[j-nsp] EX3200/EX4200 Rate-Limit
Brendan Mannella
The switch is being used to aggregate colo customers, and i need to be able to create rate-limits for different speeds and apply them to different physical ports.
Can anyone provide a example config for this? I had..
firewall {
policer 10m {
##
## Warning: statement ignored: unsupported platform (ex3200-48t)
##
filter-specific;
if-exceeding {
bandwidth-limit 10m;
burst-size-limit 100k;
}
then discard;
}
family ethernet-switching {
filter rate-limit-10m {
term 1 {
then policer 10m;
Thanks,
Brendan Mannella
_______________________________________________
juniper-nsp mailing list junip...@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Daniel Goscomb
we have:
firewall {
policer 500m {
if-exceeding {
bandwidth-limit 600m;
burst-size-limit 15m;
}
then discard;
}
family inet {
filter 500m-limit {
term default {
then policer 500m;
}
}
}
}
da...@cs0.sov.uk# show interfaces ge-0/0/4
description SERVER::mirror0.sov.uk;
unit 0 {
family inet {
filter {
input 500m-limit;
}
address x.x.x.x/y;
}
}
Cheers
Dan
Felix Schueren
> Upgrading to 9.3R4.4 seems to have broken my rate-limiting.
>
> The switch is being used to aggregate colo customers, and i need to be able to create rate-limits for different speeds and apply them to different physical ports.
>
> Can anyone provide a example config for this? I had..
>
> firewall {
> policer 10m {
> ##
> ## Warning: statement ignored: unsupported platform (ex3200-48t)
> ##
> filter-specific;
that never worked on the EXes, afaik - if you want filter-specific, you
need to manually write a seperate policer for each filter.
policer filter0 {
if-exceeding {
bandwidth-limit 500m;
burst-size-limit 1m;
}
then discard;
}
policer filter1 {
if-exceeding {
bandwidth-limit 500m;
burst-size-limit 1m;
}
then discard;
}
Yes, it sucks. EXes are really annoying in many cases where they just
don't support features you've come to rely on on the M-series.
Kind regards,
Felix
--
Felix Schüren
Head of Network
-----------------------------------------------------------------------
Host Europe GmbH - http://www.hosteurope.de
Welserstraße 14 - 51149 Köln - Germany
Telefon: 0800 467 8387 - Fax: +49 180 5 66 3233 (*)
HRB 28495 Amtsgericht Köln - USt-IdNr.: DE187370678
Geschäftsführer:
Uwe Braun - Alex Collins - Mark Joseph - Patrick Pulvermüller
(*) 0,14 EUR/Min. aus dem dt. Festnetz, Mobilfunkpreise ggf. abweichend
Felix Schueren
>
> firewall {
> policer 500m {
> if-exceeding {
> bandwidth-limit 600m;
> burst-size-limit 15m;
> }
> then discard;
> }
> family inet {
> filter 500m-limit {
> term default {
> then policer 500m;
> }
> }
> }
> }
>
>
> da...@cs0.sov.uk# show interfaces ge-0/0/4
> description SERVER::mirror0.sov.uk;
> unit 0 {
> family inet {
> filter {
> input 500m-limit;
> }
> address x.x.x.x/y;
> }
> }
>
>
if you apply that firewall-filter to multiple interfaces (or simply
reference the same policer from within different filters), they will all
share the same bucket. I.e. if one of those interfaces exceeds the
limit, all other interfaces using the same policer will drop packets,
even if they're different customers or different filters. If you want a
generic "500m" limit and reference that from different filters, on
M-series you can simply use "filter-specific" within the policer and it
will generate internal policers automatically for each reference within
a different filter - the EXes won't.
Kind regards.
Felix
--
Felix Schüren
Head of Network
-----------------------------------------------------------------------
Host Europe GmbH - http://www.hosteurope.de
Welserstraße 14 - 51149 Köln - Germany
Telefon: 0800 467 8387 - Fax: +49 180 5 66 3233 (*)
HRB 28495 Amtsgericht Köln - USt-IdNr.: DE187370678
Geschäftsführer:
Uwe Braun - Alex Collins - Mark Joseph - Patrick Pulvermüller
(*) 0,14 EUR/Min. aus dem dt. Festnetz, Mobilfunkpreise ggf. abweichend
Daniel Goscomb
Yes, its the only policer on the switch and is only applied to this port in our case.
Dan Ho
-Dan-