Junos
Reply
Contributor
icepicknz
Posts: 25
Registered: ‎01-22-2009
0

two-rate Firewall Policer CIR & PIR

Currently we assign customers a policer such as:

 

policer 10M {
    if-exceeding {
        bandwidth-limit 10m;
        burst-size-limit 1m;
    }
    then discard;
}

 

I am wanting to change the way we do things and create a pool (size of internet we have) of say 100Mb. I then want to create CIR & PIR profiles and assign customers to these. At all points the CIR should be available to the customers, though if someone isn't using the CIR then allow them to use the PIR. For instance, the customer has a CIR of 10Mb but can reach 20Mb when other people aren't using their CIR.

 

I haven't been able to find many examples but here is one...

 

two-rate {
committed-information-rate 10m;
committed-burst-size 500k;
peak-information-rate 20m;
peak-burst-size 500k;
}

 

My question is,

1./ how do I create the pool of total available bandwidth to myself.

2./ How do I manage how long the customer can use PIR (i.e. if someone starts using their CIR reduce this customers PIR)

3./ Are my burst size's correct and how should these be calculated?

4./ Does this method use a lot more resources than our current implementation due to the token buckets?

 

Not many examples available on the internet or forums from what I can find.

 

Many thanks

Barry

 

Super Contributor
jwparks
Posts: 157
Registered: ‎04-20-2009
0

Re: two-rate Firewall Policer CIR & PIR

I think you are going to need to use a -Q card and build traffic control profiles.

 

https://www.juniper.net/techpubs/software/junos/junos93/swconfig-cos/configuring-cos-hierarchical-sc...

 

I don't have an example of this though.

Super Contributor
Super Contributor
Ulf
Posts: 145
Registered: ‎11-13-2008
0

Re: two-rate Firewall Policer CIR & PIR

 

Hi,

 

not sure QoS per se solves this. Upstream one could mark traffic beyond CIR on a per customer basis and thereby ensure that on the backbone int a policer can distinguish between "below CIR" and "above CIR" and allow "above CIR" from various customers to compete for free bandwidth. But for downstream I don't see a way to properly do this ... But I'd love to see some more QoS adept reader correct me on this.

 

Best Regards

 

Ulf

If this worked for you please flag my post as an "Accepted Solution" so others can benefit. A kudo would be cool if you think I earned it.
Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.