VC tcGroup1 ATM QoS Profile Attachments You can attach a QoS profile to an interface at the base of an interface hierarchy.JUNOSe 6.1. Attaching a Profile to an Interface To attach a profile to an interface: 1. Attach a QoS profile to the interface. Enter Interface Configuration mode for the interface.

ethernet. and L2TP sessions stacked above the VP.0/1 host1(config-if)#atm-vp 50 qos-profile qosp-vp-strictbw ! ! Use the no version to remove the QoS profile from a given VP. you can explicitly attach a QoS profile to a port. Instead of using the default port-type profile. or server-port. Example host1(config)#interface atm 1. or server ports. The QoS profile overrides the default QoS port-type profile. the router attaches a QoS port-type profile to all ATM. qos-profile ! ! Use to attach a QoS profile to an interface. Example host1(config)#interface atm 1. See Table 21 on page 152. statistics profiles. QoS Profile Attachments ! 171 . The port-type profile supplies QoS information for all forwarding interfaces stacked above all ports of the associated interface type.Chapter 2: Configuring Quality of Service atm-vp qos-profile ! ! Use to attach a QoS profile to a VP. The interface type can be: atm. drop profiles. Interface types below the attachment point cannot be referenced in the QoS profile. interface ! Use to create an interface and enter Interface Configuration mode. qos-port-type-profile ! ! ! Use to associate a QoS profile with all the ports of an interface type. Attaching a Profile to a Port Type By default. The QoS profile associates queue profiles.0/1 host1(config-if)# ! ! Use the no version to remove the interface. and scheduler profiles with interface types. Ethernet. Example host1(config)#interface atm 3/1 host1(config-if)#qos-profile qosp-vc-queuing ! ! Use the no version to remove the QoS profile from an interface. and it applies to all interfaces stacked above ports of the associated type. serial. The profile applies to all VCs in the VP. the profile specifies the scheduler hierarchy of scheduler nodes and queues for all VCs. serial. A profile attached to a port must specify a queue for each forwarding interface type in the best-effort traffic class. IP interfaces. for example.

When multiple QoS profiles are attached beneath a forwarding interface. if the port is an ATM interface. Munged QoS Profile QoS profile attachments affect the queuing configuration of all the forwarding interfaces stacked above the attachment point. or modifying the scheduler hierarchy as required by the munged QoS profile rules. Conflicting rules from the lower-attached QoS profile are not added: rules in higher-attached QoS profiles override or eclipse rules in lower-attached QoS profiles. Add rules from the lower-attached QoS profile to the munged QoS profile. Add the rules in the QoS port-type profile to the munged QoS profile.JUNOSe 6. 3. to find all QoS profiles attached under that interface. 2. the router reprocesses the queues for all forwarding interfaces in the scope of the attachment. Once the munged QoS profile is complete. adding. enter qos-port-type-profile server-port qos-profile server-default. If there is a QoS profile attached at the port. 4. deleting. the default QoS port-type profile for type ATM is named atm-default. Start with the rules in the QoS profile being attached. When a QoS profile is attached to an interface. then locate the QoS profile indicated in the qos-port-type-profile command that corresponds to the interface type of the port. Repeat Steps 2 and 3 until a port interface is reached at the bottom of the interface stack. Rules from all the QoS profiles are combined in a process called mungeing. from the point of attachment down to the port interface at the base of the interface hierarchy. b. and the munge algorithm is then complete. The subtree of the interface hierarchy stacked above the attachment point is the scope of the attachment. the forwarding interface lies in the scope of all the QoS profiles. The munge algorithm works as follows: 1. The router reconfigures queues for all forwarding interfaces in the scope of the attachment to conform to the munged profile. 172 ! QoS Profile Attachments . The rules are combined to form the munged QoS profile. If there is no QoS profile attached at the port.x Policy and QoS Configuration Guide ! Example host1(config)#qos-port-type-profile atm qos-profile strict-priority ! There is no no version. add the profile’s rules to the munged QoS profile. The set of rules used for a given forwarding interface is called the munged QoS profile.1. For example. the router searches the interface stack. To restore the default. a. Traverse down the stack of interfaces until another QoS profile attachment is found. The entries in the QoS profile specified in the corresponding qos-port-type-profile command have the lowest precedence.

Figure 33: Munged Profile Example Queue: priority-data shaped to 64 Kbps Queue: Queue: priority-data voice-over-IP shaped to 1 Mbps ATM 11/0. traffic-class group} pair.1 ATM 11/0.2 effectively overrides the queue rule for the same interface type and traffic class in the port-attached QoS profile on ATM11. Example Figure 33 shows the relationship between a port-attached QoS profile and a QoS profile that is attached to the specific interface. Queue rules are identified by their {interface type. traffic class} pair.0 contains the following queue rule: host1(config)#qos-profile atmPort host1(config-qos-profile)#ip queue traffic-class priority-data scheduler-profile 64kbps host1(config-qos-profile)#exit All forwarding interfaces stacked above the port are within the scope of the attachment. shaped to 64 Kbps. ATM 11/0. the router must decide which rules from a QoS profile conflict with rules already contained within the munged QoS profile. The QoS profile attached at subinterface ATM 11/0.0. traffic-class priority-data} in the QoS profile that is attached to ATM 11/0.2 The port-attached QoS profile on ATM 11. g013245 ATM 11/0 QoS Profile Attachments ! 173 .Chapter 2: Configuring Quality of Service In Step 3.2. Node rules are identified by their {interface type. so all IP interfaces stacked above the port will be provisioned with a queue in the priority-data traffic class. two queue rules with the same interface type and traffic class are deemed conflicting. two node rules with the same interface type and traffic-class group are deemed conflicting.2 contains the following two rules: host1(config)#qos-profile atmVc host1(config-qos-profile)#ip queue traffic-class priority-data scheduler-profile 1mbps host1(config-qos-profile)#ip queue traffic-class voice-over-ip host1(config-qos-profile)#exit The queue rule for {interface type IP.

11/0. Create and configure QoS profile qp1. which is for the voice-over-ip traffic-class. If you modify an existing QoS profile.JUNOSe 6. the provider has configured a 64 Kbps priority-data queue for each IP interface stacked above the port. the router first searches to determine if a munged QoS profile already exists. is not conflicting.2 VC ATM 11/0. Figure 34: Example 1—Attaching QoS Profiles to ATM Subinterfaces qos-profile qp1 ATM 11/0. does not have a QoS profile explicitly attached. But the IP interface above the ATM 11/0.1 VC qos-profile qp2 ATM 11/0.3—No QoS profile is attached The major ATM interface. the router automatically updates all munged QoS profiles that are dependent on the modified profile. Example 1 In this example.1.2—QoS profile qp2 is attached ATM 11/0.3 VC qos-port-type-profile atm-default To configure this example: 1. host1(config)#qos-profile qp-1 host1(config-qos-profile)#atm-vp host1(config-qos-profile)#atm-vc queue-profile qp1 host1(config-qos-profile)#atm-vc queue-profile qp2 host1(config-qos-profile)#atm-vc queue-profile qp3 node scheduler-profile sp1 queue traffic-class tc1 scheduler-profile sp1 queue traffic-class tc2 scheduler-profile sp2 queue traffic-class tc3 scheduler-profile sp3 174 ! QoS Profile Configuration Examples g013720 ATM 11/0 Port . Therefore. NOTE: When a QoS profile is attached to an interface.1—QoS profile qp1 is attached ATM 11/0.x Policy and QoS Configuration Guide The second queue rule. and also has a second queue provisioned for VoIP. by default the atm-default QoS port-type profile is attached. QoS Profile Configuration Examples This section provides examples of port-attached and port-type QoS profiles.2 attachment provides 1 Mbps for priority-data. three ATM subinterfaces are configured on an ATM port: ! ! ! ATM 11/0. In this configuration.

the router shows the first attachment below the specified interface. host1(config)#qos-profile qp2 host1(config-qos-profile)#atm-vp host1(config-qos-profile)#atm-vc queue-profile qp1 host1(config-qos-profile)#atm-vc queue-profile qp2 host1(config-qos-profile)#atm-vc queue-profile qp3 host1(config-qos-profile)#exit node scheduler-profile sp1 queue traffic-class tc1 scheduler-profile sp1 queue traffic-class tc2 scheduler-profile sp2 queue traffic-class tc3 scheduler-profile sp3 3. Create and configure QoS profile qp2.------default qp1 qp2 qp3 default default default default default default default default default default default QoS Profile Configuration Examples ! 175 .2 atm-vp node qp2@ATM11/0. Attach the QoS profiles to the ATM subinterfaces. host1#show qos interface-hierarchy atm 11/0 attachment@ atm-vc ATM11/0.2 atm-vc queue tc3 atm-default @atm ip node atm-default @atm atm-vc node atm-default @atm cbf node atm-default @atm Bridge node atm-default @atm ipv6 node atm-default @atm ip queue best-effort atm-default @atm atm queue best-effort atm-default @atm atm-vc queue best-effort atm-default @atm cbf queue best-effort atm-default @atm Bridge queue best-effort atm-default @atm ipv6 queue best-effort scheduler profile --------sp1 sp1 sp2 sp3 default default default default default default default default default default default queue t-class profile group ------.2 atm-vc queue tc2 qp2@ATM11/0.2: qos interface rule traffic profile type type class --------------.2 atm-vc queue tc1 qp2@ATM11/0. If no QoS profiles are attached above the specified interface.Chapter 2: Configuring Quality of Service host1(config-qos-profile)#atm-vc queue traffic-class tc4 scheduler-profile sp4 queue-profile qp4 host1(config-qos-profile)#atm-vc queue traffic-class tc5 scheduler-profile sp5 queue-profile qp5 host1(config-qos-profile)#exit 2. host1(config)#interface atm 11/0.---.1 host1(config-subif)#qos-profile qp1 host1(config-subif)#exit host1(config)#interface atm 11/0.2 host1(config-subif)#qos-profile qp2 host1(config-subif)#exit 4. Display the QoS interface hierarchy for ATM interface 11/0. This display shows all QoS attachments above interface 11/0.------qp2@ATM11/0. as shown in Figure 34.

1 atm-vc queue tc2 qp1@ATM11/0.3 by specifying the subinterface.1. the QoS port-type profile. host1#show qos interface-hierarchy atm 11/0. atm-default. is attached (by default) to the ATM major interface.3. Because no QoS profile is attached to this ATM subinterface.1 atm-vc queue tc5 atm-default @atm ip node atm-default @atm atm-vc node atm-default @atm cbf node atm-default @atm Bridge node atm-default @atm ipv6 node atm-default @atm ip queue best-effort atm-default @atm atm queue best-effort atm-default @atm atm-vc queue best-effort atm-default @atm cbf queue best-effort atm-default @atm Bridge queue best-effort atm-default @atm ipv6 queue best-effort scheduler profile --------sp1 sp1 sp2 sp3 sp4 sp5 default default default default default default default default default default default queue t-class profile group ------.3 attachment@ atm ATM11/0: qos interface rule traffic profile type type class --------------.---.------qp1@ATM11/0.------default qp1 qp2 qp3 qp4 qp5 default default default default default default default default default default default Notice that ATM subinterface 11/0.3 was not shown because there is no QoS profile attached to it.1: qos interface rule traffic profile type type class --------------.1 in this example.1 atm-vp node qp1@ATM11/0. In this case.1 atm-vc queue tc4 qp1@ATM11/0. the QoS port-type profile is applied. as shown below.------atm-default@atm ip node atm-default@atm atm-vc node atm-default@atm cbf node atm-default@atm Bridge node atm-default@atm ipv6 node atm-default@atm ip queue best-effort atm-default@atm atm queue best-effort atm-default@atm atm-vc queue best-effort atm-default@atm cbf queue best-effort atm-default@atm Bridge queue best-effort atm-default@atm ipv6 queue best-effort scheduler profile --------default default default default default default default default default default default queue t-class profile group ------. ATM 11/0. as shown below. You can explicitly show the ATM subinterface that has no explicit QoS profile attachment.x Policy and QoS Configuration Guide attachment@ atm-vc ATM11/0. The “@atm” in the qos profile column indicates that the row comes from a default QoS port-type profile that is below the interfaces shown: subinterfaces ATM 11/0.1 atm-vc queue tc3 qp1@ATM11/0.1 atm-vc queue tc1 qp1@ATM11/0.---.2 and ATM 11/0. You can display the QoS interface hierarchy for subinterface 11/0. below ATM subinterface 11/0. “attachment@” indicates the ATM major interface (11/0) below the subinterface.------default default default default default default default default default default default 176 ! QoS Profile Configuration Examples . In this case.JUNOSe 6.

