Mailing List Archive: nsp: juniper

EX3200/EX4200 Rate-Limit

Index | Next | Previous | View Threaded

bmannella at teraswitch

Nov 16, 2009, 8:34 AM

Post #1 of 6 (1433 views)
Permalink

EX3200/EX4200 Rate-Limit

Upgrading to 9.3R4.4 seems to have broken my rate-limiting.

The switch is being used to aggregate colo customers, and i need to be able to create rate-limits for different speeds and apply them to different physical ports.

Can anyone provide a example config for this? I had..

firewall {
policer 10m {
##
## Warning: statement ignored: unsupported platform (ex3200-48t)
##
filter-specific;
if-exceeding {
bandwidth-limit 10m;
burst-size-limit 100k;
}
then discard;
}
family ethernet-switching {
filter rate-limit-10m {
term 1 {
then policer 10m;

Thanks,

Brendan Mannella

_______________________________________________
juniper-nsp mailing list juniper-nsp [at] puck
https://puck.nether.net/mailman/listinfo/juniper-nsp

dang at goscomb

Nov 16, 2009, 8:57 AM

Post #2 of 6 (1405 views)
Permalink

Re: EX3200/EX4200 Rate-Limit [In reply to]

Hi

we have:

firewall {
policer 500m {
if-exceeding {
bandwidth-limit 600m;
burst-size-limit 15m;
}
then discard;
}
family inet {
filter 500m-limit {
term default {
then policer 500m;
}
}
}
}

dang [at] cs0# show interfaces ge-0/0/4
description SERVER::mirror0.sov.uk;
unit 0 {
family inet {
filter {
input 500m-limit;
}
address x.x.x.x/y;
}
}

Cheers

Dan

> -----Original Message-----
> From: juniper-nsp-bounces [at] puck [mailto:juniper-nsp-
> bounces [at] puck] On Behalf Of Brendan Mannella
> Sent: 16 November 2009 16:35
> To: juniper-nsp
> Subject: [j-nsp] EX3200/EX4200 Rate-Limit
>
> Upgrading to 9.3R4.4 seems to have broken my rate-limiting.
>
> The switch is being used to aggregate colo customers, and i need to be
> able to create rate-limits for different speeds and apply them to
> different physical ports.
>
> Can anyone provide a example config for this? I had..
>
> firewall {
> policer 10m {
> ##
> ## Warning: statement ignored: unsupported platform (ex3200-48t)
> ##
> filter-specific;
> if-exceeding {
> bandwidth-limit 10m;
> burst-size-limit 100k;
> }
> then discard;
> }
> family ethernet-switching {
> filter rate-limit-10m {
> term 1 {
> then policer 10m;
>
> Thanks,
>
> Brendan Mannella
>
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp [at] puck
> https://puck.nether.net/mailman/listinfo/juniper-nsp
_______________________________________________
juniper-nsp mailing list juniper-nsp [at] puck
https://puck.nether.net/mailman/listinfo/juniper-nsp

felix.schueren at hosteurope

Nov 16, 2009, 10:18 AM

Post #3 of 6 (1397 views)
Permalink

Re: EX3200/EX4200 Rate-Limit [In reply to]

Brendan Mannella wrote:
> Upgrading to 9.3R4.4 seems to have broken my rate-limiting.
>
> The switch is being used to aggregate colo customers, and i need to be able to create rate-limits for different speeds and apply them to different physical ports.
>
> Can anyone provide a example config for this? I had..
>
> firewall {
> policer 10m {
> ##
> ## Warning: statement ignored: unsupported platform (ex3200-48t)
> ##

> filter-specific;
that never worked on the EXes, afaik - if you want filter-specific, you
need to manually write a seperate policer for each filter.

policer filter0 {
if-exceeding {
bandwidth-limit 500m;
burst-size-limit 1m;
}
then discard;
}
policer filter1 {
if-exceeding {
bandwidth-limit 500m;
burst-size-limit 1m;
}
then discard;
}

Yes, it sucks. EXes are really annoying in many cases where they just
don't support features you've come to rely on on the M-series.

