Routing
Highlighted
Routing

How to rate limit ipv4 and ipv6 family on a AE bundle logical interface?

‎05-09-2018 08:12 PM

Hi,

 

I got a situation that I am having issues rate limiting traffic on MX480 with a customer that gets a unit with a vlan and ipv4 and ipv6 family set.

From docs and testing, to share a bandwidth policer with ipv4 and ipv6 family we should use logical interface policer, and rate-limit we must use shared-interface policer knob. But I can´t use both an because of that the customer gets double bandwidh as it should using one option or another.

Is there any workround for rate-limit the whole unit or it´s vlan?

 

Regards,

 

9 REPLIES 9
Highlighted
Routing

Re: How to rate limit ipv4 and ipv6 family on a AE bundle logical interface?

‎05-10-2018 01:34 AM

Hello,

I am not sure what Your actual problem statement is. Can You elaborate where do You see the rate doubling?

If You try the following configuration on 2-link LAG:

set interfaces ge-0/0/0 gigether-options 802.3ad ae0
set interfaces ge-10/0/0 gigether-options 802.3ad ae0
set interfaces ae0 unit 0 family inet policer input P1
set interfaces ae0 unit 0 family inet address 203.0.113.1/24
set interfaces ae0 unit 0 family inet6 policer input P1
set interfaces ae0 unit 0 family inet6 address 2001::203/96
set firewall policer P1 logical-interface-policer
set firewall policer P1 shared-bandwidth-policer
set firewall policer P1 if-exceeding bandwidth-limit 500m
set firewall policer P1 if-exceeding burst-size-limit 32k
set firewall policer P1 then discard

- then the 500Mbit rate is duly divided by 2 and becomes 31.25 MBytes/sec per member link  but the same 31.25 MBytes/sec policer is applied to both IPV4 and IPv6. Verification is below:

regress@R1> request pfe execute target fpc0 command "show policer ae0.0 family inet"      
SENT: Ukern command: show policer ae0.0 family inet

IFD ae0
Input policer
hardware instance:0
======================
        Regular policer 'P1-ae0.0-log_int-i'
        dfw:17001 pfe_id:0
        carve-up factor:0.500 vcuf:0.500
        bandwidth:31250000 bytes/sec, burst size:16000 bytes
        ----------------------



regress@R1> request pfe execute target fpc0 command "show policer ae0.0 family inet6"   
SENT: Ukern command: show policer ae0.0 family inet6

IFD ae0
Input policer
hardware instance:0
======================
        Regular policer 'P1-ae0.0-log_int-i'
        dfw:17001 pfe_id:0
        carve-up factor:0.500 vcuf:0.500
        bandwidth:31250000 bytes/sec, burst size:16000 bytes
        ----------------------



regress@R1> request pfe execute target fpc10 command "show policer ae0.0 family inet"    
SENT: Ukern command: show policer ae0.0 family inet

IFD ae0
Input policer
hardware instance:0
======================
        Regular policer 'P1-ae0.0-log_int-i'
        dfw:17001 pfe_id:0
        carve-up factor:0.500 vcuf:0.500
        bandwidth:31250000 bytes/sec, burst size:16000 bytes
        ----------------------



regress@R1> request pfe execute target fpc10 command "show policer ae0.0 family inet6"   
SENT: Ukern command: show policer ae0.0 family inet6

IFD ae0
Input policer
hardware instance:0
======================
        Regular policer 'P1-ae0.0-log_int-i'
        dfw:17001 pfe_id:0
        carve-up factor:0.500 vcuf:0.500
        bandwidth:31250000 bytes/sec, burst size:16000 bytes
        ----------------------

As You can see, the IPv4 and IPv6 draw credits from the same policer and are rate-limited as an aggregate.

Do You see a different behaviour in Your lab?

HTH

Thx

Alex

 

_____________________________________________________________________

Please ask Your Juniper account team about Juniper Professional Services offerings.
Juniper PS can design, test & build the network/part of the network as per Your requirements

+++++++++++++++++++++++++++++++++++++++++++++

Accept as Solution = cool !
Accept as Solution+Kudo = You are a Star !
Highlighted
Routing

Re: How to rate limit ipv4 and ipv6 family on a AE bundle logical interface?

‎05-10-2018 06:09 AM

Hi aarseniev.

Thanks for your answer.