Display the QoS interface hierarchy for ATM 11/0. host1(config)#interface atm 11/0.Chapter 2: Configuring Quality of Service Example 2 In Figure 35.---------@ATM11/0 atm queue best-effort qp1@ATM11/0 atm-vp node qp1@ATM11/0 atm-vc queue tc1 qp1@ATM11/0 atm-vc queue tc2 qp1@ATM11/0 atm-vc queue tc3 qp1@ATM11/0 atm-vc queue tc4 qp1@ATM11/0 atm-vc queue tc5 scheduler profile --------default sp1 sp1 sp2 sp3 sp4 sp5 queue t-class profile group ------. Attach QoS profile qp1 to ATM interface 11/0.3 VC qos-profile qp1 To configure this example: 1.------default default qp1 qp2 qp3 qp4 qp5 g013721 ATM 11/0 Port QoS Profile Configuration Examples ! 177 .2.2—QoS profile qp2 is attached ATM 11/0.1—No QoS profile is explicitly attached ATM 11/0. on subinterfaces 1 and 3. The major ATM interface has three ATM subinterfaces configured: ! ! ! ATM 11/0. It does not override profile qp2.3—No QoS profile is explicitly attached The qp1 profile overrides the QoS port-type profile. which was explicitly attached to subinterface 2. host1(config)#interface atm 11/0 host1(config-if)#qos-profile qp1 host1(config-if)#exit 3. atm-default.2 host1(config-subif)#qos-profile qp2 host1(config-subif)#exit host1(config)#exit 4. Create and configure QoS profiles qp1 and qp2 as shown in Example 1 on page 174. Attach QoS profile qp2 to ATM subinterface 11/0. the major ATM interface.2 VC ATM 11/0.1 VC ATM 11/0. has QoS profile qp1 explicitly attached. Figure 35: Example 2—Attaching QoS Profile to ATM Interface and Subinterface qos-profile qp2 ATM 11/0. 2. 11/0. host1#show qos interface-hierarchy atm 11/0 qos interface rule traffic profile type type class --------------.

The video service is scheduled by the HRR scheduler and gets the hierarchical assured rate.2 subinterface has three queues (traffic classes tc1. Call admission control ensures that there are no more than 20 simultaneous voice service subscribers. Unused bandwidth is divided among the best-effort users.x Policy and QoS Configuration Guide attachment@ atm-vc ATM11/0. Call admission control ensures that there are no more than 50 simultaneous video service subscribers.---------qp2@ATM11/0. and voice. You can meet these varying traffic requirements by creating a traffic class group for each of the three services.2.2 atm-vc queue tc1 qp2@ATM11/0.2 atm-vc queue tc3 @ATM11/0 atm queue best-effort qp1@ATM11/0 atm-vc queue tc4 qp1@ATM11/0 atm-vc queue tc5 scheduler profile --------sp1 sp1 sp2 sp3 default sp4 sp5 queue t-class profile group ------.2 atm-vc queue tc2 qp2@ATM11/0. and shape the traffic to 20 Mbps. which corresponds expedited forwarding PHB. ATM 11/0.------default qp1 qp2 qp3 default qp4 qp5 Note that: ! ATM best-effort queues are created on ATM interface @ATM11/0 and ATM 11/0. which corresponds to assured forwarding PHB. The data users log in and can dynamically subscribe to video and voice services.1. Queues for traffic classes tc4 and tc5 come from QoS profile qp1. ! 178 ! Diffserv Configuration with Multiple Traffic-Class Groups . which is attached to ATM subinterface ATM 11/0. strict priority treatment through the fabric and on egress. a service provider offers three types of service: data. tc2. which is attached at the ATM major interface. The voice service is a low-latency service. and is shaped to 1 Mbps to support up to 50 video subscribers without oversubscription. The QoS profile attached closest to the leaf node is used. Each video service user is assured 1 Mbps. Traffic class tc3 is defined in both QoS profile qp1 and qp2. and tc3) that come from QoS profile qp2.2 atm-vp node qp2@ATM11/0.2. You shape the video traffic to 50 Mbps. Traffic class tc3 comes from QoS profile qp2. Unused bandwidth is divided among the video and best-effort users. you could specify the following: ! The voice service gets low-latency. The video service is a “better than best effort” service. For example.JUNOSe 6. Creating groups enables you to apply QoS to the group nodes. The data service is a best-effort service. Each voice user is shaped to 1 Mbps to support up to 20 voice subscribers without oversubscription. You configure an assured rate of 20 Mbps. Each service has different QoS requirements. however.2: qos interface rule traffic profile type type class --------------. video-on-demand. ! ! Diffserv Configuration with Multiple Traffic-Class Groups In this example configuration.

Note that manually creating a best-effort traffic class is superfluous because the router creates this class by default. Shape voice and video to 1 Mbps. Best effort traffic is also scheduled by the HRR scheduler. (config)#traffic-class video (config-traffic-class)#exit (config)#traffic-class voice (config-traffic-class)#fabric-strict-priority (config-traffic-class)#exit (config)#traffic-class best-effort (config-traffic-class)#exit 2. so it is scheduled by the HRR scheduler. (config)#scheduler-profile assuredGroup (config-scheduler-profile)#shaping-rate 50000000 (config-scheduler-profile)#assured-rate hierarchical (config-scheduler-profile)#exit 4. 1. Shape the assured traffic to 50 Mbps. the best-effort traffic can borrow unused bandwidth.Chapter 2: Configuring Quality of Service ! The best-effort data service is scheduled by the HRR scheduler and gets the bandwidth left over from the voice and video services. and best-effort service classes. expedited forwarding. and best-effort groups. Assured traffic is not strict. Configure this implementation as follows. Because you do not specify a shaping rate. video. (config)#scheduler-profile voice (config-scheduler-profile)#shaping-rate 1000000 (config-scheduler-profile)#exit (config)#scheduler-profile video (config-scheduler-profile)#shaping-rate 1000000 (config-scheduler-profile)#exit (config)#scheduler-profile best-effort (config-scheduler-profile)#exit Diffserv Configuration with Multiple Traffic-Class Groups ! 179 . Create scheduler profiles for the voice. (config)#scheduler-profile bestEffortGroup (config-scheduler-profile)#exit 5. You do not apply any shaping for this traffic because it simply gets the leftover bandwidth. Assign the voice traffic class a strict-priority treatment within the fabric. Create the video and voice traffic classes. (config)#scheduler-profile expeditedGroup (config-scheduler-profile)#strict-priority (config-scheduler-profile)#shaping-rate 20000000 (config-scheduler-profile)#assured-rate 20000000 (config-scheduler-profile)#exit 3. Specify strict priority scheduling for the expedited forwarding traffic and shape it to 20 Mbps. and specify the hierarchical assured rate to give assured traffic preferential treatment over best-effort traffic. Create scheduler profiles for the assured forwarding.

(config)#interface fastEthernet 9/0 (config-if)#qos-profile qpDiffServExample (config-if)#exit Figure 36 shows this configuration with 3 users: IP 1. expedited-forwarding. (config)#traffic-class-group assured-forwarding auto-strict-priority (config-traffic-class-group)#traffic-class video (config-traffic-class-group)#exit (config)#traffic-class-group expedited-forwarding extended (config-traffic-class-group)#traffic-class voice (config-traffic-class-group)#exit (config)#traffic-class-group best-effort extended (config-traffic-class-group)#traffic-class best-effort (config-traffic-class)#exit 7. 180 ! Diffserv Configuration with Multiple Traffic-Class Groups .x Policy and QoS Configuration Guide 6. and voice services. ! ! ! IP 1 subscribes to data. IP 2. Attach the QoS profile to an Ethernet port.1. IP 3 subscribes to data and voice services. Put the voice traffic class into the expedited-forwarding traffic-class group. Create a QoS profile that contains the group rules for the assured-forwarding. Put the video traffic class into the assured-forwarding traffic-class group and specify the group as strict priority.JUNOSe 6. video. and best-effort traffic-class groups. and IP 3. Put the best-effort traffic class into the best-effort traffic-class group. (config)#qos-profile qpDiffServExample (config-qos-profile)#ethernet group assured-fwd scheduler-profile assuredGroup (config-qos-profile)#ethernet group expedited-fwd scheduler-profile expeditedGroup (config-qos-profile)#ethernet group best-effort scheduler-profile bestEffortGroup (config-qos-profile)#ip node group assured-fwd scheduler-profile default (config-qos-profile)#ip node group expedited-fwd scheduler-profile default (config-qos-profile)#ip node group best-effort scheduler-profile default (config-qos-profile)#ip queue traffic-class voice scheduler-profile voice (config-qos-profile)#ip queue traffic-class video scheduler-profile video (config-qos-profile)#ip queue traffic class best-effort scheduler-profile best-effort (config-qos-profile)#exit 8. IP 2 subscribes to data and video services.

nodes and queue may be attached to group nodes. video EF group = expedited forwarding group. then the groups would exist with no attachments. g014402 BE group = best effort group.Chapter 2: Configuring Quality of Service Figure 36: Diffserv Configuration with Multiple Traffic-Class Groups 9 Data 9 Data 9 Data 8 Data 8 Data 7 Data 7 Data 4 IP 1 4 IP 2 4 IP 3 5 IP 1 5 IP 2 6 IP 1 6 IP 3 1 BE Group 2 AF Group 3 EF Group The following set of commands configure the QoS profile as in Step 7. The numbers associated with each rule below correspond to the numbers in Figure 36. Each line in the profile is known as a profile rule. voice Port Diffserv Configuration with Multiple Traffic-Class Groups ! 181 . (config)#qos-profile qpDiffServExample (1) (config-qos-profile)#ethernet group best-effort scheduler-profile bestEffortGroup (2) (config-qos-profile)#ethernet group assured-fwd scheduler-profile assuredGroup (3) (config-qos-profile)#ethernet group expedited-fwd scheduler-profile expeditedGroup (4) (config-qos-profile)#ip node group best-effort scheduler-profile default (5) (config-qos-profile)#ip node group assured-fwd scheduler-profile default (6) (config-qos-profile)#ip node group expedited-fwd scheduler-profile default (7) (config-qos-profile)#ip queue traffic-class voice scheduler-profile voice (8) (config-qos-profile)#ip queue traffic-class video scheduler-profile video (9) (config-qos-profile)#ip queue traffic class best-effort scheduler-profile best-effort Note that when you specify a group rule within an attached QoS profile. If the qpDiffServExample QoS profile used in the example above did not contain group rules. data AF group = assured forwarding group.

x Policy and QoS Configuration Guide For example. Figure 37: Diffserv Configuration Without Traffic-Class Groups Best-effort group (data) Assured forwarding group (video) Expedited forwarding group (voice) Data Data Data Video Video Voice Voice IP 1 IP 2 IP 3 IP 1 IP 2 IP 1 IP 3 Port Because the BE. the following set of commands configures the same QoS profile. If any node or queue above the strict-priority node has packets. the HRR algorithm selects which strict-priority queue is scheduled next. IP 2. the configuration creates the groups but does not place any of the traffic classes into the groups.1. Queues stacked on top of the strict-priority scheduler node always get bandwidth before other queues. their scheduler attributes (weight. Strict-priority scheduling is implemented with a special strict-priority scheduler node that is stacked directly above the port. You can configure only one node at the first scheduler level as strict priority. it is scheduled next. and voice. video. data. AF. Strict-Priority Scheduling You can configure one or more strict-priority queues per interface. and EF groups have no queues. and IP 3 contain the ungrouped traffic classes.JUNOSe 6. (config)#qos-profile qpDiffServExample (config-qos-profile)#ip node scheduler-profile default config-qos-profile)#ip queue traffic-class voice scheduler-profile voice config-qos-profile)#ip queue traffic-class video scheduler-profile video config-qos-profile)#ip queue traffic class best-effort scheduler-profile best-effort In this case. shaping rate) do not affect the HRR scheduler's distribution of bandwidth. assured rate. If multiple queues above the strict-priority node have packets. but with the group removed. 182 ! Strict-Priority Scheduling g014403 . Figure 37 shows that IP 1. as shown in Figure 37.

