SRX Services Gateway
SRX Services Gateway

SRX 300 policer Bandwidth issues

‎08-13-2019 06:39 AM

We have a SRX where x2 ports are configured with seprarate IP networks. Both ports are capped to 100 mbps but when running a speedtest on separate ports we get full BW however runing a speedtest on both ports at the same time gives us only half the full 200 bandwidth.

 

Model: srx300
Junos: 15.1X49-D70.3
JUNOS Software Release [15.1X49-D70.3]

 

irewall {
family inet {
filter limit-100 {
term 0 {
then {
policer 100m;
accept;
}
}
}
}
policer 100m {
if-exceeding {
bandwidth-limit 100m;
burst-size-limit 5m;
}
then discard;
}

 

 

description Customer;
unit 0 {
family inet {
filter {
input limit-100;
output limit-100;
}

 

 

 

6 REPLIES 6
SRX Services Gateway

Re: SRX 300 policer Bandwidth issues

‎08-13-2019 07:01 AM

Hello,

Please add this line into the filter config

 

set firewall family inet filter limit-100 interface-specific

 

HTH

Thx

Alex

_____________________________________________________________________

Please ask Your Juniper account team about Juniper Professional Services offerings.
Juniper PS can design, test & build the network/part of the network as per Your requirements

+++++++++++++++++++++++++++++++++++++++++++++

Accept as Solution = cool !
Accept as Solution+Kudo = You are a Star !
SRX Services Gateway

Re: SRX 300 policer Bandwidth issues

‎08-13-2019 07:16 AM

Hi Simon,

 

May I know on which interface youre applying the policing filter? On the Ingress interface or Egress Interface?



Thanks,
π00bm@$t€®.
Please, Mark My Solution Accepted if it Helped, Kudos are Appreciated too!!!
SRX Services Gateway

Re: SRX 300 policer Bandwidth issues

‎08-13-2019 07:57 AM

Hi Simon,

 

The below configuration worked for me which is similar to yours(only difference is I'm testing with 1M limit) and I have applied the filter in Ingress interface.

 

I have tested the traffic with fast.com, speedtest.net is not working for me.

 

set firewall family inet filter TEST term 1 then policer 1MB
set firewall family inet filter TEST term 1 then accept
set firewall policer 1MB if-exceeding bandwidth-limit 1m
set firewall policer 1MB if-exceeding burst-size-limit 625k
set firewall policer 1MB then discard

set interfaces ge-0/0/2 unit 0 family inet filter input TEST
set interfaces ge-0/0/2 unit 0 family inet filter output TEST
set interfaces ge-0/0/2 unit 0 family inet address 192.168.11.11/24



Thanks,
π00bm@$t€®.
Please, Mark My Solution Accepted if it Helped, Kudos are Appreciated too!!!
SRX Services Gateway

Re: SRX 300 policer Bandwidth issues

‎08-13-2019 09:18 AM

This is how its configured on my end on x2 LAN ports

show configuration interfaces ge-0/0/0
description Customer;
unit 0 {
family inet {
filter {
input limit-100;
output limit-100;

show configuration interfaces ge-0/0/1
description Customer;
unit 0 {
family inet {
filter {
input limit-100;
output limit-100;
}

 

so it would mean its both download/upload- it works fine if single port is tested but if you run speed test on both ports at the same time we get half the throughput. 

 

I hope it makes sense. 

 

SRX Services Gateway

Re: SRX 300 policer Bandwidth issues

[ Edited ]
‎08-13-2019 11:33 AM

Simon,

 

Correct me if I'm wrong.

 

So, when you test the bandwidth simultaneously for the interfaces, you're getting 100M shared; which means  ge-0/0/0 = 50M and ge-0/0/1 = 50M.

 

However, you would like to get dedicated 100M for both the interfaces. Correct?



Thanks,
π00bm@$t€®.
Please, Mark My Solution Accepted if it Helped, Kudos are Appreciated too!!!
SRX Services Gateway

Re: SRX 300 policer Bandwidth issues

‎08-15-2019 01:22 AM

Total Bandwitdh on WAN port is 200 Mbps and we have shared 100 Mbps on each LAN port facing customer. When performing testing on individual LAN ports customer indeed gets 100 Mbps but when performed speed test on both ports simulataneouly customer is seeing less than 100 mbps on each port.