Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation  Back up to About Overview 
ContentIndex
  
[+] Expand All
[-] Collapse All

 A  C  D  E  F  G  H  I  J  L  M  N  O  P  Q  R  S  T  U  V

 

A

access policy, examples    1
DHCP    
SRC CLI
PPP    
SRC CLI
action threshold, service schedules    
overview
setting    
SRC CLI
actions.     See policy actions    
aggregate services    1
adding    
SRC CLI
before you configure    
SRC CLI
fragment services
infrastructure services
mandatory services
Python expressions
redundancy
sessions    1
activation
attributes
deactivation
modification
monitoring
timers, configuring    
SRC CLI
apply-groups statement, routers running Junos OS
 

C

captive portal    
using with next-hop action    
SRC CLI
classify-traffic condition    1
application protocol    
defining, SRC CLI
map expressions, SRC CLI
application, setting    
SRC CLI
application-group, setting    
SRC CLI
configuring    
SRC CLI
destination grouped network, configuring    
SRC CLI
destination network, configuring    
SRC CLI
expanded classifiers    1
configuring, SRC CLI
extended classifiers    1
configuring, SRC CLI
ICMP conditions, setting    
SRC CLI
IGMP conditions, setting    
SRC CLI
IPSec conditions, setting    
SRC CLI
Junos OS filter conditions, setting    
SRC CLI
JunosE secondary input policy conditions, setting    
SRC CLI
match direction, setting    
SRC CLI    12
multiple classifiers
packet length, setting    
SRC CLI
PCMM I02 and I03    1
configuring, SRC CLI
port definitions, overview    
SRC CLI
protocol conditions with parameters, setting    
SRC CLI
protocol conditions with ports, setting    
SRC CLI
protocol conditions, setting    
SRC CLI
route class, configuring    
SRC CLI
source grouped network, configuring    
SRC CLI
source network, setting    
SRC CLI
TCP conditions, setting    
SRC CLI
term-precedence, setting    
SRC CLI
ToS byte conditions, setting    
SRC CLI
color actions    1
configuring    
SRC CLI
color mark actions    12
controlled load service, FlowSpec
conventions    
notice icons
text
CoS (class of service)    
ToS byte, setting    
SRC CLI
customer support    1
contacting JTAC
 

D

Data-over-Cable Service Interface Specifications.     See DOCSIS    
default policies    
example    
SRC CLI
DHCP (Dynamic Host Configuration Protocol)    
access policy example    
SRC CLI
Differentiated Services code point, ToS byte    
SRC CLI
DOCSIS policy actions    1
configuring    
SRC CLI
documentation    
comments on
drop profile maps    
configuring    
SRC CLI
drop probability, setting    
SRC CLI
fill level, setting    
SRC CLI
DSCP (Differentiated Services code point), ToS byte    
SRC CLI
 

E

effective period, service schedules
exclusions to service schedule    1
defining    
SRC CLI
expanded classifiers    1
configuring    
SRC CLI
expressions    
map, application protocol conditions    
SRC CLI
parameter definitions
extended classifiers, PCMM    1
configuring    
SRC CLI
external parent groups    
JunosE    
overview    12
external parent groups,    
aggregate rate-limit    
configuring
configuration statements
for JunosE policies    
configuration statements
configuring
hierarchical policy parameter    
configuring
JunosE    
creating
rate-limit profiles    
configuring
 

F

filter actions    1
configuring    
SRC CLI
FlowSpec actions    1
configuring    
SRC CLI
forward actions    1
configuring    
SRC CLI
forwarding class actions    1
configuring    
SRC CLI
fragment services    1
configuring    
SRC CLI
 

G

gates, PCMM
gateSpec actions    1
configuring    
SRC CLI
global parameters    1
configuring    
SRC CLI
predefined    1
viewing with SRC CLI
runtime
types
guaranteed service, FlowSpec
 

H

hierarchical policies    
overview    
1
hierarchical rate-limiting    
JunosE    
1
 