The scheduler nodes and queues in the auto-strict-priority group receive strict-priority scheduling. the HRR algorithm selects which strict-priority queue is scheduled next. host1(config)#traffic-class Low-loss-1 host1(config-traffic-class)#exit host1(config)#traffic-class Low-latency-1 host1(config-traffic-class)#exit host1(config)#traffic-class Low-latency-2 host1(config-traffic-class)#exit 3. The following set of commands creates the configuration in Figure 38: 1. host1(config)#scheduler-profile strictPriorityBandwidth host1(config-scheduler-profile)#shaping-rate 20000000 host1(config-scheduler-profile)#exit 2.2 Scheduler level 2 (Bandwidth management) (Default group) Strict-priority group Scheduler level 1 ATM 2/0 port There is one strict priority traffic-class group called the auto-strict-priority group.Chapter 2: Configuring Quality of Service Example host1(config-qos-profile)#atm group strict scheduler-profile strictpriority Figure 38 is an example of a QoS scheduler’s hierarchy. and add the traffic classes that must receive strict-priority scheduling to the group. Configure the traffic classes. Figure 38: QoS Scheduler Hierarchy Besteffort traffic class Lowloss I traffic class Lowloss I traffic class Lowlatency I traffic class Lowlatency II traffic class Lowlatency I traffic class Lowlatency II Queues/traffic classes traffic (Buffer management) class Scheduler level 3 Besteffort traffic class ATM 2/0. If multiple queues above the strict-priority node have packets.2 ATM 2/0.1 ATM 2/0. host1(config)#traffic-class-group Strict-priority auto-strict-priority host1(config-traffic-class-group)#traffic-class Low-latency-1 host1(config-traffic-class-group)#traffic-class Low-latency-2 host1(config-traffic-class-group)#exit g014334 Strict-Priority Scheduling ! 183 . Configure the auto-strict-priority traffic-class group.1 ATM 2/0. Configure a scheduler profile for strict-priority traffic.

the latency of a strict-priority queue within each VC is calculated as if the VC were draining onto a wire with bandwidth equal to the shaped rate. The best application of relative strict priority is on Ethernet. thereby providing for strict-priority scheduling of the queues within the VC or VLAN. where you can shape the aggregate for each VLAN to a specified rate. Relative strict priority provides low latency only if you undersubscribe the port by shaping all VCs on the port so that the sum of the shaping rates is less than the port rate. For example. Configure a QoS profile. With true strict priority. host1(config)#qos-profile Example-qos-profile host1(config-qos-profile)#atm group default host1(config-qos-profile)#atm group Strict-priority scheduler-profile strictPriorityBandwidth host1(config-qos-profile)#atm-vc node group default host1(config-qos-profile)#atm-vc node group Strict-priority host1(config-qos-profile)#atm-vc queue traffic-class best-effort host1(config-qos-profile)#atm-vc queue traffic-class Low-loss-1 host1(config-qos-profile)#atm-vc queue traffic-class Low-latency-1 host1(config-qos-profile)#atm-vc queue traffic-class Low-latency-2 host1(config-qos-profile)#exit 5. In these undersubscribed conditions. Relative strict priority is carried out in the HRR scheduler on E-series ASIC line modules.1. and the latency caused by the round-robin behavior of both the HRR and cell schedulers is nominal. Relative strict priority differs from true strict priority in that it can implement the aggregate shaping rate for both strict and nonstrict traffic. which causes strict-priority queues to appear in the same scheduler hierarchy as the nonstrict queues.JUNOSe 6. you configure strict-priority queues above the VC or VLAN scheduler node. and provision a strict and nonstrict queue for each VLAN above the shaped VLAN node. To use relative strict priority. with up to 500 Kbps of the bandwidth for low-latency traffic. the low-latency traffic can use up to the full aggregate rate of 1 Mbps. If there is no strict-priority traffic. it allows you to provide 1 Mbps of aggregate bandwidth to a subscriber. You configure relative strict priority without using QoS traffic-class groups. but you cannot shape the aggregate to a single rate. host1(config)#interface atm 2/0 host1(config-if)#qos-profile Example-qos-profile host1(config-if)#exit host1(config)# Relative Strict-Priority Scheduling Relative strict-priority scheduling provides strict-priority scheduling within a shaped aggregate rate. The port will not become congested. you can shape the nonstrict or the strict traffic separately.x Policy and QoS Configuration Guide 4. 184 ! Relative Strict-Priority Scheduling . Attach the QoS profile to an interface.

Strict} VC1 VC2 VC1 VC2 Strict VC backpressure OC3 rate HRR scheduler SAR scheduler Per-VC round-robin OC3 rate This configuration provides low latency for the strict-priority queues. True Strict Priority In the strict-priority configuration in Figure 39. that latency is less than 100 microseconds. The worst-case latency for a strict packet caused by a nonstrict packet is the propagation delay of a single large packet at the port rate. BE} {VC2. the scheduler cannot enforce an aggregate rate for both of them. Strict} {VC2. Figure 39: True Strict-Priority Configuration {VC1. Because the strict and nonstrict packets for a VC are scheduled in separate round robins. For a 1500 byte frame at OC3 rate. irrespective of the state of the nonstrict queues. the queues stacked above the single strict priority scheduler node make up a round-robin separate from the nonstrict queues. and any residual bandwidth is allocated to the nonstrict round-robin. BE} {VC1. All strict queues are drained to completion first.Chapter 2: Configuring Quality of Service True Strict Priority Versus Relative Strict Priority This section shows how the HRR and SAR schedulers handle true strict-priority and relative strict-priority configurations. g014361 Relative Strict-Priority Scheduling ! 185 .

BE} {VC1. however. If the port is not oversubscribed. It does not scale as well as true strict priority. on ATM line modules you have an alternative. the VC round robin does not cause significant latency. Strict} {VC2.JUNOSe 6. the scheduler provides relative strict-priority scheduling relative to the VC. This configuration provides for shaping the aggregate of nonstrict and relative strict packets to a single rate.x Policy and QoS Configuration Guide Relative Strict Priority In the relative strict-priority configuration in Figure 40. This shaping prevents the VC queue in the SAR scheduler from being congested with strict-priority traffic. Figure 40: Relative Strict-Priority Configuration {VC1. On ATM line modules you can configure true strict-priority queues in the HRR scheduler and shape the aggregate for the VC in the SAR scheduler. The worst-case latency caused by a nonstrict packet is the propagation delay of a single large packet at the VC rate. and it is consistent with the traditional ATM model. VC backpressure affects only the nonstrict traffic for the VC. Strict} VC1 VC2 OC3 rate HRR scheduler SAR scheduler OC3 rate This configuration provides a latency bound for the relative strict-priority queues. BE} {VC2. that delay is about 6 milliseconds.1. 186 ! Relative Strict-Priority Scheduling g014360 Per-VC round-robin . because the nonstrict and relative strict traffic together must not oversubscribe the port rate. you should shape the relative strict traffic for each VC in the HRR scheduler to a rate that is less than the aggregate VC rate. Relative Strict Priority on ATM Modules You can use relative strict priority on any type of E-series line module. For this type of configuration. For a 1500 byte frame at a 2 Mbps rate.

UBR+PCR. By throttling the rate at which the HRR scheduler delivers packets to the SAR.Chapter 2: Configuring Quality of Service The major difference between relative and true strict priority on ATM line modules is that relative strict priority shapes the aggregate for the VC to a pre–cell tax rate. and latency caused by the SAR scheduler is minimized. shaping the VC to 1 Mbps in the HRR scheduler allows 1 Mbps of frame data. and setting the sum of the shaping rates less than the port rate. Shaping the VC to 1 Mbps in the SAR scheduler allows just 1 Mbps of cell bytes regardless of packet size. Oversubscribing ATM Ports You cannot oversubscribe ATM ports and still achieve low latency with relative strict-priority scheduling. For more information about operational modes on ATM interfaces. NOTE: Controlling latency is not normally required. Note that under conditions of low VC bandwidth and large packet sizes. To set the SAR mode. The following sections describe additional configuration steps that will ensure that no more than a single nonstrict packet can precede a strict-priority packet on the VC. the HRR scheduler controls scheduling. you can configure very large weights in the round robin in the HRR scheduler to obtain approximate strict-priority scheduling. nrtVBR. latency and jitter increase because of the inherent propagation delay of large packets over a small shaping rate. you bound SAR buffering and latency. depending on packet size. If you undersubscribe the port rate in the HRR scheduler. use the qos-mode-port command. The most common is to use a per-VC scheduler by configuring the HRR scheduler with either ATM VP or VC node shaping (using the atm-vp node or atm-vc node commands). For example. Minimizing Latency on the SAR Scheduler There are two methods you can use to control latency on the SAR scheduler. you can obtain latency bounds without modifying the SAR mode of operation. but cell tax adds anywhere from 100 Kbps to 1 Mbps additional bandwidth. and CBR services. see Configuring QoS for ATM Interfaces on page 155. or an OC-12 ATM port to 600 Mbps. and cell scheduling does not interfere with relative strict priority. buffering in the SAR scheduler is limited. you set the ATM QoS port mode to low-latency mode. you set qos shaping-mode cell and shape an OC-3 ATM port to 149 Mbps. including shaped VP tunnels. This approach retains the flexibility to configure different ATM QoS in the SAR. In low-latency mode. whereas true strict priority shapes the aggregate for the VC to a post–cell tax rate. You can also use the default no qos-mode-port mode of SAR operation to minimize the latency induced by the SAR. however. In this method. Relative Strict-Priority Scheduling ! 187 . the cell residency in the SAR scheduler is minimal. In the first method. There are several ways to ensure that ports are not oversubscribed. In these scenarios. HRR Scheduler Behavior The HRR scheduler does not offer native strict-priority scheduling above the first scheduler level in the hardware.

