[j-nsp] Prefix-Specific Action

Thu Jan 16 09:51:52 EST 2003

At 05:12 PM 1/15/2003, Jonathan Tse wrote:
>Hi Josef,
>
>just to double confirm. meaning i can police up to 65536 hosts per router if
>the destination-prefix-length is /32?

Jonathan,

the primarily restriction in the number of policers comes from the space
of memory you have. If you have an M20 with IPII SSB-E-M20 you have
8Mbyte on DRAM on the lookup Asic ( Internet Processor II). Since the 
filter programs and the
active routes do share the same memory you can run 400k *active* routes
and 65k policers. Please keep in mind that every host in this example
gets its own policer. This is the reason why the cli restricted the amount
of policers to a full class B subnet. I would assume this is already
a lot and should meet most of the requirements ....

But if you have installed SSB-E-16-M20 which is the 16Mbyte on DRAM
which requires version 5.5 and higher you can certainly increase the
number of policers extensively more.

hope this helps
Josef

>regards,
>Jonathan.
>
>----- Original Message -----
>From: "Josef Buchsteiner" <josefb at juniper.net>
>To: "Jonathan Tse" <jonathantse at pacific.net.sg>;
><juniper-nsp at puck.nether.net>
>Sent: Wednesday, January 15, 2003 11:56 PM
>Subject: Re: [j-nsp] Prefix-Specific Action
>
>
> > At 12:56 PM 1/15/2003, Jonathan Tse wrote:
> > >Thanks Josef,
> > >
> > >Your explanation is crystal clear! May be the manual should follow your
> > >instead :)
> > >
> > >Is there any hardware requirement like FPC-II to enable such feature and
>how
> > >many subnet that a M20 can handle?
> >
> > If you use a /16 subnet and you want to police on a /32
> > destination-prefix-length
> > you basically use 65536 policers which is the current maximum you can
>configure
> > for one subnet. You will get a warning message in the cli when you try to
>go
> > beyond this number.
> >
> >
> > thanks
> > Josef
> >
> >
> > >Million thanks!
> > >Jonathan.
> > >
> > >----- Original Message -----
> > >From: "Josef Buchsteiner" <josefb at juniper.net>
> > >To: "Jonathan Tse" <jonathantse at pacific.net.sg>;
> > ><juniper-nsp at puck.nether.net>
> > >Sent: Wednesday, January 15, 2003 7:38 PM
> > >Subject: Re: [j-nsp] Prefix-Specific Action
> > >
> > >
> > > > At 12:43 AM 1/15/2003, Jonathan Tse wrote:
> > > > >Hi Josef,
> > > > >
> > > > >that is cool! lots of people would love it! one more question: if two
> > > > >interfaces shares the same filter with prefix-specific action being
>used
> > > > >(let's say 1Mbps per /32 in a /24), does the policy shape the traffic
>per
> > > > >interface (meaning max 1Mbps each interface for that /32) or
>regardless
> > >of
> > > > >the number of interfaces (meaning total 1Mbps thru the above two
> > >interfaces
> > > > >for that /32)?
> > > >
> > > >
> > > > Jonathan,
> > > >          the prefix-specific is done per address not per interface.
> > > > i.e. you want to police all http traffic to certain host in /24 subnet
> > >where
> > > > all the host are in a /30 range you do this for all your host
>regardless
> > > > of the interface. You still can add an interface-policer which police
> > > > at the aggregate level for a specific interface. Given the example
>above
> > > > you could also
> > > > say that all the http traffic to each hosts should be 500kbps but the
> > >total
> > > > of all http traffic should never go higher then 1Mbps which can be
> > >accomplished
> > > > with the next term statement ( aka multilevel policer ... )
> > > >
> > > >
> > > > thanks
> > > > Josef
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > >thanks!
> > > > >Jonathan.
> > > > >
> > > > >----- Original Message -----
> > > > >From: "Josef Buchsteiner" <josefb at juniper.net>
> > > > >To: "Jonathan Tse" <jonathantse at pacific.net.sg>;
> > > > ><juniper-nsp at puck.nether.net>
> > > > >Sent: Wednesday, January 15, 2003 4:25 AM
> > > > >Subject: Re: [j-nsp] Prefix-Specific Action
> > > > >
> > > > >
> > > > > > At 05:31 AM 1/14/2003, Jonathan Tse wrote:
> > > > > > >Hi,
> > > > > > >
> > > > > > >Any idea what is this Prefix-Specific Action for?
> > > > > > >
> > > > > >
> > > > >
> > >
> >http://www.juniper.net/techpubs/software/junos/junos56/swconfig56-policy/ht
> > > > >m
> > > > > > >l/policer-config9.html#1046287
> > > > > > >
> > > > > >
> > > > >
> > >
> >http://www.juniper.net/techpubs/software/junos/junos56/swconfig56-policy/ht
> > > > >m
> > > > > > >l/policer-config10.html#1046825
> > > > > > >
> > > > > > >In layman's term, is it for policing individual address (like
>1Mbps
> > >per
> > > > >/32)
> > > > > > >within a given prefixes (/24)?
> > > > > >
> > > > > > this is exactly what the motivation is as you stated
> > > > > > to police on a more granular level
> > > > > >
> > > > > > regards
> > > > > > Josef
> > > > > >
> > > > > >
> > > > > > >Thanks,
> > > > > > >Jonathan Tse
> > > > > > >Senior Network Engineer, Pacific Internet - Singapore
> > > > > > >NOC: +65 6872-1010 DID: +65 6771-0843 FAX: +65 6872-6674
> > > > > > >
> > > > > > >_______________________________________________
> > > > > > >juniper-nsp mailing list juniper-nsp at puck.nether.net
> > > > > > >http://puck.nether.net/mailman/listinfo/juniper-nsp
> > > > > >
> > > > >
> > > > >_______________________________________________
> > > > >juniper-nsp mailing list juniper-nsp at puck.nether.net
> > > > >http://puck.nether.net/mailman/listinfo/juniper-nsp
> > > >
> > >
> > >_______________________________________________
> > >juniper-nsp mailing list juniper-nsp at puck.nether.net
> > >http://puck.nether.net/mailman/listinfo/juniper-nsp
> >
> > _______________________________________________
> > juniper-nsp mailing list juniper-nsp at puck.nether.net
> > http://puck.nether.net/mailman/listinfo/juniper-nsp
> >
>
>_______________________________________________
>juniper-nsp mailing list juniper-nsp at puck.nether.net
>http://puck.nether.net/mailman/listinfo/juniper-nsp
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://puck.nether.net/pipermail/juniper-nsp/attachments/20030116/0d4be0c1/attachment.htm