Setting up shaping either through virtual channels of hierarchical shaping

05.14.09   |  
‎05-14-2009 09:48 AM



[disclaimer: sorry for cross-posting this, also mistakenly in the firewalls section] 


I'm pretty new to juniper/JUNOS and have done mostly the things I'm now trying to achieve on a j-series router previously in linux so my terminology might be a bit off, bear with me :-)


I have several /24's allocated to customers on a specific interface which i then subnet into smaller allocations (/30 or /29) and assign these to customers. I have two types of customers, best effort and dedicated. The dedicated customers should have no less and no more than their dedicated bandwidth and the best effort customers share the remains of the link after the dedicated customers have taken their bandwidth. An example of this would be:


ge-0/0/1 (100m)

 dedicated (30m)

  dedicated customer 1 (10m)

  dedicated customer 2 (20m)

 best effort (70m)

  best effort customer 1 (20m)

  best effort customer 2 (10m)


  best effort customer n (10m)


The hierarchical model in the CoS part of the manual describes my scenario rather well but in my case I don't have the customers on separate vlans but on the same vlan, different subnets. Is it possible to achieve that same model or what I'm trying to describe above where customers are classified based on their src/dst subnet?


I have also looked at the virtual channel functionality but this seem specifically geared at controlling upstream speed to certain destinations. I have the hierarchical need but the virtual channels seem a good pick otherwise since it uses different queues and buffers for each channel which is neat since I wan't customers to be unaffected by each others traffic.


Any hints or suggestions with this?


Thanks in advance! 


Re: Setting up shaping either through virtual channels of hierarchical shaping

05.18.09   |  
‎05-18-2009 02:06 AM
Going through the manual for CoS and the forums this weekend (and given the fact that no one has answered the thread) it looks like I'm headed for a linux-solution again. The closest I've come to finding a solution for this is individual (ie. non-hierarchical) policing on each subnet. Since that won't allow for dedicated customers it's not optimal. But it would probably look something like this

firewall {          
    policer CUSTOMER1 {
        if-exceeding {
            bandwidth-limit 10m;
            burst-size-limit 32k;
        then discard;
    filter CUSTOMER1 { 
        term 1 {    
            from {  
                source-address {
            then policer CUSTOMER1;


Re: Setting up shaping either through virtual channels of hierarchical shaping

05.27.09   |  
‎05-27-2009 10:15 PM



In JUNOS, there is a distinction between shapers and policers.  Shapers can be applied wherever there is a memory buffer and an associated queue scheduler -- but policing is practically free and can be applied in many different places.  You can reference a policer in any term in a stateless firewall-filter (what other vendors would call an ACL) or on interfaces/subinterfaces.


In the M/T/MX series routers, shapers are available in each egress port queue (or subinterface queue in the case of the Q PICs).  

The J series works identically, however as it has a software forwarding engine the virtual-channels allow you to run traffic through these "virtual ports" for shaping or queueing before actually egressing a physical port.


So, with that said, you may wish to use a combination of port queueing and virtual channels.


For controlling egress traffic (to customers):

 - if you have 8 customers or less, you can set each customer into a different forwarding-class.  This will serialize their traffic into a different physical egress queue.

 - in the scheduler config, you can specify a transmit rate.  If you use the "exact" keyword, it turns that queue into a shaper.



# set class-of-service scheduler sch-cust1 transmit-rate 10M exact


This will limit egress traffic to that customer will be limited to 10Mb/sec.  Also, because of the way JUNOS uses transmit rate to set queuing priority, you are also saying that up to that 10M, that customer's queue is "in-spec" and is automatically higher priority than a transmit-rate remainder queue.  So, even though the queues may be "low" priority, you are effectively guaranteeing that (in the event of congestion) that each queue is guaranteed at least X amount of traffic (or percentage of bandwidth) -- but no more.


Also, don't let the "priority" keyword fool you.  JUNOS only applies priorities AFTER transmit rates are satisfied.  So:

1) only select all queues that are below transmit rate (remainder is always 0 percent)

 1a) if more than one queue below transmit rate, use highest priority

2) if all queues are above transmit rate, or if there is no packet in a queue that is below transmit rate, then select a queue from the remaining out-of-transmit-spec queues 

 2a) the details of what happens when all queues are out-of-transmit-spec differ between specific ASIC versions.  This excess bandwidth sharing is proportional to the transmit rate in the more modern ASICs/PFEs. 



[edit class-of-service] dbackman@jsr2320# show forwarding-classes { queue 0 best-effort; queue 1 cust1; queue 2 cust2; queue 3 cust3; queue 4 cust4; } interfaces { ge-0/0/0 { scheduler-map sch-cust; } } scheduler-maps { customers { forwarding-class cust1 scheduler sch-cust1; forwarding-class cust2 scheduler sch-cust2; forwarding-class cust3 scheduler sch-cust3; forwarding-class cust4 scheduler sch-cust4; forwarding-class best-effort scheduler sch-custBE; } } schedulers { sch-cust1 { transmit-rate 10m exact; buffer-size percent 10; priority low; } sch-cust2 { transmit-rate 20m exact; buffer-size percent 20; priority low; } sch-cust3 { transmit-rate 10m exact; buffer-size percent 10; priority low; } sch-cust4 { transmit-rate 20m exact; buffer-size percent 20; priority low; } sch-custBE { transmit-rate remainder; buffer-size remainder; priority low; } }


 This, of course assumes that you use a firewall-filter to classify traffic to each specific customer on ingress (not shown in this example).  It would also make sense to leverage the virtual-channel to shape their upstream traffic to the Internet as well.


I hope this gives you a place to get started. 


Dan Backman

Re: Setting up shaping either through virtual channels of hierarchical shaping

06.30.09   |  
‎06-30-2009 04:52 AM
Thank you for your answer! Things got a little stressed when I had to deploy this solution so I didn't have time to test your suggestions but just went for the old linux solution, hopefully I will have time to try this out on junos well before the next deployment!