Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[QFX] Example Configuration - Rate limit for service provider styles

0

0

Article ID: KB35798 KB Last Updated: 29 May 2020Version: 1.0
Summary:

Junos OS supports two different styles of configuration for switch interfaces:

  1. Service provider style
  2. Enterprise style

A a physical interface can be configured to support both styles of configuration using flexible Ethernet services.

Flexible Ethernet services is a type of encapsulation that enables a physical interface to support different types of Ethernet encapsulations at the logical interface level.  Defining multiple per-unit Ethernet encapsulations makes it easier to customize Ethernet-based services to multiple hosts connected to the same physical interface.

Flexible Ethernet services encapsulation can be configured to support the service provided and the enterprise style configuration.

This article provides a rate limit configuration example for service provider and enterprise styles on QFX5K.

Solution:
-------------------------
root@QFX# show interfaces ge-0/0/0
flexible-vlan-tagging;      
encapsulation flexible-ethernet-services;     
unit 1 {
encapsulation vlan-bridge;
family ethernet-switching {
interface-mode trunk;
vlan {
members [ 10 20 30 ];
}
filter {
input 10G-IN;
}
}
}
unit 40 {
vlan-id 40;
family inet {
filter {
output 20G-OUT;
}
address 1.1.1.2/24;
}
}

 

root@QFX# show firewall
family inet {
filter 20G-OUT {
term CUST-VLANS {
from {
source-address {
1.1.1.1/32;
}
}
then policer 20G;
}
term DEFAULT {
then accept;
}
}
}
family ethernet-switching {
filter 10G-IN {
term CUST-VLANS {
from {
user-vlan-id [ 10 20 30 ];
}
then policer 10G;
}
term DEFAULT {
then accept;
}
}
}
policer 10G {
if-exceeding {
bandwidth-limit 10g;
burst-size-limit 5m;
}
then discard;
}
policer 20G {
if-exceeding {
bandwidth-limit 20g;
burst-size-limit 5m;
}
then discard;
}
-------------------------
set interfaces ge-0/0/0 flexible-vlan-tagging
set interfaces ge-0/0/0 encapsulation flexible-ethernet-services
 
set interfaces ge-0/0/0 unit 1 encapsulation vlan-bridge
set interfaces ge-0/0/0 unit 1 family ethernet-switching interface-mode trunk
set interfaces ge-0/0/0 unit 1 family ethernet-switching vlan members 10
set interfaces ge-0/0/0 unit 1 family ethernet-switching vlan members 20
set interfaces ge-0/0/0 unit 1 family ethernet-switching vlan members 30
set interfaces ge-0/0/0 unit 1 family ethernet-switching filter input 10G-IN
set interfaces ge-0/0/0 unit 40 vlan-id 40
set interfaces ge-0/0/0 unit 40 family inet filter output 20G-OUT
set interfaces ge-0/0/0 unit 40 family inet address 1.1.1.2/24
 
set firewall family inet filter 20G-OUT term CUST-VLANS from source-address 1.1.1.1/32
set firewall family inet filter 20G-OUT term CUST-VLANS then policer 20G
set firewall family inet filter 20G-OUT term DEFAULT then accept
set firewall family ethernet-switching filter 10G-IN term CUST-VLANS from user-vlan-id 10
set firewall family ethernet-switching filter 10G-IN term CUST-VLANS from user-vlan-id 20
set firewall family ethernet-switching filter 10G-IN term CUST-VLANS from user-vlan-id 30
set firewall family ethernet-switching filter 10G-IN term CUST-VLANS then policer 10G
set firewall family ethernet-switching filter 10G-IN term DEFAULT then accept
 
set firewall policer 10G if-exceeding bandwidth-limit 10g
set firewall policer 10G if-exceeding burst-size-limit 5m
set firewall policer 10G then discard
set firewall policer 20G if-exceeding bandwidth-limit 20g
set firewall policer 20G if-exceeding burst-size-limit 5m
set firewall policer 20G then discard
-------------------------

Related Links

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search