Support Support Downloads Knowledge Base Juniper Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[ScreenOS] Traffic shaping support on ASIC platforms



Article ID: KB5896 KB Last Updated: 09 Jul 2014Version: 10.0

This article describes Juniper Networks' traffic shaping support on ASIC platforms (ISG-1000, ISG-2000, NS5200, NS5400).


There is no traffic shaping option like Guaranteed Bandwidth in the policy setup on the NS5000.  This feature is configurable on a physical interface only.



Policy based traffic shaping is not supported on any of the ASIC platforms such as ISG-1000/2000 or NS-5200/5400.  Only bandwidth of the physical interface can be limited, and is applied to inbound traffic to the interface only.  Bandwidth limiting of virtual interfaces, like loopback, tunnel, redundant or aggregate, or subinterface interface is not supported on ASIC based devices.

The firewall allows you to restrict the bandwidth on sub-interface also.

nsisg1000(M)-> set int e2/4.1 bandwidth 25

But, please note that this setting isapplied to the physical interface as well:

nsisg1000(M)-> get int e2/4
Interface ethernet2/4:
description ethernet2/4
number 24, if_info 786240, if_index 0, mode route
link up, phy-link up/full-duplex, admin status up
status change:1, last change:07/03/2014 12:32:38
VSIs on this interface: ethernet2/4:1;
vsys Root, zone Untrust, vr untrust-vr, vsd 0
dhcp client disabled
*ip mac 0010.dbb8.c1d8
*manage ip, mac 0010.dbb8.c1d8
route-deny disable
pmtu-v4 disabled
ping enabled, telnet enabled, SSH disabled, SNMP disabled
web enabled, ident-reset disabled, SSL disabled
DNS Proxy disabled, webauth disabled, g-arp enabled, webauth-ip
OSPF disabled OSPFv3 disabled BGP disabled RIP disabled RIPng disabled
NSGP enabled mtrace disabled
PIM: not configured IGMP not configured
MLD not configured
NHRP disabled
bandwidth: physical 100Mbps, configured 25Mbps ====>>> Here
DHCP-Relay disabled at interface level
DHCP-server disabled

This can pose a problem, because the bandwidth of the physical interface will be restricted to 25Mbps and can throttle traffic through other sub-interfaces under the same physical interface.

Note: Interface Settings for MBW on ASIC based systems can be limited to steps that are a 10th scale of the capability of the interface. Any value set will be rounded to the next increment.  For example, on a 10/100/1000 interface, the MBW can only be limited to 100, 200, 300, 400, 500, 600, 700, 800 or 900 Mbps.   A Gig interface cannot be limited to 1Mbps. On a 10/100 interface, the MBW can only be limited to 10, 20, 30, 40, 50, 60, 70, 80, or 90 Mbps.

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search