You should configure only one zero-weighted queue or node above a parent node. simply configure a maximum weight. Larger burst sizes allow more bursting to allow the queue to attain its shaped rate under bursty congestion scenarios. you should configure only a few nonstrict nodes or queues to prevent additional latency and jitter of the relative strict-priority traffic when the nodes or queues are in the round robin and a packet arrives in the zero-weighted queue. the queue remains in the active WRR until it is drained. The result is that occasionally more than one nonstrict frame may precede a relative strict frame. You can still configure a shaping rate for the zero-weighted queue or node. The result is that at most one nonstrict frame can precede a relative strict-priority frame. which gives the queue infinite weight. You can eliminate this source of latency by shaping the nonstrict queue to the aggregate rate with a burst size of 1. the scheduler will drain only one of the zero-weighted nodes or queues. whereas competing queues must leave the active WRR because their weight credits are exhausted. When the queue is back on the active list. Special Shaping Rate for Nonstrict Queues To remove additional jitter. When a packet arrives at a zero-weighted queue. Also. Setting the Burst Size in a Shaping Rate The burst value in a shaping rate determines the number of rate credits that can accrue when the queue or scheduler node is held in the inactive round robin. you can configure the nonstrict queue with a special shaping rate that causes the hardware to temporarily eject the queue from the active round robin whenever it sends a frame. This behavior leads to nondeterministic sharing of bandwidth between the two zero-weighted queues.x Policy and QoS Configuration Guide Zero-Weight Queues To reduce latency and jitter. up to the burst value. you can configure the relative strict-priority queue with a weight of 0 (zero). 188 ! Relative Strict-Priority Scheduling . The special shaping rate is the same rate as the aggregate rate. Otherwise. Therefore. as described in the next section. The number of nonstrict frames that precede a relative strict frame equals the number of nonzero weighted queues among the sibling scheduler nodes. and the two relative strict queues or nodes will share bandwidth fairly.JUNOSe 6. You can shape the nonstrict queue. the zero-weighted queue is eventually alone in the active round robin and is effectively drained at strict priority. as opposed to performing a round robin that includes both of the zero-weighted nodes. Normally.1. To configure more than one relative strict queue or node. the accrued credits allow the queue or node to catch up to the configured rate. This is useful for limiting starvation of the nonstrict traffic in the aggregate. the burst size is several packet lengths to allow a queue deprived of bandwidth because of congestion to catch up to its rate. It is important to note that nonstrict queues must still exhaust their weight credits before they leave the active round robin. but with a configured burst size of 1. causing more jitter than may be acceptable. to keep latency bounded.

the VC node is shaped in the HRR scheduler to 1 Mbps to limit the aggregate traffic for the subscriber. Figure 41: Tuning Latency on Strict-Priority Queues {VC1. and prevents the relative strict-priority traffic from starving out the nonstrict traffic. Nonstrict} be {VC1. on the nonstrict queue. which allows the nonstrict traffic to consume up to the full aggregate rate of the VC. This burst size limits the number of nonstrict packets that can precede a relative strict-priority packet to the minimum. The rate is 1 Mbps. one packet. Nonstrict} 1 Mbps {VC1. But the burst size is 1. Relative strict} strict 500 Kbps VC1 {VC1. The example has two queues and a node that are shaped to a shared shaping rate of 1 Mbps. which causes the nonstrict queue to always yield to the relative strict-priority queue after sending a packet. The third shaper. Relative strict} 500 Kbps VC1 {VC1. is subtle. Aggregate} 1 Mbps Configuring Relative Strict-Priority Scheduling This section shows how to configure the example in Figure 42. One queue is relative strict priority and is shaped to 500 Kbps. Aggregate} g013719 vcAggregate 1 Mbps g013718 OC3 rate Relative Strict-Priority Scheduling ! 189 . Figure 42: Relative Strict-Priority Configuration Example {VC1. The other queue and the aggregate node divide the residual bandwidth equally. The relative strict traffic is shaped to 500 Kbps.Chapter 2: Configuring Quality of Service In Figure 41. This shaping limits relative strict traffic to 500 Kbps.

Example host1(config-qos-profile)#atm-vc node scheduler-profile scheduler1 group strict-priority ! ! Use the no version to remove this rule from the QoS profile. 190 ! Relative Strict-Priority Scheduling . host1(config)#scheduler-profile vcAggregate host1(config-scheduler-profile)#shaping-rate 1000000 host1(config-scheduler-profile)#exit 4. you can specify a rate less than the aggregate rate. host1(config)#scheduler-profile be host1(config-scheduler-profile)#shaping-rate 1000000 burst 1 host1(config-scheduler-profile)#weight 8 host1(config-scheduler-profile)#exit 3. The key is that the burst size must be one. host1(config)#qos-profile relative-strict-aggregate host1(config-qos-profile)#atm-vc node scheduler-profile vcAggregate host1(config-qos-profile)#atm-vc queue traffic-class best-effort scheduler-profile be host1(config-qos-profile)#atm-vc queue traffic-class voice scheduler-profile relativeStrict host1(config-qos-profile)#exit host1(config)# Note that if you need to impose a shaping rate on the nonstrict queues to meet a functional requirement. Create a scheduler profile for the VC aggregate node.1. configure ATM VC node shaping for each queue. Create a scheduler profile for the strict-priority queue. Create a scheduler profile for the nonstrict best-effort queue. The optional scheduler profile supplies a relative weight and potentially a shaping rate to be applied at the scheduler node.JUNOSe 6. host1(config)#scheduler-profile relativeStrict host1(config-scheduler-profile)#shaping-rate 500000 host1(config-scheduler-profile)#weight 0 host1(config-scheduler-profile)#exit 2. and add each of the queues to the QoS profile. Create a QoS profile. atm-vc node ! ! Use to configure a scheduler node for interfaces of the specified type. The burst size determines the maximum-sized packet that can squeeze in front of a relative strict-priority packet in the round robin.x Policy and QoS Configuration Guide To configure relative strict priority as shown in Figure 42: 1. or small.

! Rate Shaping 191 . the range is 0–522240. Shaping rates are multiples of 1 Kbps. The router supports 64. Example host1(config-scheduler-profile)#shaping-rate 128000 burst 32767 ! ! ! Use the no version to delete the shaping rate. Rate shaping is TCP friendly.Chapter 2: Configuring Quality of Service qos-profile ! ! Use to create a QoS profile and enter QoS Profile Configuration mode. Rate Shaping Rate shaping throttles the rate at which queues transmit packets. Specifying 0 enables the router to select an applicable default value. NOTE: You configure rate shaping in the scheduler profile. See Configuring Scheduler Profiles on page 116. The weight value is in the range 0–4080. Example host1(config-scheduler-profile)#weight 12 ! Use the no version to set the weight setting to the default weight. that is. Shaping rate range is 64000–1000000000 bps (64 Kbps to 1 Gbps). default is no shaping rate. Example host1(config)#scheduler-profile sp-1mbs host1(config-scheduler-profile)# ! ! ! Use the no version to remove the scheduler profile. it buffers packets that are above the rate. shaping-rate ! ! Use to set the shaping rate of the scheduler node or queue in bits per second. scheduler-profile ! Use to create a scheduler profile and enter Scheduler Profile Configuration mode. 8. Example host1(config)#qos-profile qosp-vc-queuing host1(config-qos-profile)# ! Use the no version to remove the QoS profile.000 rate shapers per line module. rather than dropping them.000 scheduler profiles. Burst is the catch-up number associated with the shaper. The router rounds the rate to the next higher 8 Kbps. weight ! ! ! Use to set the HRR weight of the scheduler node or queue. The router supports up to 1.

1.x Policy and QoS Configuration Guide Port Shaping Port shaping allows you to shape the aggregate traffic through a port or channel to a rate that is less than the line or port rate.JUNOSe 6. For example. to shape Fast Ethernet port 2/0 to a rate no higher than 80 Mbps: host1(config)#scheduler-profile 80mbps host1(config-scheduler-profile)#shaping-rate 80000000 host1(config-scheduler-profile)#exit host1(config)#qos-profile 80mbps host1(config-qos-profile)#ethernet node scheduler-profile 80mbps host1(config-qos-profile)#exit host1(config)#interface fastethernet 2/0 host1(config-if)#qos-profile 80mbps To shape the corresponding HDLC channel down to 20 Mbps: host1(config)#scheduler-profile 20mbps host1(config-scheduler-profile)#shaping-rate 20000000 host1(config-scheduler-profile)#exit host1(config)#qos-profile 20mbps host1(config-qos-profile)#serial node scheduler-profile 20mbps host1(config-qos-profile)#exit host1(config)#interface serial 2/0:1/1 host1(config-if)#qos-profile 20mbps 192 ! Port Shaping g014362 . Figure 43: Port Shaping on an Ethernet Module VLAN VLAN Ethernet HRR scheduler Port shaper The per-port shaping feature provides the ability to shape the output of a port. as shown in Figure 43. serial. ethernet. or server-port keyword to specify the port type. You configure port shaping in a QoS profile using the node command with the atm. It works by allowing you to configure scheduler nodes at the port level.

use the following commands. Example host1#clear fabric-queue traffic-class class15 egress-slot 3 ! ! ! There is no no version. none ! ! Example—This example shows a partial output that includes the qos-mode-port and qos-shaping-mode information host1#show interfaces atm 2/0 ATM Interface 2/0 is up. clear fabric-queue ! Use to clear statistics from the fabric queue for the specified traffic class and egress slot. For a detailed description of all fields displayed by this command see JUNOSe Link Layer Configuration Guide. The default is that statistics for all traffic classes and all slots are cleared. cell. Example host1#clear egress-queue atm 3/0 explicit traffic-class class15 ! ! ! There is no no version. use the following commands. show atm interface show interfaces atm ! Use to display ATM port queuing mode and QoS shaping mode status for a specific ATM interface. Use the explicit keyword to clear queues only on the specified interface and not queues stacked above the interface. frame. low-latency. line protocol is disabled AAL5 operational status: up time since last status change: 01:08:32 ATM operational status: up time since last status change: 01:08:32 Clearing Statistics ! 193 . clear egress-queue ! Use to clear statistics from the egress queue for the specified interface and traffic class.Chapter 2: Configuring Quality of Service Clearing Statistics To clear QoS-related statistics. low-cdv qos-shaping-mode—QoS shaping mode: disabled. Related field descriptions ! ! qos-mode-port—Per-port queuing mode status: disabled. Monitoring QoS To monitor the elements and profiles that QoS supports.

max. <none> drop7 10 10%. <none>. <none>. <none>. 750000. <none>. <none>. <none>. 90%. <none>. bytes 0 Dropped conformed packets 0. bound to ATM2/0 Queue length 0 bytes Forwarded packets 0.-------. <none>. 80% drop4 10 0. bytes 0 show drop-profile ! ! Use to display information about a drop profile. <none> 0. <none>. <none>. <none>. Field descriptions ! ! drop profile—Name of the drop profile Average length exponent—Exponent used to weight the average queue length over time. 750000. <none> 0. bytes 0 Dropped exceeded packets 0. <none>. 750000. 750000.1. <none> 0. <none> 0. <none> 0. drop length max. max drop prob ----------------0. <none>. . controlling WRED responsiveness committed threshold—Minimum and maximum committed queue thresholds and maximum drop probability conformed threshold—Minimum and maximum conformed queue thresholds and maximum drop probability exceeded threshold—Minimum and maximum exceeded queue thresholds and maximum drop probability ! ! ! ! Example host1#show drop-profile committed threshold: Average min. <none> drop1 10 0. bytes 0 Dropped committed packets 0. profile exponent max drop prob ------. 80% drop2 10 0. <none> 0. . <none> exceeded threshold: min. 750000. <none>. <none>. <none> 0. InPackets: InBytes: InCells: OutPackets: OutBytes: OutCells: InErrors: OutErrors: InPacketDiscards: InByteDiscards: InCellErrors: 0 0 0 7803262 7803262000 163868502 0 0 0 0 0 Administrative qos-shaping-mode: frame Operational qos-shaping-mode: frame Administrative qos-mode-port: none Operational qos-mode-port: none Operational qos-mode-port: nonequeue 0: traffic class control. <none> 0.----------------default 0 0.JUNOSe 6. <none> 0. <none> 194 ! Monitoring QoS . max.x Policy and QoS Configuration Guide . <none> 0. <none>. 80% drop5 0 0. 5% conformed threshold: min. <none> 0. 80% drop3 10 0. <none> 0. <none>. <none>. <none> 0. max drop prob ----------------0. 80% drop6 10 0. <none> 0.

