[j-nsp] WAN input prioritization on MX

Doug Hanks dhanks at juniper.net
Sat Oct 13 23:09:53 EDT 2012 

How is this weird? You can mark on ingress, but the queuing happens on the
egress interface when it's to be transmitted.


On 10/13/12 6:07 AM, "Chris Evans" <chrisccnpspam2 at gmail.com> wrote:

>JUNOS does a weird way of marking packets.. It is done on the egress of
>the
>box, not on ingress (there is an exception in a few newer modules that can
>do this). So it is probably working as the other poster mentioned.  Make
>sure you take this methodology into consideration as it can hinder your
>granularity of CoS with marking vs passing through and
>you inadvertently remark traffic you didn't mean to.
>
>On Sat, Oct 13, 2012 at 8:21 AM, Gustavo Santos
><gustkiller at gmail.com>wrote:
>
>> Doug and Hanks @juniper. I had to left the office and leave
>>configuration
>> as is. On monday I will update you after verify what you have pointed,
>>
>> What I can tell is that I didn't have made any modification on the
>>systems
>> default class of service  / mapping configuration.
>>
>> Thank you!
>>
>> Gustavo Santos
>> Analista de Redes
>> CCNA , MTCNA , MTCRE, MTCINE, JUNCIA-ER
>>
>>
>>
>> 2012/10/13 Harry Reynolds <harry at juniper.net>
>>
>> > Doug raises some good points.
>> >
>> > Also, for testing, perhaps add some counters to the terms to aid in
>> > confirming matches. You may also want to show config | display
>> > detail/inheritance to see if the prefix list is expanding as you
>>expect.
>> >
>> > Regards
>> >
>> >
>> >
>> > -----Original Message-----
>> > From: juniper-nsp-bounces at puck.nether.net [mailto:
>> > juniper-nsp-bounces at puck.nether.net] On Behalf Of Doug Hanks
>> > Sent: Friday, October 12, 2012 9:36 PM
>> > To: Gustavo Santos; juniper-nsp at puck.nether.net
>> > Subject: Re: [j-nsp] WAN input prioritization on MX
>> >
>> > I'm sure it's working just fine. Are you checking the egress
>>interface to
>> > see if the traffic is being marked and queued properly? A common
>>mistake
>> is
>> > to check the ingress interface queues.
>> >
>> >
>> > If this doesn't work, we would need to see your entire
>>class-of-service
>> > configuration.
>> >
>> > On 10/12/12 6:04 PM, "Gustavo Santos" <gustkiller at gmail.com> wrote:
>> >
>> > >Hi,
>> > >
>> > >I'm new on Juniper class of service / shaping. I'm reading some tech
>> > >docs from Juniper and a Juniper's  MX book, but it's kind tricky.
>> > >Today I get asked to do a pretty simple configuration, but I tried
>>some
>> > >settings but none of then worked. Any of you guys can help me with
>>that?
>> > >
>> > >What I want to achieve is pretty (conceptualy speaking) simple.  I
>>have
>> > >a Gig interface and want to rate limit the interface at 500Mbits ,
>>mark
>> > >a destination subnet with expedited forwarding class, mark anything
>> > >else with best effort. I tried the config below but it's not working.
>> > >The rate-limit works but the prioritization isn't.
>> > >
>> > >
>> > >
>> > >
>> > >gustavo at MX5-1> show configuration firewall family inet filter
>> > >wan-control physical-interface-filter; term high-priority {
>> > >    from {
>> > >        destination-prefix-list {
>> > >            high-priority-dst;
>> > >        }
>> > >    }
>> > >    then {
>> > >        policer limit500;
>> > >        loss-priority low;
>> > >        forwarding-class expedited-forwarding;
>> > >        }
>> > >}
>> > >term else {
>> > >    then {
>> > >        policer limit500;
>> > >        loss-priority high;
>> > >        forwarding-class best-effort
>> > >       }
>> > >
>> > >
>> > >( policer limit500)
>> > >physical-interface-policer;
>> > >if-exceeding {
>> > >    bandwidth-limit 480m;   (set the value lower to check policer
>> > >working..
>> > >but it wasn't as desired)
>> > >    burst-size-limit 625k;
>> > >}
>> > >then discard;
>> > >
>> > >then the filter was applied on the interface family inet filter input
>> > >wan-control
>> > >
>> > >Gustavo Santos
>> > >Analista de Redes
>> > >CCNA , MTCNA , MTCRE, MTCINE, JUNCIA-ER
>> > >_______________________________________________
>> > >juniper-nsp mailing list juniper-nsp at puck.nether.net
>> > >https://puck.nether.net/mailman/listinfo/juniper-nsp
>> > >
>> >
>> >
>> >
>> > _______________________________________________
>> > juniper-nsp mailing list juniper-nsp at puck.nether.net
>> > https://puck.nether.net/mailman/listinfo/juniper-nsp
>> >
>> >
>> >
>> _______________________________________________
>> juniper-nsp mailing list juniper-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>>
>_______________________________________________
>juniper-nsp mailing list juniper-nsp at puck.nether.net
>https://puck.nether.net/mailman/listinfo/juniper-nsp
>

More information about the juniper-nsp mailing list