Hi, we have a hub and spoke topology with multiple remote sites. Ipsec tunnels have been implemented through layer 2 (different vlans) connections to each site. On the hub site the outside interface is ae with 2 member ports, per-unit-schedulers is enabled as well. We phase an issue when we enable shaping per subinterface or per st0 tunnel, some of the tunnels fail and no traffic is flowing to the sites. Physical link speeds vary from 128kbps to 2mbps. The shaping is performed on the actual physical link speed. If we shape on the 95% of the physical link speed, will this be helpful ? Do you have any suggestions?
I am guessing your device must be running software version above 15.1X49-D60 or above. There are few suggestion based on Juniper documentation.
When defining a CoS shaping rate on an st0 tunnel interface, consider the following restrictions:
The shaping rate on the tunnel interface must be less than that of the physical egress interface.
The shaping rate only measures the packet size that includes the inner Layer 3 cleartext packet with an ESP/AH header and an outer IP header encapsulation. The outer Layer 2 encapsulation added by the physical interface is not factored into the shaping rate measurement.
The CoS behavior works as expected when the physical interface carries the shaped GRE or IP-IP tunnel traffic only. If the physical interface carries other traffic, thereby lowering the available bandwidth for tunnel interface traffic, the CoS features do not work as expected.
Yes software 15.1X49-D160. Basicly what is the difference on applying the shaping on ae units instead of st0 interfaces ?i have tried that with the same result. What is your recomendation ?No shaping on physical interface, shaping on st0 95% of tunnel link speed or shaping on ae units 95% of link speed ?
Finally, solved the issue with the provider. No matter what configurtion change i performed i could not achieve the desired result. I spoke with my isp in order to verify how the rate limiting is performed from their side. The isp performed some changes and we tested again, the results were successful this time. Thanks for help.