[j-nsp] Firewall matched CoS example

[Kevin Day]

Does anyone have a working example of how to do something like this:

Based off of source IP, I want to assign outgoing traffic into  
different queues, a low priority and a high priority queue.

Then, per outgoing interface, I want to set up different bandwidth  
limits. If the overall bandwidth sent over that interface is under a  
certain rate, packets are sent without delay or dropping. Once the  
rate limit is hit, only traffic in the low priority queue is dropped  
to meet the rate limit.


I've reviewed the CoS examples a bunch of times, although I don't see  
anything that matches this specific instance. There are either some  
very very simple CoS examples, or some very complicated ones  
involving tagging packets between routers. I see how this looks  
possible by assigning different queues to each priority, then letting  
them borrow from each other until they use up all the assigned  
bandwidth. However, I've had very little luck in getting this to  
actually work. Either the queues get used but no packets actually get  
dropped when the limit is hit, or I crash the FPC and/or SSB somehow.

Does anyone do anything similar to this, where you have traffic  
limits you want to keep on outbound interfaces, but want to assign  
priorities to how that bandwidth is used? RED/WRED would be even  
better. :)

Right now I'm using policers to keep the total amount set limits on  
how much is sent out each outbound interface, but we have some  
traffic that's very important and can't be delayed, and we have some  
"bulk" traffic that can be dropped at any point to keep things under  
the limit. My real goal is to make sure we stay under a specific  
limit per interface, but only drop the unimportant traffic.

These are regular (fixed optic) GE pics, btw. Nothing IQ.