[j-nsp] JunOS QPPB

[Harshit Kumar]

Elian,
       There is a feature in 7.5 called Destination Class Policing which

might help you achieve this. In this, the firewall filter is applied to
the
 output of the forwarding-table also called egress FTF and can match on
the destination-class assigned by the route look-up. Please talk to your
 SE/beta guy to sign up for beta of 7.5. 

BTW, which model of M/T are you using ? Your interface configs & topo 
will also help.

HTHs
Harshit


> -----Original Message-----
> From: juniper-nsp-bounces at puck.nether.net 
> [mailto:juniper-nsp-bounces at puck.nether.net] On Behalf Of 
> Elian Scrosoppi
> Sent: Tuesday, January 03, 2006 11:35 AM
> To: juniper-nsp at puck.nether.net
> Subject: [j-nsp] JunOS QPPB
> 
> Hi guys,
> 
> I'm trying to do something like QPPB in JunOS with 
> source-class-usage and destination-class-usage in order to 
> rate-limit some customer traffic differentiating by national 
> or international bandwidth.
> 
> This is part of my configuration:
> 
> --
> escrosoppi at ..> show configuration routing-options forwarding-table
> export FT_POLICY;
> 
> (remember: if this policy match some condition dont stop 
> working and goes to the next term)
> escrosoppi at ..> show configuration policy-options 
> policy-statement FT_POLICY
> term 1 {
>     then {
>         destination-class INTERNATIONAL-OUTPUT;
>     }
> }
> term 2 {
>     from community NAP;
>     then {
>         destination-class NAP-OUTPUT;
>     }
> }
> 
> escrosoppi at ..> show configuration firewall filter CUSTOMER-IN
> term 1 {
>     from {
>         destination-class NAP-OUTPUT;
>     }
>     then {
>         policer 256Kbps;
>         count CUSTOMER_TRAFFIC_INPUT_NATIONAL;
>         accept;
>     }
> }
> term 2 {
>     then {
>         policer 512Kbps;
>         count CUSTOMER_TRAFFIC_INPUT_INTERNATIONAL;
>         accept;
>     }
> }
> 
> --
> 
> I'm using accounting in egress and ingress interface and a 
> firewall filter to match the destination-class and then apply 
> the apropiated limit, but this only works when the traffic 
> comes back and not when the traffic goes out.
> 
> The problem is that the fw filter NEVER match the 
> destination-class NAP-OUTPUT
> 
> I think this doesnt work because the destination-class is 
> applied after a routing-lookup, and the firewall filter is 
> applied when the packet arrives to the interface, so the 
> filter doesnt know to what destination-class the packet will 
> be classified. I'm pretty sure of this because i can see that 
> the source-class and destination-class is working with the 
> command 'sh interfaces ge-0/0/0.x statistics' and not in the 
> counter of my filter.
> 
> Anybody have made something like this? Is this the correct 
> way to perform what i want to do? Help will be apreciated :)
> 
> Thanks in advance,
> --
> Elian Scrosoppi
> escrosoppi at ifxcorp.com
> 
> 
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> http://puck.nether.net/mailman/listinfo/juniper-nsp
>