[j-nsp] JunOS versions, MX and lots of policers

OBrien, Will ObrienH at missouri.edu
Mon Feb 15 14:30:21 EST 2010


The burst size limit should ideally be 1/8'th of your policer.
I found that the burst limit got very odd with smaller limits - bigger limits, say 10Mb and over don't quite seem to have the problem.

In my case, here's what absolutely works. My policer filter is applied to a bridge group with a connection on vlan 201.

config
interface irb unit 201
edit family inet
deactivate filter
commit

edit filters.
commit.

reactivate filter
commit.

This works perfectly, reflecting changes as desired.
If I don't follow this procedure, the policers keep their previous settings.
--that is, if I edit the filter and commit.

My SE suggested trying commit force, but I haven't tested it yet.

On Feb 15, 2010, at 1:08 PM, Judah Scott wrote:

Will,

I am having confusion with policer burst-size-limits.  Increasing the burst-size-limit seems to have no effect.  Now, I am thinking that the problem is a bug we are both experiencing w.r.t. the actual updating of the policer's changes.  Can you let me know exactly how you disable and re-enable the policer for the changes to "commit" as you say.  I want to verify if this works for the burst-size-limit changes we are trying to make to our policers.


Thanks,
J Scott



On Fri, Feb 12, 2010 at 6:00 PM, OBrien, Will <ObrienH at missouri.edu<mailto:ObrienH at missouri.edu>> wrote:
I'm currently policing two /16s of ip space with a pair of MX960s. It has My policer config was originally written for a M20.
Here's an example of one of my policers: (real ips are used)

term 10.0.0.0 {
   from {
       address {
           10.0.0.0/26<http://10.0.0.0/26>;
       }
   }
   then prefix-action 15MInbound;
}


prefix-action 15MOutbound {
   policer 15MPolicer;
   count;
   subnet-prefix-length 24;
   source-prefix-length 32;
}

and the policer it references:
if-exceeding {
   bandwidth-limit 15m;
   burst-size-limit 1500000;
}
then discard;

This behaves pretty well, but requires that the policer be applied on every /24 that I want.
With two /16s and some /26s in there, this makes for a pretty long config.

I'm curious if anyone has examples of better configs that the JunOS docs. The policer we have now is very close to the examples online.  I'd rather set some larger overall policers, then set exceptions for certain subnets - data center, etc. I'm pretty sure I'm only limited by the maximum number of policers that can be created per instance.

Next question:
I have issues when changing policers with my current code - I have to disable them, change them, the re-enable them to make changes take effect. Anyone else seen this? Will force reload deal with this?

Finally,
Is anyone running version 10 code on their production MXs? How's it doing?
_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net<mailto:juniper-nsp at puck.nether.net>
https://puck.nether.net/mailman/listinfo/juniper-nsp




More information about the juniper-nsp mailing list