[j-nsp] JunOS QPPB
Elian Scrosoppi
escrosoppi at ifxcorp.com
Tue Jan 3 14:34:42 EST 2006
Hi guys,
I'm trying to do something like QPPB in JunOS with source-class-usage and destination-class-usage in order to rate-limit some customer traffic differentiating by national or international bandwidth.
This is part of my configuration:
--
escrosoppi at ..> show configuration routing-options forwarding-table
export FT_POLICY;
(remember: if this policy match some condition dont stop working and goes to the next term)
escrosoppi at ..> show configuration policy-options policy-statement FT_POLICY
term 1 {
then {
destination-class INTERNATIONAL-OUTPUT;
}
}
term 2 {
from community NAP;
then {
destination-class NAP-OUTPUT;
}
}
escrosoppi at ..> show configuration firewall filter CUSTOMER-IN
term 1 {
from {
destination-class NAP-OUTPUT;
}
then {
policer 256Kbps;
count CUSTOMER_TRAFFIC_INPUT_NATIONAL;
accept;
}
}
term 2 {
then {
policer 512Kbps;
count CUSTOMER_TRAFFIC_INPUT_INTERNATIONAL;
accept;
}
}
--
I'm using accounting in egress and ingress interface and a firewall filter to match the destination-class and then apply the apropiated limit, but this only works when the traffic comes back and not when the traffic goes out.
The problem is that the fw filter NEVER match the destination-class NAP-OUTPUT
I think this doesnt work because the destination-class is applied after a routing-lookup, and the firewall filter is applied when the packet arrives to the interface, so the filter doesnt know to what destination-class the packet will be classified. I'm pretty sure of this because i can see that the source-class and destination-class is working with the command 'sh interfaces ge-0/0/0.x statistics' and not in the counter of my filter.
Anybody have made something like this? Is this the correct way to perform what i want to do? Help will be apreciated :)
Thanks in advance,
--
Elian Scrosoppi
escrosoppi at ifxcorp.com
More information about the juniper-nsp
mailing list