Kind regards,

Felix

--
Felix Schüren
Head of Network

-----------------------------------------------------------------------
Host Europe GmbH - http://www.hosteurope.de
Welserstraße 14 - 51149 Köln - Germany
Telefon: 0800 467 8387 - Fax: +49 180 5 66 3233 (*)
HRB 28495 Amtsgericht Köln - USt-IdNr.: DE187370678
Geschäftsführer:
Uwe Braun - Alex Collins - Mark Joseph - Patrick Pulvermüller

(*) 0,14 EUR/Min. aus dem dt. Festnetz, Mobilfunkpreise ggf. abweichend
_______________________________________________
juniper-nsp mailing list juniper-nsp [at] puck
https://puck.nether.net/mailman/listinfo/juniper-nsp

felix.schueren at hosteurope

Nov 16, 2009, 10:22 AM

Post #4 of 6 (1407 views)
Permalink

Re: EX3200/EX4200 Rate-Limit [In reply to]

Dan,

>
> firewall {
> policer 500m {
> if-exceeding {
> bandwidth-limit 600m;
> burst-size-limit 15m;
> }
> then discard;
> }
> family inet {
> filter 500m-limit {
> term default {
> then policer 500m;
> }
> }
> }
> }
>
>
> dang [at] cs0# show interfaces ge-0/0/4
> description SERVER::mirror0.sov.uk;
> unit 0 {
> family inet {
> filter {
> input 500m-limit;
> }
> address x.x.x.x/y;
> }
> }
>
>

if you apply that firewall-filter to multiple interfaces (or simply
reference the same policer from within different filters), they will all
share the same bucket. I.e. if one of those interfaces exceeds the
limit, all other interfaces using the same policer will drop packets,
even if they're different customers or different filters. If you want a
generic "500m" limit and reference that from different filters, on
M-series you can simply use "filter-specific" within the policer and it
will generate internal policers automatically for each reference within
a different filter - the EXes won't.

Kind regards.

Felix

--
Felix Schüren
Head of Network

-----------------------------------------------------------------------
Host Europe GmbH - http://www.hosteurope.de
Welserstraße 14 - 51149 Köln - Germany
Telefon: 0800 467 8387 - Fax: +49 180 5 66 3233 (*)
HRB 28495 Amtsgericht Köln - USt-IdNr.: DE187370678
Geschäftsführer:
Uwe Braun - Alex Collins - Mark Joseph - Patrick Pulvermüller

(*) 0,14 EUR/Min. aus dem dt. Festnetz, Mobilfunkpreise ggf. abweichend
_______________________________________________
juniper-nsp mailing list juniper-nsp [at] puck
https://puck.nether.net/mailman/listinfo/juniper-nsp

dang at goscomb

Nov 16, 2009, 10:25 AM

Post #5 of 6 (1415 views)
Permalink

Re: EX3200/EX4200 Rate-Limit [In reply to]

Hi

Yes, its the only policer on the switch and is only applied to this port in our case.

