How can I prioritize traffic coming from ISP on SRX
2 weeks ago
Is there any way to prioritize traffic coming from ISP? For exampe start to drop packets from an HTTP transfer(download), but keep UDP VoIP packets when we reach the upper limit of the contracted bandwidth from ISP.
So if somebody from my LAN protected by the SRX does a big download he could exhaust all the cotracted bandwidth and i cannot do anything about that?
Generally speaking yes. Because the packets are already on the wire. Your best hope is that this rogue downloader uses TCP and if You drop some of his/her packets, the TCP will slow down. If s/he uses UDP, then You may find out that it reacts less willingly, and if Your SRX is hit by a DDOS flood attack, You'd see that dropping packets _after_ Your SRX picked it from ISP wire is useless in freeing the download bandwidth on the ISP wire.
I'd suggest You look into individually rate-limiting applications that are TCP-based (and do respond to packet drops) using AppQoS rate-limiters, for instance