Friday, December 15, 2017

[Junos srx100h2] limiting traffic speeds for everything except connections to 1.2.3.4/0

Hey /r/networking

I'm trying to configure one of our customers SRX100H2 to only use 1/3 of their bandwidth unless they are connecting to our services. (In this example 1.2.3.4/24)

I've tried the following, but it does not exclude 1.2.3.4/24 from the limiting rule.


set interfaces fe-0/0/0 unit 0 family inet filter output Traffic-Shape

set interfaces fe-0/0/0 unit 0 family inet filter input Traffic-Shape

set firewall filter Traffic-Shape term 60m from destination-address 1.2.3.4/24

set firewall filter Traffic-Shape term 60m then policer police60m

set firewall filter Traffic-Shape term 60m then accept

set firewall filter Traffic-Shape term 20m from destination-address 0.0.0.0/0

set firewall filter Traffic-Shape term 20m then policer police20m

set firewall filter Traffic-Shape term 20m then accept

set firewall filter Traffic-Shape term last then accept

set firewall policer police20m if-exceeding bandwidth-limit 20m

set firewall policer police20m if-exceeding burst-size-limit 625k

set firewall policer police20m then discard

set firewall policer police60m if-exceeding bandwidth-limit 60m

set firewall policer police60m if-exceeding burst-size-limit 625k

set firewall policer police60m then discard


Any ideas?

Thanks



No comments:

Post a Comment