The Junos OS class of service (CoS) enables users to use filters to divide traffic into classes and offer various levels of throughput and packet loss. A policer is a filter that limits traffic of a certain class to a specified bandwidth. This article describes how to apply the policer to control the bandwidth in both directions.
- How to determine the direction to give on the filter
- Utility of having two policers rather than one policer
Assume that a source IP address 10.10.10.20 wants to access any destination, and a bandwidth of 1 MB has been configured in both directions.
Configure the upload traffic:
root# show firewall filter upload term t1 { from { source-address { 10.10.10.20/32; } } then policer p1; } term t2 { then accept; } [edit firewall policer p1] root# show if-exceeding { bandwidth-limit 1m; burst-size-limit 10k; } then { forwarding-class best-effort } Apply this filter in the input direction of the LAN interface. Configure the download traffic from the Internet to the destination 10.10.10.20: root# show firewall filter download term t1 { from { destination-address { 10.10.10.20/32; } } then policer p2; } term t2 { then accept; } [edit firewall policer p2] root# show if-exceeding { bandwidth-limit 1m; burst-size-limit 10k; } then { forwarding-class best-effort }
Note: The policer is p2 and not p1. If the same policer p1 were to be applied for the download traffic, then the bandwidth 1MB would be distributed in both upload and the download direction. This would mean that a different policer would be applied for upload and download even though the bandwidth limit is the same.
Note: When troubleshooting CoS issues, confirm whether the Internet bandwidth is the same in both directions, for example, 2 MB for the download direction and 2 MB for the upload direction. In Ethernet terms, whether it is full duplex and half duplex.