Switching

 View Only
last person joined: 3 days ago 

Ask questions and share experiences about EX and QFX portfolios and all switching solutions across your data center, campus, and branch locations.

  • 1.  Rate limit two interfaces

     
    Posted 06-24-2014 09:24

    I am attempting to provide a customer with a 70M service from a remote MX80. The circuit goes through an EX4200 VC via a VLAN. The customer has two firewalls and therefore wants to connect to two ports on the EX4200 VC.

     

    I would like to know how to limit the service to 70M over both interfaces combined i.e. not to allow 70M through each interface. I thought this might be accomplished with 'interface-set'  and apply a policer to the interface-set but the EX does not appear to support this. I have tried to apply the policer to the interface-range that contains the two interfaces but feel this is simply giving each of them a 70M limitation.

     

    Does anyone know how to apply a policer to a number of interfaces to ensure the combined bandwidth does not excedd a defined number?



  • 2.  RE: Rate limit two interfaces
    Best Answer

    Posted 06-24-2014 15:28

    Hello,

    If ports are on different PFEs then there is no supported way to do it for 2 or more separate interfaces.

    If the ports are on same PFE, then using the policer inside the FW filter and NOT making this filter "interface-specific" will result in 2 ore more interfaces sharing same policer.

    See example here for filter "ingress-port-voip-class-limit-tcp-icmp" with policer "tcp-connection-policer"

    http://www.juniper.net/techpubs/en_US/junos13.3/topics/example/firewall-filter-ex-series-configuring.html 

    HTH

    Thanks

    Alex



  • 3.  RE: Rate limit two interfaces

     
    Posted 06-25-2014 07:16

    Alex,

     

    Thanks for the clarification on the function of policers.I did not realise that they applied to all interfaces from the same PFE unless explicitly defined. It is slightly disapointing that I will have to take both ports from the same chassis memeber from a resiliance perspective.

     

    Thanks again.

     

    Paul



  • 4.  RE: Rate limit two interfaces

    Posted 06-25-2014 10:25

    Hello,

     

    @Regalis wrote:

     

     It is slightly disapointing that I will have to take both ports from the same chassis memeber from a resiliance perspective.

     

    Thanks again.

     

    Paul

    Well, if You are prepared to change from 2 separate interfaces to 1 LAG with 2 members, then You can host LAG members on different PFEs and use "shared-bandwidth-policer" (supported on EX since 12.3R2)
    http://www.juniper.net/techpubs/en_US/junos13.3/topics/reference/configuration-statement/shared-bandwidth-policer-edit-firewall-cs.html

    HTH

    Thanks

    Alex