> -----Original Message-----
> From: Felix Schueren [mailto:felix.schueren [at] hosteurope]
> Sent: 16 November 2009 18:23
> To: Daniel Goscomb
> Cc: Brendan Mannella; juniper-nsp
> Subject: Re: [j-nsp] EX3200/EX4200 Rate-Limit
>
> Dan,
>
> >
> > firewall {
> > policer 500m {
> > if-exceeding {
> > bandwidth-limit 600m;
> > burst-size-limit 15m;
> > }
> > then discard;
> > }
> > family inet {
> > filter 500m-limit {
> > term default {
> > then policer 500m;
> > }
> > }
> > }
> > }
> >
> >
> > dang [at] cs0# show interfaces ge-0/0/4
> > description SERVER::mirror0.sov.uk;
> > unit 0 {
> > family inet {
> > filter {
> > input 500m-limit;
> > }
> > address x.x.x.x/y;
> > }
> > }
> >
> >
>
> if you apply that firewall-filter to multiple interfaces (or simply
> reference the same policer from within different filters), they will
> all
> share the same bucket. I.e. if one of those interfaces exceeds the
> limit, all other interfaces using the same policer will drop packets,
> even if they're different customers or different filters. If you want a
> generic "500m" limit and reference that from different filters, on
> M-series you can simply use "filter-specific" within the policer and it
> will generate internal policers automatically for each reference within
> a different filter - the EXes won't.
>
> Kind regards.
>
> Felix
>
> --
> Felix Schüren
> Head of Network
>
> -----------------------------------------------------------------------
> Host Europe GmbH - http://www.hosteurope.de
> Welserstraße 14 - 51149 Köln - Germany
> Telefon: 0800 467 8387 - Fax: +49 180 5 66 3233 (*)
> HRB 28495 Amtsgericht Köln - USt-IdNr.: DE187370678
> Geschäftsführer:
> Uwe Braun - Alex Collins - Mark Joseph - Patrick Pulvermüller
>
> (*) 0,14 EUR/Min. aus dem dt. Festnetz, Mobilfunkpreise ggf. abweichend
_______________________________________________
juniper-nsp mailing list juniper-nsp [at] puck
https://puck.nether.net/mailman/listinfo/juniper-nsp

dho2005 at gmail

Nov 16, 2009, 10:41 AM

Post #6 of 6 (1395 views)
Permalink

Re: EX3200/EX4200 Rate-Limit [In reply to]

IIRC, you need Junos 9.5 or later to use filter-specific feature.

-Dan-

On Mon, Nov 16, 2009 at 1:22 PM, Felix Schueren <
felix.schueren [at] hosteurope> wrote:

> Dan,
>
> >
> > firewall {
> > policer 500m {
> > if-exceeding {
> > bandwidth-limit 600m;
> > burst-size-limit 15m;
> > }
> > then discard;
> > }
> > family inet {
> > filter 500m-limit {
> > term default {
> > then policer 500m;
> > }
> > }
> > }
> > }
> >
> >
> > dang [at] cs0# show interfaces ge-0/0/4
> > description SERVER::mirror0.sov.uk;
> > unit 0 {
> > family inet {
> > filter {
> > input 500m-limit;
> > }
> > address x.x.x.x/y;
> > }
> > }
> >
> >
>
> if you apply that firewall-filter to multiple interfaces (or simply
> reference the same policer from within different filters), they will all
> share the same bucket. I.e. if one of those interfaces exceeds the
> limit, all other interfaces using the same policer will drop packets,
> even if they're different customers or different filters. If you want a
> generic "500m" limit and reference that from different filters, on
> M-series you can simply use "filter-specific" within the policer and it
> will generate internal policers automatically for each reference within
> a different filter - the EXes won't.
>
> Kind regards.
>
> Felix
>
> --
> Felix Schüren
> Head of Network
>
> -----------------------------------------------------------------------
> Host Europe GmbH - http://www.hosteurope.de
> Welserstraße 14 - 51149 Köln - Germany
> Telefon: 0800 467 8387 - Fax: +49 180 5 66 3233 (*)
> HRB 28495 Amtsgericht Köln - USt-IdNr.: DE187370678
> Geschäftsführer:
> Uwe Braun - Alex Collins - Mark Joseph - Patrick Pulvermüller
>
> (*) 0,14 EUR/Min. aus dem dt. Festnetz, Mobilfunkpreise ggf. abweichend
> _______________________________________________
> juniper-nsp mailing list juniper-nsp [at] puck
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
_______________________________________________
juniper-nsp mailing list juniper-nsp [at] puck
https://puck.nether.net/mailman/listinfo/juniper-nsp

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact Gossamer Threads