[j-nsp] Policing On LAG's - Update!

Mark Tinka mark.tinka at seacom.mu
Thu Sep 24 10:00:31 EDT 2015


Hi all.

So for the archives - this issue turned out to be a bug. Juniper have
filed it under:

	PR1098486

	"The "shared-bandwidth-policer" knob is used to enable
	configuration of interface-specific policers applied on an
	aggregated Ethernet bundle to match the effective bandwidth and
	burst-size to user-configured values. But this feature is
	broken from Junos release 14.1R1 when "enhanced-ip" is
	configured on MX platform with pure trio-based line cards. The
	bandwidth/burst-size of policers attached to Aggregated
	Ethernet interfaces are not dynamically updated upon member
	link adding or deletion."

The issue is resolved in Junos 14.2R4 and 15.1R2.

We have tested 14.2R4.9 and confirm that the issue is, indeed, resolved.

If you can't upgrade to from 14.1 through to anything pre-14.2R4, the
workaround is to delete, commit, re-apply and commit the srTCM firewall
policers.

In case you are using trTCM policers, I found that the above workaround
doesn't work - your only option is to delete the policer at the
interface level, commit, re-apply and commit again.

The problem with the workaround is that if one of your MPC's that has a
port in the LAG was to ever restart (for whatever reason), you could end
up seeing this issue again, and would need to re-apply the workarounds.

Hope this helps anyone else out there that could be facing this issue.

Mark.


More information about the juniper-nsp mailing list