[prev in list] [next in list] [prev in thread] [next in thread]
List: juniper-nsp
Subject: Re: [j-nsp] Juniper CoS - Classifiers specifically
From: Saku Ytti via juniper-nsp <juniper-nsp () puck ! nether ! net>
Date: 2022-03-16 7:08:56
Message-ID: CAAeewD-2xMTjO6VqhniJR4r=E=h9nUy42GWqfQ-QnVO0cyAKtw () mail ! gmail ! com
[Download RAW message or body]
Hey Aaron,
> I'm wondering if the BA classifier stops working once an MFC is applied. It
> sure seems to in testing. I feel like I've seen a diagram at some point or
> document stating that MFC comes before BA in the CoS process chain. but I'm
> not sure. If anyone has that link/doc please send it. I'd like to know for
> sure.
The implied default classifier is there until something else is
configured. As you say, you can review what is currently applied by
'show class-of-service interface'. And yes, firewall based
classification is done after the cos classifier, so firewall based
classification overrides what our cos configuration classified packet
to. You can use this to accomplish QPPB, such as instead of BGP based
blackholing, you'd have BGP based class downgrade for some
specifically selected SADDR or DADDR, signalled by BGP.
> Oh, btw, were in the world is all this default CoS stuff derived from? I'd
> like to think it's in a file somewhere that I can see in shell perhaps. But
> maybe not. Maybe it's actually compiled into the Junos operating systems
> itself. Or is there a way to see "show configuration" with a special option
> that shows automatic/default stuff like all this CoS info?
I believe they are compiled in. Juniper does also have a more
appropriate way to inject defaults via 'show configuration groups
junos-defaults', but that is not being used here. Of course this is
the common case, for any NOS vendor defaults are typically compiled
in, not injected via some common configuration scheme, in many cases
this is mandatory, because having no default is impossible, like you
cannot not have MTU.
The standard QoS config in Junos allows any internet user to have
their own protected 5% via class selector 6 and 7, potentially
disrupting your signalling protocols. I consider all Junos devices
misconfigured if QoS policy for edge interfaces is not explicitly
defined by the operator.
--
++ytti
_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic