[j-nsp] WAN input prioritization on MX

Doug Hanks dhanks at juniper.net
Mon Oct 15 10:20:04 EDT 2012 

All you need in this scenario is a simple policer and a firewall filter than. Just match the different types of traffic as you described below into different terms of a firewall filter, then depending on what you want to do with the traffic, police it or discard it.

From: Gustavo Santos <gustkiller at gmail.com<mailto:gustkiller at gmail.com>>
Date: Mon, 15 Oct 2012 10:40:41 -0300
To: dhanks <dhanks at juniper.net<mailto:dhanks at juniper.net>>
Cc: "EXT - caillinb at commtelns.com<mailto:caillinb at commtelns.com>" <caillinb at commtelns.com<mailto:caillinb at commtelns.com>>, Serge Vautour <serge at nbnet.nb.ca<mailto:serge at nbnet.nb.ca>>, Chris Evans <chrisccnpspam2 at gmail.com<mailto:chrisccnpspam2 at gmail.com>>, "juniper-nsp at puck.nether.net<mailto:juniper-nsp at puck.nether.net>" <juniper-nsp at puck.nether.net<mailto:juniper-nsp at puck.nether.net>>
Subject: Re: [j-nsp] WAN input prioritization on MX

Hi, After reading your comments, I will try to explain better  what I'm trying to achieve. I'm trying to do classification and queueing on an ingress interface.

When the wan interface gets rate limit threshold (500mbits), all the traffic that is destinated to the high priority destination subnet gets precedence and no packet loss or lower packet loss, than the low priority.

The egress traffic to these subnets goes to two different physical interfaces ( ge-1/0/5 and ge-1/0/5) So , from what I read from you, the ingress interface should "see" the rate limit of 500mbits gets congestion and then discard packets from wan that have destination (address) subnet that differs from the high priority subnet.

For instance: If the current wan ingress traffic total is 450mbits and high priority traffic is 100mbits, and low priority is 350mbits = no packet discard, but if traffic towards high priority subnet is 300mbits and low priority is 300mbits, then the queuing / scheduler will drop the low priority traffic until the sources traffic gets shaped to 200mbits for the low priority and the high priority gets 300mbits.

On Linux it's quite simple to achieve.

Gustavo Santos
Analista de Redes
CCNA , MTCNA , MTCRE, MTCINE, JUNCIA-ER



2012/10/15 Doug Hanks <dhanks at juniper.net<mailto:dhanks at juniper.net>>
>If you're having a hard time writing
>the proper code-points to a packet, I would assume the packets are
>classified correctly.

s/correctly/incorrectly/

More information about the juniper-nsp mailing list