Routing

 View Only
last person joined: 2 days ago 

Ask questions and share experiences about ACX Series, CTP Series, MX Series, PTX Series, SSR Series, JRR Series, and all things routing, including portfolios and protocols.
  • 1.  Input policer not limiting traffic

    Posted 10-19-2022 06:36
      |   view attached
    Hello Team,

    We are trying to rate limit input traffic from our Upstream provider to 1.5G. we have created policer with 1.5G limit and applied as input but still there seem to be spikes of traffic going beyond 1.5G, not sure what we missing.  this is applied to juniper MX 80 xe-x/x/x.x interface. 
    we have tried creating filter that references the policer and apply the filter as input to the interface, still traffic is not flat-lining on 1.5G as we want.

    we have tried creating 1G policer and applied to the interface still traffic is going 1.8G and 2G some times.
    show firewall policer 1.5G 
    if-exceeding {
        bandwidth-limit 1500000000;
        burst-size-limit 10m;
    }
    then discard;
    
    ROUTER# show 
    vlan-id 1006;
    family inet {
        policer {
            input 1.5G;
        }
        inactive: sampling {
            input;
        }
        address x.x.x.x/31;
    }
    family inet6 {
        address xxx:xxx:xxx:xx::xx/127;
    }
    
    
    ​
    As per attached graph link seem to be doing 2G. 
    will appreciate if somebody could shed light on where we going wrong or how best to just do basic rate limit on input traffic on logical unit.

    Regards, 
    lish.


  • 2.  RE: Input policer not limiting traffic

     
    Posted 10-19-2022 13:12
    Have you tried reducing the burst-size limit in your policer, looks like bursting traffic.

    https://www.juniper.net/documentation/us/en/software/junos/routing-policy/topics/concept/policer-mx-m120-m320-burstsize-determining.html

    ------------------------------
    TATENDA MUTASA
    ------------------------------



  • 3.  RE: Input policer not limiting traffic

    Posted 11-09-2022 06:21

    I had the same problem with MX-960. I posted here as well but I couldn't figure out what I was doing wrong. I was also using 10G interface. 

    the usual suggestions of changing burst size limit etc. didn't help at all. I have done rate limiting on Huawei devices and it works every time. The one time I needed to rate limit on Juniper, I couldn't. (BTW, I prefer Juniper devices over any other vendor)

    Anyways, if you do figure it out, plz post here. I'm bookmarking this thread. 



    ------------------------------
    SHAHBAZ KHAN
    ------------------------------



  • 4.  RE: Input policer not limiting traffic

    Posted 11-09-2022 11:27
    Rate limiting is something that will only work for about 10% of the total bandwidth at maximum.

    with that said here is a calculation.

    10g * 10% = 1g

    1g * 0.4 = 400,000,000

    you need a bandwidth limit to go with this.

    bandwidth-limit = 1g
    burst-size-limit = 400000000

    to get your 10% however...

    10.485760g * 10% = 1.0485760g

    1g * 0.4 = 0.4194304g = 419430000

    a network engineer will say this is not precise, but it should be acurate.


    ------------------------------
    Adrian Aguinaga
    B.S.C.M. I.T.T. Tech
    (Construction Management)
    A.A.S. I.T.T. Tech
    (Drafting & Design)
    ------------------------------