I

infrastructure services    123
 

J

Junos OS ASP policy rules    1
NAT actions    1
configuring, SRC CLI
network, specifying    1
SRC CLI    12
stateful firewall actions, configuring    
SRC CLI
Junos OS filter policy rules    1
conditions, setting    
SRC CLI
Junos OS policer policy rules    1
policer actions    1
configuring, SRC CLI
Junos OS port mirror policy rules    
traffic mirror actions
Junos OS scheduler policy rules    12,  See also drop profile maps    
actions    1
configuring, SRC CLI
QoS conditions, configuring    
SRC CLI
Junos OS shaping policy rules
JunosE IPv6 policy rules    
network, specifying    
SRC CLI    12
JunosE secondary input policy rules    
conditions, setting    
SRC CLI
 

L

local parameters    1
configuring    
SRC CLI
types
loss priority actions    1
configuring    
SRC CLI
 

M

manuals    
comments on
map expressions    
application protocol conditions    
SRC CLI
substitutions
mark actions    1
configuring    
SRC CLI
multiple classifiers, policies
multitask
mutex group    1
adding    
SRC CLI
 

N

NAT (Network Address Translation) policies    
actions    1
configuring, SRC CLI
application protocol condition    
defining, SRC CLI
map expressions, SRC CLI
next-hop actions    1
captive portal feature    
SRC CLI
configuring    
SRC CLI
next-interface actions    1
configuring    
SRC CLI
next-rule actions    1
configuring    
SRC CLI
non-real-time polling service.
notice icons
NRTPS (non-real-time polling service)
 

O

operators in substitution expressions
 

P

packet loss priority.     See loss priority actions    
PacketCable Multimedia Specifications.     See PCMM    
parameter names    
substitutions
parameter value acquisition    12,  See also substitutions    
example
multiple subscriptions
single subscriptions
parameter values, setting in services
parameters    1,  See also substitutions    
defining
definition
fixing
global.     See global parameters    
local.     See local parameters    
ranking sources
runtime.     See runtime parameters    
types
parent groups    12345
PCMM policies    
classifiers
client type 1 support
conditions and actions supported
DOCSIS parameters    1
configuring, SRC CLI
extended classifiers    1
configuring, SRC CLI
FlowSpec parameters    
configuring, SRC CLI
controlled load service
guaranteed service
request specification (RSpec)
traffic specification (TSpec)
gate
gateSpec parameters, configuring    
SRC CLI
I02 and I03 classifiers
marking packets
proxied QoS with policy push
service class name    
configuring, SRC CLI
service flow scheduling types
SessionClassId
traffic profiles
permanent service    1
configuring    
SRC CLI
plug-ins    
authorization
policer actions    1
configuring    
SRC CLI
policies    
defining parameters in repository
policing policies    
example    
SRC CLI
policy actions    1
color    1
configuring, SRC CLI
color mark    12
combining
configuring
DOCSIS    1
configuring, SRC CLI
dynamic profiles    
configuring, SRC CLI
filter    1
configuring, SRC CLI
FlowSpec    1
configuring, SRC CLI
forward    1
configuring, SRC CLI
forwarding class    1
configuring, SRC CLI
forwarding instance    
configuring, SRC CLI
gateSpec    1
configuring, SRC CLI
loss priority    1
configuring, SRC CLI
mark    1
configuring, SRC CLI
NAT    1
configuring, SRC CLI
next hop    1
configuring, SRC CLI
next interface    1
configuring, SRC CLI
next rule    1
configuring, SRC CLI
policer    1
configuring, SRC CLI
policy rules supported
QoS profile attachment    1
configuring, SRC CLI
rate limit    1
configuring, SRC CLI
rate limit hierarchy    
overview
parent-group reference, SRC CLI
rate limit types    
configuring, SRC CLI
rate-limit hierarchy    
configuring, SRC CLI    12
reject    1
configuring, SRC CLI
routing instance    1
configuring, SRC CLI
scheduler    1
configuring, SRC CLI
service class name    1
configuring, SRC CLI
stateful firewall    1
configuring, SRC CLI
template activation    
configuring, SRC CLI
traffic class    1
configuring, SRC CLI
traffic mirror    1
configuring, SRC CLI
traffic-shape    1
configuring, SRC CLI
types
user packet class    1
configuring, SRC CLI
policy components    1
policy decision point, description
Policy Editor
policy enforcement point, description
policy engine
policy repository
policy conditions    12,  See also classify-traffic condition    
policy rules supported
types
policy engine
policy examples    
access policy    
SRC CLI
premium service    
SRC CLI
tiered Internet service    
SRC CLI
policy folders    1
configuring    
SRC CLI
policy groups    1
configuring    
SRC CLI
policy lists    1
configuring    
SRC CLI
policy management    
bandwidth management
overview
packet logging
packet mirroring
packet tagging
policy routing
QoS classification and marking
RADIUS support
security
policy objects    
organization
policy overview    
actions.     See policy actions    
conditions.     See classify-traffic condition\    
policy object organization
policy repository, description
policy rules    1
actions supported
conditions supported
configuring    
SRC CLI
Junos Adaptive Services PIC (ASP).     See Junos OS ASP policy rules    
Junos OS filter.     See Junos OS filter policy rules    
Junos OS policer.     See Junos OS policer policy rules    
Junos OS scheduler.     See Junos OS scheduler policy rules    
Junos OS shaping.     See Junos OS shaping policy rules    
precedence    
SRC CLI
types
PPP    
access policy example    
SRC CLI
precedence    
policy rules    
SRC CLI
premium service, example    
SRC CLI
preparation time, service schedules    
overview
setting    
SRC CLI
proxied QoS with policy push
PTSP actions    
PTSP actions, configuring    
SRC CLI
 

