SRX

Hi All,

I've few VPN tunnels i i'm trying to limit the bandwidth based on the average utilization of the tunnels.

How can i know the utilization of a VPN tunnel ? I've an ISP link of 10Mbps i would like to put bandwidth limits on the tunnels.

Thanks for any inputs.

Regards,

Chandu

Hi,

racharla.chandrakan… said

________________________________________

How can i know the utilization of a VPN tunnel ?

________________________________________

I'm affraid there is no way to do that on SRX .
Also , you need to know that over the VPN you will get the 1/4th of the actual bandwidth speed over the VPN based on the model and VPN throughput as well as link speed.
http://forums.juniper.net/t5/SRX-Services-Gateway/High-RTD-via-S2S-VPN/m-p/284382#M38986

I think you might want to install PRTG or MRTG or Solarwind .. and try to monitor the st interface . But then you'll need to configure the interface speed . for example:

I've zabbix monitoringn tool which works on SNMP so i think if my device can send snmp info for 'st' nterfaces then i can get the traffic stats.

But i couldn't see an option to set speed on the st interfaces, any idea ? Or am i travelling in the wrong direction?

# set interfaces st0 unit 111 ?
Possible completions:
<[Enter]> Execute this command
+ apply-groups Groups from which to inherit configuration data
+ apply-groups-except Don't inherit configuration data from these groups
description Text description of interface
disable Disable this logical interface
encapsulation Logical link-layer encapsulation
> family Protocol family
multipoint Multipoint connection
no-traps Don't enable SNMP notifications on state changes
point-to-point Point-to-point connection
> ppp-options Point-to-Point Protocol interface-specific options
> radio-router Parameters for dynamic link cost management
traps Enable SNMP notifications on state changes
| Pipe through a command
{primary:node0}[edit]

# set interfaces st0 unit 111 family ?
Possible completions:
+ apply-groups Groups from which to inherit configuration data
+ apply-groups-except Don't inherit configuration data from these groups
> inet IPv4 parameters
> inet6 IPv6 protocol parameters
> mlfr-end-to-end Multilink Frame Relay end-to-end protocol parameters
> mlfr-uni-nni Multilink Frame Relay UNI NNI protocol parameters
> mlppp Multilink PPP protocol parameters
> mpls MPLS protocol parameters
> vpls Virtual private LAN service parameters
{primary:node0}[edit]

# set interfaces st0 unit 111 family inet ?
Possible completions:
<[Enter]> Execute this command
> address Interface address/destination prefix
+ apply-groups Groups from which to inherit configuration data
+ apply-groups-except Don't inherit configuration data from these groups
mtu Protocol family maximum transmission unit
negotiate-address Negotiate address with remote
> next-hop-tunnel One or more next-hop tunnel tables
no-neighbor-learn Disable neighbor address learning on interface
> sampling Interface sampling
unconditional-src-learn Glean from arp packets even when source cannot be validated
| Pipe through a command
{primary:node0}[edit]
# set interfaces st0 unit 111 family inet

Regards,

Chandu

Hi,

Since there is no need to monitor st interface bandwidth, Since its not a physical interface, there is no option to setup st interface speed .
In my case I set 100 Mbps in the solarwind just to emulate the speed relatively .
AFAIK , over VPN you'll get 1/4 of the actual speed .