At 04:02 PM 4/3/2002, Blaz Zupan wrote:
> > First of all CBWFQ is not a rate-limiting feature, it is a rate-preserving
> > feature. It provides the traffic with a 'guaranteed' lower bound on link
> > capacity. Whereas a rate-limiting feature would provide an upperbound on
> > capacity.
> >
> > Second, to rate-limit incoming traffic on an interface I think you can
> > simply define a policer on that interface:
> >
> http://www.juniper.net/techpubs/software/junos52/swconfig52-policy/html/fire
> > wall-config19.html
>
>I think you misunderstood me. I know how to use a policer. The problem is, how
>do I police only packets that are comming from a certain interface? For
>example:
have you read the feature called interface group in the pointer Metz
gave you ? Here you can tag interfaces who are port of this group
and then you apply a policer for the outgoing interface to the upstream
provider in the firewall stanza
regards
josef
> upstream provider IX peering
> \ /
> e3-0/0/0 \ / fe-0/1/1
> \ /
> juniper
> |
> | interface fe-0/1/0.1
> |
> customer
>
>Customer wants to have 2Mbps of international connectivity (through upstream
>provider) but does not want to be limited on the IX peering connectivity (so
>he can get full 100Mbps of "local" connectivity).
>
>Here's what I would do on a Cisco:
>
>class-map match-all from internet
> match ip dscp 38
>
>policy-map from-internet
> class class-default
> set ip dscp 38
>
>policy-map to-customer
> class from-internet
> shape average 2048000
>
>interface Serial6/0
> description Upstream connectivity
> service-policy input from-internet
>
>interface FastEthernet0/1
> description Customer connection
> service-policy output to-customer
>
>
>How do I do that on a Juniper? I have a solution if the customer is not
>connected directly to the Juniper (as I have shown in my previous mail).
This archive was generated by hypermail 2b29 : Mon Aug 05 2002 - 10:42:40 EDT