0. <none>. 0. see Statistics Profiles on page 147. 80% 80% 80% 80% 80% 80% 80% 80% 0. 0. <none>. Use the event-exceeding keyword together with the committed. <none>. conformed. 0. 0. 750000. 0. exceeded. 750000. <none>. 0. 0. <none>. <none> <none> <none> <none> <none> <none> <none> <none> show egress-queue events ! Use to display information about egress queue forwarding and drop event counts. <none>. 750000. <none>. <none>. For information about configuring egress queue events. <none>. Field descriptions ! ! ! ! ! ! ! ! ! ! ! ! interface—Name of the interface traffic class—Name of the traffic class forwarded events—Number of forwarded rate events committed drop events—Number of committed drop events conformed drop events—Number of conformed drop events exceeded drop events—Number of exceeded drop events rate period count—Time frame during which events are counted ! Example host1#show egress-queue events gigabitEthernet 1/0 committed drop events --------0 132 0 0 conformed drop events --------0 0 132 0 exceeded drop events --------0 0 0 132 rate period count --------132 132 132 132 interface ---------------------ip GigabitEthernet1/0 traffic class ------tc1 tc2 tc3 tc4 forwarded events --------132 132 6 0 Monitoring QoS ! 195 . 0. 750000. <none>. or forwarded keywords to filter output based on the number of events that exceed the specified value. Use the summary keyword to display the sum of events for the queues bound to interfaces that are stacked above the specified interface. <none> <none> <none> <none> <none> <none> <none> <none> 0. 0. 0. 750000. <none>. 0. Use the traffic-class keyword to display events for queues belonging to a specific traffic class. 0. <none>. 0. 0. 0. 750000. 0. 750000. 0. 0. <none>. Use the explicit keyword to display events for queues only on the specified interface and not stacked above the interface. <none>. 0. <none>.Chapter 2: Configuring Quality of Service drop8 drop9 drop10 drop11 drop12 drop13 drop14 drop15 10 10 10 10 10 10 10 10 0. 0. <none>. 750000.

even when statistics gathering has not been enabled.x Policy and QoS Configuration Guide show egress-queue rates ! Use to display information about egress queue forwarding and drop rates. previous is the default. Use the full keyword to display statistics for all queues or the brief keyword to limit the display only to those queues that have rate statistics enabled. Use the explicit keyword to display statistics for queues bound to the specified interface. along with the minimum and maximum rates for the queues. exceeded. or maximum keywords to filter output based on queues whose rates exceed the specified value. committed. the referenced statistics profile does not have a rate period set) Queues disabled (no resources)—Number of queues not displayed because no resources were available Total queues—Total number of queues within the hierarchical scope of the command ! ! ! 196 ! Monitoring QoS . Use the rate-exceeding keyword together with the aggregate. brief is the default. Use the summary keyword to display the sum of all rates of queues bound to interfaces that are stacked above the specified interface. Use the traffic-class keyword to display rates for queues belonging to a specific traffic class.JUNOSe 6. This command is useful even if no statistics profiles are configured. conformed. forwarded. Field descriptions ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! interface—Name of interface traffic class—Name of the traffic class forwarded rate—Forwarded rate statistics aggregate drop rate—Total number of all drop rates committed drop rate—Drop rate for green packets conformed drop rate—Drop rate for yellow packets exceeded drop rate—Drop rate for red packets Queues reported—Number of queues reported Queues filtered—Number of queues not reported because they are under the threshold Queues disabled (no rate period)—Number of queues not displayed because statistics gathering is disabled (that is.1. Use the full keyword to display all of the configured queues. Use the previous and current keywords to display statistics for the previous or current rate period. ! Use the color keyword to display statistics by color rather than as an aggregate of all colors. For information about configuring egress queue forwarding see Statistics Profiles on page 147. minimum.

1 best-effort * * tc1 0 0 tc2 0 0 tc3 0 0 ip ATM11/0.-----------.----------------------.------------.--------.2 best-effort * * tc1 0 0 tc2 0 0 Queues reported: Queues filtered (under threshold): * Queues disabled (no rate period): **Queues disabled (no resources): Total queues: 5 0 2 0 7 Monitoring QoS ! 197 .2 traffic forwarded aggregate minimum maximum interface class rate drop rate rate rate ---------------------.--------.--------ip ATM11/0.Chapter 2: Configuring Quality of Service ! Example 1 host1#show egress-queue rates brief fastEthernet 9/0.------.2 best-effort 0 0 25000 1000000 videoTrafficClass 0 0 375000 1000000 multicastTrafficClass 0 0 925000 1000000 internetTrafficClass 0 0 50000 1000000 Total: Queues reported: Queues filtered (under threshold): Queues disabled (no rate period): Queues disabled (no resources): Total queues: ! 4 0 0 0 4 0 0 Example 2 conformed drop rate -----------0 0 4707200 0 exceeded drop rate -----------0 0 0 6705600 host1#show egress-queue rates color gigabitEthernet 1/0 traffic forwarded committed interface class rate drop rate ---------------------.--------.------ip FastEthernet9/0.------.-----------ip GigabitEthernet1/0 tc1 14645184 0 tc2 11950400 2706400 tc3 9960792 0 tc4 7967200 0 Queues reported: Queues filtered (under threshold): Queues disabled (no rate period): Queues disabled (no resources): Total queues: ! 4 0 1 0 5 Example 3 minimum rate -------24979 14987510 9991673 4995836 19980 11988011 7992007 maximum rate -------30000000 30000000 30000000 30000000 20000000 20000000 20000000 host1#show egress-queue rates full atm 11/0 traffic forwarded aggregate interface class rate drop rate --------------.

If you do not specify one of the keywords (traffic-class. if the profile is configured statically. if configured by RADIUS.x Policy and QoS Configuration Guide show fabric-queue ! ! Use to display forwarded and dropped statistics for the fabric. and the attachment is displayed by the show atm subinterface command rather than show ip interface. Field descriptions ! ! traffic class—Name of the traffic class for which statistics are being displayed egress slot—Egress slot for which statistics are being displayed type—Type of packet forwarded packets—Number of forwarded packet forwarded bytes—Number of forwarded bytes dropped packets—Number of dropped packets dropped bytes—Number of dropped bytes ! ! ! ! ! ! ! Example host1#show fabric-queue traffic egress class slot type -----------------------best-effort all committed best-effort all conformed best-effort all exceeded forwarded packets --------0 0 0 forwarded bytes --------0 0 0 dropped packets ------0 0 0 dropped bytes ------0 0 0 show ip interface ! ! Use to display QoS parameters on a particular interface. For example.1. the QoS profile is attached to the ATM subinterface. or detail). A dynamic IP interface can have a QoS profile attached by RADIUS. ! Related field descriptions ! queue 0—Number of the queue for which statistics are being displayed and whether the queue is under traffic class control traffic class—Name of traffic class bound to—Interface to which queue is bound Queue length—Size of queue in length and bytes Forwarded—Number of forwarded packets and bytes Dropped committed—Number of committed packets and bytes dropped Dropped conformed—Number of conformed packets and bytes dropped Dropped exceeded—Number of exceeded packets and bytes dropped Dropped by WRED committed—Number of committed packets and bytes dropped by WRED ! ! ! ! ! ! ! ! 198 ! Monitoring QoS . egress-slot.JUNOSe 6. the show ip interface command might show the following: Attached QoS profile: Strict-qos However. this command displays general data about the fabric queue.

255. bytes 0 Dropped by WRED exceeded packets 0. ip is up Network Protocols: IP Internet address is 90. bytes 0 Average queue length 150576 bytes Monitoring QoS ! 199 . Bytes 0 Dropped committed packets 0. Bytes 256 Multicast Packets 0. Bytes 256 Multicast Routed Packets 0.1 line protocol Atm1483 is up. Bytes 0 Dropped conformed packets 0. Bytes 0 Out Policed Packets 0. Bytes 0 Dropped conformed packets 0. Bytes 0 Dropped by WRED committed packets 0.255.1 Queue length 0 Bytes Forwarded packets 0.1 ATM2/0. Bytes 256 Unicast Packets 2. Bytes 0 Dropped exceeded packets 0. bytes 0 Average queue length 150576 bytes queue 1: traffic class tc1. bound to ip ATM2/0.1 Queue length 0 Bytes Forwarded packets 0. Bytes 0 In Error Packets 0 In Invalid Source Address Packets 0 In Discarded Packets 0 Out Forwarded Packets 2.120. Bytes 0 Out Discarded Packets 0 queue 0: traffic class best-effort. bound to ip ATM2/0.1/255. Bytes 0 In Policed Packets 0.255 Operational MTU = 9180 Administrative MTU = 0 Operational speed = 155520000 Administrative speed = 0 Discontinuity Time = 722186 Router advertisement = disabled Proxy Arp = disabled Administrative debounce-time = disabled Operational debounce-time = disabled Access routing = disabled Multipath mode = hashed In Received Packets 2.1. Bytes 0 Out Scheduler Dropped Packets 0.0. Bytes 0 Dropped committed packets 0. Bytes 0 Dropped exceeded packets 0. bytes 0 Dropped by WRED conformed packets 0.255. bytes 0 Dropped by WRED exceeded packets 0. Bytes 0 Dropped by WRED committed packets 0.0 Broadcast address is 255. bytes 0 Dropped by WRED conformed packets 0. Bytes 256 Unicast Packets 2.Chapter 2: Configuring Quality of Service ! Dropped by WRED conformed—Number of conformed packets and bytes dropped by WRED Dropped by WRED exceeded—Number of exceeded packets and bytes dropped by WRED Average queue length—Average length of queue in bytes ! ! ! Example host1#show ip interface atm 2/0.

1. If you do not specify the profile name.1 g1 atm-vc queue tc2 qp2@ATM11/0.1 g1 atm-vc queue tc1 qp2@ATM11/0.--------.----------qp2@ATM11/0. The default format contains a list of all the qos-port-type-profile commands as they have been entered. If there are no QoS profiles attached to the interface or above the interface.1 atm-vc queue tc5 qp2@ATM11/0.JUNOSe 6.1: t-class interface rule traffic qos profile group type type class --------------.1 atm-vp node qp2@ATM11/0.1 atm-vc queue best-effort qp2@ATM11/0.------.1 g1 atm-vc node qp2@ATM11/0.x Policy and QoS Configuration Guide show qos interface-hierarchy ! Use to display the QoS profiles in effect for and stacked above the specified interface.1 atm-vc queue tc6 qp2@ATM11/0. Example host1#show qos-port-type-profile default-port-profile Ethernet qos-profile ethernet-default default-port-profile Atm qos-profile atm-default default-port-profile HDLC qos-profile serial-default default-port-profile ServerPort qos-profile server-default ! 200 ! Monitoring QoS .----.1 atm-vc node qp2@ATM11/0.1 attachment@ atm-vc ATM11/0.1 g1 atm-vp node qp2@ATM11/0.1 g2 atm-vc queue tc4 scheduler profile -----------default default default default default strictShaper default default default default default default default queue profile ------default default default default default default default default default default default default default show qos-port-type-profile ! ! ! Use to display information about QoS port-type profiles.1 g1 atm group qp2@ATM11/0. the router displays the QoS profile that is in effect down the interface stack toward the port interface.1 g2 atm-vc queue tc3 qp2@ATM11/0. or group traffic class—Name of the traffic class associated with the queue scheduler profile—Scheduler profiles associated with the interface queue profile—Queue profiles associated with the interface ! Example host1#show qos interface-hierarchy atm 11/0. data for all interface types is displayed. node.1 g2 atm-vp node qp2@ATM11/0. Field descriptions ! ! ! ! ! ! ! ! ! attachment@—Interface for which the hierarchy is being displayed qos profile—Name of the QoS profile and its attachment point t-class group—Traffic-class groups associated with the interface interface type—Type of interface to which the profile is attached rule type—Queue.

according to the following sequence: ! ! ! ! ! not members of a traffic-class group members of the strict-priority traffic-class group members of an extended traffic-class group in the order of configuration qos-profile—Name of QoS profile t-class group—Name of the traffic-class group associated with the interface interface type—Type of interface rule type—Whether the rule is a group node.----------ip queue tc3 ip queue tc4 ip queue tc5 expedited-forwarding ethernet group expedited-forwarding ip node expedited-forwarding ip queue voice best-effort ethernet group best-effort ip node best-effort ip queue best-effort assured-forwarding ethernet group assured-forwarding ip node assured-forwarding ip queue video scheduler profile --------------best-effort best-effort best-effort expeditedGroup default voice bestEffortGroup default best-effort assuredGroup default video queue profile ------default default default drop profile ------default default default statistics profile ---------default default default default default default default default default default default default Monitoring QoS ! 201 .Chapter 2: Configuring Quality of Service show qos-profile ! ! ! Use to display information about QoS profiles.--------. If you do not specify the QoS profile name. and queues. in that order.----. Use the brief keyword to display a reference count for QoS profiles. or queue traffic class—Name of the traffic class associated with the interface scheduler profile—Name of the scheduler profile associated with the interface queue profile—Name of the queue profile associated with the interface drop profile—Name of the drop profile associated with the interface statistics profile—Name of the statistics profile associated with the interface qos-profile referenced by attachment—Number of interfaces to which the QoS profile is attached attachment—Type of interface to which the QoS profile is attached ! Field descriptions ! ! ! ! ! ! ! ! ! ! ! ! Example 1 host1#show qos-profile qpDiffServExample1 qos-profile qpDiffServExample1: interface rule traffic t-class group type type class -------------------. data for all QoS profiles is displayed. scheduler node. This command displays groups. The reference count is the number of times the QoS profile is referenced by an interface or protocol profile. Use the references keyword to display interface profiles that reference this profile. nodes.

