Take the policer out of the IFL and put it into the firewall filter. Should be good to go.
From: Gustavo Santos <gustkil...@gmail.com<mailto:gustkil...@gmail.com>> Date: Mon, 15 Oct 2012 11:57:40 -0300 To: dhanks <dha...@juniper.net<mailto:dha...@juniper.net>> Cc: "EXT - caill...@commtelns.com<mailto:caill...@commtelns.com>" <caill...@commtelns.com<mailto:caill...@commtelns.com>>, Serge Vautour <se...@nbnet.nb.ca<mailto:se...@nbnet.nb.ca>>, Chris Evans <chrisccnpsp...@gmail.com<mailto:chrisccnpsp...@gmail.com>>, "juniper-nsp@puck.nether.net<mailto:juniper-nsp@puck.nether.net>" <juniper-nsp@puck.nether.net<mailto:juniper-nsp@puck.nether.net>> Subject: Re: [j-nsp] WAN input prioritization on MX Doug, Like this? Interface [edit interfaces ge-1/1/0] gustavo@BRD01# show description WAN; unit 0 { bandwidth 490m; family inet { filter { input controle; } policer { input gvt; } sampling { input; output; } address 177.99.164.126/30<http://177.99.164.126/30>; } } [edit interfaces ge-1/1/0] Policer [edit firewall policer wan] gustavo@BRD01# show if-exceeding { bandwidth-limit 490m; burst-size-limit 625k; } then discard; [edit firewall policer wan] Filter gustavo@BRD01# show term clientes { from { destination-address { 177.8.x.0/21; 177.x.x.0/22; 177.6x.x.0/22; 177.6x.xx0.0/24; 177.6x.xx1.0/24; 177.6x.xx3.0/24; 177.1x.1x.0/22; 177.1x.1x.0/24; 177.1x.2x.0/21; 177.1x.2x.0/22; 177.1x.2x.0/22; } } then { loss-priority low; forwarding-class expedited-forwarding; } } term resto { then { loss-priority high; forwarding-class best-effort; } } [edit firewall family inet filter controle] Gustavo Santos Analista de Redes CCNA , MTCNA , MTCRE, MTCINE, JUNCIA-ER 2012/10/15 Doug Hanks <dha...@juniper.net<mailto:dha...@juniper.net>> All you need in this scenario is a simple policer and a firewall filter than. Just match the different types of traffic as you described below into different terms of a firewall filter, then depending on what you want to do with the traffic, police it or discard it. From: Gustavo Santos <gustkil...@gmail.com<mailto:gustkil...@gmail.com>> Date: Mon, 15 Oct 2012 10:40:41 -0300 To: dhanks <dha...@juniper.net<mailto:dha...@juniper.net>> Cc: "EXT - caill...@commtelns.com<mailto:caill...@commtelns.com>" <caill...@commtelns.com<mailto:caill...@commtelns.com>>, Serge Vautour <se...@nbnet.nb.ca<mailto:se...@nbnet.nb.ca>>, Chris Evans <chrisccnpsp...@gmail.com<mailto:chrisccnpsp...@gmail.com>>, "juniper-nsp@puck.nether.net<mailto:juniper-nsp@puck.nether.net>" <juniper-nsp@puck.nether.net<mailto:juniper-nsp@puck.nether.net>> Subject: Re: [j-nsp] WAN input prioritization on MX Hi, After reading your comments, I will try to explain better what I'm trying to achieve. I'm trying to do classification and queueing on an ingress interface. When the wan interface gets rate limit threshold (500mbits), all the traffic that is destinated to the high priority destination subnet gets precedence and no packet loss or lower packet loss, than the low priority. The egress traffic to these subnets goes to two different physical interfaces ( ge-1/0/5 and ge-1/0/5) So , from what I read from you, the ingress interface should "see" the rate limit of 500mbits gets congestion and then discard packets from wan that have destination (address) subnet that differs from the high priority subnet. For instance: If the current wan ingress traffic total is 450mbits and high priority traffic is 100mbits, and low priority is 350mbits = no packet discard, but if traffic towards high priority subnet is 300mbits and low priority is 300mbits, then the queuing / scheduler will drop the low priority traffic until the sources traffic gets shaped to 200mbits for the low priority and the high priority gets 300mbits. On Linux it's quite simple to achieve. Gustavo Santos Analista de Redes CCNA , MTCNA , MTCRE, MTCINE, JUNCIA-ER 2012/10/15 Doug Hanks <dha...@juniper.net<mailto:dha...@juniper.net>> >If you're having a hard time writing >the proper code-points to a packet, I would assume the packets are >classified correctly. s/correctly/incorrectly/ _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp