[GTER] Controle de banda em BRAS juniper.
Thiago Correa de Lima
thiago.correa at telemidia.net.br
Mon Feb 7 11:32:50 -03 2022
Esta faltando vc setar o interface-specific tanto no filtro do v4 quanto
do v6.
Em 04/02/2022 15:20, Joao Ferreira via gter escreveu:
> Boa tarde, estou configurando controle dinamico em BRAS juniper usando
> IPV4 e IPV6, o problema que estou tendo e que o controle de banda do
> juniper esta sendo feito encima de protocolo, resultando que soma o
> controle de banda, alguem tem uma configuracao que o controle seja feito na
> interface? estou usando essa configuração.
>
> set dynamic-profiles IPV4 variables Bandwidth-IN default-value 32k
> set dynamic-profiles IPV4 variables Bandwidth-IN mandatory
> set dynamic-profiles IPV4 variables Bandwidth-OUT default-value 32k
> set dynamic-profiles IPV4 variables Bandwidth-OUT mandatory
> set dynamic-profiles IPV4 variables Policer-IN uid
> set dynamic-profiles IPV4 variables Policer-OUT uid
> set dynamic-profiles IPV4 variables Filter-IN uid
> set dynamic-profiles IPV4 variables Filter-OUT uid
> set dynamic-profiles IPV4 variables Burst-OUT default-value 5m
> set dynamic-profiles IPV4 variables Burst-IN default-value 5m
> set dynamic-profiles IPV4 interfaces "$junos-interface-ifd-name" unit
> "$junos-interface-unit" family inet filter input "$Filter-IN"
> set dynamic-profiles IPV4 interfaces "$junos-interface-ifd-name" unit
> "$junos-interface-unit" family inet filter output "$Filter-OUT"
> set dynamic-profiles IPV4 firewall family inet filter "$Filter-OUT"
> interface-specific
> set dynamic-profiles IPV4 firewall family inet filter "$Filter-OUT" term 10
> then policer "$Policer-OUT"
> set dynamic-profiles IPV4 firewall family inet filter "$Filter-OUT" term 10
> then service-filter-hit
> set dynamic-profiles IPV4 firewall family inet filter "$Filter-OUT" term 10
> then accept
> set dynamic-profiles IPV4 firewall family inet filter "$Filter-IN"
> interface-specific
> set dynamic-profiles IPV4 firewall family inet filter "$Filter-IN" term 10
> then policer "$Policer-IN"
> set dynamic-profiles IPV4 firewall family inet filter "$Filter-IN" term 10
> then service-filter-hit
> set dynamic-profiles IPV4 firewall family inet filter "$Filter-IN" term 10
> then accept
> set dynamic-profiles IPV4 firewall policer "$Policer-IN" filter-specific
> set dynamic-profiles IPV4 firewall policer "$Policer-IN"
> logical-interface-policer
> set dynamic-profiles IPV4 firewall policer "$Policer-IN" if-exceeding
> bandwidth-limit "$Bandwidth-IN"
> set dynamic-profiles IPV4 firewall policer "$Policer-IN" if-exceeding
> burst-size-limit "$Burst-IN"
> set dynamic-profiles IPV4 firewall policer "$Policer-IN" then discard
> set dynamic-profiles IPV4 firewall policer "$Policer-OUT" filter-specific
> set dynamic-profiles IPV4 firewall policer "$Policer-OUT"
> logical-interface-policer
> set dynamic-profiles IPV4 firewall policer "$Policer-OUT" if-exceeding
> bandwidth-limit "$Bandwidth-OUT"
> set dynamic-profiles IPV4 firewall policer "$Policer-OUT" if-exceeding
> burst-size-limit "$Burst-OUT"
> set dynamic-profiles IPV4 firewall policer "$Policer-OUT" then discard
>
> set dynamic-profiles IPV6 variables Bandwidth-IN-V6 default-value 32k
> set dynamic-profiles IPV6 variables Bandwidth-IN-V6 mandatory
> set dynamic-profiles IPV6 variables Bandwidth-OUT-V6 default-value 32k
> set dynamic-profiles IPV6 variables Bandwidth-OUT-V6 mandatory
> set dynamic-profiles IPV6 variables Burst-IN-V6 default-value 2m
> set dynamic-profiles IPV6 variables Burst-OUT-V6 default-value 2m
> set dynamic-profiles IPV6 variables Policer-IN-V6 uid
> set dynamic-profiles IPV6 variables Policer-OUT-V6 uid
> set dynamic-profiles IPV6 variables Filter-IN-V6 uid
> set dynamic-profiles IPV6 variables Filter-OUT-V6 uid
> set dynamic-profiles IPV6 interfaces demux0 unit "$junos-interface-unit"
> family inet6 filter input "$Filter-IN-V6"
> set dynamic-profiles IPV6 interfaces demux0 unit "$junos-interface-unit"
> family inet6 filter output "$Filter-OUT-V6"
> set dynamic-profiles IPV6 firewall family inet6 filter "$Filter-IN-V6"
> interface-specific
> set dynamic-profiles IPV6 firewall family inet6 filter "$Filter-IN-V6" term
> 10 then policer "$Policer-IN-V6"
> set dynamic-profiles IPV6 firewall family inet6 filter "$Filter-IN-V6" term
> 10 then service-filter-hit
> set dynamic-profiles IPV6 firewall family inet6 filter "$Filter-IN-V6" term
> 10 then accept
> set dynamic-profiles IPV6 firewall family inet6 filter "$Filter-OUT-V6"
> interface-specific
> set dynamic-profiles IPV6 firewall family inet6 filter "$Filter-OUT-V6"
> term 10 then policer "$Policer-OUT-V6"
> set dynamic-profiles IPV6 firewall family inet6 filter "$Filter-OUT-V6"
> term 10 then service-filter-hit
> set dynamic-profiles IPV6 firewall family inet6 filter "$Filter-OUT-V6"
> term 10 then accept
> set dynamic-profiles IPV6 firewall policer "$Policer-IN-V6" filter-specific
> set dynamic-profiles IPV6 firewall policer "$Policer-IN-V6"
> logical-interface-policer
> set dynamic-profiles IPV6 firewall policer "$Policer-IN-V6" if-exceeding
> bandwidth-limit "$Bandwidth-IN-V6"
> set dynamic-profiles IPV6 firewall policer "$Policer-IN-V6" if-exceeding
> burst-size-limit "$Burst-IN-V6"
> set dynamic-profiles IPV6 firewall policer "$Policer-IN-V6" then discard
> set dynamic-profiles IPV6 firewall policer "$Policer-OUT-V6" filter-specific
> set dynamic-profiles IPV6 firewall policer "$Policer-OUT-V6"
> logical-interface-policer
> set dynamic-profiles IPV6 firewall policer "$Policer-OUT-V6" if-exceeding
> bandwidth-limit "$Bandwidth-OUT-V6"
> set dynamic-profiles IPV6 firewall policer "$Policer-OUT-V6" if-exceeding
> burst-size-limit "$Burst-OUT-V6"
> set dynamic-profiles IPV6 firewall policer "$Policer-OUT-V6" then discard
> --
> gter list https://eng.registro.br/mailman/listinfo/gter
--
Thiago Corrêa
Analista de Redes
Telemídia Sistemas de Telecomunicações Ltda.
Fixo: (35) 3729.0042
Móvel: (35) 9 8802.0307
E-mail: thiago.correa at telemidia.net.br
More information about the gter
mailing list