SRX Services Gateway
SRX Services Gateway

Bandwidth limit policer not working with Virtual routing instance

‎11-20-2017 06:10 AM

Hi

 

I have configured both upload and download policers and assigned to the LAN interface as given below:

 

ge-0/0/1 {
unit 0 {
family inet {
filter {
input filter-1.5mpbs-upload;
output filter-1.5mpbs-download;
}
address 192.168.2.1/24;
}
}
}

-------------------------

firewall {
policer 1.5mpbs {
if-exceeding {
bandwidth-limit 1048576;
burst-size-limit 262144;
}
then discard;
}
filter filter-1.5mpbs-upload {
term a {
from {
source-address {
192.168.2.0/24;
}
}
then {
policer 1.5mpbs;
routing-instance ISP1;
}
}
term last {
then accept;

filter filter-1.5mpbs-download{
term a {
from {
destination-address {
192.168.2.0/24;
}
}
then {
policer 1.5mpbs;
routing-instance ISP1;
}
}
term last {
then accept;
}
}
}

The traffic comes to halt until i deactivate the policer and filter filter-1.5mpbs-download.

Let me have the solution.

Regards,

AN

2 REPLIES 2
SRX Services Gateway

Re: Bandwidth limit policer not working with Virtual routing instance

‎11-20-2017 08:19 AM
Can you test the same firewall filter without policer and just with routing-instance and see the behavior? This will confirm if it’s a policer issue or some other config like route/routing-instnace issue


filter filter-1.5mpbs {
term a {
from {
source-address {
192.168.102.0/24;
}
}
then {
routing-instance ISP1 ===> removed policer
}
}
term last {
then accept;
filter filter-1.5mpbs-download {
term a {
from {
destination-address {
192.168.2.0/24;
}
}
then {
routing-instance ISP1; ===> removed policer
}
}
term last {
then accept;
}
}
}
Thanks,
Suraj
Please Mark My Solution Accepted if it Helped, Kudos are Appreciated too
SRX Services Gateway

Re: Bandwidth limit policer not working with Virtual routing instance

‎11-20-2017 06:15 PM

Hi,

Thanks for the update.

The policers are in working condition when using default routing instance. (say then accept); (both input and output filters)

The input filter(matching condition source-address) is working with policer using the routing-instance. (say then routing-instance ISP1). 

Only the output filter using destination-address as match condition is not working when using the routing-instance even policer is applied or removed.

In this case, i could not set download limit to the users when routing-instance is used.

Let me have any workaround.

Thanks,

AN