Hi
HI
I am testing Dual stack features of vMX BNG. For rate-limiting Download and Upload Speed of subscriber I used following configuration step:
1- I defined a Policer for Download and a Policer for Upload
2- I defined two firewall filters for inet (One for Download and one for Upload)and call those policer in these configured Firewall.
3- For some security reasons I configured another firewall filter and Block certain traffics to and From Subscriber.
4- I called these Security Filters inside of Firewall filter for QoS Rate Limiting.
5- Finally, during AAA procedure, the name of firewall filters for rate limiting will be passed from RADIUS server to BNG
Up to this point everything works fine, I have both rate limiting and Security features.
Now I want to embed IPv6, I did not test this yet, but I think I must do the same for IPv6 traffic as well if I want to have both rate-limiting and Security features. now Questions:
1- In Practice must I configure Firewall filter for both IPv4 and IPv6?
2- Does this mean I must rate limit IPv4 traffic and IPv6 Traffic separately?
3- Is it possible to assign two Engree-Policy and two Ingress-Policy via RADIUS AVP?
4- Is there any configuration method to skip this rate-limiting approach and have both Security firewalls(inet and inet.6) in one filter and do a rate-limiting on entire session?
Here is the configurations:
Download Policer |
jcluser@vMX1> show configuration firewall policer Policer_2M_Download logical-bandwidth-policer; if-exceeding { bandwidth-limit 1M; burst-size-limit 1M; } then discard; |
Upload Policer |
jcluser@vMX1> show configuration firewall policer Policer_1M_Upload logical-interface-policer; if-exceeding { bandwidth-limit 2m; burst-size-limit 2m; } then discard; |
Download Policy |
jcluser@vMX1> show configuration firewall filter 2Mbps { interface-specific; enhanced-mode; term 1 { then { policer Policer_2M_Download; next term; } } term 3 { filter WWW-Attack; } } |
Upload Policy |
jcluser@vMX1> show configuration firewall filter 1Mbps { interface-specific; term 1 { then { policer Policer_1M_Upload; next term; } } term 3 { filter Attack; } } |
RADIUS Profile |
ERX-Ingress-Policy-Name = 1Mbps, ERX-Egress-Policy-Name = 2Mbps, |
Thank you