On Wed, Apr 19, 2017 at 11:55:37AM -0400, Shamen Snyder wrote: > I'm curious as to what other Juniper service providers are doing for > their internet customers. I assume most probably shape or police at the > customer CPE or as close as they can to it. > > We are currently in a position where we terminate internet customers in > the POP that we purchase bulk transit in several collocations around the > United States. Then carry customer internet traffic back to the IP > termination via our MPLS network.
We have similar setup, we backhaul customers to IP POP via our MPLS transport network in the metro. We setup 10GE NNI interfaces between IP and transport network and configure shaping on the NNI to subscriber line speed for that EVC. Likewise, for customer's upload direction, shaping is performed in opposite direction. On the customer facing PE, we police the ingress on customer port (so that will be customer's upload bandwidth) to prevent admitting too much traffic than what the shaper would eventually allow at the point of NNI interconnection. Since their upload bandwidth is shaped at the interconnect site, the ingress policer at the customer facing PE does not get violated in normal cases, unless customer has a compromised host sending large burst of uncontrolled fire-and-forget traffic (e.g. DoS). > > Shaping is broken when configured on a LAG (see KB22921). Which > depending on how many interfaces you have in a LAG a customer would need > that many flows to see all of their bandwidth. So I assume most > providers are using policing instead. We never use LAG for NNI interfaces, precisely because queueing and policing get complicated. Each NNI is independent 10GE interfaces as we hand-off from IP to transport network, and each EVC backhauling a customer never exceeds 3 Gbps subscriber speed. If the customer needs to be a 10G port to IP network (regardless of whether burstable or full-rate 10G), we put them on optical transport and deliver the service via unprotected 10G wave. This will change ofcourse with the ongoing deployment of 100G interfaces. We don't do any complex QoS or classifications for internet traffic uses -- after all, if we had a choice, we would rather put layer-3 routers at every customer facing site, but alas that is not very cost effective right now. We just police & queue (no classification) to enforce traffic contract and prevent over-admittance of traffic onto the metro transport network. HTH, James _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
