Hi all. So for the archives - this issue turned out to be a bug. Juniper have filed it under:
PR1098486 "The "shared-bandwidth-policer" knob is used to enable configuration of interface-specific policers applied on an aggregated Ethernet bundle to match the effective bandwidth and burst-size to user-configured values. But this feature is broken from Junos release 14.1R1 when "enhanced-ip" is configured on MX platform with pure trio-based line cards. The bandwidth/burst-size of policers attached to Aggregated Ethernet interfaces are not dynamically updated upon member link adding or deletion." The issue is resolved in Junos 14.2R4 and 15.1R2. We have tested 14.2R4.9 and confirm that the issue is, indeed, resolved. If you can't upgrade to from 14.1 through to anything pre-14.2R4, the workaround is to delete, commit, re-apply and commit the srTCM firewall policers. In case you are using trTCM policers, I found that the above workaround doesn't work - your only option is to delete the policer at the interface level, commit, re-apply and commit again. The problem with the workaround is that if one of your MPC's that has a port in the LAG was to ever restart (for whatever reason), you could end up seeing this issue again, and would need to re-apply the workarounds. Hope this helps anyone else out there that could be facing this issue. Mark. _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp