[j-nsp] WAN input prioritization on MX

Mon Oct 15 10:57:40 EDT 2012

Doug,

Like this?

Interface

[edit interfaces ge-1/1/0]
gustavo at BRD01# show
description WAN;
unit 0 {
    bandwidth 490m;
    family inet {
        filter {
            input controle;
        }
        policer {
            input gvt;
        }
        sampling {
            input;
            output;
        }
        address 177.99.164.126/30;
    }
}

[edit interfaces ge-1/1/0]

Policer

[edit firewall policer wan]
gustavo at BRD01# show
if-exceeding {
    bandwidth-limit 490m;
    burst-size-limit 625k;
}
then discard;

[edit firewall policer wan]

Filter

gustavo at BRD01# show
term clientes {
    from {
        destination-address {
            177.8.x.0/21;
            177.x.x.0/22;
            177.6x.x.0/22;
            177.6x.xx0.0/24;
            177.6x.xx1.0/24;
            177.6x.xx3.0/24;
            177.1x.1x.0/22;
            177.1x.1x.0/24;
            177.1x.2x.0/21;
            177.1x.2x.0/22;
            177.1x.2x.0/22;
        }
    }
    then {
        loss-priority low;
        forwarding-class expedited-forwarding;
         }
}
term resto {
    then {
        loss-priority high;
        forwarding-class best-effort;

    }
}

[edit firewall family inet filter controle]

Gustavo Santos
Analista de Redes
CCNA , MTCNA , MTCRE, MTCINE, JUNCIA-ER

2012/10/15 Doug Hanks <dhanks at juniper.net>

>   All you need in this scenario is a simple policer and a firewall filter
> than. Just match the different types of traffic as you described below into
> different terms of a firewall filter, then depending on what you want to do
> with the traffic, police it or discard it.
>
>    From: Gustavo Santos <gustkiller at gmail.com>
> Date: Mon, 15 Oct 2012 10:40:41 -0300
> To: dhanks <dhanks at juniper.net>
> Cc: "EXT - caillinb at commtelns.com" <caillinb at commtelns.com>, Serge
> Vautour <serge at nbnet.nb.ca>, Chris Evans <chrisccnpspam2 at gmail.com>, "
> juniper-nsp at puck.nether.net" <juniper-nsp at puck.nether.net>
>
> Subject: Re: [j-nsp] WAN input prioritization on MX
>
>  Hi, After reading your comments, I will try to explain better  what I'm
> trying to achieve. I'm trying to do classification and queueing on an
> ingress interface.
>
>  When the wan interface gets rate limit threshold (500mbits), all the
> traffic that is destinated to the high priority destination subnet gets
> precedence and no packet loss or lower packet loss, than the low priority.
>
>  The egress traffic to these subnets goes to two different physical
> interfaces ( ge-1/0/5 and ge-1/0/5) So , from what I read from you, the
> ingress interface should "see" the rate limit of 500mbits gets congestion
> and then discard packets from wan that have destination (address) subnet
> that differs from the high priority subnet.
>
>  For instance: If the current wan ingress traffic total is 450mbits and
> high priority traffic is 100mbits, and low priority is 350mbits = no packet
> discard, but if traffic towards high priority subnet is 300mbits and low
> priority is 300mbits, then the queuing / scheduler will drop the low
> priority traffic until the sources traffic gets shaped to 200mbits for the
> low priority and the high priority gets 300mbits.
>
>  On Linux it's quite simple to achieve.
>
> Gustavo Santos
> Analista de Redes
> CCNA , MTCNA , MTCRE, MTCINE, JUNCIA-ER
>
>
>
> 2012/10/15 Doug Hanks <dhanks at juniper.net>
>
>> >If you're having a hard time writing
>> >the proper code-points to a packet, I would assume the packets are
>> >classified correctly.
>>
>>  s/correctly/incorrectly/
>>
>>
>>
>