JUNOSe 6.1.x Policy and QoS Configuration Guide

!

Example 2
host1#show qos-profile brief qos-profile atm-default referenced by 1 attachment qos-profile serial-default referenced by 1 attachment qos-profile ethernet-default referenced by 1 attachment qos-profile server-default referenced by 1 attachment

!

Example 3
host1#show qos-profile references qos profile attachment -------------------- ----------------------------------atm-default atm (qos-port-type-profile) serial-default serial (qos-port-type-profile) ethernet-default ethernet (qos-port-type-profile) server-default server-port (qos-port-type-profile)

show qos queue-thresholds
! !

Use to display the color-based thresholds for queues on each egress slot. Showing queue thresholds by queue profile shows buffer memory information for each queue profile and, within that profile, shows the thresholds for each region. Field descriptions
! ! ! !

!

queue-profile—Name of the queue profile region—Egress buffer memory region egress memory—Amount of memory in each region exceeded length—Amount of exceeded traffic that can be queued at this egress memory usage conformed length—Amount of conformed traffic that can be queued at this egress memory usage committed length—Amount of committed traffic that can be queued at this egress memory usage total committed memory—Amount of committed memory allocated to the queue

!

!

!

!

Example 1 shows the color-based queue thresholds for each of the 2000 video queues when 8000 total queues are configured. As shown, when all of the egress memory in use is between 0 MB and 4 MB, each video queue can queue 139,648 bytes of committed traffic. Because the default conformed fraction is 50 percent and the default exceeded fraction is 25 percent, half of the committed length, or 69,888 bytes, can be queued before conformed traffic is dropped, and one quarter of the committed length, or 34,944 bytes, can be queued before exceeded traffic is dropped. As memory fills, the video queues are given progressively smaller amounts of memory. For example, when 28 to 32 MB of buffer memory is in use, each video queue is limited to 3456 bytes. As memory fills beyond the last region, all frames are dropped except control traffic, until the queues are drained and memory usage falls back into one of the regions.

202

!

Monitoring QoS

Chapter 2: Configuring Quality of Service

!

Example 1
host1#show qos queue-thresholds egress-slot 9 queue-profile video queue-profile video 2000 queues egress memory ----------0MB - 4MB 4MB - 8MB 8MB - 12MB 12MB - 16MB 16MB - 20MB 20MB - 24MB 24MB - 28MB 28MB - 32MB exceeded length -------34944 24448 14080 7040 5248 1280 1152 896 conformed length --------69888 48896 28032 14080 10496 2560 2176 1792 committed length --------139648 97792 55936 28032 20992 5120 4224 3456 total committed memory --------279296000 195584000 111872000 56064000 41984000 10240000 8448000 6912000

region -----0 1 2 3 4 5 6 7 !

Showing queue thresholds by region organizes the buffer memory information by queue region and, within each region, shows the buffer allocations for each queue profile. Example 2 shows the router’s memory management. Static and dynamic oversubscription determines that when 8,000 queues are configured and 0–4 MB of egress buffer memory is in use, memory is oversubscribed by 3330 percent. If significantly fewer queues are configured, there is less oversubscription. This example illustrates static oversubscription. Because all of the queues in Example 2 use default queue profiles, all queues have the same lengths. Each queue is allocated 139,648 bytes of committed buffer memory when operating within this region. This allocation allows active queues to burst traffic by using memory that is unused by quiescent queues. This example illustrates dynamic oversubscription, which is based on the assumption that when a large number of queues is configured, only a fraction of the queues is active at a given time. As more queues become active, memory fills and spills into another region. When this occurs, queues are given progressively smaller queue limits. Example 2
host1#show qos queue-thresholds egress-slot 9 region 0 region 0 (0MB - 4MB) oversubscription 3330% exceeded length -------34944 34944 34944 34944 conformed length --------69888 69888 69888 69888 committed length --------139648 139648 139648 139648 queue count ----2000 2000 2000 2000 total committed memory --------279296000 279296000 279296000 279296000

!

!

!

queue-profile ------------default video multicast internet !

In memory regions 1 through 5, queue limits are progressively reduced. In region 6, memory is strictly partitioned among queues; oversubscription is 100 percent in Example 3.

Monitoring QoS

!

203

JUNOSe 6.1.x Policy and QoS Configuration Guide

!

Example 3
host1#show qos queue-thresholds egress-slot 9 region 6 region 6 (24MB - 28MB) oversubscription 100% exceeded length -------1152 1152 1152 1152 conformed length --------2176 2176 2176 2176 committed length --------4224 4224 4224 4224 queue count ----2000 2000 2000 2000 total committed memory --------8448000 8448000 8448000 8448000

queue-profile ------------default video multicast internet !

When 24–28 MB of the memory is in use, there is no oversubscription of egress buffer memory; 32 MB of the 32-MB memory is allocated. In this example, each of the 8000 egress queues is given a queue of 4224 bytes, for a total of 16 MB. If memory continues to fill into region 7, egress buffer memory is undersubscribed, allowing control traffic to flow within the router. As shown in Example 4, when operating in region 7, only 80 percent of the 32-MB memory is allocated. Example 4
host1#show qos queue-thresholds egress-slot 9 region 7 region 7 (28MB - 32MB) oversubscription 80% exceeded length -------896 896 896 896 conformed length --------1792 1792 1792 1792 committed length --------3456 3456 3456 3456 queue count ----2000 2000 2000 2000 total committed memory --------6912000 6912000 6912000 6912000

!

!

queue-profile ------------default video multicast internet !

Example 4 has 2000 IP users, each with four queues. Each of the four queues use default queue profiles. In Example 5, the multicast queue profile is configured with a committed length of 10,000 minimum and 20,000 maximum. When in regions 0–4, these queues would normally get more memory than the 20,000 byte maximum requested. In this case, the queue is limited to the maximum, and any excess memory is redistributed to other queues. Example 5
host1#show qos queue-thresholds egress-slot 9 queue-profile multicast queue-profile multicast 2000 queues total egress exceeded conformed committed committed region memory length length length memory ------ ----------- -------- --------- --------- --------0 0MB - 4MB 5120 10112 20096 40192000 1 4MB - 8MB 5120 10112 20096 40192000 2 8MB - 12MB 5120 10112 20096 40192000 3 12MB - 16MB 5120 10112 20096 40192000 4 16MB - 20MB 5120 10112 20096 40192000 5 20MB - 24MB 1280 2560 10112 20224000 6 24MB - 28MB 1152 2176 4224 8448000 7 28MB - 32MB 896 1792 3456 6912000

!

!

204

!

Monitoring QoS

Chapter 2: Configuring Quality of Service

!

In region 5, there is not enough memory to honor the 20,000 byte maximum requested. Although a 20,000 byte maximum was requested, the router provisions memory in 128 byte blocks, rounded up or down per each request; 20,096 bytes is 157 blocks of 128 bytes. In region 6, memory is strictly partitioned, and neither the minimum nor maximum request is honored. Instead, each multicast queue is given a fair share of the queue length so that aggressive bandwidth consumers cannot starve out moderate traffic consumers. In region 7, memory is underprovisioned to allow queues to drain and to avoid starvation that occurs when egress buffer memory fills completely. You could configure video queues with a buffer weight of 16 and Internet and multicast queues with a buffer weight of 8 to ensure that video queues get to queue twice as much traffic as Internet and multicast queues. See Example 6. Example 6
host1#show qos queue-thresholds egress-slot 9 region 0 region 0 (0MB - 4MB) oversubscription 3330% exceeded length -------33664 67328 5120 33664 conformed length --------67328 134656 10112 67328 committed length --------134656 269184 20096 134656 queue count ----2000 2000 2000 2000 total committed memory --------269312000 538368000 40192000 269312000

!

!

!

!

!

queue-profile ------------default video multicast internet

show qos shared-shaper
! !

Use to display information about the configured shared shapers. The best-effort queue is listed as the first resource for shared shapers that are queue controlled. The best-effort scheduler node is listed as the first resource for shared shapers that are node controlled. Comnpound shared shpers Field descriptions
! ! ! ! ! ! !

! !

interface—Type of interface resource—Traffic resource associated with the logical interface shared shaping rate—Configured shared shaping rate in bits per second shaping rate—Individual shaping rate of a traffic resource other—Actual current shaping rate in bits per second Total shared shapers—Total number of shared shapers Total constituents—Total number of resource constituents for all shared shapers Total shared shaper failovers—Total number of shared shapers that are disabled (in failover mode) due to lack of resources Compound shared shapers are [not] supported—Indication of whether compound shared shapers are supported; determined by installed hardware

!

!

Monitoring QoS

!

205

If you do not specify the queue profile name.1.JUNOSe 6. Field descriptions ! ! ! ! ! queue profile—Name of the queue profile committed length—Greater queue length than the length of the conformed or exceeded length conformed length—A queue length that is less than the committed length but greater than the exceeded length exceeded length—A queue length less than the conformed length which is less than the committed length conformed fraction—Percentage of the total queue that can be occupied before conformed packets are dropped exceeded fraction—Percentage of the total queue that can be occupied before exceeded packets are dropped buffer weight—Weight of the queue ! ! ! ! ! 206 ! Monitoring QoS . Use the references keyword to display a list of QoS profiles that reference the queue profile.------. The reference count is the number of times that a QoS profile references the queue profile. data for all queue profiles is displayed.10 A atm-vc node 500000 rate 500000 atm-vc queue best-effort atm-vc node EF A atm-vc queue EF voice 100000 atm-vc node AF A atm-vc queue AF video 200000 atm-vc ATM11/0.11 A atm-vc node 500000 rate 500000 atm-vc queue best-effort atm-vc node EF A atm-vc queue EF voice 100000 atm-vc node AF A atm-vc queue AF video 200000 Total shared shapers: 2 Total constituents: 12 Total shared shaper failovers: 0 Compound shared shapers are not supported show queue-profile ! ! Use to display information about a queue profile. Use the brief keyword to display a reference count for queue profiles.--------------------------.----------atm-vc ATM11/0.------.x Policy and QoS Configuration Guide ! Example host1#show qos shared-shaper atm 11/0 shared shaping shaping interface resource rate rate other ----------------.

max --------------default 0. <none> exceeded length: min. <none> conformed length: min. buffer exceeded weight ---------. The reference count is the number of times that a QoS profile references the scheduler profile. in bits per second. Field descriptions ! ! ! ! ! scheduler—Name of the scheduler profile shaping rate—Maximum bandwidth. Use the brief keyword to display a reference count for scheduler profiles. host1#show queue-profile committed queue length: profile min. data for all scheduler profiles is displayed. <none> fraction: conformed. to indicate that HAR is used Referenced by QoS profiles—QoS profiles that reference this scheduler profile ! ! ! ! ! Monitoring QoS ! 207 . or the keyword. 25 8 ! Example 2 host1#show queue-profile brief queue-profile default referenced 31 times in qos-profiles ! Example 3 host1#show queue-profile references queue-profile default Referenced by QoS profiles: atm-default serial-default ethernet-default server-default show scheduler-profile ! ! Use to display information about a scheduler profile. max --------0.-----50. provided to a node or queue. max --------0. in bits per second. If you do not specify the scheduler profile name. hierarchical. Use the references keyword to display a list of QoS profiles that reference the scheduler profile.Chapter 2: Configuring Quality of Service ! Example 1 This is the default format. provided to a node or queue burst—Catch-up number associated with the shaper weight—HRR weight of a node or queue strict priority—Status of strict priority assured rate—Desired bandwidth.

