本文共 10352 字,大约阅读时间需要 34 分钟。
Juniper CoS 基本配置说明
QoS(quality of service)是cisco的叫法,类似的叫法,在Juniper为CoS(class of service)。
CoS在外企的Juniper设备上配置比较多,在国内用户的设备上见到很少。CoS基本都是一个AS里面都关联起来的,可以用node 形容单台设备,CoS是由classification,policing ,queuing/scheduling,shaping,remarking组成,最少可以只配置分类和队列;其它都是可选。
通过show class-of-service forwarding-class,show class-of-service classifier,show class-of-service interface等可以看到Juniper的默认配置。默认Forwarding class为 best-effort,expedited-forwarding,assured-forwarding,network-control;对应的queue 分别为0,1,2,3。设备支持的Queues跟设备的硬件和软件平台都是有关。默认所有IPV4流量都放在队列0中,除非ToS位被设置为110或111,在这种情况下,流量被放在队列3中,路由协议控制流量使用这些设置。 所有MPLS流量都放在队列0中。在缓冲分配中,队列0获得95%的缓冲总量,队列3获得5%的缓冲总量.在带宽分配中,队列0 获得95%的带宽总量,队列3 获得5%的带宽总量
classification:中一般用到字段是dscp,tos(inet-precedenc);RFC 791中定义的IP包头说明了ToS字段的位置;DSCP字段是在RFC 2474和2475中定义的,其目的是代替ToS字段。前六位用来分类,后两位目前没有使用。还有用到的字段是二层中的ieee-802.1和ieee-802.1ad,mpls 里面的exp,IPV6中的dscp-ipv6。classification 的配置分为三种:BA(Behavior aggregate),根据cos标记;MF(multifield)根据数据包头部字节;或是两种的混合模式。当MF和BA的配置有重合的部分时,以MF为准。classification是关联在物理接口上的,为policing和schedulers服务的,决定数据包在congestion的情况下的丢弃优先级。policing:管制的配置较简单,出发条件为bandwidth(和其它的触发条件类似,具体带宽或百分比)和burst size突发流量大小一般配置为接口的mtu的10倍,例如MTU=1500,则burst size配置为15K。如果配置具体带宽可以使用K,M,G代表具体数值,只有两种触发都达到阈值,才可以触发管制动作,管制动作有硬管制discard直接丢弃超出的流量,并不发送icmp不可达信息;软管制,提高PLP包丢弃优先级,或是将流量分配到优先级较低的forwarding-class里面。
Queuing/Scheduling :配置主要由transmission-rate,priority,buffer-size,drop-profile-map,shaping-rate。其中shaping-rate和transmission-rate类似policer里面,可以配置为百分比,具体带宽,remainder。priority有strict-high,high,medium-high,medium-low,low。其中strict-high是做带宽保证用的,决定保证。drop-profile-map可以为线性或是跳跃性。buffer-size可以配置percent,temporal(时间,单位为ms),reminder。shaping-rate可以配置percent或是具体数值。
Shaping暂时只在schedulers里面配置过,通过help apropos shaping看到也可以在interfaces和class-of-service traffic-control-profiles中使用,后续我查查KB,看看具体的使用案例。Remarking的配置跟classification比较类似,针对的流量出接口分配的优先级,code-point。参考day one 做的配置,
classification:BA:set class-of-service classifiers dscp dscp-test forwarding-class voice loss-priority low code-points efset class-of-service classifiers dscp dscp-test forwarding-class data loss-priority low code-points cs4set class-of-service classifiers dscp dscp-test forwarding-class data loss-priority low code-points cs3set class-of-service classifiers dscp dscp-test forwarding-class data loss-priority low code-points af41set class-of-service classifiers dscp dscp-test forwarding-class video loss-priority low code-points af21set class-of-service classifiers dscp dscp-test forwarding-class video loss-priority high code-points cs2set class-of-service classifiers dscp dscp-test forwarding-class nc loss-priority low code-points cs6set class-of-service classifiers dscp dscp-test forwarding-class nc loss-priority low code-points cs7set class-of-service forwarding-classes queue 0 videoset class-of-service forwarding-classes queue 2 voiceset class-of-service forwarding-classes queue 3 ncset class-of-service forwarding-classes queue 6 dataset class-of-service interfaces ge- unit classifiers dscp dscp-testMF:
set firewall family inet filter mf-classifier term voice from protocol udpset firewall family inet filter mf-classifier term voice from port 16384-32767set firewall family inet filter mf-classifier term voice then loss-priority lowset firewall family inet filter mf-classifier term voice then forwarding-class voiceset firewall family inet filter mf-classifier term voice then acceptset firewall family inet filter mf-classifier term interactive-video from protocol udpset firewall family inet filter mf-classifier term interactive-video from protocol tcpset firewall family inet filter mf-classifier term interactive-video from port 6060-6061set firewall family inet filter mf-classifier term interactive-video then loss-priority lowset firewall family inet filter mf-classifier term interactive-video then forwarding-class videoset firewall family inet filter mf-classifier term interactive-video then acceptset firewall family inet filter mf-classifier term call-sgnaling from protocol tcpset firewall family inet filter mf-classifier term call-sgnaling from port 1720set firewall family inet filter mf-classifier term call-sgnaling then loss-priority highset firewall family inet filter mf-classifier term call-sgnaling then forwarding-class videoset firewall family inet filter mf-classifier term call-sgnaling then acceptset firewall family inet filter mf-classifier term ssh-telnet from protocol tcpset firewall family inet filter mf-classifier term ssh-telnet from port telnetset firewall family inet filter mf-classifier term ssh-telnet from port sshset firewall family inet filter mf-classifier term ssh-telnet then loss-priority highset firewall family inet filter mf-classifier term ssh-telnet then forwarding-class ncset firewall family inet filter mf-classifier term ssh-telnet then acceptset firewall family inet filter mf-classifier term imcp-police from protocol icmpset firewall family inet filter mf-classifier term imcp-police from protocol icmp6set firewall family inet filter mf-classifier term imcp-police then policer icmp-5m-limitset firewall family inet filter mf-classifier term imcp-police then forwarding-class