I’ve a Juniper MX wherte I have to do a community translation and bandwidth policing in the identical time. I’ve tried each approaches – direct policing of a logical interface and a policer inside a firewall filter and in each circumstances output policing would not occur (netspeed take a look at on a bunch in vlan 207 reveals incoming pace of 500 Mbits/sec, add reveals 80 Mbit/secs):
direct policing:
[show interfaces ge-1/0/0 unit 207]
vlan-id 207;
household inet {
filter {
output deny-rfc1918-and-allow-some;
}
policer {
enter 80m-30.6m-discard;
output 80m-30.6m-discard;
}
service {
enter {
service-set nat-lan;
}
output {
service-set nat-lan-portforward service-filter nat-lan-filter;
service-set nat-lan;
}
}
tackle 172.16.25.9/29;
}
[show firewall policer 80m-30.6m-discard]
logical-interface-policer;
if-exceeding {
bandwidth-limit 80m;
burst-size-limit 30720000;
}
then discard;
policing inside a firewall filter:
[show interfaces ge-1/0/0 unit 207]
vlan-id 207;
household inet {
filter {
output deny-rfc1918-and-allow-some-shape-to-80m;
}
policer {
enter 80m-30.6m-discard;
}
service {
enter {
service-set nat-lan;
}
output {
service-set nat-lan-portforward service-filter nat-lan-filter;
service-set nat-lan;
}
}
tackle 172.16.25.9/29;
}
[show firewall filter deny-rfc1918-and-allow-some-shape-to-80m]
time period allow-some-and-shape-to-80m {
from {
source-address {
172.16.20.0/23;
172.16.25.8/29;
}
}
then settle for;
}
time period deny-rfc1918 {
filter deny-rfc1918;
}
time period accept-the-rest {
then {
policer 80m-30.6m-discard-specific;
settle for;
}
}
[show firewall policer 80m-30.6m-discard-specific]
filter-specific;
if-exceeding {
bandwidth-limit 80m;
burst-size-limit 30720000;
}
then discard;
I suppose that is occurring due to existance of the service-set on the identical logical interface. Is there any approach to make this work ? Might this be a JunOS bug (sadly, this unit has to possibility of aquiring a help contract from Juniper Networks) ?
This unit is working the next JunOS model:
run present system software program
Info for jbase:
Remark:
JUNOS Base OS Software program Suite [21.2R3-S5.4]
Info for jcrypto:
Remark:
JUNOS Crypto Software program Suite [21.2R3-S5.4]
Info for jcrypto-dp-support:
Remark:
JUNOS DP Crypto Software program Software program Suite [21.2R3-S5.4]
Info for jdocs:
Remark:
JUNOS On-line Documentation [21.2R3-S5.4]
Info for jkernel:
Remark:
JUNOS Kernel Software program Suite [21.2R3-S5.4]
Info for jmacsec:
Remark:
JUNOS Macsec Software program Suite [21.2R3-S5.4]
Info for jpfe:
Remark:
JUNOS Packet Forwarding Engine Help (MX80) [21.2R3-S5.4]
Info for jroute:
Remark:
JUNOS Routing Software program Suite [21.2R3-S5.4]
Info for jsd:
Remark:
JUNOS jsd [powerpc-21.2R3-S5.4-jet-1]
Info for jsdn-powerpc:
Remark:
JUNOS SDN Software program Suite [21.2R3-S5.4]
Info for jservices-alg:
Remark:
JUNOS Companies Utility Stage Gateways [21.2R3-S5.4]
Info for jservices-cos:
Remark:
JUNOS Companies COS [21.2R3-S5.4]
Info for jservices-cpcd:
Remark:
JUNOS Companies Captive Portal and Content material Supply Container bundle [21.2R3-S5.4]
Info for jservices-crypto-base:
Remark:
JUNOS Companies Crypto [21.2R3-S5.4]
Info for jservices-ipsec:
Remark:
JUNOS Companies IPSec [21.2R3-S5.4]
Info for jservices-jflow:
Remark:
JUNOS Companies Jflow Container bundle [21.2R3-S5.4]
Info for jservices-nat:
Remark:
JUNOS Companies NAT [21.2R3-S5.4]
Info for jservices-rpm:
Remark:
JUNOS Companies RPM [21.2R3-S5.4]
Info for jservices-rtcom:
Remark:
JUNOS Companies RTCOM [21.2R3-S5.4]
Info for jservices-sfw:
Remark:
JUNOS Companies Stateful Firewall [21.2R3-S5.4]
Info for jservices-softwire:
Remark:
JUNOS Companies SOFTWIRE [21.2R3-S5.4]
Info for jservices-ssl:
Remark:
JUNOS Companies SSL [21.2R3-S5.4]
Info for jservices-tcp-log:
Remark:
JUNOS Companies TCP-LOG [21.2R3-S5.4]
Info for junos:
Remark:
JUNOS Base OS boot [21.2R3-S5.4]
Info for py-base-powerpc:
Remark:
JUNOS py-base-powerpc [21.2R3-S5.4]
Info for py-extensions-powerpc:
Remark:
JUNOS py-extensions-powerpc [21.2R3-S5.4]