Routing
Reply
Visitor
Posts: 4
Registered: ‎04-07-2011
0

rate-limit on aggregate interface

Hello,

 

I have the following problem with rate-limit on aggregate interface:

 

> show configuration interfaces ae4    
vlan-tagging;
aggregated-ether-options {
    link-speed 10g;
    lacp {
        active;
    }
}
unit 1296 {
    description SNMP_1343423;
    vlan-id 1296;
    family inet {
        policer {
            input 2300m-pipe;
            output 2300m-pipe;
        }
        address x.y.z.1/30;
    }
}
> show configuration firewall policer 2300m-pipe 
if-exceeding {
    bandwidth-limit 2300000000;
    burst-size-limit 20m;
}
then discard;
But, this rate-limit doesn't work on aggregate interface.
Any idea?
Best regards.

 

Distinguished Expert
Posts: 2,397
Registered: ‎01-29-2008
0

Re: rate-limit on aggregate interface

You need to "apply" the policier using a firewall filter. What you did was to define the policier values but they are implemented via firwewall filter.

 

firewall {

     family inet { 

            filter filter-example-1 {

                 term policer-example-term {

                         from {

                                 protocol tcp;  <your match condition that the traffic is tested on>

                         }

                         then {

                                 policer 2300m-pipe; <your action to be taken for this traffic>

               }

        }

  }

 

Note that the default behavior when using firewall filters is to reject ALL traffic that is not specifcally processed by the match / then clauses. So if you matched on a specific subnet cause that was what you were trying to throttle then you would also need a second term with a clause of accept to allow the remaining "non-matched" traffic to be processed.

 

IE:

               term accept-other-traffic {

                         then accept;

               }

        }

  }

Kevin Barker
JNCIP-SEC
JNCIS-ENT, FWV, SSL, WLAN
JNCIA-ER, EX, IDP, UAC, WX
Juniper Networks Certified Instructor
Juniper Networks Ambassador

Juniper Elite Reseller
J-Partner Service Specialist - Implementation

If this worked for you please flag my post as an "Accepted Solution" so others can benefit. A kudo would be cool if you think I earned it.
Distinguished Expert
Posts: 483
Registered: ‎06-30-2009
0

Re: rate-limit on aggregate interface

Hi,

 

what exactly does not work and on which plattform? Your configuration with policer defined under logical unit is OK.

 

Kind Regards

Michael Pergament

Highlighted
Visitor
Posts: 4
Registered: ‎04-07-2011
0

Re: rate-limit on aggregate interface

Hi,

 

The router is Juniper MX960.

 

Everything works fine(rate-limit) if the traffic is not on aggragate interface. The customer doesn't use more then the speed in rate-limit.

If I set the rate-limit on aggregate interface the rate-limit doesn't work.

 

Thank you.

 

Best regards.

 

Copyright© 1999-2015 Juniper Networks, Inc. All rights reserved.