We have two upstream connections and lots of customers who would like to
have their connection to only be limited on the upstream connections, but
not on our peering connections.
In C-land, we use a service policy to DSCP mark packets that are comming
from one of our upstreams. We can then use CBWFQ to limit only those packets
colored with specific DSCP bits.
I can easily do this for packets *leaving* the router on our Juniper with
something like this:
forwarding-classes {
queue 1 internet-traffic;
}
interfaces {
fe-0/1/0 {
unit 1 {
rewrite-rules {
dscp internet-traffic;
}
}
}
}
rewrite-rules {
dscp internet-traffic {
forwarding-class internet-traffic {
loss-priority high code-point 100110;
}
}
}
firewall {
filter incoming-internet-traffic {
term internet-traffic {
then {
loss-priority high;
forwarding-class internet-traffic;
accept;
}
}
}
interfaces {
e3-0/0/0 {
unit 0 {
family inet {
filter {
input incoming-internet-traffic;
}
}
}
}
}
Thus, packets comming in through e3-0/0/0 are put into the
"internet-traffic" queue and all packets leaving the router through
fe-0/1/0.1 and belonging to the internet-traffic queue are marked with
certain DSCP bits.
I can then use CBWFQ on one of our downstream Cisco's to limit only those
packets marked on the Juniper. But now, what do I do when one of those
customers is connected directly to the Juniper? How do I rate-limit only
traffic that is comming in through e3-0/0/0?
This archive was generated by hypermail 2b29 : Mon Aug 05 2002 - 10:42:40 EDT