Routing
Reply
Visitor
ppetro@mail.lviv.ua
Posts: 4
Registered: ‎04-07-2011
0

rate-limit on aggregate interface

Hello,

 

I have the following problem with rate-limit on aggregate interface:

 

> show configuration interfaces ae4    
vlan-tagging;
aggregated-ether-options {
    link-speed 10g;
    lacp {
        active;
    }
}
unit 1296 {
    description SNMP_1343423;
    vlan-id 1296;
    family inet {
        policer {
            input 2300m-pipe;
            output 2300m-pipe;
        }
        address x.y.z.1/30;
    }
}
> show configuration firewall policer 2300m-pipe 
if-exceeding {
    bandwidth-limit 2300000000;
    burst-size-limit 20m;
}
then discard;
But, this rate-limit doesn't work on aggregate interface.
Any idea?
Best regards.

 

Distinguished Expert
muttbarker
Posts: 2,376
Registered: ‎01-29-2008
0

Re: rate-limit on aggregate interface

You need to "apply" the policier using a firewall filter. What you did was to define the policier values but they are implemented via firwewall filter.

 

firewall {

     family inet { 

            filter filter-example-1 {

                 term policer-example-term {

                         from {

                                 protocol tcp;  <your match condition that the traffic is tested on>

                         }

                         then {

                                 policer 2300m-pipe; <your action to be taken for this traffic>

               }

        }

  }

 

Note that the default behavior when using firewall filters is to reject ALL traffic that is not specifcally processed by the match / then clauses. So if you matched on a specific subnet cause that was what you were trying to throttle then you would also need a second term with a clause of accept to allow the remaining "non-matched" traffic to be processed.

 

IE:

               term accept-other-traffic {

                         then accept;

               }

        }

  }

Kevin Barker
JNCIP-SEC
JNCIS-ENT, FWV, SSL, WLAN
JNCIA-ER, EX, IDP, UAC, WX
Juniper Networks Certified Instructor
Juniper Networks Ambassador

Juniper Elite Reseller
J-Partner Service Specialist - Implementation

If this worked for you please flag my post as an "Accepted Solution" so others can benefit. A kudo would be cool if you think I earned it.
Distinguished Expert
mikep
Posts: 483
Registered: ‎06-30-2009
0

Re: rate-limit on aggregate interface

Hi,

 

what exactly does not work and on which plattform? Your configuration with policer defined under logical unit is OK.

 

Kind Regards

Michael Pergament

Visitor
ppetro@mail.lviv.ua
Posts: 4
Registered: ‎04-07-2011
0

Re: rate-limit on aggregate interface

Hi,

 

The router is Juniper MX960.

 

Everything works fine(rate-limit) if the traffic is not on aggragate interface. The customer doesn't use more then the speed in rate-limit.

If I set the rate-limit on aggregate interface the rate-limit doesn't work.

 

Thank you.

 

Best regards.

 

Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.