Junos OS

 View Only

IMPORTANT MODERATION NOTICE

This community is currently under full moderation, meaning  all posts will be reviewed before appearing in the community. Please expect a brief delay—there is no need to post multiple times. If your post is rejected, you'll receive an email outlining the reason(s). We've implemented full moderation to control spam. Thank you for your patience and participation.



  • 1.  Policer not taking effect

    Posted 08-19-2022 06:07

    Hi everyone!

    We have 2 MX960s, one working as BRAS and one as Internet Core router.I tried to apply a policer to limit the traffic coming from the core router to the BNG. I observed the graphs and incoming traffic on the interface was around 2.4 Gbps. I wanted to limit it to 1.5 Gbps. I defined the policer as follows:

    shahbaz@ISB-BNG-MX96-1-re0# show firewall policer LIMIT_UPLINK

    if-exceeding {

    bandwidth-limit 1500m;

    burst-size-limit 250m;

    }

    then discard;


    And applied on the interface



    shahbaz@ISB-BNG-MX96-1-re0# show interfaces xe-1/2/0

    description wd-MX960-Router;

    unit 0 {

    family inet {

    policer {

    input LIMIT_UPLINK;

    }

    service {

    input {

    service-set sp000;

    }

    output {

    service-set sp000;

    }

    }

    address 10.30.9.2/30;

    }

    }



    Yet there was no change on the graphs. I am confused. This should have worked. Then I defined a filter at [edit firewall family inet] level with just a single term with no from and then policer and then accept. Applied the filter in place of the policer but the speed was still not limited.

    Any ideas about why this is not working?Looking forward to your guidance.

    Thanks

    P.S. I tried using the formula in Juniper documentation for computing burst size limit but the value that came out seemed too small so I just set a random value for the burst size limit.

    Also, I have no idea what the burst size limit should be considering we are talking speeds of Gbps order.



    ------------------------------
    SHAHBAZ KHAN
    ------------------------------


  • 2.  RE: Policer not taking effect

    Posted 08-22-2022 10:25

    Maybe these links will help.

    Two Methods for Calculating Burst-Size Limit

    - Calculation Based on Interface Bandwidth

    - Calculation Based on Interface Traffic MTU


    BEST PRACTICE: The preferred method for choosing a burst-size limit is based on the line rate of the interface on which you apply the policer and the amount of time you want to allow a burst of traffic at the full line rate.


    https://www.juniper.net/documentation/us/en/software/junos/routing-policy/topics/concept/policer-mx-m120-m320-burstsize-determining.html


    https://www.juniper.net/documentation/us/en/software/junos/routing-policy/topics/concept/policer-mx-m120-m320-burstsize-determining.html#determining-proper-burst-size-for-traffic-policers__d43118e106

    https://www.juniper.net/documentation/us/en/software/junos/routing-policy/topics/concept/policer-mx-m120-m320-burstsize-determining.html#determining-proper-burst-size-for-traffic-policers__d43118e126




    ------------------------------
    Aaron Gould
    Senior Network Engineer
    aaron@gvtc.com
    https://www.linkedin.com/in/agould123/
    ------------------------------