[j-nsp] Junos SRX AppQos

Mark Menzies mark at deimark.net
Tue Aug 12 03:35:20 EDT 2014 

I have had this deployed on my home SRX to test.  I used it to rate limit
p2p apps while I was working from home and it seemed to work perfectly. :)

application-traffic-control {
    rate-limiters 1m {
        bandwidth-limit 1048576;
        burst-size-limit 1048576;
    }
    rule-sets torrent {
        rule 1 {
            match {
                application [ junos:BITTRACKER junos:BITTORRENT-APPLICATION
junos:BITTORRENT-DHT junos:BITTORRENT-DHT4 junos:BITTORRENT-UDP
junos:BITTORRENT-WEB-CLIENT ];
                application-group [ junos:p2p junos:p2p:file-sharing ];
            }
            then {
                rate-limit {
                    client-to-server 1m;
                    server-to-client 1m;
                    loss-priority-high;
                }
            }
        }
    }
}

Then apply the rate limiter to a sec policy.

show configuration security policies from-zone trust to-zone untrust policy
scheduled-outbound
match {
    source-address any;
    destination-address any;
    application any;
}
then {
    permit {
        application-services {
            idp;
            application-traffic-control {
                rule-set torrent;
            }
        }
    }
    log {
        session-close;
    }
    count;
}
scheduler-name office-hours;


On 12 August 2014 10:02, James Baker <james at jgbaker.co.nz> wrote:

> Cheers Matt; that will get me going
>
>
>
> -----Original Message-----
> From: juniper-nsp [mailto:juniper-nsp-bounces at puck.nether.net] On Behalf
> Of Matt Bernstein via juniper-nsp
> Sent: Tuesday, 12 August 2014 4:59 p.m.
> To: juniper-nsp at puck.nether.net
> Subject: Re: [j-nsp] Junos SRX AppQos
>
> On 12/08/2014 05:51, James Baker wrote:
> > Does anyone have any docs or links to docs/blogs which give some
> examples? Or an sanitized code snippet?
> The O'Reilly is pretty good.
>
>
> http://chimera.labs.oreilly.com/books/1234000001633/ch12.html#application_quality_of_service
>
> Matt
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>

More information about the juniper-nsp mailing list