[j-nsp] Burst size for policing

OBrien, Will ObrienH at missouri.edu
Fri Jan 25 16:38:42 EST 2013


I usually use separate policers for in and out. 

Will

On Jan 25, 2013, at 1:22 PM, "Luca Salvatore" <Luca at ninefold.com> wrote:

> Hi Guys,
> 
> Got some issues with my policing configuation on a SRX650.
> I have it configured to police inbound and outbound traffic to 40Mb.
> 
> The config to make this happen is:
> 
> configuration firewall policer police-customer | display set
> set firewall policer police-customer if-exceeding bandwidth-limit 39m
> set firewall policer police-customer if-exceeding burst-size-limit 1m
> set firewall policer police-customer then discard
> 
> So this works really well for outbound traffic - speeds test show that it sits right on 40Mb.
> However for my inbound traffic I see that speeds get well above 40Mb - around 65 to 70 actually.
> 
> The policier is applied to the customers interface in both the inbound and outbound direction.
> 
> I'm thinking the burst size could be too big perhaps?
> 
> Thanks.
> Luca.
> 
> 
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp



More information about the juniper-nsp mailing list