January 2019 17:59
To: juniper-nsp@puck.nether.net
Subject: Re: [j-nsp] rate limiting per-user prefix lists
On 1/9/19 6:14 AM, Niall Donaghy wrote:
> Hi Mike,
>
> I can give you a few hints:
>
> DPCE will perform poorly, depending on how many policers you
> instantiate.
>
On 1/9/19 6:14 AM, Niall Donaghy wrote:
> Hi Mike,
>
> I can give you a few hints:
>
> DPCE will perform poorly, depending on how many policers you
> instantiate.
> (hint: 10K will kill it, and hint: policers will not be accurate).
> MPCs will perform better but don't burden more
On 1/9/19 7:37 AM, Alexander Arseniev via juniper-nsp wrote:
> Hello,
>
> Well, the prefix-action policers would likely relieve congestion on
> Your backhaul MW links but the 100Mbps "last mile" will still be
> congested, with a mix of good and bad packets.
>
> And I would say more bad than good
Hello,
Well, the prefix-action policers would likely relieve congestion on Your
backhaul MW links but the 100Mbps "last mile" will still be congested,
with a mix of good and bad packets.
And I would say more bad than good because good traffic (mainly HTTPS
nowadays) will do TCP backoff at
: 08 January 2019 18:58
To: juniper-nsp@puck.nether.net
Subject: [j-nsp] rate limiting per-user prefix lists
Hi,
My platform is Juniper mx240 running 15.1R6.7 and I'm interested in using
prefix-action to establish rate limits per user in my network.
DDOS attacks targeting single users
Hi,
My platform is Juniper mx240 running 15.1R6.7 and I'm interested in
using prefix-action to establish rate limits per user in my network.
DDOS attacks targeting single users on my network can frequently
affect many users who happen to share the same backhaul connectivity
such as to
On Friday, June 03, 2011 02:05:45 AM Chris Adams wrote:
Everybody suggested putting the policer directly on the
interface and setting logical-interface-policer in the
policer.
Watch out if you're running Junos 9.3R2.8 (earlier code
could also be affected, not certain).
Implementing the
Once upon a time, Chris Adams cmad...@hiwaay.net said:
I'm currently using interface, policer, and filter config like this to
rate-limit ethernet interfaces to paid bandwidth on an M10i:
I got responses from several people along the same lines, but I figured
I'd summarize my solution for the
Hello peeps.
I have an EX switch (4200) with a 10Mb LES circuit to the Internet. I
have 5 customers who I need to guarantee 1Mb each (http) and the
remainder 5 Mb they can contend for as Burst or BE traffic. Any ideas
how I can achieve this result ?
TIA.
JfD.
Here is how I would do it:
[edit class-of-service]
forwarding-classes {
class Cust-1 queue-num 7;
class Cust-2 queue-num 6;
class Cust-3 queue-num 5;
class Cust-4 queue-num 4;
class Cust-5 queue-num 3;
class BE queue-num 0;
}
interfaces {
ge-UPLINK {
Of Timur
Ibragimov
Sent: Friday, December 26, 2008 9:40 AM
To: Tom Storey
Cc: juniper-nsp@puck.nether.net
Subject: Re: [j-nsp] Rate limiting
Tom Storey wrote:
A burst size of 1.5kbps as you have configured in your example only
allows
traffic to increase at 1.5 kilobits each second, not a hell
Hi Timur,
2008/12/26 Timur Ibragimov i...@ycc.ru
Tom Storey wrote:
A burst size of 1.5kbps as you have configured in your example only
allows
traffic to increase at 1.5 kilobits each second, not a hell of a lot. At
that rate it would take upto 1000 seconds, i.e. 16 minutes to reach the
P. S.
BS is needed because dealing with policing (not shaping), the router has no
buffer where to put a packet in for awaiting. It is also not able to drop a
part of a packet -- either transmit or drop a whole one. Well, imagine a
situation when you need to transmit just one packet per hour, but
Hello,
I have configured following policer
policer bw-1500k.5ms {
if-exceeding {
bandwidth-limit 150;
burst-size-limit 1500;
}
then discard;
}
believing it will rate limit traffic to 1500 Kbps. But it starts to drop
packets at much less than configured
Tom Storey wrote:
A burst size of 1.5kbps as you have configured in your example only allows
traffic to increase at 1.5 kilobits each second, not a hell of a lot. At
that rate it would take upto 1000 seconds, i.e. 16 minutes to reach the
full 1.5 megabits you are wanting to supply...
I
Hello,
I have configured following policer
policer bw-1500k.5ms {
if-exceeding {
bandwidth-limit 150;
burst-size-limit 1500;
}
then discard;
}
believing it will rate limit traffic to 1500 Kbps. But it starts to drop
packets at much less than
Hi,
Does anybody know if I can rate limit (ingress and egress) per VLAN in a
Gigabit Ethernet Interface.
Thank you
Best regards
Jose Sanchez
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
17 matches
Mail list logo