[j-nsp] Firewall matched CoS example

Erdem Sener erdems at gmail.com
Sun Oct 2 19:09:26 EDT 2005


Hello,

 I guess what you're looking for is 'transmit rate xxx exact' and/or
'transmit rate remainder' under [edit class-of-service schedulers] for
sort of rate-limiting different queues on interfaces.

 Once you're done with your class-of-service configuration, you can
use inbound firewall filters to put traffic from certain ip
addresses/subnets under different queues, instead of 'classifying'
them.

 I would suggest digging more into list archives, cos is a very
popular subject :)

 Cheers,
 Erdem

On 10/2/05, Kevin Day <toasty at dragondata.com> wrote:
>
> Does anyone have a working example of how to do something like this:
>
> Based off of source IP, I want to assign outgoing traffic into
> different queues, a low priority and a high priority queue.
>
> Then, per outgoing interface, I want to set up different bandwidth
> limits. If the overall bandwidth sent over that interface is under a
> certain rate, packets are sent without delay or dropping. Once the
> rate limit is hit, only traffic in the low priority queue is dropped
> to meet the rate limit.
>
>
> I've reviewed the CoS examples a bunch of times, although I don't see
> anything that matches this specific instance. There are either some
> very very simple CoS examples, or some very complicated ones
> involving tagging packets between routers. I see how this looks
> possible by assigning different queues to each priority, then letting
> them borrow from each other until they use up all the assigned
> bandwidth. However, I've had very little luck in getting this to
> actually work. Either the queues get used but no packets actually get
> dropped when the limit is hit, or I crash the FPC and/or SSB somehow.
>
> Does anyone do anything similar to this, where you have traffic
> limits you want to keep on outbound interfaces, but want to assign
> priorities to how that bandwidth is used? RED/WRED would be even
> better. :)
>
> Right now I'm using policers to keep the total amount set limits on
> how much is sent out each outbound interface, but we have some
> traffic that's very important and can't be delayed, and we have some
> "bulk" traffic that can be dropped at any point to keep things under
> the limit. My real goal is to make sure we stay under a specific
> limit per interface, but only drop the unimportant traffic.
>
> These are regular (fixed optic) GE pics, btw. Nothing IQ.
>
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> http://puck.nether.net/mailman/listinfo/juniper-nsp
>



More information about the juniper-nsp mailing list