[j-nsp] Policing On LAG's - Update!
Mark Tinka
mark.tinka at seacom.mu
Thu Sep 24 10:00:31 EDT 2015
Hi all.
So for the archives - this issue turned out to be a bug. Juniper have
filed it under:
PR1098486
"The "shared-bandwidth-policer" knob is used to enable
configuration of interface-specific policers applied on an
aggregated Ethernet bundle to match the effective bandwidth and
burst-size to user-configured values. But this feature is
broken from Junos release 14.1R1 when "enhanced-ip" is
configured on MX platform with pure trio-based line cards. The
bandwidth/burst-size of policers attached to Aggregated
Ethernet interfaces are not dynamically updated upon member
link adding or deletion."
The issue is resolved in Junos 14.2R4 and 15.1R2.
We have tested 14.2R4.9 and confirm that the issue is, indeed, resolved.
If you can't upgrade to from 14.1 through to anything pre-14.2R4, the
workaround is to delete, commit, re-apply and commit the srTCM firewall
policers.
In case you are using trTCM policers, I found that the above workaround
doesn't work - your only option is to delete the policer at the
interface level, commit, re-apply and commit again.
The problem with the workaround is that if one of your MPC's that has a
port in the LAG was to ever restart (for whatever reason), you could end
up seeing this issue again, and would need to re-apply the workarounds.
Hope this helps anyone else out there that could be facing this issue.
Mark.
More information about the juniper-nsp
mailing list