Q

QoS (quality of service)    
condition    1
configuring, SRC CLI
PCMM cable networks.     See PCMM policies    
QoS parameters, configuring    
SRC CLI
QoS profile attachment actions    1
configuring, SRC CLI
QoS profile, configuring    
SRC CLI
QoS condition    12
 

R

rate-limit actions    1
configuring    
SRC CLI
example    
SRC CLI
rate-limit hierarchy actions    
configuring    
SRC CLI    12
overview
rate-limit type actions    
configuring    
SRC CLI
rate-limiting, with multiple classifiers
real-time polling service.     See RTPS    
reject actions    1
configuring    
SRC CLI
routers running Junos OS    
policy features    
rate-shaping
routing instance actions    1
configuring    
SRC CLI
RTPS (real-time polling service)    1
configuring    1
SRC CLI
runtime parameters    
viewing with SRC CLI
 

S

scheduleAuth plug-in
scheduler actions    12,  See also drop profile maps    
configuring    
SRC CLI
scopes.     See service scopes    
script services    1
adding    
SRC CLI
example    
ScriptService SPI in Java
ScriptService SPI in Jython
ScriptService interface
service    
3gpp attributes (Gx router driver)    
configuring, SRC CLI
service class name actions    1
configuring    
SRC CLI
service flow scheduling types
service schedules    
action threshold, setting    
SRC CLI
authorization schedules, configuring    
SRC CLI
configuring    
SRC CLI
examples    
SRC CLI    1234
exclusions, defining    
SRC CLI
guidelines
overview    1
action threshold
authorization schedules
configuring
effective period
event-based schedules
exclusions
one-time events
preparation time
recurring events
state-based schedules
planning
preparation time, setting    
SRC CLI
weekly-recur-freq
service scopes    12
adding    
SRC CLI
assigning services    
SRC CLI
assigning subscribers    
SRC CLI
assigning VRs    
SRC CLI
configuring    
SRC CLI
example    
SRC CLI
multiple scopes, defining    
SCR CLI
service-mgm-schedules-nonwork
services    
activate-only
adding aggregate    
SRC CLI
adding infrastructure    
SRC CLI
adding normal    
SRC CLI
adding script services    
SRC CLI
aggregate.     See aggregate services    
assigning to service scopes    
SRC CLI
automatic activation
infrastructure.     See infrastructure services    
mutually exclusive
overview
premium service example    
SRC CLI
restricting availability
restricting simultaneous activation
script.     See script services    
setting parameter values
tiered Internet example    
SRC CLI
SessionClassId, PCMM policies
shaping rate.     See traffic shaping    
stateful firewall policies    
actions    1
configuring, SRC CLI
application protocol conditions    
defining, SRC CLI
map expressions, SRC CLI
substitutions    1,  See also parameters    
aggregate services, configuring
comments    1
adding
definition
exceptions, raising
expressions    12
IPv4 addresses
keywords
lists, formatting
maps, formatting
numbers, formatting
operators
parameter names, specifying
ranges
separators
strings, formatting
subordinate expressions
syntax
formatting
map expressions
mathematical expressions
parameter names
validation
support, technical     See technical support    
 

