The firewall where this is configured has hundereds of customer interfaces on them I can't apply a policer to the WAN interface as that will police the entier link (300Mb) down to a slow speed. I need to police each customer to 40Mb on their own interface.
As its just the outbound policer that isn't working correctly, it does police, but much higher than the 40Mb it is configured to run at ________________________________ From: Huan Pham [drie.huanp...@gmail.com] Sent: Saturday, 26 January 2013 1:50 PM To: Luca Salvatore Cc: juniper-nsp@puck.nether.net Subject: Re: [j-nsp] Burst size for policing Hi Luca, _I think_ the stats that show for inbound rate (65M-70M) on the interface maybe the one before you do policing. It may not be the rate after dropping. On the other hand traffic shown outbound already subject of your outbound policy. Could you check the traffic that leaves the router (e.g. outbound to the LAN). If your router has only two interfaces (e.g. WAN and LAN, and you apply the policing on the WAN interface), then the outbound rate on the other interface (LAN interface) is the rate after your WAN inbound policing. Cheers, Huan On Sat, Jan 26, 2013 at 8:20 AM, Luca Salvatore <l...@ninefold.com<mailto:l...@ninefold.com>> wrote: Hi Guys, Got some issues with my policing configuation on a SRX650. I have it configured to police inbound and outbound traffic to 40Mb. The config to make this happen is: configuration firewall policer police-customer | display set set firewall policer police-customer if-exceeding bandwidth-limit 39m set firewall policer police-customer if-exceeding burst-size-limit 1m set firewall policer police-customer then discard So this works really well for outbound traffic - speeds test show that it sits right on 40Mb. However for my inbound traffic I see that speeds get well above 40Mb - around 65 to 70 actually. The policier is applied to the customers interface in both the inbound and outbound direction. I'm thinking the burst size could be too big perhaps? Thanks. Luca. _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net<mailto:juniper-nsp@puck.nether.net> https://puck.nether.net/mailman/listinfo/juniper-nsp _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