JUNOSe 6. information for all statistics profiles is displayed. Field descriptions ! ! ! ! ! statistics profile—Name of the statistics profile forwarding rate threshold—Threshold above which forwarded-rate-exceeded events are counted committed drop threshold—Threshold above which committed-drop-events are counted conformed drop threshold—Threshold above which conformed-drop-events are counted ! ! 208 ! Monitoring QoS . If you do not specify a profile name. Use the brief keyword to display a reference count for statistics profiles. Use the references keyword to display a list of QoS profiles that reference the statistics profile. The reference count is the number of times that a QoS profile references the statistics profile.x Policy and QoS Configuration Guide ! Example 1 host1#show scheduler-profile shaping scheduler rate burst ------------------default <none> 32767 wf100 128000 32767 spSV25 5000000 32767 videoHar <none> 32767 strict priority -------no no no no weight -----8 20 40 8 assured rate -----------<none> 75000 64000 hierarchical ! Example 2 host1#show scheduler-profile brief scheduler-profile default referenced 39 times in qos-profiles scheduler-profile wf100 referenced 1 time in qos-profiles scheduler-profile spSV25 referenced 2 times in qos-profiles ! Example 3 host1#show scheduler-profile references scheduler-profile default Referenced by QoS profiles: atm-default serial-default ethernet-default server-default scheduler-profile wf100 Referenced by QoS profiles: ipV610 scheduler-profile spSV25 Referenced by QoS profiles: qospro25 show statistics-profile ! ! Use to display information about a statistics profile.1.

Field descriptions ! ! ! ! ! ! ! ! traffic class—Name of the traffic class fabric weight—Weight of the queue in the fabric fabric strict priority—Setting strict-priority queues in the fabric Referenced by QoS profiles—QoS profiles that reference this traffic class Referenced by traffic class groups—Traffic-class groups that reference this traffic class ! Example 1 host1>show traffic-class fabric traffic fabric strict class weight priority ----------------------best-effort 8 no best-effort 8 no tc1 8 no tc2 8 no tc3 8 no tcs4 8 yes tcs5 8 yes ! Example 2 host1#show traffic-class brief traffic-class best-effort referenced 17 times in qos-profiles Monitoring QoS ! 209 .Chapter 2: Configuring Quality of Service ! exceeded drop threshold—Threshold above which exceeded-drop-events are counted rate period—Time frame during which statistics are gathered ! ! Example host1#show statistics-profile forwarding committed statistics rate drop profile threshold threshold --------------------------default <none> <none> statpro-1 10000000 2000000 conformed drop threshold --------<none> 4000000 exceeded drop threshold --------<none> 6000000 rate period -----<none> 30 show traffic-class ! ! Use to display information about a traffic class. If you do not specify the traffic-class name. Use the brief keyword to display a reference count for traffic classes. Use the references keyword to display a list of QoS profiles and traffic-class groups that reference the traffic class. The reference count is the number of times that a QoS profile references the traffic class. data for all traffic classes is displayed.

Use the references keyword to display interface profiles that reference the configured traffic-class groups. Field descriptions ! ! ! ! ! traffic-class group—Name of the traffic-class group traffic-class—Name of the traffic class Referenced in qos-profiles—Number of times group is referenced by QoS profiles Referenced by QoS profiles—QoS profiles that reference this traffic class ! ! Examples host1#show traffic-class-group traffic-class-group assured-fwd traffic-class video traffic-class-group assured-fwd slot 11 traffic-class video traffic-class voice host1#show traffic-class-group brief traffic-class-group g2 referenced 1 time in qos-profiles traffic-class-group g3 referenced 1 time in qos-profiles traffic-class-group g4 referenced 0 times in qos-profiles traffic-class-group g1 referenced 0 times in qos-profiles host1#show traffic-class-group references traffic-class-group g2 Referenced by QoS profiles: profile1 traffic-class-group g3 Referenced by QoS profiles: None 210 ! Monitoring QoS .x Policy and QoS Configuration Guide ! Example 3 host1#show traffic-class reference traffic-class best-effort Referenced by QoS profiles: atm-default serial-default ethernet-default server-default Referenced by traffic class groups: None show traffic-class-group ! ! Use to display the name of a traffic-class group and the classes in the group. the number of times the each traffic-class group is referenced by a profile.JUNOSe 6. Use the brief keyword to display a reference count.1.

............................ See CDVT classifier CAM hardware .......................122 conventions defined icons..104 conformed-length command........................................................xi comments on .................56 best effort ..........................................165 atm-vp qos-profile command...........................................x Index ! 211 ............................................................................................39 clear egress-queue command......................................................................................................x ERX-7xx models .....150 conformed-fraction command ...............................................156 required QoS profile ....................93 CDVT .................................................................................................................................147 committed-action command.................................................................... 24 multiple elements in ...................93 buffer-weight command ................................................118 E effective weight...63..............xi comments on ..... shared-shaping........63...........................................40 color-based thresholds ......................193 shaping.......................................................104 committed-rate command .............. E-series ..............................................93 ERX-14xx models ............................................................................................................. xiii drop profile ..........................154..........102 committed drop threshold .............................................................63...............................................158 frame shaping .......Index A Ascend-Data-Filter (RADIUS attribute 242).............. 67 software .............................................................. xiii B backpressure ....187 atm vp-tunnel command ...92 documentation set..................................................................23 matching IP fragmentation offset .......................................104 conformed-threshold command.................47 policy format .............x customer support..................................................................................................................21 classifier groups creating ................................. xii CDV ..................................................................158 status......... 65 hardware ..............................63............ 64.............................104 burst size............................................................................................................67 FPGA hardware .... See shared shaping conformed drop threshold ........................................93 assured-rate command .x E-series documentation set .. x classifier control list creating or modifying ........................................................12 committed-drop-threshold command .......... See CDV cell delay variation tolerance.....................107 compound shared shaping..................47 ASIC scheduler.............107 constituents..............................................93...................................................... See monitoring ATM modules with relative strict priority......................63.....................................................................................................................................186 minimizing latency on the SAR .............................................................................................................................................22...................................................18 matching IP flags .......................................................63............188 C CDs JUNOSe software CD ..........................................................187 oversubscribing ...............................................................12 committed-burst command .........................................................156 bandwidth management.......................................................................................................93 best-effort scheduler node .............................................................178 networks .......150 committed-length command................................ 159 cell delay variation.............................................93........147 conformed-action command................. 66 line module support .............................. xiii E-series models. 97 best-effort queue.....193 color command .......................................................................................................................................................................... 65 policy consumption ..92 assured rate .........................................................................105 dynamic shaping of traffic ...................23 matching TCP flags................ 171 audience for documentation ............................................................................. setting in a shaping rate ....................................... 66 consumption .............................................................36 classifier-group command............................................................................................................13 committed-threshold command........117 ATM (Asynchronous Transfer Mode) cell shaping ..............13 conformed-drop-threshold command ........................................158 monitoring ..........................x text and syntax.............................................. 67 D Diffserv configuration example..............................................................193 clear fabric-queue command ...........................................

...... x ERX-7xx ......... 93 H HAR..................................................................................................................... 182 HRR scheduler..........................43 mask-val command .........................................................172 F fabric-strict-priority command........................... 41 forwarding rate threshold .................93 scheduler.................................. See rate-limit-profile commands P packet coloring......... 59 exp-mask command................................................................................................ xiii models ERX-14xx ...................................................................... 40 forward command......... xiii mark command................................................................................................................................................................... E-series.............................................................................................................. filtering........ 104 exceeded-length command.41 M manuals................ 94 HRR...........................3 packet tagging .........42 mark-exp command ......................................................................................................................................................................................................................... 18 G gre-tunnel classifier-list command ............................... 93...........45 ip policy ........................................................................62............................................... explicit ............................................ See HRR hierarchy....43 next-interface command.................................................................................................................. x implicit constituents selection for compound shared shaping ...................................................1........................................ 93 hierarchical assured rate....................154...................62 mpls classifier-list command .................................... 153 group node .... See rate-limit-profile commands ipv6 rate-limit-profile command........................................................................................ 46 ip rate-limit-profile command..................................................................... 23 IP options................................................... 14 latency..........................................................................................................94 node command ........................................... 151 fragmentation offsets....................................2 policy commands frame-relay policy ..42 mark-user-priority command..................................193 QoS ............................................................... 167 212 ! Index ..................................................................................... 19..............................................................................................................................................26 mpls commands mpls classifier-list ..............................................172 attachments ................ 125 selection for simple shared shaping ....................45 l2tp policy ........................................................................ 190 notice icons defined ..............45 gre-tunnel policy......................45 mpls policy........................................................................................................ 124 installing the system software.................... See HAR hierarchical round-robin..x Policy and QoS Configuration Guide exceeded drop threshold .............76 multiple forwarding solutions ..JUNOSe 6...................................... 104 exceeded-threshold command.......................................................................... 147 exceeded-action command........15 MIBs (Management Information Bases) ....................................................93 log command ..........59 packet mirroring ..................... QoS scheduler ............................... x I icons defined........................................................................ 184... 46 IP fragmentation offset........................................................93 group...................................42 mark-de command ..................................... 170 ip classifier-list command ........................63 mpls ldp lsp-policy.................................................... 14 explicit packet coloring.... 150 exceeded-fraction command .......... 14 exceeded-drop-threshold command ...................38 munged QoS profile...................................................................15 policy action .................................................. See rate-limit-profile commands L2TP sessions QoS .................................................................................................................................................................. filtering ........... 63 mpls rate-limit-profile command.............................. 98 filter command............................ 26 l2tp rate-limit-profile command......59 peak-burst command.......................15 peak-rate command.... notice ...........45 L l2tp classifier-list command. 147 forwarding-rate-threshold command ......... ix interface profile attachments ...................................193 MPLS policy management and.................................................... 155 relative strict priority on..............45 vlan policy ....... 98 fabric-weight command.. 23 frame-relay classifier-list command ......................................................................................................................................................................................... 107 excess-burst command............................................................................. 19 group command ............... 24 ip commands ip filter-options all ........................................................................... xi comments on ....43 node best-effort scheduler........... 187 N next-hop command .............. matching in a policy ......................................................................... 38................................................................................... x E-series.... x monitoring ATM interfaces ...................................................... See rate-limit-profile commands MTU (maximum transmission unit) IP............................................

