SRX 240 CoS what if I need more than 8 forwarding classes

‎08-23-2016 08:10 AM

On existing SRX 240 I need to provide CoS solution for an office that needs to segregate 25 VLAN-s.

Need to provide equal treatment to all VLAN-s, meaning every VLAN gets equal share of uplink bandwidth.

In other words, need to prevent situation where bursting in one VLAN can take other VLAN-s into congestion.


Let's say I got 50 Mb/s uplink with ISP.

I want to guaranty each of 25 VLAN-s with at least 2 Mb/s bandwidth, but in queit time, to allow those VLAN-s that pass traffic, to exceed 2 Mb/s and equaly share available bandwidth.

For instance, each VLAN getting 2 Mb/s, but if only 5 VLAN-s transmit at a time, each can get up to 10 Mb/s.


Limitation I hit was that there are only 8 HW queues and I have to map a forwarding class to a queue. i.e. I can't get different forwarding classes to share a queue...


How would you do this on SRX?

Re: SRX 240 CoS what if I need more than 8 forwarding classes

‎08-23-2016 08:31 AM


AFAIK, only 8 queues are possible, however you can have more than 8 forwarding classes [FC] but 1:1 mapping of FC to queue would not be possible.


I believe the requirement can be met using a combination of per vlan policing [rate-limit] and 2 FCs.

Rate-limit to 2Mbps for each VLAN, on breach assign traffic to a lower priority FC.  The default traffic goes through a queue with only tail-drops, while the burst traffic goes through a lower priority queue and more susceptible to QoS drops.



firewall {
    policer test {
        if-exceeding {
            bandwidth-limit 2m;
            burst-size-limit 2k;
        then forwarding-class POLICE;