Switching

On EX-4200 I can successfully rate-limit/police ingress and egress on a routed port with below config:

Firewall filter:

set firewall family inet filter RATE_LIMIT_25M term default_rate then policer 25M
set firewall family inet filter RATE_LIMIT_25M term default_rate then accept

Policer:

set firewall policer 25M if-exceeding bandwidth-limit 25m
set firewall policer 25M if-exceeding burst-size-limit 25m

The below interface config rate-limits for ingress only:

Interface config:

set interfaces ge-0/0/1 unit 0 family inet filter input RATE_LIMIT_25M
set firewall policer 25M then discard

On the EX-4200 class-of-service is used along with shaping to achieve rate-limiting because

a policer will not work for egress:

set class-of-service interfaces ge-0/0/1 shaping-rate 25m

The rate-limiting is successful on the routed port.

When I try to achieve the same result with an SVI/RVI ingress works fine, but egress will not be accepted. And it appears I cannot use class-of-service shaping as above with the routed port.

My question is how do I apply an egress rate limiter to an RVI?

Hello Arteq

it looks like on EX4200 this is not possible.

"Configuring Port Shaping for CoS on an EX Series Switch

You can configure port shaping on network interfaces, aggregated Ethernet interfaces (also known as link aggregation groups (LAGs)), and loopback interfaces."

https://www.juniper.net/documentation/en_US/junos/topics/task/configuration/cos-shaping-cli.html

To achieve what you are seeking with the shaping-rate you would have to use per-unit-scheduling which seems to be for MX and EX9200 only:

By default, output scheduling is not enabled on logical interfaces. Logical interfaces without shaping configured share a default scheduler. Logical interface scheduling (also called per-unit scheduling) allows you to enable multiple output queues on a logical interface and associate customized scheduling and shaping for each queue.

To enable per-unit scheduling, include the per-unit-scheduler statement at the [edit interfacesinterface name] hierarchy level. When per-unit schedulers are enabled, you can define dedicated schedulers for logical interfaces by including the scheduler-map statement at the [edit class-of-service interfaces interface name unit logical unit number] hierarchy level. 

https://www.juniper.net/documentation/en_US/junos/topics/example/cos-applying-scheduling-to-vlans.html 

---

@arteq wrote:

On EX-4200 I can successfully rate-limit/police ingress and egress on a routed port with below config:

 

Firewall filter:

set firewall family inet filter RATE_LIMIT_25M term default_rate then policer 25M
set firewall family inet filter RATE_LIMIT_25M term default_rate then accept

 

Policer:

set firewall policer 25M if-exceeding bandwidth-limit 25m
set firewall policer 25M if-exceeding burst-size-limit 25m

 

The below interface config rate-limits for ingress only:

 

Interface config:

 

set interfaces ge-0/0/1 unit 0 family inet filter input RATE_LIMIT_25M
set firewall policer 25M then discard

 

On the EX-4200 class-of-service is used along with shaping to achieve rate-limiting because

a policer will not work for egress:

 

set class-of-service interfaces ge-0/0/1 shaping-rate 25m

 

The rate-limiting is successful on the routed port.

 

When I try to achieve the same result with an SVI/RVI ingress works fine, but egress will not be accepted. And it appears I cannot use class-of-service shaping as above with the routed port.

 

My question is how do I apply an egress rate limiter to an RVI?

 

 

 

 

 

---