Cos-Mark
The following scenarios shows how to filter packets based on the cos-mark attribute using traffic selectors.
Test Cos-mark Regular Hooks
Description
A traffic policy SET_COS is attached to DUT0’s
ethernet interface (eth0) in the local-out
hook to set the CoS mark to 5 on locally-generated packets.
A second traffic policy MATCH_COS is attached to
the same interface in the out (postrouting) hook and
uses a traffic selector to filter packets with
cos-mark 5, logging matches with prefix MATCH_COS.
A regular ping (no VLAN tagging) verifies that the CoS
mark set in local-out is correctly visible to the
out hook on the same interface.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.0.0.1/24 set interfaces ethernet eth0 traffic policy local-out SET_COS set interfaces ethernet eth0 traffic policy out MATCH_COS set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set traffic policy MATCH_COS rule 1 log prefix MATCH_COS set traffic policy MATCH_COS rule 1 selector MATCH_COS set traffic policy SET_COS rule 1 set cos-mark 5 set traffic selector MATCH_COS rule 1 cos-mark 5
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 10.0.0.2/24 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping the IP address 10.0.0.2 from DUT0:
admin@DUT0$ ping 10.0.0.2 count 1 size 56 timeout 1Show output
PING 10.0.0.2 (10.0.0.2) 56(84) bytes of data. 64 bytes from 10.0.0.2: icmp_seq=1 ttl=64 time=1.00 ms --- 10.0.0.2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 1.000/1.000/1.000/0.000 ms
Step 4: Run the command system journal show | grep MATCH_COS on DUT0 and check whether the output matches the following regular expressions:
.*MATCH_COS-1.*eth0.*10.0.0.1.*10.0.0.2.*Show output
May 19 12:23:18.919412 osdx kernel: [MATCH_COS-1] ACCEPT IN= OUT=eth0 SRC=10.0.0.1 DST=10.0.0.2 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=59212 DF PROTO=ICMP TYPE=8 CODE=0 ID=22 SEQ=1 COS=0x5 May 19 12:23:18.975402 osdx kernel: [MATCH_COS-1] ACCEPT IN=eth0 OUT=eth0 MAC=00:00:e8:dc:ac:4e:8f:ff:ff:40:d8:3d:8c:ff SRC=fe80:0000:0000:0000:dcad:beff:feef:6c00 DST=ff02:0000:0000:0000:0000:0000:0000:0016 LEN=136 TC=0 HOPLIMIT=1 FLOWLBL=0 PROTO=ICMPv6 TYPE=143 CODE=0 MARK=0xc4 COS=0x5 May 19 12:23:18.991405 osdx kernel: [MATCH_COS-1] ACCEPT IN=eth0 OUT=eth0 MAC=00:00:e0:dc:ac:4e:8f:ff:ff:40:d8:3d:8c:ff SRC=fe80:0000:0000:0000:dcad:beff:feef:6c00 DST=ff02:0000:0000:0000:0000:0000:0000:0016 LEN=76 TC=0 HOPLIMIT=1 FLOWLBL=0 PROTO=ICMPv6 TYPE=143 CODE=0 MARK=0xc4 COS=0x5
Test Cos-mark 802.1Q
Description
A traffic policy SET_INNER_COS is configured on DUT0’s
VLAN 100 sub-interface (eth0 vif 100) to set
the CoS mark to 5 on outgoing packets. On the parent
interface (eth0), a second traffic policy
MATCH_COS uses a traffic selector to filter packets
with cos-mark 5 and logs matches with prefix
MATCH_COS. A ping through the 802.1Q VLAN verifies
that the CoS mark set on the sub-interface is correctly