dataset firewall family inet filter mf-classifier term imcp-police then acceptset firewall family inet filter mf-classifier term be-intranet from protocol tcpset firewall family inet filter mf-classifier term be-intranet from port 8080set firewall family inet filter mf-classifier term be-intranet then policer fc-250m-be-limitset firewall family inet filter mf-classifier term be-intranet then forwarding-class dataset firewall family inet filter mf-classifier term be-intranet then acceptset firewall family inet filter mf-classifier term be-traffic from protocol tcpset firewall family inet filter mf-classifier term be-traffic from port ftpset firewall family inet filter mf-classifier term be-traffic from port ftp-dataset firewall family inet filter mf-classifier term be-traffic from port httpset firewall family inet filter mf-classifier term be-traffic from port httpsset firewall family inet filter mf-classifier term be-traffic then loss-priority highset firewall family inet filter mf-classifier term be-traffic then forwarding-class dataset firewall family inet filter mf-classifier term be-traffic then acceptset firewall family inet filter mf-classifier term all-else then acceptset firewall policer icmp-5m-limit if-exceeding bandwidth-limit 5mset firewall policer icmp-5m-limit if-exceeding burst-size-limit 15kset firewall policer icmp-5m-limit then discardset firewall policer fc-250m-be-limit if-exceeding bandwidth-limit 250mset firewall policer fc-250m-be-limit if-exceeding burst-size-limit 625kset firewall policer fc-250m-be-limit then loss-priority lowset firewall policer fc-250m-be-limit then forwarding-class dataset interfaces ge-0/0/2 unit 0 family inet filter input mf-classifierQueuing/Scheduling:
set class-of-service drop-profiles wred-moderate-interpolate interpolate fill-level 75set class-of-service drop-profiles wred-moderate-interpolate interpolate fill-level 85set class-of-service drop-profiles wred-moderate-interpolate interpolate fill-level 95set class-of-service drop-profiles wred-moderate-interpolate interpolate fill-level 100set class-of-service drop-profiles wred-moderate-interpolate interpolate drop-probability 20set class-of-service drop-profiles wred-moderate-interpolate interpolate drop-probability 35set class-of-service drop-profiles wred-moderate-interpolate interpolate drop-probability 50set class-of-service drop-profiles wred-moderate-interpolate interpolate drop-probability 100set class-of-service drop-profiles wred-aggressive fill-level 50 drop-probability 10set class-of-service drop-profiles wred-aggressive fill-level 70 drop-probability 40set class-of-service drop-profiles wred-aggressive fill-level 85 drop-probability 75set class-of-service drop-profiles wred-aggressive fill-level 100 drop-probability 100set class-of-service scheduler-maps scheduler-map-a forwarding-class voice scheduler voice-schedulerset class-of-service scheduler-maps scheduler-map-a forwarding-class video scheduler video-schedulerset class-of-service scheduler-maps scheduler-map-a forwarding-class data scheduler data-schedulerset class-of-service scheduler-maps scheduler-map-a forwarding-class nc scheduler nc-schedulerset class-of-service schedulers voice-scheduler transmit-rate percent 10set class-of-service schedulers voice-scheduler buffer-size percent 5set class-of-service schedulers voice-scheduler priority highset class-of-service schedulers video-scheduler transmit-rate remainderset class-of-service schedulers video-scheduler buffer-size remainderset class-of-service schedulers video-scheduler priority medium-highset class-of-service schedulers video-scheduler drop-profile-map loss-priority low protocol any drop-profile wred-aggressiveset class-of-service schedulers nc-scheduler transmit-rate percent 5set class-of-service schedulers nc-scheduler buffer-size percent 5set class-of-service schedulers nc-scheduler priority highset class-of-service schedulers data-scheduler transmit-rate percent 40set class-of-service schedulers data-scheduler buffer-size percent 25set class-of-service schedulers data-scheduler priority medium-lowset class-of-service schedulers data-scheduler drop-profile-map loss-priority low protocol any drop-profile wred-moderate-interpolateset class-of-service interfaces ge-* scheduler-map scheduler-map-aset class-of-service interfaces ge-0/0/1 scheduler-map scheduler-map-aset class-of-service interfaces ge-0/0/1 unit 0 shaping-rate 800mRemarking:
set class-of-service rewrite-rules dscp dscp-remarking forwarding-class voice loss-priority low code-point 000000set class-of-service rewrite-rules dscp dscp-remarking forwarding-class data loss-priority low code-point 000000set class-of-service rewrite-rules dscp dscp-remarking forwarding-class video loss-priority low code-point 000000set class-of-service rewrite-rules dscp dscp-remarking forwarding-class video loss-priority high code-point 000000set class-of-service rewrite-rules dscp dscp-remarking forwarding-class nc loss-priority low code-point 000000set class-of-service interfaces ge- unit rewrite-rules dscp dscp-remarking转载于:https://blog.51cto.com/10242469/2054409