JuniperCoS基本配置说明
(2018-04-10 01:36:41)分类: Juniper |
QoS(quality of
service)是cisco的叫法,类似的叫法,在Juniper为CoS(class of service)。
CoS在外企的Juniper设备上配置比较多,在国内用户的设备上见到很少。
CoS基本都是一个AS里面都关联起来的,可以用node 形容单台设备,CoS是由classification,policing ,queuing/scheduling,shaping,remarking组成,最少可以只配置分类和队列;其它都是可选。
通过show class-of-service forwarding-class,show
class-of-service classifier,show class-of-service
interface等可以看到Juniper的默认配置。默认Forwarding class为
best-effort,expedited-forwarding,assured-forwarding,network-control;对应的queue
分别为0,1,2,3。设备支持的Queues跟设备的硬件和软件平台都是有关。默认所有IPV4流量都放在队列0中,除非ToS位被设置为110或111,在这种情况下,流量被放在队列3中,路由协议控制流量使用这些设置。
所有MPLS流量都放在队列0中。在缓冲分配中,队列0获得95%的缓冲总量,队列3获得5%的缓冲总量.在带宽分配中,队列0
获得95%的带宽总量,队列3 获得5%的带宽总量
classification:中一般用到字段是dscp,tos(inet-precedenc);RFC
791中定义的IP包头说明了ToS字段的位置;DSCP字段是在RFC
2474和2475中定义的,其目的是代替ToS字段。前六位用来分类,后两位目前没有使用。还有用到的字段是二层中的ieee-802.1和ieee-802.1ad,mpls
里面的exp,IPV6中的dscp-ipv6。
classification 的配置分为三种:BA(Behavior
aggregate),根据cos标记;MF(multifield)根据数据包头部字节;或是两种的混合模式。当MF和BA的配置有重合的部分时,以MF为准。classification是关联在物理接口上的,为policing和schedulers服务的,决定数据包在congestion的情况下的丢弃优先级。
policing:管制的配置较简单,出发条件为bandwidth(和其它的触发条件类似,具体带宽或百分比)和burst size突发流量大小一般配置为接口的mtu的10倍,例如MTU=1500,则burst size配置为15K。如果配置具体带宽可以使用K,M,G代表具体数值,只有两种触发都达到阈值,才可以触发管制动作,管制动作有硬管制discard直接丢弃超出的流量,并不发送icmp不可达信息;软管制,提高PLP包丢弃优先级,或是将流量分配到优先级较低的forwarding-class里面。
Queuing/Scheduling
:配置主要由transmission-rate,priority,buffer-size,drop-profile-map,shaping-rate。其中shaping-rate和transmission-rate类似policer里面,可以配置为百分比,具体带宽,remainder。priority有strict-high,high,medium-high,medium-low,low。其中strict-high是做带宽保证用的,决定保证。drop-profile-map可以为线性或是跳跃性。buffer-size可以配置percent,temporal(时间,单位为ms),reminder。shaping-rate可以配置percent或是具体数值。
Shaping暂时只在schedulers里面配置过,通过help apropos
shaping看到也可以在interfaces和class-of-service
traffic-control-profiles中使用,后续我查查KB,看看具体的使用案例。
Remarking的配置跟classification比较类似,针对的流量出接口分配的优先级,code-point。
参考day one 做的配置,
classification:
BA:
set class-of-service classifiers dscp dscp-test forwarding-class
voice loss-priority low code-points ef
set class-of-service classifiers dscp dscp-test forwarding-class
data loss-priority low code-points cs4
set class-of-service classifiers dscp dscp-test forwarding-class
data loss-priority low code-points cs3
set class-of-service classifiers dscp dscp-test forwarding-class
data loss-priority low code-points af41
set class-of-service classifiers dscp dscp-test forwarding-class
video loss-priority low code-points af21
set class-of-service classifiers dscp dscp-test forwarding-class
video loss-priority high code-points cs2
set class-of-service classifiers dscp dscp-test forwarding-class nc
loss-priority low code-points cs6
set class-of-service classifiers dscp dscp-test forwarding-class nc
loss-priority low code-points cs7
set class-of-service forwarding-classes queue 0 video
set class-of-service forwarding-classes queue 2 voice
set class-of-service forwarding-classes queue 3 nc
set class-of-service forwarding-classes queue 6 data
set class-of-service interfaces ge-
MF:
set firewall family inet filter mf-classifier term voice from
protocol udp
set firewall family inet filter mf-classifier term voice from port
16384-32767
set firewall family inet filter mf-classifier term voice then
loss-priority low
set firewall family inet filter mf-classifier term voice then
forwarding-class voice
set firewall family inet filter mf-classifier term voice then
accept
set firewall family inet filter mf-classifier term
interactive-video from protocol udp
set firewall family inet filter mf-classifier term
interactive-video from protocol tcp
set firewall family inet filter mf-classifier term
interactive-video from port 6060-6061
set firewall family inet filter mf-classifier term
interactive-video then loss-priority low
set firewall family inet filter mf-classifier term
interactive-video then forwarding-class video
set firewall family inet filter mf-classifier term
interactive-video then accept
set firewall family inet filter mf-classifier term call-sgnaling
from protocol tcp
set firewall family inet filter mf-classifier term call-sgnaling
from port 1720
set firewall family inet filter mf-classifier term call-sgnaling
then loss-priority high
set firewall family inet filter mf-classifier term call-sgnaling
then forwarding-class video
set firewall family inet filter mf-classifier term call-sgnaling
then accept
set firewall family inet filter mf-classifier term ssh-telnet from
protocol tcp
set firewall family inet filter mf-classifier term ssh-telnet from
port telnet
set firewall family inet filter mf-classifier term ssh-telnet from
port ssh
set firewall family inet filter mf-classifier term ssh-telnet then
loss-priority high
set firewall family inet filter mf-classifier term ssh-telnet then
forwarding-class nc
set firewall family inet filter mf-classifier term ssh-telnet then
accept
set firewall family inet filter mf-classifier term imcp-police from
protocol icmp
set firewall family inet filter mf-classifier term imcp-police from
protocol icmp6
set firewall family inet filter mf-classifier term imcp-police then
policer icmp-5m-limit
set firewall family inet filter mf-classifier term imcp-police then
forwarding-class data
set firewall family inet filter mf-classifier term imcp-police then
accept
set firewall family inet filter mf-classifier term be-intranet from
protocol tcp
set firewall family inet filter mf-classifier term be-intranet from
port 8080
set firewall family inet filter mf-classifier term be-intranet then
policer fc-250m-be-limit
set firewall family inet filter mf-classifier term be-intranet then
forwarding-class data
set firewall family inet filter mf-classifier term be-intranet then
accept
set firewall family inet filter mf-classifier term be-traffic from
protocol tcp
set firewall family inet filter mf-classifier term be-traffic from
port ftp
set firewall family inet filter mf-classifier term be-traffic from
port ftp-data
set firewall family inet filter mf-classifier term be-traffic from
port http
set firewall family inet filter mf-classifier term be-traffic from
port https
set firewall family inet filter mf-classifier term be-traffic then
loss-priority high
set firewall family inet filter mf-classifier term be-traffic then
forwarding-class data
set firewall family inet filter mf-classifier term be-traffic then
accept
set firewall family inet filter mf-classifier term all-else then
accept
set firewall policer icmp-5m-limit if-exceeding bandwidth-limit
5m
set firewall policer icmp-5m-limit if-exceeding burst-size-limit
15k
set firewall policer icmp-5m-limit then discard
set firewall policer fc-250m-be-limit if-exceeding bandwidth-limit
250m
set firewall policer fc-250m-be-limit if-exceeding burst-size-limit
625k
set firewall policer fc-250m-be-limit then loss-priority
low
set firewall policer fc-250m-be-limit then forwarding-class
data
set interfaces ge-0/0/2 unit 0 family inet filter input
mf-classifier
Queuing/Scheduling:
set class-of-service drop-profiles wred-moderate-interpolate
interpolate fill-level 75
set class-of-service drop-profiles wred-moderate-interpolate
interpolate fill-level 85
set class-of-service drop-profiles wred-moderate-interpolate
interpolate fill-level 95
set class-of-service drop-profiles wred-moderate-interpolate
interpolate fill-level 100
set class-of-service drop-profiles wred-moderate-interpolate
interpolate drop-probability 20
set class-of-service drop-profiles wred-moderate-interpolate
interpolate drop-probability 35
set class-of-service drop-profiles wred-moderate-interpolate
interpolate drop-probability 50
set class-of-service drop-profiles wred-moderate-interpolate
interpolate drop-probability 100
set class-of-service drop-profiles wred-aggressive fill-level 50
drop-probability 10
set class-of-service drop-profiles wred-aggressive fill-level 70
drop-probability 40
set class-of-service drop-profiles wred-aggressive fill-level 85
drop-probability 75
set class-of-service drop-profiles wred-aggressive fill-level 100
drop-probability 100
set class-of-service scheduler-maps scheduler-map-a
forwarding-class voice scheduler voice-scheduler
set class-of-service scheduler-maps scheduler-map-a
forwarding-class video scheduler video-scheduler
set class-of-service scheduler-maps scheduler-map-a
forwarding-class data scheduler data-scheduler
set class-of-service scheduler-maps scheduler-map-a
forwarding-class nc scheduler nc-scheduler
set class-of-service schedulers voice-scheduler transmit-rate
percent 10
set class-of-service schedulers voice-scheduler buffer-size percent
5
set class-of-service schedulers voice-scheduler priority
high
set class-of-service schedulers video-scheduler transmit-rate
remainder
set class-of-service schedulers video-scheduler buffer-size
remainder
set class-of-service schedulers video-scheduler priority
medium-high
set class-of-service schedulers video-scheduler drop-profile-map
loss-priority low protocol any drop-profile
wred-aggressive
set class-of-service schedulers nc-scheduler transmit-rate percent
5
set class-of-service schedulers nc-scheduler buffer-size percent
5
set class-of-service schedulers nc-scheduler priority
high
set class-of-service schedulers data-scheduler transmit-rate
percent 40
set class-of-service schedulers data-scheduler buffer-size percent
25
set class-of-service schedulers data-scheduler priority
medium-low
set class-of-service schedulers data-scheduler drop-profile-map
loss-priority low protocol any drop-profile
wred-moderate-interpolate
set class-of-service interfaces ge-* scheduler-map
scheduler-map-a
set class-of-service interfaces ge-0/0/1 scheduler-map
scheduler-map-a
set class-of-service interfaces ge-0/0/1 unit 0 shaping-rate
800m
Remarking:
set class-of-service rewrite-rules dscp dscp-remarking
forwarding-class voice loss-priority low code-point
000000
set class-of-service rewrite-rules dscp dscp-remarking
forwarding-class data loss-priority low code-point 000000
set class-of-service rewrite-rules dscp dscp-remarking
forwarding-class video loss-priority low code-point
000000
set class-of-service rewrite-rules dscp dscp-remarking
forwarding-class video loss-priority high code-point
000000
set class-of-service rewrite-rules dscp dscp-remarking
forwarding-class nc loss-priority low code-point 000000
set class-of-service interfaces ge-