anything in [square brackets] needs to be changed or specified
First, define the QoS (CoS — Class of Service — in Juniper parlance) filters. This entails creating the classifiers, drop-profiles, forwarding-classes, scheduler-maps and schedulers. For the needs of this particular setup, I had to guarantee that the network control traffic (hellos, keepalives, etc) got through and the rest of the 30meg pipe that provided the office internet was to be shaped to prioritize traffic sensitive to delay (read: VoIP).
set interface [interface] per-unit-scheduler
set class-of-service classifiers dscp [mark_traffic_filter] forwarding-class expedited-forwarding loss-priority low code-points ef
set class-of-service classifiers dscp [mark_traffic_filter] forwarding-class network-control loss-priority low code-points nc1
set class-of-service classifiers dscp [mark_traffic_filter] forwarding-class assured-forwarding loss-priority low code-points af11
set class-of-service classifiers dscp [mark_traffic_filter] forwarding-class best-effort loss-priority medium-low code-points be
set class-of-service drop-profiles be_drop_profile fill-level 50 drop-probability 10
set class-of-service drop-profiles be_drop_profile fill-level 75 drop-probability 15
set class-of-service drop-profiles be_drop_profile fill-level 95 drop-probability 20
set class-of-service forwarding-classes queue 0 best-effort
set class-of-service forwarding-classes queue 0 priority low
set class-of-service forwarding-classes queue 1 assured-forwarding
set class-of-service forwarding-classes queue 1 priority high
set class-of-service forwarding-classes queue 2 expedited-forwarding
set class-of-service forwarding-classes queue 2 priority high
set class-of-service interfaces reth0 unit 102 scheduler-map [name_cos_filter]
set class-of-service interfaces reth0 unit 102 shaping-rate 30m
set class-of-service scheduler-maps [name_cos_filter] forwarding-class network-control scheduler nc_scheduler
set class-of-service scheduler-maps [name_cos_filter] forwarding-class expedited-forwarding scheduler ef_scheduler
set class-of-service scheduler-maps [name_cos_filter] forwarding-class assured-forwarding scheduler af11_scheduler
set class-of-service schedulers ef_scheduler transmit-rate 29m
set class-of-service schedulers ef_scheduler buffer-size percent 30
set class-of-service schedulers ef_scheduler priority high
set class-of-service schedulers af11_scheduler transmit-rate remainder
set class-of-service schedulers af11_scheduler buffer-size percent 50
set class-of-service schedulers af11_scheduler priority medium-high
set class-of-service schedulers nc_scheduler transmit-rate 1m
set class-of-service schedulers nc_scheduler buffer-size percent 20
set class-of-service schedulers nc_scheduler priority strict-high
Once the CoS stuff is in place, you have to apply it to a firewall policy, so that it actually affects traffic:
set firewall family inet filter egress_cos_filter term office_voip from destination-address 1.1.1.0/24
set firewall family inet filter egress_cos_filter term office_voip from destination-address 256.256.256.0/24
set firewall family inet filter egress_cos_filter term office_voip from destination-address 192.168.2.0/22
set firewall family inet filter egress_cos_filter term office_voip from destination-address 127.0.0.0/22
set firewall family inet filter egress_cos_filter term office_voip from protocol udp
set firewall family inet filter egress_cos_filter term office_voip from destination-port 3479
set firewall family inet filter egress_cos_filter term office_voip from destination-port 15044
set firewall family inet filter egress_cos_filter term office_voip from destination-port 5060
set firewall family inet filter egress_cos_filter term office_voip from destination-port 5199
set firewall family inet filter egress_cos_filter term office_voip then count office_voip
set firewall family inet filter egress_cos_filter term office_voip then forwarding-class expedited-forwarding
set firewall family inet filter egress_cos_filter term non_voip_traffic then count non_voip_traffic_counter
set firewall family inet filter egress_cos_filter term non_voip_traffic then forwarding-class assured-forwarding
set firewall family inet filter egress_cos_filter term non_voip_traffic then accept
The count office_voip part of the filter stanza is there just to verify that the filter is actively affecting traffic (the office_voip count should go up if it is).
Further reading:
http://www.juniper.net/techpubs/software/junos-security/junos-security95/junos-security-swconfig-interfaces-and-routing/default-cos-section.html
http://www.juniper.net/techpubs/en_US/junos12.3/topics/concept/cos-qfx-series-traffic-control-profiles-understanding.html
http://dataplumber.wordpress.com/2011/12/30/junos-qos-notes/
http://jsrx.juniperwiki.com/index.php?title=COS