Here is a 5Gbps policer.. the output is a 2x40Gbps bundle. As you can see I am getting 1.0 factor.. not 0.5 factor as your example.Smiley Sad

below my configuration snippet. Here the 40Gbps interfaces are on the same FPC ( FCP0).

interface ae2.2203 configuration.
vlan-id 2203;
}
family inet {
    policer {
        input shape5g;
        output shape5g;
    }
    address xxxxxxx/30;
}
family inet6 {
    policer {
        input shape5g;
        output shape5g;
    }
    address xxxxxxx/64;
}
{master}[edit firewall policer shape5g]
logical-interface-policer;
shared-bandwidth-policer;
if-exceeding {
    bandwidth-limit 5g;
    burst-size-limit 320k;
}
then discard;

 

SENT: Ukern command: show policer ae2.2203 family inet

IFD ae2
Input policer
hardware instance:0
======================
        Regular policer 'shape5g-ae2.2203-log_int-i'
        dfw:17028 pfe_id:0
        carve-up factor:1.000 vcuf:1.000
        bandwidth:625000000 bytes/sec, burst size:320000 bytes
        ----------------------

Output policer
hardware instance:0
======================
        Regular policer 'shape5g-ae2.2203-log_int-o'
        dfw:17030 pfe_id:0
        carve-up factor:1.000 vcuf:1.000
        bandwidth:625000000 bytes/sec, burst size:320000 bytes
        ----------------------
================ fpc0 ================
SENT: Ukern command: show policer ae2.2203 family inet6

IFD ae2
Input policer
hardware instance:0
======================
        Regular policer 'shape5g-ae2.2203-log_int-i'
        dfw:17028 pfe_id:0
        carve-up factor:1.000 vcuf:1.000
        bandwidth:625000000 bytes/sec, burst size:320000 bytes
        ----------------------

Output policer
hardware instance:0
======================
        Regular policer 'shape5g--ae2.2203-log_int-o'
        dfw:17030 pfe_id:0
        carve-up factor:1.000 vcuf:1.000
        bandwidth:625000000 bytes/sec, burst size:320000 bytes
        ----------------------
Highlighted
Routing

Re: How to rate limit ipv4 and ipv6 family on a AE bundle logical interface?

‎05-10-2018 06:37 AM

Hello,


@Softdados wrote:

Hi aarseniev.

Thanks for your answer.

Here is a 5Gbps policer.. the output is a 2x40Gbps bundle. As you can see I am getting 1.0 factor.. not 0.5 factor as your example.Smiley Sad

below my configuration snippet. Here the 40Gbps interfaces are on the same FPC ( FCP0).


The policer is instantiated per PFE (Packet Forwarding Engine). If both of Your interfaces belong to the same PFE, then the policer will be one and the only. With such single policer the whole LAG will be policed at 5Gbps.

Do You see a different behaviour in Your lab?

HTH

Thx
Alex

 

 

 

_____________________________________________________________________

Please ask Your Juniper account team about Juniper Professional Services offerings.
Juniper PS can design, test & build the network/part of the network as per Your requirements

+++++++++++++++++++++++++++++++++++++++++++++

Accept as Solution = cool !
Accept as Solution+Kudo = You are a Star !
Highlighted
Routing

Re: How to rate limit ipv4 and ipv6 family on a AE bundle logical interface?

‎05-17-2018 07:03 PM

Hi,

Yes.. I tested now a 1Gbps policer for a customer with v4 an v6 using the shared interface policer + logical interface policer, and the result is the same.. doubled bandwitdh for this customer.

I have an ACX5048 too and the same issue happen, unable to shape a whole unit ( single vlan). 

Highlighted
Routing

Re: How to rate limit ipv4 and ipv6 family on a AE bundle logical interface?

‎05-21-2018 12:34 PM

As you can see, it creates two policers, one for each protocol version ( ipv4 an ipv6).

 

 

Highlighted
Routing

Re: How to rate limit ipv4 and ipv6 family on a AE bundle logical interface?

