Following on from my earlier blog posts, I’ve now implemented some basic Quality of Service using my home Juniper firewall. The idea here is to prioritise the following types of traffic:
The scheme below does not allocate all available bandwidth on a percentage basis. According to the Juniper docs, this should not be a problem: "If a queue receives offered loads in excess of the queue’s bandwidth allocation, the queue has negative bandwidth credit, and receives a share of any available leftover bandwidth. Negative bandwidth credit means the queue has used up its allocated bandwidth. If a queue’s bandwidth credit is positive, meaning it is not receiving offered loads in excess of its bandwidth configuration, then the queue does not receive a share of leftover bandwidth. If the credit is positive, then the queue does not need to use leftover bandwidth, because it can use its own allocation." [1]
This is easy by adding firewall and class-of-service sections to the configuration editor. I’ve created a scheduler map called "my-sched-map" and assigned this to each of the ports on the firewall. I also define three schedulers, for best effort, "class2", and network control. What I'm attempting to do below is identify certain types of traffic and assign it to class2 scheduler and prioritise the packets involved.
The scheme below has some limitations. First off it matches ports unidirectionally for both TCP and UDP. Second the reservation scheme is simplistic. However it's simple to implement without descending into a spaghetti.
Here’s the configuration:
firewall { family inet { filter classify-traffic { term ssh { from { protocol [ tcp udp ]; port 22; } then { forwarding-class class2; accept; } } term counterstrike1 { from { protocol [ tcp udp ]; port 27015; } then { forwarding-class class2; accept; } } term counterstrike2 { from { protocol [ tcp udp ]; port 27020; } then { forwarding-class class2; accept; } } term counterstrike3 { from { protocol [ tcp udp ]; port 27005 ; } then { forwarding-class class2; accept; } } term counterstrike4 { from { protocol [ tcp udp ]; port 51840 ; } then { forwarding-class class2; accept; } } term wificalling1 { from { protocol [ tcp udp ]; port 500; } then { forwarding-class class2; accept; } } term wificalling2 { from { protocol [ tcp udp ]; port 4500; } then { forwarding-class class2; accept; } } term spotify { from { protocol [ tcp udp ]; port 4070; } then { forwarding-class class2; accept; } } term sip { from { protocol [ tcp udp ]; port 5060-5061; } then { forwarding-class class2; accept; } } term rtp { from { protocol [ tcp udp ]; port 16384-32767; } then { forwarding-class class2; accept; } } term webex { from { protocol [ tcp udp ]; port 9000; } then { forwarding-class class2; accept; } } term corp { from { protocol [ tcp udp ]; address { 192.168.5.0/24; } } then { forwarding-class class2; accept; } } term accept-all { then accept; } } } } class-of-service { forwarding-classes { queue 2 class2; } schedulers { best-effort-sched { transmit-rate percent 40; buffer-size percent 40; priority low; } class2-sched { transmit-rate percent 30; buffer-size percent 30; priority high; } network-control-sched { transmit-rate percent 5; buffer-size percent 5; priority medium-high; } } scheduler-maps { my-sched-map { forwarding-class best-effort scheduler best-effort-sched; forwarding-class class2 scheduler class2-sched; forwarding-class network-control scheduler network-control-sched; } } interfaces { ge-0/0/0 { scheduler-map my-sched-map; } ge-0/0/1 { scheduler-map my-sched-map; } ge-0/0/2 { scheduler-map my-sched-map; } ge-0/0/3 { scheduler-map my-sched-map; } ge-0/0/4 { scheduler-map my-sched-map; } ge-0/0/5 { scheduler-map my-sched-map; } ge-0/0/7 { scheduler-map my-sched-map; } } }
[1] https://www.juniper.net/documentation/en_US/junos/topics/usage-guidelines/cos-configuring-scheduler-transmission-rate.html
November 26, 2020