SRX Services Gateway
SRX Services Gateway

Unable to get traffic shaping working on a SRX345

2 weeks ago

I'm convinced I've missed something but I can't for the life of me work out where I am going wrong. I would like to shape traffic on a single physical interface (acting as a switch port) to 2Mbps. I have followed the instructions detailed here: https://www.juniper.net/documentation/en_US/junos/topics/reference/configuration-statement/shaping-r...

 

However when I'm testing the throughput of the port with iperf I am getting near line speed (1Gbps) - I have also checked the throguhput with the monitor command within JunOS and can confirm it reports the same readings.

 

I've included my current configuration below and would really appreciate if anyone could shed any light on where I am gonig wrong:

 

version 15.1X49-D150.2;
system {
    host-name TEST-SRX;
    name-server {
        8.8.8.8;
        8.8.4.4;
    }
    services {
        ssh {
            root-login deny;
            protocol-version v2;
            connection-limit 2;
            rate-limit 2;
        }
        web-management {
            https {
                port 443;
                system-generated-certificate;
                interface fxp0.0;
            }
        }
    }
    max-configurations-on-flash 5;
    max-configuration-rollbacks 5;
    license {
        autoupdate {
            url https://ae1.juniper.net/junos/key_retrieval;
        }
    }
    ntp {
        server 1.2.3.4;
    }
}
chassis {
    aggregated-devices {
        ethernet {
            device-count 2;
        }
    }
}
security {
    forwarding-options {
        family {
            mpls {
                mode packet-based;
            }
        }
    }
}
interfaces {
    ge-0/0/2 {
        ether-options {
            802.3ad ae1;
        }
    }
    ge-0/0/3 {
        ether-options {
            802.3ad ae1;
        }
    }
    ge-0/0/7 {
        per-unit-scheduler;
        unit 0 {
            description "Internet Uplink";
            family ethernet-switching { 
                interface-mode access;
                vlan {
                    members wan-uplink;
                }
            }
        }
    }
    ae1 {
        per-unit-scheduler;
        aggregated-ether-options {
            lacp {
                active;
                periodic slow;
            }
        }
        unit 0 {
            description "Telephony Internet Access";
            family ethernet-switching {
                interface-mode access;
                vlan {
                    members wan-uplink;
                }
            }
        }
    }
    fxp0 {
        unit 0 {
            family inet {
                address 192.168.1.254/24;  
            }
        }
    }
    irb {
        unit 770 {
            family inet {
                address 4.5.6.7.8/29;
            }
        }
    }
}
routing-options {
    static {
        route 192.168.1.0/24 next-hop 192.168.1.1;
    }
}
protocols {
    l2-learning {
        global-mode switching;
    }
    rstp {                              
        interface all;
    }
}
class-of-service {
    interfaces {
        ge-0/0/7 {
            unit 0 {
                shaping-rate 2m;
            }
        }
    }
}
routing-instances {
    WAN-RouteTable {
        instance-type virtual-router;
        interface irb.770;
    }
}
vlans {
    wan-uplink {
        vlan-id 770;
        l3-interface irb.770;           
    }
}

The only slight odditiy is that I'm using the SRX device as a router (Inet and MPLS forwarding mode is set to packet based)

 

7 REPLIES 7
SRX Services Gateway

Re: Unable to get traffic shaping working on a SRX345

2 weeks ago

Hi Jamie,

 

I believe you would like to limit the bandwidth of a particular interface to 2 Mbps. Please correct me if I'm wrong.

 

If that's your requirement, please follow the KB article - https://kb.juniper.net/InfoCenter/index?page=content&id=KB28161 where you can achieve this using policer.

 

Let me know if you face any difficulties.



Thanks,
π00bm@$t€®.
Please, Mark My Solution Accepted if it Helped, Kudos are Appreciated too!!!
SRX Services Gateway

Re: Unable to get traffic shaping working on a SRX345

[ Edited ]
2 weeks ago

Hi, thanks for the suggestion - unfortuantely though I've already tried this Smiley Sad 

 

The policer is configured as below:

 

 

policer policer-2mb {
    if-exceeding {
        bandwidth-limit 2m;
        burst-size-limit 625k;
    }
    then discard;
}

and applied as follows:

 

 

per-unit-scheduler;
unit 0 {
    description "Internet Uplink";
    bandwidth 2m;
    family ethernet-switching {
        interface-mode access;
        vlan {
            members wan-uplink;
        }
        policer {
            input policer-2mb;
            output policer-2mb;
        }
    }
}

But unfortunately this does not take effect

SRX Services Gateway

Re: Unable to get traffic shaping working on a SRX345

2 weeks ago

Hi Jamie,

 

Have you created the firewall filter to call the policer?

