SRX Services Gateway
Highlighted
SRX Services Gateway

Shaping on multiple st0 interfaces

‎06-14-2019 10:28 PM
Hi, we have a hub and spoke topology with multiple remote sites. Ipsec tunnels have been implemented through layer 2 (different vlans) connections to each site. On the hub site the outside interface is ae with 2 member ports, per-unit-schedulers is enabled as well. We phase an issue when we enable shaping per subinterface or per st0 tunnel, some of the tunnels fail and no traffic is flowing to the sites. Physical link speeds vary from 128kbps to 2mbps. The shaping is performed on the actual physical link speed. If we shape on the 95% of the physical link speed, will this be helpful ?
Do you have any suggestions?
6 REPLIES 6
SRX Services Gateway

Re: Shaping on multiple st0 interfaces

‎06-14-2019 11:59 PM

I am guessing your device must be running software version above 15.1X49-D60 or above. There are few suggestion based on Juniper documentation.

 

When defining a CoS shaping rate on an st0 tunnel interface, consider the following restrictions:

The shaping rate on the tunnel interface must be less than that of the physical egress interface.

The shaping rate only measures the packet size that includes the inner Layer 3 cleartext packet with an ESP/AH header and an outer IP header encapsulation. The outer Layer 2 encapsulation added by the physical interface is not factored into the shaping rate measurement.

The CoS behavior works as expected when the physical interface carries the shaped GRE or IP-IP tunnel traffic only. If the physical interface carries other traffic, thereby lowering the available bandwidth for tunnel interface traffic, the CoS features do not work as expected.

SRX Services Gateway

Re: Shaping on multiple st0 interfaces

‎06-15-2019 03:09 AM
Yes software 15.1X49-D160.
Basicly what is the difference on applying the shaping on ae units instead of st0 interfaces ?i have tried that with the same result. What is your recomendation ?No shaping on physical interface, shaping on st0 95% of tunnel link speed or shaping on ae units 95% of link speed ?
SRX Services Gateway

Re: Shaping on multiple st0 interfaces

‎06-17-2019 12:07 PM

Hello Cevangelu,

 

The shaping feature is very much designed for and applied at the driver level as it is the last action on an outgoing packet.

 

Also the support of CoS on st0 exists on Point-To-Point only (not multipoint).

 

Please refer :- 

 

https://www.juniper.net/documentation/en_US/junos/topics/concept/understanding-cos-support-on-st0.ht...

 

If you are using point to mulit-point tunnels, I would suggest a CoS on the physical interface instead of st0.

 

Thanks!

SRX Services Gateway

Re: Shaping on multiple st0 interfaces

[ Edited ]
‎06-17-2019 11:10 PM

No I am using p-2-p tunnels. and i have tried to shape even on vlan units not only st0.x tunnels.

I use as oubound interface an ae composed of 2 x 1 GBps links.

My platform is an SRX340.

The device is behaving like the per-unit-shceduler behaviour is not enabled.

It behaves like the shaper is applied to the physical interface.

SRX Services Gateway

Re: Shaping on multiple st0 interfaces

‎06-18-2019 10:25 AM

Hello Cevangelu,

would you be able to attach configuration and IKE/IPSEC traceoptions. This looks to be interesting scenario which needs more deep dive investigation.

SRX Services Gateway

Re: Shaping on multiple st0 interfaces

3 weeks ago
Finally, solved the issue with the provider. No matter what configurtion change i performed i could not achieve the desired result. I spoke with my isp in order to verify how the rate limiting is performed from their side.
The isp performed some changes and we tested again, the results were successful this time.
Thanks for help.