[rbak-nsp] Qos policy Metering problem

Michał Przywuski mprzywuski at jmdi.pl
Thu May 12 08:09:03 EDT 2016


Hi , i try configure Qos policy on RedBack Se800 , and i have a problem. 
Policy Upload is working but on download no. Can you check my config and 
give me advice ? Thanks

Michal Przywuski [PL]

context local
!
  no ip domain-lookup
!
  ip nat pool NAPT-pool-1 napt multibind
   address 10.10.12.34/32 port-block 1 to 15
!
  nat policy nat-policy-1
! Default class
   pool NAPT-pool-1 local
   icmp-notification
!
  interface Radius1
   ip address 10.10.7.5/24
!
  interface TT
   ip address 10.11.43.5/24
!
  interface mgnt
   ip address 10.3.14.22/24
!
  interface test multibind
   ip address 192.168.1.1/24
   dhcp server interface
  logging console
!
  router bgp 64110
!
  enable encrypted 1 $1$2vJpnu3B$ABpNM8b0y8uscvQ9j1oYg1
  enable authentication local
!
  aaa authentication administrator local
  aaa authentication subscriber radius
!
  administrator admin encrypted 1 $1$w4EVhqNQ$X/EN37bcvl06xvo0S583r.
    privilege max 15
!
  radius server 10.3.37.136 encrypted-key 3828082561D6BDD6
  radius max-retries 2
  radius timeout 2
!
  subscriber profile test
!
  ip route 0.0.0.0/0 10.3.14.1
  ip route 10.10.12.0/24 context bgp
  ip route 10.10.12.0/24 10.11.43.12
  ip route 10.11.43.0/24 context bgp
  service ssh server
!
  dhcp server policy
    option router 192.168.1.1
    option domain-name-server 8.8.8.8
    subnet 192.168.1.0/24
      range 192.168.1.100 192.168.1.130
!
!
!
context bgp
!
  no ip domain-lookup
!
  interface Lo loopback
   ip address 10.10.12.37/24
!
  interface TT2
   ip address 10.11.43.10/24
  no logging console
!
  ip route 0.0.0.0/0 context CLIPS
  ip route 10.3.14.0/24 context local
  ip route 192.168.1.0/24 context local
  ip route 192.168.8.0/24 context CLIPS
!
!
!
!
context lo
!
  no ip domain-lookup
  no logging console
!
!
!
!
context CLIPS
!
  no ip domain-lookup
!
  ip nat pool NAT-0 napt multibind
   address 10.10.12.15/32 port-block 1 to 15
!
  nat policy 1
! Default class
   pool NAT local
   icmp-notification
!
  nat policy NAT
   connections icmp maximum 50
! Default class
   ignore
   admission-control tcp
   admission-control udp
   admission-control icmp
   endpoint-independent filtering udp
   icmp-notification
! Named classes
   access-group NAT-ACL
    class default
     pool NAT CLIPS
     icmp-notification
!
  interface LO2 loopback
!
  interface MAIN multibind
   ip address 192.168.8.1/24
   ip mtu 1500
   dhcp server interface
   ip icmp suppress packet-too-big
   ip arp timeout 900
   ip nat NAT
!
  interface RADIUS
   ip address 10.15.1.1/24
!
  interface TT2
   ip address 10.11.43.10/24
!
  interface WAN
   ip address 10.10.12.44/24
  no logging console
!
  policy access-list ABON-OUT
   seq 10 permit ip any any class INET
!
  policy access-list NAT-ACL
   seq 10 permit ip 192.168.8.0 0.0.0.255 class default
!
  router bgp 64530
   router-id 10.1.1.1
   confederation identifier 64530
   address-family ipv4 unicast
    redistribute connected
    network 10.11.43.0/24
!
   neighbor 10.11.43.12 external
     remote-as 64535
     send community
     address-family ipv4 unicast
!
  aaa authentication administrator local
  aaa authentication administrator maximum sessions 1
  aaa authentication subscriber radius
!
  radius server 10.15.1.2 encrypted-key 3828082561D6BDD6
  radius max-retries 2
  radius timeout 2
!
  subscriber profile test
  subscriber profile TEST
    qos policy policing 2-OUT
    qos policy metering 4M-out
    dhcp max-addrs 5
!
  ip route 0.0.0.0/0 10.11.43.12
!
  dhcp server policy
    option router 192.168.8.1
    option domain-name-server 8.8.8.8
    subnet 192.168.8.0/24
      range 192.168.8.80 192.168.8.180
!
!
!
context BGP
!
  no ip domain-lookup
  no logging console
!
!
!
!
! ** End Context **
logging debug
logging tdm console
logging active
logging standby short
logging display-info
!
!
!
!
qos policy 2-IN metering
  rate 2000 burst 250000 excess-burst 375000
!
qos policy 2-OUT policing
  rate 2000 burst 250000 excess-burst 375000
!
qos policy 200k_m metering
  rate 200 burst 37500 counters
!
qos policy 2M-in policing
  rate 2000 burst 250000
  rate-calculation exclude layer-2-overhead
!
qos policy 2M-out metering
  ip access-group ABON-OUT CLIPS
   class INET
    rate 1000 burst 12500
  rate-calculation exclude layer-2-overhead
!
qos policy 4M metering
  rate 50 burst 37500 counters
  rate-calculation exclude layer-2-overhead
!
qos policy 4M-in policing
  rate 4000 burst 600000
!
qos policy 4M-out metering
  rate 2000 burst 2500 excess-burst 3750
!
forward policy NAT
!
qos policy e4:8d:8c:65:4b:00 protocol-rate-limit
!
qos policy test metering
  rate 100 burst 37500 counters
  rate-calculation exclude layer-2-overhead
!
!
!
!
!
card 10ge-4-port 1
!
port ethernet 1/1
  description ToArista
  shutdown
  encapsulation dot1q
!
card 10ge-4-port 2
!
port ethernet 2/1
  no shutdown
  encapsulation dot1q
  service clips dhcp context CLIPS
  dot1q pvc 371
   bind interface RADIUS CLIPS
  dot1q pvc 372
   service clips dhcp context CLIPS
  dot1q pvc 373
   bind interface TT2 CLIPS
!
!
port ethernet 8/1
! XCRP management ports on slot 8 and 7 are configured through 8/1
  no shutdown
  bind interface mgnt local
!
no ipv6 path-mtu-discovery discovery-interval
!
no system alarm air-filter
system alarm redundancy suppress
system hostname Dareek
system description 0_o Dareek
!
!
!
end

-- 

Michał Przywuski
Administrator sieci.



More information about the redback-nsp mailing list