Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[SRX] Traffic shaping behavior on one single SRX output aggregated interface

0

0

Article ID: KB31497 KB Last Updated: 01 May 2017Version: 1.0
Summary:

This article explains the behavior on SRX when setting traffic shaping on one single aggregated interface.

Symptoms:

In SRX, when traffic shaping is applied on an output aggregated interface with a given bandwidth limit, the limit applied to the aggregated interface will not work as configured. The real output traffic will be divided by the number of AE binding interfaces.

Example:

Shaping-rate 200m <-- On the output interface AE
The AE interface includes two physical interfaces.
The traffic going out of the AE interface will be about 100mbps

Topology

Solution:

Assuming you want to limit traffic coming from the subnet 10.1.1.0/24 to 200Mbps on the outgoing interface ae1.

Configuration:

Select a firewall filter to filter the traffic coming from source 10.1.1.0/24 to forward the traffic to a particular forwarding-class.
 
set firewall family inet filter test-traffic term 1 from source-address 10.1.1.0/24
set firewall family inet filter test-traffic term 1 from destination-address 20.1.1.0/24
set firewall family inet filter test-traffic term 1 then forwarding-class Test_200m
set firewall family inet filter test-traffic term 1 then accept
set firewall family inet filter test-traffic term default then forwarding-class best-effort
set firewall family inet filter test-traffic term default then accept

Apply the firewall filter as output on the egress interface. This firewall will filter out the traffic when the traffic is leaving ae1.
Enable per-unit-scheduling on the interface so that all the units will be applied with the CoS configuration.

set interfaces ge-2/0/0 gigether-options 802.3ad ae0
set interfaces ge-2/0/1 gigether-options 802.3ad ae0
set interfaces ge-2/0/2 gigether-options 802.3ad ae1
set interfaces ge-2/0/3 gigether-options 802.3ad ae1
set interfaces ae0 vlan-tagging
set interfaces ae0 unit 77 vlan-id 77
set interfaces ae0 unit 77 family inet address 10.1.1.254/24
set interfaces ae1 per-unit-scheduler
set interfaces ae1 vlan-tagging
set interfaces ae1 unit 3560 vlan-id 3560
set interfaces ae1 unit 3560 family inet filter output test-traffic
set interfaces ae1 unit 3560 family inet address 20.1.1.254/24

Select different kinds of schedulers that configure the priority rate and the amount of traffic that can be transmitted.
Map the individual scheduler to the forwarding class in scheduler-maps.

set class-of-service forwarding-classes queue 0 best-effort
set class-of-service forwarding-classes queue 4 Test_200m
set class-of-service interfaces ae1 unit 3560 scheduler-map cos-map
set class-of-service interfaces ae1 unit 3560 shaping-rate 2g
set class-of-service scheduler-maps cos-map forwarding-class Test_200m scheduler band_200m
set class-of-service scheduler-maps cos-map forwarding-class best-effort scheduler be-scheduler
set class-of-service schedulers be-scheduler transmit-rate remainder
set class-of-service schedulers be-scheduler buffer-size remainder
set class-of-service schedulers be-scheduler priority high
set class-of-service schedulers band_200m shaping-rate 200m
set class-of-service schedulers band_200m priority high

Verification:



 

Related Links

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search