 

Please share me the output for the following commands:

 

user@host> show configuration firewall | display set

user@host> show configuration interfaces | display set

user@host> show configuration class-of-service | display set

 



Thanks,
π00bm@$t€®.
Please, Mark My Solution Accepted if it Helped, Kudos are Appreciated too!!!
SRX Services Gateway

Re: Unable to get traffic shaping working on a SRX345

[ Edited ]
2 weeks ago

Hi, yes I've created it (however I also assumed that you could just directly apply the policer without a filter e.g. set interface ge-0/0/7 unit 0 family ethernet-switching police input xyz)? However I applied it anyway just to be sure

 

show configuration firewall | display set

set firewall family ethernet-switching filter filter1 term 0 from ether-type ipv4
set firewall family ethernet-switching filter filter1 term 0 then accept
set firewall family ethernet-switching filter filter1 term 0 then policer policer-2mb
set firewall policer policer-2mb if-exceeding bandwidth-limit 2m
set firewall policer policer-2mb if-exceeding burst-size-limit 625k
set firewall policer policer-2mb then discard

show configuration interfaces | display set

set interfaces ge-0/0/2 ether-options 802.3ad ae1
set interfaces ge-0/0/3 ether-options 802.3ad ae1
set interfaces ge-0/0/7 per-unit-scheduler
set interfaces ge-0/0/7 unit 0 description "Internet Uplink"
set interfaces ge-0/0/7 unit 0 bandwidth 2m
set interfaces ge-0/0/7 unit 0 family ethernet-switching interface-mode access
set interfaces ge-0/0/7 unit 0 family ethernet-switching vlan members wan-uplink
set interfaces ge-0/0/7 unit 0 family ethernet-switching filter input filter1
set interfaces ge-0/0/7 unit 0 family ethernet-switching filter output filter1
set interfaces ge-0/0/7 unit 0 family ethernet-switching policer input policer-2mb
set interfaces ge-0/0/7 unit 0 family ethernet-switching policer output policer-2mb
set interfaces ae1 per-unit-scheduler
set interfaces ae1 aggregated-ether-options lacp active
set interfaces ae1 aggregated-ether-options lacp periodic slow
set interfaces ae1 unit 0 description "Telephony Internet Access"
set interfaces ae1 unit 0 family ethernet-switching interface-mode access
set interfaces ae1 unit 0 family ethernet-switching vlan members wan-uplink
set interfaces fxp0 unit 0 family inet address 192.168.0.254/24
set interfaces irb unit 770 family inet address 4.5.6.7/29

show configuration class-of-service | display set

set class-of-service interfaces ge-0/0/7 unit 0 shaping-rate 2m

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

SRX Services Gateway
Solution
Accepted by topic author jamie15
2 weeks ago

Re: Unable to get traffic shaping working on a SRX345

2 weeks ago
Jamie,

I think we can't apply policing on a switch port and I don't find any document related to SRX.

Could you please try policing on a L3 interface? In this case, it's irb.770


Thanks,
π00bm@$t€®.
Please, Mark My Solution Accepted if it Helped, Kudos are Appreciated too!!!
SRX Services Gateway

Re: Unable to get traffic shaping working on a SRX345

[ Edited ]
2 weeks ago

You are right. After a lot of trial and error it is not possible - however it is quite frsutrating that the CLI lets you configure it quite happily without any warnings. Thanks for your help

SRX Services Gateway

Re: Unable to get traffic shaping working on a SRX345

2 weeks ago

Hey Jamie,

 

I'm glad the policing is working fine.

 

Well, mostly I prefer to work in CLI rather than J-Web. So, not much aware about J-Web.

 

Cheers!!!



Thanks,
π00bm@$t€®.
Please, Mark My Solution Accepted if it Helped, Kudos are Appreciated too!!!