......................................................................................................45 policy management applications .....................47 rate limiting..92 expedited forwarding .............................................................46.........................................................................................151 attachment .......18 modifying a one-rate rate-limit profile ... 54 policy rules....................54 bandwidth management ...................93 interface profile attachments .............................................................................................55 applying a policy list to an interface ...........................70 policy rules creating .........................................................93 hierarchical round-robin ..92 features .................................................45 constructing a......................................................................3 creating a classifier control list . 24 modifying a classifier control list ...............114 statistics .....................92 Diffserv configuration example......93 best-effort queue ..............................................13....36 l2tp policy-list command .....................................................94 port-type ..........................................................................................70 vlan policy .........................54 secure policies.................................62 one-rate rate-limit profile...................170 L2TP sessions .............................45 Fast Ethernet port on SRP module .....46 matching IP flags in a CLACL...56 baselining statistics.................................................................................................................................................................3 packet tagging ..46 two-rate rate-limit profile ......................................................................................2......................56 constructing a policy list ......................................................36 vlan policy-list command.................3 security..................................................................59 policy actions and rate-limit profiles.....................8 policy lists ..................36 mpls policy-list command..................................................................................................94 attachments.......................................................................................58 rules ...............................................181................................36 port shaping.....................................37 policy-list commands frame-relay policy-list command .................59 policy routing ..................................................... creating .................................................11 modifying a policy list ................................................................................93 CDV ....... 68 classifier control lists ................................................................69 monitoring packet flow ......................93 color-based thresholds.70 ip policy....167 latency................................................45 bandwidth management ...................93 CDVT ...................................................................93 extends Diffserv .....................................................................................22...........36 ip policy-list command ...................................3 security ...............57 overview...........................47 explicit packet coloring.55 statistics .....182 HRR..............94 group node ................................................................................................................................................36 classifier resources ............................................3 packet tagging ........ 182 scheduler ..5 rate-limiting traffic flows ................102 description of .......................................................................... QoS.................................36 ipv6 policy-list command...........................................8 rate-limit profile calculations ...............................18 creating a one-rate rate-limit profile ........................59 filtering fragmentation offsets .........................23 matching TCP flags in a CLACL............................................................................................................................................................105 dynamic traffic shaping ............................... 15 congestion management .......................................36 QoS classification and marking ....................................................................................94 rules illustrated..................................................................11 creating a policy list........28 description of .....................2 secure policies .................................2 RADIUS ..........................................................................................................................................2 Fast Ethernet port on SRP module...................................................................................93 Index ! 213 ...................8 rate-limit profile attributes...........................................93 best effort ............178 drop profile.......2........................................... creating ...........................................................2 rate-limit profile actions ..................................................................................................................36 gre-tunnel policy list command ..................................................................................................................147 Q QoS assured rate.......................................................171 profile drop.................................11 creating with RADIUS ............................11 monitoring .................................................2 packet mirroring..............................118 effective weight ......................................................................................................105 QoS ..........................................................................................................56 packet mirroring ...................................................................................................................................................................................................57 policy management commands gre-tunnel policy.................................................................................................36 supported commands..........................................................................16 rate-limit profile defaults .......18 classifier groups................................................92 differentiated services assured forwarding...................93 HAR...............................................................16.............70 l2tp policy................................................................................................................................................................................23 matching IP fragmentation offset in a CLACL ................................................................192 port-type profile...............93 best-effort scheduler node ................................................................60 MPLS and ..................28 creating a two-rate rate-limit profile ............................................................................................................................................................................ 17 rate-limit profiles ..................................................... 28 policy routing ....28 modifying a two-rate rate-limit profile .....................Index policy list applying to an interface..................................3 creating or modifying .....................23 filtering IP options ..............................................66 committed burst calculation ..........................

..........158.......... 17 modifying..........................................................................97 traffic-class group ......154 configuring ..................16 rate-limit-profile two-rate....................................................................58 individual traffic flows .............................................................................................................................97 configuring....182 TCP friendly ...................................................154 queue length...................................................................110..........................................................................................................................102 queue command............... 191 RED......................................................................................................... 93 scheduler ......... 105 QoS.................... 96 scheduler assured rate ............................................. 147 maximum ....................................... 147 conformed drop threshold .... configuring....................94 WRED ..47 random early detection.................................................... 92 port shaping ............................ 115 shaping ATM ......................................................94 configuration examples ............................................................................................................ 181....................... 158 shared shaping .......................................................................................................................................... 114 weight ........................................................................................... 184 RFCs..................................................148 resource use......191 QoS ...... 118 statistics ................105 R RADIUS applying policies.......................................................... 158 overview ............57 policy actions ...................... 151 rules illustrated ............ 94 profile ...................................................................................................................................8 calculations ........................1........................................................17 214 ! Index ....................................... 192 port-type profile .............................. 114................58 rate-limit-profile commands rate-limit-profile...................................... 94 operational shaping mode operational QoS shaping mode .. 106 configuring average queue length .......... configuring...........JUNOSe 6.................................................... 112 configuration examples.155 QoS statistics ATM ............... 150 forwarding rate threshold..........................................................................................................................................57 rate-limiting aggregate traffic flows ............................................................................................................. 158 ATM frame shaping...... 108 configuring color blind RED ............................................................................................... 103 rate shaping ......153............... 191 qos-shaping-mode command .. 114 profile.........................................................................................................99 weight .....................................................172 QoS scheduler HRR...................................................................................................................................................44 rate-limit-profile one-rate.........................182 queue buffers............ 94.......................................................................................... 108 configuring.....156............................................... 178 multiple traffic-class groups............................................................................... 147 event statistics ............................... 108 how it works ................................................x Policy and QoS Configuration Guide monitoring .................................................16........ 155.....................................................................................................16 creating ........................................................................................................................ 182 scheduler ................................................................... 114 shaping rate .................................................................................................. 99 munged profile.................................... 151 rate statistics .................................................11 one-rate......... 171.93 traffic class .. 193 multiple traffic class configuration example ........................................................... 166 qos-port-type-profile command .........................................................................................................150 thresholds ...................................... 182 profile .................................................................................... 114 statistics ...170 attaching to interfaces .........................100 configuring ..............................................191 terms.............171 qos-profile command............93 queue bandwidth....................................................................................................................................................................................... 149 exceeded drop threshold........150 strict-priority scheduling .....................................11 default values .................................................................................................................................................110 QoS profile attaching .............................................159................... 94 and dynamic queue thresholds ... 115 hierarchy.................................. 167 qos-mode-port command ................................. 147 failover mode...................................... 106 relative strict-priority scheduling ....... 114......................................................................................................... 174 configuring ..................... 108 configuring colored RED ............................................................................................................................ 93 group ............................. 114 relative weight .................................... 116 rate shaping ..................... 193 statistics profile .............. 158 ATM cell shaping..................................... 94 port-type profile attachments .......... 167 queue .. 147 rate period .................................................................................................................... 147 queue ............................ 100 profile.. See RED rate shaping.......................102 queue profile ............. 94 drop ....................................... 93 bandwidth....................................................... 171 profile attachment..........8 two-rate..................... 94....153 munged............ 172 nodes best-effort scheduler ...................................94 rate-limit profiles attributes ...............................................................152 creating ...................................................103 queue-profile command................................................................................................ 183 node ............ 147 committed drop threshold ......................................................................147...............................................................................................................................

....................106 configuring average queue length.........................................................188 setting burst size in .............................188 release notes..................................................................................................................................165....................................145 constituents .......................158 shaping-rate command ...187 oversubscribing .............................119 on the SAR.................. 105 and dynamic queue thresholds............. on best-effort queue...................... 131 implicit constituents example at best-effort node...............123 configuration..........73 show gre tunnel....................................................... 114... on best-effort scheduler node....................................................117......................................................76 show ipv6 interface .............................................................................125 selection for simple .................................124 inactive constituents......................186 configuring ..198 show frame-relay subinterface...189 zero-weight queues...........................................120 example........................116 rate shaping ..................135 configuration example...........114 configuring ............................................193 show classifier-list......................................................................................... 191 shared shaping active constituents...79 show mpls interface l2transport .....121 traffic starvation .............................................................................................................................................. VC shared shaping.................84 show qos-port-type profile command ................................................................ 139 show commands show atm interface ................................................................................ VP shared shaping...................................................208 Index ! 215 ..................................................................122 comparison of explicit and implicit ......................200 show qos-profile command ...........................................131 inactive ......... VC shared shaping .........115 scheduler-profile command ..............................................121 node-controlled ........................132 example of weighted ................................141 configuration example.........140 shared-shaping-rate command..............................................................146 types...................................185 scheduler assured rate.............70 show drop-profile command.............184 configuration example...............................................................................................................139 limiting bandwidth .....................................125 example at best-effort queue ..127 selection ..............86 show scheduler-profile command.............186 minimizing latency on the SAR ..............123 selection for compound.................... best-effort ......188 shaping rate for nonstrict queues ......................................................................................194 show egress-queue events command ........123 explicit constituents example ......................75 show ip interface ....................106 relative strict-priority scheduling..............................................................................112 configuration examples .................................................117.......108 how it works.........122 active ............................................................126 example for mixed interface types ................145 compound ................................................................................................................................139 configuration example...........133 selection ................................................... 115 hierarchy ...................................................195 show egress-queue rates command ...............................Index rate-period command ................................ 87 security........114 weight ........136 configuration example............. 191 secure policies .....................................................127 ordering for compound .....................119 oversubscription ........ VP shared shaping........... QoS ATM................93 profile......................................119 simple ..................114 relative weight.......................74 show interfaces ...........158 cell ............. simple versus compound.......................................................................................................87 show statistics-profile command .......................108 configuring ..................................................................................146 overview.. weighted ......................................119 shared-shaping-constituent command ..................................................................................................................................................................55 shapeless tunnel ............................................201 show queue-profile command ..151 RED ................................................................................141 example...................................... xii S SAR scheduler..................................................................................................................... 166 shaping rate for nonstrict queues ............................94..............................143 configuration limitations ............................122 active constituents ...................137 example......................................................................................123 configuration .........207 show secure policy-list............155 shaping rate .......................................................................114 SAR ............................... 183 HRR...............................................................................................119 low-CDV mode ................123 individual shaping and...............................................................................123...............................188 shaping............................108 configuring color blind RED...........................122 burst rate....155 node............ 119 queue-controlled..........................................158 frame .......................................................187 setting burst size in shaping rate ...............146 caveats ...............................................................189 on ATM modules ................120 example..................... basic .......................................................................................114....................................................129 hardware dependency........................118.......................................................................................................155 strict-priority on ..................................................196 show fabric-queue command .......................................................................................................................108 configuring colored RED.....................135...........................................................................................................................................................188 tuning latency on strict-priority queues ..............82 show policy-list .........3... limitations of ....................119 active constituents..........................................206 show rate-limit-profile......94............................

........... x traffic classes .. installing..... 200 show qos queue-thresholds command ..................... 147 statistics-profile command..................... 110 Z zero-weight queues.............. 97 multiple............. 178 traffic flow .......................................................... requesting......... 110 different drop behavior for each queue ......... 202 show qos shared-shaper ........ 111 different treatment of colored packets ........1.................................................. 94 weighted random early detection............................ 191 technical support. 98............................................ requesting......... 99 multiple............................. 93 text and syntax conventions defined ............................................ 210 show vlan subinterfaces ....... 44....................................................................................................................................................... xiii T TCP friendly....... 174 configuring .............. 151 strict-priority command........................................... 185 support................................. 209 show traffic-class-group command ..... 44 V vlan classifier-list command ............................................................................ 188 216 ! Index .......... 191 weight....................................................... 99 traffic-class groups configuring ........... 99 traffic-class-group command .. 185 U updating the system software...................................................................................... 27 W weight command................................. 118........ QoS ................................ 97 configuring ............. 100 true strict priority scheduling.......................................... ix user-packet-class command..............JUNOSe 6... configuration example.................... 89 show qos commands show qos interface-hierarchy command........... 110............. ix statistics profile.... 118 strict-priority scheduling .......................................................................................................x Policy and QoS Configuration Guide show traffic-class command ..................................................................................................................................... 93 traffic-class command .. See WRED WRED ....... 105 configuration examples ........................................................... xiii terms QoS .............................................................................................................................. 182 true versus relative ............ See shared shaping software............................................................................................................. 205 simple shared shaping..................................................................................................................................................... 94....................

Sign up to vote on this title
UsefulNot useful