[GTER] Controle de banda em BRAS juniper.
Joao Ferreira
joca at planaltonet.net.br
Fri Feb 4 15:20:29 -03 2022
Boa tarde, estou configurando controle dinamico em BRAS juniper usando
IPV4 e IPV6, o problema que estou tendo e que o controle de banda do
juniper esta sendo feito encima de protocolo, resultando que soma o
controle de banda, alguem tem uma configuracao que o controle seja feito na
interface? estou usando essa configuração.
set dynamic-profiles IPV4 variables Bandwidth-IN default-value 32k
set dynamic-profiles IPV4 variables Bandwidth-IN mandatory
set dynamic-profiles IPV4 variables Bandwidth-OUT default-value 32k
set dynamic-profiles IPV4 variables Bandwidth-OUT mandatory
set dynamic-profiles IPV4 variables Policer-IN uid
set dynamic-profiles IPV4 variables Policer-OUT uid
set dynamic-profiles IPV4 variables Filter-IN uid
set dynamic-profiles IPV4 variables Filter-OUT uid
set dynamic-profiles IPV4 variables Burst-OUT default-value 5m
set dynamic-profiles IPV4 variables Burst-IN default-value 5m
set dynamic-profiles IPV4 interfaces "$junos-interface-ifd-name" unit
"$junos-interface-unit" family inet filter input "$Filter-IN"
set dynamic-profiles IPV4 interfaces "$junos-interface-ifd-name" unit
"$junos-interface-unit" family inet filter output "$Filter-OUT"
set dynamic-profiles IPV4 firewall family inet filter "$Filter-OUT"
interface-specific
set dynamic-profiles IPV4 firewall family inet filter "$Filter-OUT" term 10
then policer "$Policer-OUT"
set dynamic-profiles IPV4 firewall family inet filter "$Filter-OUT" term 10
then service-filter-hit
set dynamic-profiles IPV4 firewall family inet filter "$Filter-OUT" term 10
then accept
set dynamic-profiles IPV4 firewall family inet filter "$Filter-IN"
interface-specific
set dynamic-profiles IPV4 firewall family inet filter "$Filter-IN" term 10
then policer "$Policer-IN"
set dynamic-profiles IPV4 firewall family inet filter "$Filter-IN" term 10
then service-filter-hit
set dynamic-profiles IPV4 firewall family inet filter "$Filter-IN" term 10
then accept
set dynamic-profiles IPV4 firewall policer "$Policer-IN" filter-specific
set dynamic-profiles IPV4 firewall policer "$Policer-IN"
logical-interface-policer
set dynamic-profiles IPV4 firewall policer "$Policer-IN" if-exceeding
bandwidth-limit "$Bandwidth-IN"
set dynamic-profiles IPV4 firewall policer "$Policer-IN" if-exceeding
burst-size-limit "$Burst-IN"
set dynamic-profiles IPV4 firewall policer "$Policer-IN" then discard
set dynamic-profiles IPV4 firewall policer "$Policer-OUT" filter-specific
set dynamic-profiles IPV4 firewall policer "$Policer-OUT"
logical-interface-policer
set dynamic-profiles IPV4 firewall policer "$Policer-OUT" if-exceeding
bandwidth-limit "$Bandwidth-OUT"
set dynamic-profiles IPV4 firewall policer "$Policer-OUT" if-exceeding
burst-size-limit "$Burst-OUT"
set dynamic-profiles IPV4 firewall policer "$Policer-OUT" then discard
set dynamic-profiles IPV6 variables Bandwidth-IN-V6 default-value 32k
set dynamic-profiles IPV6 variables Bandwidth-IN-V6 mandatory
set dynamic-profiles IPV6 variables Bandwidth-OUT-V6 default-value 32k
set dynamic-profiles IPV6 variables Bandwidth-OUT-V6 mandatory
set dynamic-profiles IPV6 variables Burst-IN-V6 default-value 2m
set dynamic-profiles IPV6 variables Burst-OUT-V6 default-value 2m
set dynamic-profiles IPV6 variables Policer-IN-V6 uid
set dynamic-profiles IPV6 variables Policer-OUT-V6 uid
set dynamic-profiles IPV6 variables Filter-IN-V6 uid
set dynamic-profiles IPV6 variables Filter-OUT-V6 uid
set dynamic-profiles IPV6 interfaces demux0 unit "$junos-interface-unit"
family inet6 filter input "$Filter-IN-V6"
set dynamic-profiles IPV6 interfaces demux0 unit "$junos-interface-unit"
family inet6 filter output "$Filter-OUT-V6"
set dynamic-profiles IPV6 firewall family inet6 filter "$Filter-IN-V6"
interface-specific
set dynamic-profiles IPV6 firewall family inet6 filter "$Filter-IN-V6" term
10 then policer "$Policer-IN-V6"
set dynamic-profiles IPV6 firewall family inet6 filter "$Filter-IN-V6" term
10 then service-filter-hit
set dynamic-profiles IPV6 firewall family inet6 filter "$Filter-IN-V6" term
10 then accept
set dynamic-profiles IPV6 firewall family inet6 filter "$Filter-OUT-V6"
interface-specific
set dynamic-profiles IPV6 firewall family inet6 filter "$Filter-OUT-V6"
term 10 then policer "$Policer-OUT-V6"
set dynamic-profiles IPV6 firewall family inet6 filter "$Filter-OUT-V6"
term 10 then service-filter-hit
set dynamic-profiles IPV6 firewall family inet6 filter "$Filter-OUT-V6"
term 10 then accept
set dynamic-profiles IPV6 firewall policer "$Policer-IN-V6" filter-specific
set dynamic-profiles IPV6 firewall policer "$Policer-IN-V6"
logical-interface-policer
set dynamic-profiles IPV6 firewall policer "$Policer-IN-V6" if-exceeding
bandwidth-limit "$Bandwidth-IN-V6"
set dynamic-profiles IPV6 firewall policer "$Policer-IN-V6" if-exceeding
burst-size-limit "$Burst-IN-V6"
set dynamic-profiles IPV6 firewall policer "$Policer-IN-V6" then discard
set dynamic-profiles IPV6 firewall policer "$Policer-OUT-V6" filter-specific
set dynamic-profiles IPV6 firewall policer "$Policer-OUT-V6"
logical-interface-policer
set dynamic-profiles IPV6 firewall policer "$Policer-OUT-V6" if-exceeding
bandwidth-limit "$Bandwidth-OUT-V6"
set dynamic-profiles IPV6 firewall policer "$Policer-OUT-V6" if-exceeding
burst-size-limit "$Burst-OUT-V6"
set dynamic-profiles IPV6 firewall policer "$Policer-OUT-V6" then discard
More information about the gter
mailing list