[j-nsp] Burst size for policing
Huan Pham
drie.huanpham at gmail.com
Fri Jan 25 21:50:26 EST 2013
Hi Luca,
_I think_ the stats that show for inbound rate (65M-70M) on the interface
maybe the one before you do policing. It may not be the rate after
dropping. On the other hand traffic shown outbound already subject of your
outbound policy.
Could you check the traffic that leaves the router (e.g. outbound to the
LAN). If your router has only two interfaces (e.g. WAN and LAN, and you
apply the policing on the WAN interface), then the outbound rate on the
other interface (LAN interface) is the rate after your WAN inbound policing.
Cheers,
Huan
On Sat, Jan 26, 2013 at 8:20 AM, Luca Salvatore <Luca at ninefold.com> wrote:
> Hi Guys,
>
> Got some issues with my policing configuation on a SRX650.
> I have it configured to police inbound and outbound traffic to 40Mb.
>
> The config to make this happen is:
>
> configuration firewall policer police-customer | display set
> set firewall policer police-customer if-exceeding bandwidth-limit 39m
> set firewall policer police-customer if-exceeding burst-size-limit 1m
> set firewall policer police-customer then discard
>
> So this works really well for outbound traffic - speeds test show that it
> sits right on 40Mb.
> However for my inbound traffic I see that speeds get well above 40Mb -
> around 65 to 70 actually.
>
> The policier is applied to the customers interface in both the inbound and
> outbound direction.
>
> I'm thinking the burst size could be too big perhaps?
>
> Thanks.
> Luca.
>
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
More information about the juniper-nsp
mailing list