‎06-15-2018 11:53 PM

I tested the same in MX480 and return the following. I am also interest how aarseniev do that Smiley Wink

[edit]
root@mx480# show | display set | match ae0
set interfaces xe-0/0/2 gigether-options 802.3ad ae0
set interfaces xe-0/0/3 gigether-options 802.3ad ae0
set interfaces ae0 unit 0 family inet policer input P1
set interfaces ae0 unit 0 family inet address 203.0.113.1/24
set interfaces ae0 unit 0 family inet6 policer input P1
set interfaces ae0 unit 0 family inet6 address 2001::203/96

[edit]
root@mx480# show firewall policer P1
logical-interface-policer;
shared-bandwidth-policer;
if-exceeding {
    bandwidth-limit 500m;
    burst-size-limit 32k;
}
then discard;

root@mx480> ...est pfe execute target fpc0 command "show policer ae0.0 family inet"
================ fpc0 ================
SENT: Ukern command: show policer ae0.0 family inet

IFD ae0
Input policer
hardware instance:0
======================
        Regular policer 'P1-ae0.0-log_int-i'
        dfw:17001 pfe_id:0
        carve-up factor:1.000 vcuf:1.000
        bandwidth:62500000 bytes/sec, burst size:32000 bytes
        ----------------------

        Regular policer 'P1-ae0.0-log_int-i'
        dfw:17001 pfe_id:1
        carve-up factor:0.000 vcuf:0.000
        bandwidth:0 bytes/sec, burst size:0 bytes
        ----------------------


root@mx480> ...est pfe execute target fpc0 command "show policer ae0.0 family inet6"
================ fpc0 ================
SENT: Ukern command: show policer ae0.0 family inet6

IFD ae0
Input policer
hardware instance:0
======================
        Regular policer 'P1-ae0.0-log_int-i'
        dfw:17001 pfe_id:0
        carve-up factor:1.000 vcuf:1.000
        bandwidth:62500000 bytes/sec, burst size:32000 bytes
        ----------------------

        Regular policer 'P1-ae0.0-log_int-i'
        dfw:17001 pfe_id:1
        carve-up factor:0.000 vcuf:0.000
        bandwidth:0 bytes/sec, burst size:0 bytes
        ----------------------

 

 

Highlighted
Routing

Re: How to rate limit ipv4 and ipv6 family on a AE bundle logical interface?

‎06-16-2018 10:32 AM

Hello,


@Jackey wrote:

I tested the same in MX480 and return the following. I am also interest how aarseniev do that Smiley Wink

        Regular policer 'P1-ae0.0-log_int-i'
        dfw:17001 pfe_id:1
        carve-up factor:0.000 vcuf:0.000
        bandwidth:0 bytes/sec, burst size:0 bytes
        ----------------------

 

 


This is one and the same policer with id 17001. Both IPv4 and IPv6 will draw tokens/credits from the same bucket.

Now, if You trell me how do You tested this policer/come to conclusion that the rate is doubled then I might be able to help further but at the moment I see nothing wrong in the printouts.

HTH

Thx
Alex 

 

 

_____________________________________________________________________

Please ask Your Juniper account team about Juniper Professional Services offerings.
Juniper PS can design, test & build the network/part of the network as per Your requirements

+++++++++++++++++++++++++++++++++++++++++++++

Accept as Solution = cool !
Accept as Solution+Kudo = You are a Star !
Highlighted
Routing

Re: How to rate limit ipv4 and ipv6 family on a AE bundle logical interface?

‎06-18-2018 01:19 PM

Hi, I am the OP and I tested here and the bandwidth is doubled.. and causing alot of trobles because our customers are getting double bandwitdh when using ipv4+ipv6 on the same unit / vlan.

 

Highlighted
Routing

Re: How to rate limit ipv4 and ipv6 family on a AE bundle logical interface?

‎06-18-2018 01:27 PM

Hello,


@Softdados wrote:

Hi, I am the OP and I tested here and the bandwidth is doubled.. and causing alot of trobles because our customers are getting double bandwitdh when using ipv4+ipv6 on the same unit / vlan.

 


Thanks but my question is HOW exactly did You test it.

Please provide test diagram with exact JUNOS version, exact router model, exact linecard model,  interface names+numbers, configuration and printouts showing doubling of conifigured policer rate on the interface + linecard shell printouts when the issue is reproduced.

Thx

Alex

_____________________________________________________________________

Please ask Your Juniper account team about Juniper Professional Services offerings.
Juniper PS can design, test & build the network/part of the network as per Your requirements

+++++++++++++++++++++++++++++++++++++++++++++

Accept as Solution = cool !
Accept as Solution+Kudo = You are a Star !