RE: [j-nsp] DSCP marking for packets not leaving router

From: Ben Eater (eater@juniper.net)
Date: Wed Apr 03 2002 - 10:03:24 EST

Next message: Kent Yu: "Re: [j-nsp] How is the book ???"
Previous message: Aviva Garrett: "Re: [j-nsp] How is the book ???"
In reply to: Blaz Zupan: "RE: [j-nsp] DSCP marking for packets not leaving router"
Reply: Blaz Zupan: "RE: [j-nsp] DSCP marking for packets not leaving router"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Mail actions: [ respond to this message ] [ mail a new topic ]

I think it sounds like you want to use interface-groups. Assign the
interface to the upstream provider to an interface group:

so-0/0/0 {
    unit 0 {
        family inet {
            filter {
                group 1;
            }
            address 1.1.1.1/30;
        }
    }
}

Then, define the filter to match on the group:

policer bar {
    if-exceeding {
        bandwidth-limit 2m;
        burst-size-limit 1500;
    }
    then discard;
}
filter foo {
    term one {
        from {
            interface-group 1;
        }
        then policer bar;
    }
    term two {
        then accept;
    }
}

Apply this as an output filter on the customer interface.

-Ben

> -----Original Message-----
> From: Blaz Zupan [mailto:blaz@inlimbo.org]
> Sent: Wednesday, April 03, 2002 9:03 AM
> To: Metz, Eduard
> Cc: juniper-nsp@puck.nether.net
> Subject: RE: [j-nsp] DSCP marking for packets not leaving router
>
>
> > First of all CBWFQ is not a rate-limiting feature, it is a
> rate-preserving
> > feature. It provides the traffic with a 'guaranteed' lower bound on link
> > capacity. Whereas a rate-limiting feature would provide an upperbound on
> > capacity.
> >
> > Second, to rate-limit incoming traffic on an interface I think you can
> > simply define a policer on that interface:
> >
> http://www.juniper.net/techpubs/software/junos52/swconfig52-policy
> /html/fire
> > wall-config19.html
>
> I think you misunderstood me. I know how to use a policer. The
> problem is, how
> do I police only packets that are comming from a certain interface? For
> example:
>
>
> upstream provider IX peering
> \ /
> e3-0/0/0 \ / fe-0/1/1
> \ /
> juniper
> |
> | interface fe-0/1/0.1
> |
> customer
>
> Customer wants to have 2Mbps of international connectivity
> (through upstream
> provider) but does not want to be limited on the IX peering
> connectivity (so
> he can get full 100Mbps of "local" connectivity).
>
> Here's what I would do on a Cisco:
>
> class-map match-all from internet
> match ip dscp 38
>
> policy-map from-internet
> class class-default
> set ip dscp 38
>
> policy-map to-customer
> class from-internet
> shape average 2048000
>
> interface Serial6/0
> description Upstream connectivity
> service-policy input from-internet
>
> interface FastEthernet0/1
> description Customer connection
> service-policy output to-customer
>
>
> How do I do that on a Juniper? I have a solution if the customer is not
> connected directly to the Juniper (as I have shown in my previous mail).
>

Next message: Kent Yu: "Re: [j-nsp] How is the book ???"
Previous message: Aviva Garrett: "Re: [j-nsp] How is the book ???"
In reply to: Blaz Zupan: "RE: [j-nsp] DSCP marking for packets not leaving router"
Reply: Blaz Zupan: "RE: [j-nsp] DSCP marking for packets not leaving router"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Mail actions: [ respond to this message ] [ mail a new topic ]

This archive was generated by hypermail 2b29 : Mon Aug 05 2002 - 10:42:35 EDT