Re: [j-nsp] Time-of-day based traffic conditioning
That's pretty cool. Looks like there's some additional knobs as well.
{master}[edit]
jnpr@R1-RE0# set groups dhanks when time 8am to 5pm
{master}[edit]
jnpr@R1-RE0# set groups dhanks when routing-engine re0
{master}[edit]
jnpr@R1-RE0# set groups dhanks snmp community dhanks authorization
read-only
{master}[edit]
jnpr@R1-RE0# set apply-groups dhanks
{master}[edit]
jnpr@R1-RE0# show snmp
{master}[edit]
jnpr@R1-RE0# show snmp | display inheritance
'dhanks' was inherited from group 'dhanks'
##
community dhanks {
##
## 'read-only' was inherited from group 'dhanks'
##
authorization read-only;
}
{master}[edit]
jnpr@R1-RE0# show snmp | display inheritance when time 6pm
{master}[edit]jnpr@R1-RE0#
Thank you,
--
Doug Hanks - JNCIE-ENT #213, JNCIE-SP #875
Sr. Systems Engineer
Juniper Networks
On 1/10/12 11:28 PM, "Phil Shafer" wrote:
>Dale Shaw writes:
>>Does anyone know of a way to enforce traffic policing or shaping based on
>>time of day?
>
>Beginning in 11.3, config groups have a "conditional application"
>mechanism, so they are only applied on certain products/models or
>at certain time of day ranges.
>
>I'll admit I've never used it, but it's a generic mechanism built
>into configuration groups to handle time-of-day-based configuration:
>
>[edit]
>cli# show groups tod
>when {
>time 02:00 to 03:00;
>}
>system {
>host-name in-the-maint-window;
>}
>
>Annoyingly, I can find no documentation on it, but it's not hidden.
>Google("junos configuration groups when") is not helpful. A snippet
>of internal documentation is appended. If I find more, I'll post it.
>
>I know it uses our getdate() common function, so "2am" == "02:00".
>
>Thanks,
> Phil
>
>
>--
>2.3.5 TIME
>
>This identifies, when this particular config-group needs to be applied on
>the
>router. It takes start time and optional end time as values. If end time
>is
>specified, the applied config-group will be removed at the specified end
>time.
>This will happen everyday on the specified time. If start time is relative
>time e.g, "11am" and end time is not specified, end time will be taken as
>EOD.
>If start is absolute time, the applied configuration will remain, unless
>the
>config-group start time is modified.
>
>The syntax for specificing the time:
>
>time [to ];
>
>The time format is -mm-dd.hh:mm (type time).
>(Relative has just hh:mm, if 12 hours clock is used, it is needed to
>specify
>am/pm.)
>
>Example:
>
>groups {
>my-group-1 {
>// Config-group statements
>when {
>time 11:00 to 15:00;
>}
>}
>}
>
>The config-group 'my-group-1' config statements will be applied at 11 AM
>and
>will be removed at 3 PM daily.
>___
>juniper-nsp mailing list juniper-nsp@puck.nether.net
>https://puck.nether.net/mailman/listinfo/juniper-nsp
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Time-of-day based traffic conditioning
Dale Shaw writes:
>Does anyone know of a way to enforce traffic policing or shaping based on
>time of day?
Beginning in 11.3, config groups have a "conditional application"
mechanism, so they are only applied on certain products/models or
at certain time of day ranges.
I'll admit I've never used it, but it's a generic mechanism built
into configuration groups to handle time-of-day-based configuration:
[edit]
cli# show groups tod
when {
time 02:00 to 03:00;
}
system {
host-name in-the-maint-window;
}
Annoyingly, I can find no documentation on it, but it's not hidden.
Google("junos configuration groups when") is not helpful. A snippet
of internal documentation is appended. If I find more, I'll post it.
I know it uses our getdate() common function, so "2am" == "02:00".
Thanks,
Phil
--
2.3.5 TIME
This identifies, when this particular config-group needs to be applied on the
router. It takes start time and optional end time as values. If end time is
specified, the applied config-group will be removed at the specified end time.
This will happen everyday on the specified time. If start time is relative
time e.g, "11am" and end time is not specified, end time will be taken as EOD.
If start is absolute time, the applied configuration will remain, unless the
config-group start time is modified.
