Example: Providing Tiered Internet Services with Policing

In this scenario, the service provider offers three tiered Internet services to its subscribers:

• Gold, which provides a bandwidth of up to 5 Mbps.
• Silver, which provides a bandwidth of up to 1Mbps.
• Bronze, which provides a bandwidth of up to 64 Kbps.

One of the tiered Internet services controls the traffic at a given time. Accounting data is collected for the tiered services.

A default policy is needed to establish the context of the tiered service. The subscriber has an IP interface in the network; the access point has a default policy that prevents the subscriber from using a tiered Internet service until the service is activated.

From the service provider’s perspective, the service provider’s network is on the inside, and the enterprise network is on the outside. Ingress traffic flows from the enterprise network to the service provider’s network. Egress traffic flows from the service provider’s network to the enterprise network.

Types of Policies

JUNOSe policies use the rate-limit action to control bandwidth, and JUNOS policies use the policer action to control bandwidth. You can also use QoS conditions and scheduler actions to provide tiered Internet services.

Sample JUNOSe Rate-Limiting Policy

The sample JUNOSe policy has a local parameter bw, which is used in the rate-limit action both on input and output directions.

In this example, the committed action is forward, whereas the conformed and exceeded actions are set to filter.

The following information shows the configuration details of the Internet tiered policy group for JUNOSe routers.

Local Parameter

[edit policies folder sample folder common group internet-tiered local-parameters]
user@host# show 
parameter bw {
  default-value 5000000;
  type rate;
}

Policy List je-out

[edit policies folder sample folder common group internet-tiered list je-out]
user@host# show 
role junose-ipv4;
applicability output;
rule the-limit {
  type junose-ipv4;
  precedence 600;
  accounting;
  rate-limit limit {
    committed-action { 
      forward {
      }
    }
    conformed-action {
      filter {
      }
    }
    exceed-action {
      filter {
      }
    }
    type two_rate;
    committed-rate bw;
    committed-burst 500000;
    peak-rate bw;
    peak-burst 500000;
  }
  traffic-condition any {
  }
}

Policy List je-in

[edit policies folder sample folder common group internet-tiered list je-in]
user@host# show 
role junose-ipv4;
applicability input;
rule the-limit {
  type junose-ipv4;
  precedence 600;
  accounting;
  rate-limit limit {
    committed-action {
      forward {
      }
    }
    conformed-action {
      filter {
      }
    }
    exceed-action {
      filter {
      }
    }
    type two_rate;
    committed-rate bw;
    committed-burst 500000;
    peak-rate bw;
    peak-burst 500000;
  }
  traffic-condition any {
  }
}

Sample JUNOS Policer Policy

The sample JUNOS policy has a local parameter bw, which is used in the policer action both on input and output directions.

In this example, packets that exceed the bandwidth limit are filtered.

The following information shows the configuration details of the Internet tiered policy group for JUNOS routing platforms.

Local Parameter

[edit policies folder sample folder common group internet-tiered local-parameters]
user@host# show 
parameter bw {
  default-value 5000000;
  type rate;
}

PolicyList j-out

[edit policies folder sample folder common group internet-tiered list j-out]
user@host# show 
role junos;
applicability output;
rule PR {
  type junos-filter;
  precedence 100;
  policer PA {
    packet-action packet0 {
      filter {
      }
    }
    bandwidth-limit bw;
    bandwidth-limit-unit bps;
    burst 15000;
  }
}

PolicyList j-in

[edit policies folder sample folder common group internet-tiered list j-in]
user@host# show 
role junos;
applicability input;
rule PR {
  type junos-filter;
  precedence 100;
  policer PA {
    packet-action packet0 {
      filter {
      }
    }
    bandwidth-limit bw;
    bandwidth-limit-unit bps;
    burst 15000;
  }
}

Defining the Tiered Internet Services

You need to create three SAE services—Gold, Silver, and Bronze.

Assign to the new service one of the Internet-tiered policy groups that we created in the last section.

For each service, define a substitution value for the bw parameter. For the Gold service, the bw value is 5 Mbps; for the Silver service, the bw value is 1Mbps; and for the Bronze service, the bw value is 64 Kbps.

Internet-Gold Service

[edit services global service Internet-Gold]
user@host# show 
description "Example for rate limited internet (requires matching default policies)";
type normal;
category Internet;
policy-group /sample/common/internet-tiered;
radius-class Internet-Gold;
status active;
parameter {
  substitution "bw = 5000000";
}

Internet-Silver Service

[edit services global service Internet-Silver]
user@host# show 
description "Example for rate limited internet (requires matching default policies)";
type normal;
category Internet;
policy-group /sample/common/internet-tiered;
radius-class Internet-Silver;
status active;
parameter {
  substitution "bw = 1000000";
}

Internet-Bronze Service

[edit services global service Internet-Bronze]
user@host# show 
description "Example for rate limited internet (requires matching default policies)";
type normal;
category Internet;
policy-group /sample/common/internet-tiered;
radius-class Internet-Bronze;
status active;
parameter {
  substitution "bw = 64000";
}

Copyright © 2008, Juniper Networks, Inc. All Rights Reserved. Trademark Notice.