propagated and matched on the parent interface.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 mtu 1390 set interfaces ethernet eth0 traffic policy link-out MATCH_COS set interfaces ethernet eth0 vif 100 address 10.0.0.1/24 set interfaces ethernet eth0 vif 100 traffic policy local-out SET_INNER_COS set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set traffic policy MATCH_COS rule 1 log prefix MATCH_COS set traffic policy MATCH_COS rule 1 selector MATCH_COS set traffic policy SET_INNER_COS rule 1 set cos-mark 5 set traffic selector MATCH_COS rule 1 cos-mark 5
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 mtu 1390 set interfaces ethernet eth0 vif 100 address 10.0.0.2/24 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping the IP address 10.0.0.2 from DUT0:
admin@DUT0$ ping 10.0.0.2 count 1 size 56 timeout 1Show output
PING 10.0.0.2 (10.0.0.2) 56(84) bytes of data. 64 bytes from 10.0.0.2: icmp_seq=1 ttl=64 time=0.444 ms --- 10.0.0.2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.444/0.444/0.444/0.000 ms
Step 4: Run the command system journal show | grep MATCH_COS on DUT0 and check whether the output matches the following regular expressions:
.*MATCH_COS-1.*eth0.*10.0.0.1.*10.0.0.2.*Show output
May 19 12:23:28.849473 osdx kernel: [MATCH_COS-1] ACCEPT IN= OUT=eth0 SRC=fe80:0000:0000:0000:dcad:beff:feef:6c00 DST=ff02:0000:0000:0000:0000:0000:0000:0016 LEN=116 TC=0 HOPLIMIT=1 FLOWLBL=0 PROTO=ICMPv6 TYPE=143 CODE=0 MARK=0x132 COS=0x5 May 19 12:23:28.961464 osdx kernel: [MATCH_COS-1] ACCEPT IN= OUT=eth0 SRC=10.0.0.1 DST=10.0.0.2 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=60711 DF PROTO=ICMP TYPE=8 CODE=0 ID=23 SEQ=1
Test Not Cos-mark 802.1Q
Description
Same scenario as the 802.1Q test case, but the
traffic selector uses not cos-mark 3 instead
of cos-mark 5. Since SET_INNER_COS sets
cos 5 on the sub-interface, the actual CoS mark
is not 3, so not cos-mark 3 matches rule 1 and
logs with prefix MATCH_COS.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 mtu 1390 set interfaces ethernet eth0 traffic policy link-out MATCH_COS set interfaces ethernet eth0 vif 100 address 10.0.0.1/24 set interfaces ethernet eth0 vif 100 traffic policy local-out SET_INNER_COS set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set traffic policy MATCH_COS rule 1 log prefix MATCH_COS set traffic policy MATCH_COS rule 1 selector MATCH_COS set traffic policy SET_INNER_COS rule 1 set cos-mark 5 set traffic selector MATCH_COS rule 1 not cos-mark 3
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 mtu 1390 set interfaces ethernet eth0 vif 100 address 10.0.0.2/24 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping the IP address 10.0.0.2 from DUT0:
admin@DUT0$ ping 10.0.0.2 count 1 size 56 timeout 1Show output
PING 10.0.0.2 (10.0.0.2) 56(84) bytes of data. 64 bytes from 10.0.0.2: icmp_seq=1 ttl=64 time=0.547 ms --- 10.0.0.2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.547/0.547/0.547/0.000 ms
Step 4: Run the command system journal show | grep MATCH_COS on DUT0 and check whether the output matches the following regular expressions:
.*MATCH_COS-1.*eth0.*10.0.0.1.*10.0.0.2.*Show output
May 19 12:23:38.682746 osdx kernel: [MATCH_COS-1] ACCEPT IN= OUT=eth0 SRC=fe80:0000:0000:0000:dcad:beff:feef:6c00 DST=ff02:0000:0000:0000:0000:0000:0000:0016 LEN=76 TC=0 HOPLIMIT=1 FLOWLBL=0 PROTO=ICMPv6 TYPE=143 CODE=0 MARK=0x132 May 19 12:23:38.770754 osdx kernel: [MATCH_COS-1] ACCEPT IN= OUT=eth0 ARP HTYPE=1 PTYPE=0x0800 OPCODE=1 MACSRC=de:ad:be:ef:6c:00 IPSRC=10.0.0.1 MACDST=00:00:00:00:00:00 IPDST=10.0.0.2 May 19 12:23:38.770836 osdx kernel: [MATCH_COS-1] ACCEPT IN= OUT=eth0 SRC=10.0.0.1 DST=10.0.0.2 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=60814 DF PROTO=ICMP TYPE=8 CODE=0 ID=24 SEQ=1
Test Cos-mark QinQ
Description
This scenario shows that when both the outer VLAN
(eth0 vif 100) and the inner VLAN
(eth0 vif 100 vif-c 200) have a set cos
policy configured, the traffic selector MATCH_COS
on the parent interface only matches the CoS value set by
the last set cos applied in the chain.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 mtu 1390 set interfaces ethernet eth0 traffic policy link-out MATCH_COS set interfaces ethernet eth0 vif 100 ethertype 802.1ad set interfaces ethernet eth0 vif 100 traffic policy link-out SET_OUTER_COS set interfaces ethernet eth0 vif 100 vif-c 200 address 10.0.0.1/24 set interfaces ethernet eth0 vif 100 vif-c 200 traffic policy local-out SET_INNER_COS set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set traffic policy MATCH_COS rule 1 log prefix MATCH_COS set traffic policy MATCH_COS rule 1 selector MATCH_COS set traffic policy SET_INNER_COS rule 1 set cos-mark 5 set traffic policy SET_OUTER_COS rule 1 set cos-mark 3 set traffic selector MATCH_COS rule 1 cos-mark 3
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 mtu 1390 set interfaces ethernet eth0 vif 100 ethertype 802.1ad set interfaces ethernet eth0 vif 100 vif-c 200 address 10.0.0.2/24 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping the IP address 10.0.0.2 from DUT0:
admin@DUT0$ ping 10.0.0.2 count 1 size 56 timeout 1Show output
PING 10.0.0.2 (10.0.0.2) 56(84) bytes of data. 64 bytes from 10.0.0.2: icmp_seq=1 ttl=64 time=0.912 ms --- 10.0.0.2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.912/0.912/0.912/0.000 ms
Step 4: Run the command system journal show | grep MATCH_COS on DUT0 and check whether the output matches the following regular expressions:
(?i).*MATCH_COS-1.*eth0.*Show output
May 19 12:23:49.705079 osdx kernel: [MATCH_COS-1] ACCEPT IN= OUT=eth0 MAC=33:33:00:00:00:16:de:ad:be:ef:6c:00:81:00 May 19 12:23:49.720994 osdx kernel: [MATCH_COS-1] ACCEPT IN= OUT=eth0 MAC=33:33:00:00:00:16:de:ad:be:ef:6c:00:81:00 May 19 12:23:49.833056 osdx kernel: [MATCH_COS-1] ACCEPT IN= OUT=eth0 SRC=fe80:0000:0000:0000:dcad:beff:feef:6c00 DST=ff02:0000:0000:0000:0000:0000:0000:0016 LEN=116 TC=0 HOPLIMIT=1 FLOWLBL=0 PROTO=ICMPv6 TYPE=143 CODE=0 MARK=0x132 COS=0x3 May 19 12:23:49.849021 osdx kernel: [MATCH_COS-1] ACCEPT IN= OUT=eth0 SRC=fe80:0000:0000:0000:dcad:beff:feef:6c00 DST=ff02:0000:0000:0000:0000:0000:0000:0016 LEN=76 TC=0 HOPLIMIT=1 FLOWLBL=0 PROTO=ICMPv6 TYPE=143 CODE=0 MARK=0x132 COS=0x3 May 19 12:23:49.872982 osdx kernel: [MATCH_COS-1] ACCEPT IN= OUT=eth0 MAC=ff:ff:ff:ff:ff:ff:de:ad:be:ef:6c:00:81:00 May 19 12:23:49.873020 osdx kernel: [MATCH_COS-1] ACCEPT IN= OUT=eth0 MAC=de:ad:be:ef:6c:10:de:ad:be:ef:6c:00:81:00 May 19 12:23:49.932982 osdx kernel: [MATCH_COS-1] ACCEPT IN= OUT=eth0 MAC=33:33:00:00:00:16:de:ad:be:ef:6c:00:81:00