The syntax for specificing the time:
time [to ];
The time format is -mm-dd.hh:mm (type time).
(Relative has just hh:mm, if 12 hours clock is used, it is needed to specify
am/pm.)
Example:
groups {
my-group-1 {
// Config-group statements
when {
time 11:00 to 15:00;
}
}
}
The config-group 'my-group-1' config statements will be applied at 11 AM and
will be removed at 3 PM daily.
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Time-of-day based traffic conditioning
Okay, it's ugly, but: Write a policy on the SRX that is attached to a scheduler. Make the "then" action of the policy permit application-services idp. Write an IDP policy that has a "then" action to re-write DSCP markings for this traffic. Write a CoS policy on your EXs to police traffic matching that DSCP value - I've never been able to re-write AND police on those values in the SRX on one flow. Just remember - schedulers only enable and disable policies, so make sure you permit the traffic in a fall-through policy. Ideally you'd put the "business-hours" policy at the top and attach it to the IDP rule/scheduler, then have a policy below it for the out-of-hours. Cheers, Ben On 10/01/2012, at 12:28 PM, Dale Shaw wrote: > Hi all, > > Does anyone know of a way to enforce traffic policing or shaping based on > time of day? > > Platforms available to us: EX-series (EX4200 predominantly), J-series > (J2320/J6350) and SRX-series (SRX240, SRX650, SRX3K, SRX5K). > > I'm looking for a way -- preferably a built-in way (avoiding scripts if > possible) -- to limit a particular application's throughput during business > hours. > > The application is NetApp SnapMirror. I suspect a far better option would > be to control transmission rates at the source but I'd like to investigate > JUNOS-based controls as well. > > cheers, > Dale > ___ > juniper-nsp mailing list juniper-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/juniper-nsp > ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Time-of-day based traffic conditioning
On Tuesday 10 of January 2012 13:28:11 Dale Shaw wrote: > I'm looking for a way -- preferably a built-in way (avoiding scripts if > possible) -- to limit a particular application's throughput during business > hours. > It seems there's no built-in mechanism. If you really need it, you can use slax script: http://www.juniper.net/us/en/community/junos/script- automation/library/configuration/cs-time-based-filters/ Artur ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Time-of-day based traffic conditioning
Hi Misha, On Tue, Jan 10, 2012 at 4:05 PM, Misha Gzirishvili wrote: > > Hi there, on SRX/J series you can use schedulers and apply schedulers to > security policies. > On EX there are stateless filters and do not know if they support such thing. > Regards, > Misha Yes but the actions available within a security policy (count, deny, log, permit, reject) do not seem to include anything that can trigger a policer or any other kind of traffic conditioner. Similarly, stateless filters don't seem to include any hooks back into the time-of-day scheduler definitions. cheers, Dale ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Time-of-day based traffic conditioning
Hi there, on SRX/J series you can use schedulers and apply schedulers to security policies. On EX there are stateless filters and do not know if they support such thing. Regards, Misha On Jan 10, 2012 6:30 AM, "Dale Shaw" wrote: > Hi all, > > Does anyone know of a way to enforce traffic policing or shaping based on > time of day? > > Platforms available to us: EX-series (EX4200 predominantly), J-series > (J2320/J6350) and SRX-series (SRX240, SRX650, SRX3K, SRX5K). > > I'm looking for a way -- preferably a built-in way (avoiding scripts if > possible) -- to limit a particular application's throughput during business > hours. > > The application is NetApp SnapMirror. I suspect a far better option would > be to control transmission rates at the source but I'd like to investigate > JUNOS-based controls as well. > > cheers, > Dale > ___ > juniper-nsp mailing list juniper-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/juniper-nsp > ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] Time-of-day based traffic conditioning
Hi all, Does anyone know of a way to enforce traffic policing or shaping based on time of day? Platforms available to us: EX-series (EX4200 predominantly), J-series (J2320/J6350) and SRX-series (SRX240, SRX650, SRX3K, SRX5K). I'm looking for a way -- preferably a built-in way (avoiding scripts if possible) -- to limit a particular application's throughput during business hours. The application is NetApp SnapMirror. I suspect a far better option would be to control transmission rates at the source but I'd like to investigate JUNOS-based controls as well. cheers, Dale ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