T

technical support    
contacting JTAC
template activation actions    
configuring    
SRC CLI
text conventions defined
tiered Internet service, example    
SRC CLI
traffic mirror actions    1
configuring    
SRC CLI
traffic profiles, PCMM policies
traffic shape actions    
configuring    
SRC CLI
traffic shaping    
actions
policy rules
traffic-class actions    1
configuring    
SRC CLI
traffic-shape actions
 

U

UGS (unsolicited grant service)    1
configuring    
SRC CLI
UGS-AD (unsolicited grant service with activity detection)    1
configuring    
SRC CLI
unsolicited grant service.     See UGS    
unsolicited grant with activity detection.     See UGS-AD    
user packet class actions    1
configuring    
SRC CLI
 

V

validating    
substitutions
value acquisition for parameters    
multiple subscriptions
single subscriptions

Example: Parameter Value Substitution

Parameters provide general definitions for configuration properties. You can use parameters in the configuration for policies, services, and subscriptions. Users can define the value for a parameter through an enterprise service portal or a residential portal.

Note: The SRC sample data includes the configuration used in this example.

This example shows how to use parameters and substitutions in the SRC software.

Requirements

This example uses the following hardware and software components:

  • SRC software 1.0.0 and greater
  • Sample enterprise service portal available with SRC software 1.0.0 and greater
  • C Series Controller
  • Routers running JunosE Software

Overview

This configuration has the following characteristics:

  • A service that provides a gold-level quality of service
  • A department subnet in an enterprise network subscribes to this service with the ability a to track and charge the department for the volume of bandwidth used.

Figure 19 shows the network in the example.

Figure 19: Network Used in Parameter Substitution Example

Network Used in Parameter Substitution
Example

From the service provider’s perspective, the service provider’s network is on the inside, and the enterprise network is on the outside. Ingress traffic flows from the enterprise network to the service provider’s network. Egress traffic flows from the service provider’s network to the enterprise network. The engineering department subnet in the enterprise network is the subnet that we will subscribe to the gold-level service and track.

Types of Parameters

The example uses two types of parameters:

  • rate—Used to scale the rate limiter
  • network—Used to specify IP subnets in classify conditions

Parameter Configuration

The parameters appear in the configuration for:

  • A policy group called tierpolicy that classifies packets based on source and destination subnets and applies a rate limit action to those packets. The tierpolicy policy group contains three local parameters:
    • inside—Parameter of type network; used to specify a subnet
    • outside—Parameter of type network; used to specify a subnet
    • qos—Parameter of type rate; used to scale the rate limiter
  • A service called GoldMetered, that has tierpolicy as the policy group. The GoldMetered service includes the following parameter substitution:
    • qos—Fix to 50% of the interface_speed parameter. (interface_speed is a global runtime parameter that the SAE fills in with the actual speed of the router interface.)
    • dept—Create a parameter called dept that is parameter type (role) network.
    • outside—Set to dept (short for department), which effectively renames the outside parameter to dept.
    • inside—Set to any.
  • An enterprise subscriber that uses the following parameter substitution:
    • eng—Create a parameter called eng (short for engineering department) that is parameter type (role) network, and set the value to 192.0.2.22/28.
  • A subscriber subscription to the GoldMetered service that has the following parameter substitution:
    • dept—Set to eng.

Parameter Values After Value Acquisition

After the SRC software has gone through the parameter value acquisition process, the three original parameters in the tierpolicy policy group have the following values:

  • inside=0.0.0.0/0

    This value was acquired from the global parameter any that was defined in the service definition

  • outside=192.0.2.22/28

    This value was acquired as follows:

    • outside=dept—Acquired from the service definition
    • dept=eng—Acquired from the subscription
    • eng=192.0.2.22/28—Acquired from the enterprise subscriber definition
    • qos=500,000

      This value was acquired from the service definition where the value of qos was set to 50% of the interface_speed parameter. An interface_speed value of 1,000,000 was acquired from the router. If qos=50% of the interface speed, then the qos value is 500,000.

      The rest of the rate-limit values are calculated based on the 500,000 value of qos.

Figure 20 shows the values of the ingress and egress policies that are applied to the router in our sample network.

Figure 20: Policies Applied to the Sample Network

Policies Applied to the Sample Network

Configuration

Configure a policy, service, subscriber, and subscription to use parameter value acquisition:

Configuring the Default Value for a Global Parameter

Configure the global parameter any which is used in the policy configuration.

CLI Quick Configuration

To quickly configure the global parameter any, copy the following commands into a text editor, and modify them as needed; then load the configuration from the file.

[edit] set policies global-parameters any default-value 0.0.0.0/0 set policies global-parameters any type network

Step-by-Step Procedure

To configure the global parameter any:

  1. From configuration mode, enter the global parameter configuration for the any parameter.
    [edit]user@host# edit policies global-parameters any
  2. (Optional) Configure a default value that the policy engine uses if no other values are provided during the parameter value acquisition process.

    See Parameter Types for valid values of each parameter type.

    [edit policies global-parameters any]user@host# set default-value 0.0.0.0/0
  3. (Optional) Type of attribute for which you can use the parameter.
    [edit policies global-parameters any]user@host# set type network

Configuring a Policy Group

Configure the policy group tierpolicy to specify bandwidth for incoming and outgoing traffic.

CLI Quick Configuration

To quickly configure the global parameter any, copy the following commands into a text editor, and modify them as needed; then load the configuration from the file.

[edit] set policies folder ent group tierpolicy set policies folder ent group tierpolicy local-parameters qos set policies folder ent group tierpolicy local-parameters qos type rate set policies folder ent group tierpolicy local-parameters outside set policies folder ent group tierpolicy local-parameters outside type network set policies folder ent group tierpolicy local-parameters outside default-value any set policies folder ent group tierpolicy local-parameters inside set policies folder ent group tierpolicy local-parameters inside type network set policies folder ent group tierpolicy local-parameters inside default-value any set policies folder ent group tierpolicy list egrules set policies folder ent group tierpolicy list egrules role junose-ipv4 set policies folder ent group tierpolicy list egrules applicability output set policies folder ent group tierpolicy list ingrules set policies folder ent group tierpolicy list ingrules role junose-ipv4 set policies folder ent group tierpolicy list ingrules applicability input set policies folder ent group tierpolicy list egrules rule eglimit set policies folder ent group tierpolicy list egrules rule eglimit type junose-ipv4 set policies folder ent group tierpolicy list egrules rule eglimit precedence 1000 set policies folder ent group tierpolicy list egrules rule eglimit accounting set policies folder ent group tierpolicy list egrules rule eglimit traffic-condition cond set policies folder ent group tierpolicy list egrules rule eglimit traffic-condition cond source-network group-network network-specifier inside set policies folder ent group tierpolicy list egrules rule eglimit traffic-condition cond destination-network group-network network-specifier outside set policies folder ent group tierpolicy rate-limit ratelimit set policies folder ent group tierpolicy type two-rate set policies folder ent group tierpolicy list egrules rule eglimit rate-limit ratelimit committed-rate qos set policies folder ent group tierpolicy list egrules rule eglimit rate-limit ratelimit committed-burst "max(qos*0.1, 16384)" set policies folder ent group tierpolicy rate-limit ratelimit committed-action forward set policies folder ent group tierpolicy rate-limit ratelimit exceed-action filter set policies folder ent group tierpolicy rate-limit ratelimit conformed-action filter set policies folder ent group tierpolicy rate-limit ratelimit exceed-action filter set policies folder ent group tierpolicy list ingrules rule inglimit set policies folder ent group tierpolicy list ingrules rule inglimit type junose-ipv4 set policies folder ent group tierpolicy list ingrules rule inglimit precedence 1000 set policies folder ent group tierpolicy list ingrules rule inglimit accounting set policies folder ent group tierpolicy list ingrules rule inglimit traffic-condition ent set policies folder ent group tierpolicy list ingrules rule inglimit traffic-condition ent source-network group-network network-specifier outside set policies folder ent group tierpolicy list ingrules rule inglimit traffic-condition ent destination-network group-network network-specifier inside set policies folder ent group tierpolicy list ingrules rule inglimit rate-limit rateLimit set policies folder ent group tierpolicy list ingrules rule inglimit rate-limit rateLimit type two-rate set policies folder ent group tierpolicy list ingrules rule inglimit rate-limit rateLimit committed-rate qos set policies folder ent group tierpolicy list ingrules rule inglimit rate-limit rateLimit committed-burst "max(qos*0.1, 16384)" set policies folder ent group tierpolicy list ingrules rule inglimit rate-limit rateLimit peak-rate qos*1.5 set policies folder ent group tierpolicy list ingrules rule inglimit rate-limit rateLimit committed-action mark mark-info value 1 set policies folder ent group tierpolicy list ingrules rule inglimit rate-limit rateLimit set policies folder ent group tierpolicy list ingrules rule inglimit rate-limit rateLimit conformed-action mark mark-info value 2 set policies folder ent group tierpolicy list ingrules rule inglimit rate-limit rateLimit exceed-action filter set policies folder ent group tierpolicy list ingrules rule inglimit rate-limit rateLimit peak-burst "max(qos*1.5*0.1, 16384)"

Step-by-Step Procedure

To create and configure a policy group named tierpolicy:

  1. Create the tiergroup policy.
    [edit]user@host# edit policies folder ent group tierpolicy
  2. Create local parameters, which are parameters that will be used only with tierpolicy.
  3. qos—Rate parameter
    [edit policies folder ent group tierpolicy]user@host# edit local-parameters qos [edit policies folder ent group tierpolicy local-parameters qos]user@host# set type rate
  • outside—Network parameter with a default value of any; any is a global parameter with value 0.0.0.0/0, which matches any network
    [edit policies folder ent group tierpolicy]user@host# edit local-parameters outside [edit policies folder ent group tierpolicy local-parameters outside]user@host# set type network [edit policies folder ent group tierpolicy local-parameters outside]user@host# set default-value any
  • inside—Network parameter with a default value of any; any is a global parameter with value 0.0.0.0/0, which matches any network
    [edit policies folder ent group tierpolicy]user@host# edit local-parameters inside [edit policies folder ent group tierpolicy local-parameters inside]user@host# set type network [edit policies folder ent group tierpolicy local-parameters inside]user@host# set default-value any
  • Create a policy lists for egress side of the interface.
    [edit policies folder ent group tierpolicy]user@host# edit list egrules [edit policies folder ent group tierpolicy list egrules]user@host# set role junose-ipv4 [edit policies folder ent group tierpolicy list egrules]user@host# set applicability output
  • Create a policy list, for the ingress side of the interface.
    [edit policies folder ent group tierpolicy]user@host# edit list ingrules [edit policies folder ent group tierpolicy list ingrules]user@host# set role junose-ipv4 [edit policies folder ent group tierpolicy list ingrules]user@host# set applicability input
  • Create a policy rule for egress traffic.
    [edit policies folder ent group tierpolicy list egrules]user@host# edit rule eglimit [edit policies folder ent group tierpolicy list egrules rule eglimit]user@host# set type junose-ipv4 [edit policies folder ent group tierpolicy list egrules rule eglimit]user@host# set precedence 1000 [edit policies folder ent group tierpolicy list egrules rule eglimit]user@host# set accounting
  • In the egress policy rule, which applies to traffic coming from the service provider network to the enterprise, create a condition that matches IP packets on source and destination networks:
  • source network=inside
  • destination network=outside
    [edit policies folder ent group tierpolicy list egrules rule eglimit]user@host# edit traffic-condition cond [edit policies folder ent group tierpolicy list egrules rule eglimit traffic-condition cond ]user@host# set source-network group-network network-specifier inside [edit policies folder ent group tierpolicy list egrules rule eglimit traffic-condition cond ]user@host# set destination-network group-network network-specifier outside
  • Also in the egress policy rule, create a rate-limit action and set the type to the runtime parameter two-rate.
    [edit policies folder ent group tierpolicy list egrules rule eglimituser@host# edit rate-limit ratelimit [edit policies folder ent group tierpolicy list egrules rule eglimit rate-limit ratelimit]user@host# set type two-rate
  • Configure the rate-limit action in the egress policy rule to do the following:
  • Set the committed rate to the qos parameter.
    [edit policies folder ent group tierpolicy list egrules rule eglimit rate-limit ratelimit]user@host# set committed-rate qos
  • Set the committed burst to the maximum of either 800 ms burst at committed rate in bytes (qos*0.1) or 16384.
    [edit policies folder ent group tierpolicy list egrules rule eglimit rate-limit ratelimit]user@host# set committed-burst "max(qos*0.1, 16384)"
  • Use the default peak burst rate of 16384.
  • Forward all committed traffic.
    [edit policies folder ent group tierpolicy list egrules rule eglimit rate-limit ratelimit]user@host# set committed-action forward
  • Filter all uncommitted traffic.
    [edit policies folder ent group tierpolicy list egrules rule eglimit rate-limit ratelimit]user@host# set exceed-action filter [edit policies folder ent group tierpolicy list egrules rule eglimit rate-limit ratelimit]user@host# set conformed-action filter [edit policies folder ent group tierpolicy list egrules rule eglimit rate-limit ratelimit]user@host# set exceed-action filter
  • Create a policy rule for ingress traffic.
    [edit policies folder ent group tierpolicy list ingrules]user@host# edit rule inglimit [edit policies folder ent group tierpolicy list ingrules rule inglimit]user@host# set type junose-ipv4 [edit policies folder ent group tierpolicy list ingrules rule inglimit]user@host# set precedence 1000 [edit policies folder ent group tierpolicy list ingrules rule inglimit]user@host# set accounting
  • In the ingress policy rule, which applies to traffic coming from the enterprise network, create a condition that matches IP packets on source and destination networks:
  • source network=outside
  • destination network=inside
    [edit policies folder ent group tierpolicy list ingrules rule inglimit]user@host# edit traffic-condition ent [edit policies folder ent group tierpolicy list ingrules rule inglimit traffic-condition ent]user@host# set source-network group-network network-specifier outside [edit policies folder ent group tierpolicy list ingrules rule inglimit traffic-condition ent]user@host# set destination-network group-network network-specifier inside
  • Also in the ingress policy rule, create a rate-limit action and set the type to the runtime parameter two-rate.
    [edit policies folder ent group tierpolicy list ingrules rule inglimit]user@host# edit rate-limit rateLimit [edit policies folder ent group tierpolicy list ingrules rule inglimit rate-limit rateLimit]user@host# set type two-rate
  • Configure the rate-limit action in the ingress policy rule to do the following:
  • Set the committed rate to the qos local parameter.
    [edit policies folder ent group tierpolicy list ingrules rule inglimit rate-limit rateLimit]user@host# set committed-rate qos
  • Set the committed burst to either 800 ms burst or at the committed rate in bytes (qos*0.1) or 16384.
    [edit policies folder ent group tierpolicy list ingrules rule inglimit rate-limit rateLimit]user@host# set committed-burst "max(qos*0 .1 , 16384)"
  • Scale the peak rate and burst by 1.5.
    [edit policies folder ent group tierpolicy list ingrules rule inglimit rate-limit rateLimit]user@host# set peak-rate qos*1.5
  • Mark committed and conformed traffic with different marks (1 and 2).
    [edit policies folder ent group tierpolicy list ingrules rule inglimit rate-limit rateLimit]user@host# set committed-action mark mark-info value 1 [edit policies folder ent group tierpolicy list ingrules rule inglimit rate-limit rateLimit]user@host# set conformed-action mark mark-info value 2
  • Drop all traffic that exceeds the rate limit.
    [edit policies folder ent group tierpolicy list ingrules rule inglimit rate-limit rateLimit]user@host# set exceed-action filter
  • Set the peak burst rate to the maximum of either 800 ms burst of one and a half times the committed rate in bytes (qos*1.5) or 16384.
    [edit policies folder ent group tierpolicy list ingrules rule inglimit rate-limit rateLimit]user@host# set peak-burst "max(qos*1.5*0.1, 16384)"

Configuration Results

[edit policies folder ent group tierpolicy]
user@host# show 
description "This is a service policy for services that rate limit and account 
for traffic to and from the service provider's network.  It is parameterized on 
the subnets inside and outside the service provider's network between which the 
traffic flows.  It is also parameterized on a number which is used to scale 
ingress and egress rate limit rules.  ";
local-parameters { 
  qos {
    description " Scaling factor to apply to the rate limits on the traffic 
between inside and outside";
    type rate;
  }
  outside {
    description "the subnet outside the service provider's network";
    default-value any;
    type network;
  }
  inside {
    description "the subnet inside the service provider's network";
    default-value any;
    type network;
  }
}
list egrules {
  role junose-ipv4;
  applicability output;
  rule eglimit {
    type junose-ipv4;
    precedence 1000;
    accounting;
    rate-limit ratelimit {
      committed-action { 
        forward { 
        }
      }
      conformed-action { 
        filter { 
        }
      }
      exceed-action { 
        filter { 
        }
      }
      type two_rate;
      committed-rate qos;
      committed-burst "max(qos*0.1, 16384)";
      peak-rate qos*1.5;
      peak-burst 16384;
      description "committed rate is \"qos\" parameter, burst is 800ms burst at 
committed rate (*0.1 remember rates are bits per second, bursts are bytes)
drop all uncommitted traffic.  Max with 16384 to make sure burst is not too 
small for slow interfaces.  ";
    }
    traffic-condition cond {
      source-network { 
        group-network { 
          network-specifier inside;
        }
      }
      destination-network { 
        group-network { 
          network-specifier outside;
        }
      }
    }
    description "rule to limit egress traffic";
  }
}
list ingrules {
  role junose-ipv4;
  applicability input;
  rule inglimit {
    type junose-ipv4;
    precedence 1000;
    accounting;
    rate-limit rateLimit {
      committed-action { 
        mark { 
          mark-info { 
            value 1;
          }
        }
      }
      conformed-action { 
        mark { 
          mark-info { 
            value 2;
          }
        }
      }
      exceed-action { 
        filter { 
        }
      }
      type two_rate;
      committed-rate qos;
      committed-burst "max(qos*0.1, 16384)";
      peak-rate qos*1.5;
      peak-burst "max(qos*1.5*0.1, 16384)";
      description "committed rate is \"qos\" parameter, burst is 800ms burst at 
committed rate (*0.1 remember rates are bits per second, bursts are bytes).  Max 
with 16384 to make sure burst is not too small for slow interfaces.peak rate 
and burst are scaled by 1.5. mark committed and conformed traffic with 
different marks, drop all excess traffic";
    }
    traffic-condition ent {
      source-network { 
        group-network { 
          network-specifier outside;
        }
      }
      destination-network { 
        group-network { 
          network-specifier inside;
        }
      }
    }
    description "rule to limit ingress traffic";
  }
}

Configuring a Service

Configure a service that provides a gold-level quality of service to subscribers.

CLI Quick Configuration

To quickly configure a service copy the following commands into a text editor, and modify them as needed; then load the configuration from the file.

[edit] set services set services scope EntJunose set services scope EntJunose service GoldMetered set services scope EntJunose service GoldMetered type normal set services scope EntJunose service GoldMetered category "Quality of Service" set services scope EntJunose service GoldMetered policy-group /ent/tierpolicy set services scope EntJunose service GoldMetered radius-class GoldMetered set services scope EntJunose service GoldMetered parameter substitution
[ "dept:network//the subnet of the department to apply the service to" "!inside:network = any//always apply to any subnet inside the service provider" "!outside:network = dept//rename outside policy parameter to dept" "!qos = interface_speed*0.5//gold qos is 50% of interface speed" ]

Step-by-Step Procedure

To configure a service that uses the policy tierpolicy:

  1. Create a service called GoldMetered, and assign tierpolicy as the policy group.
    [edit]user@host# edit services [edit services]user@host# edit scope EntJunose [edit services scope EntJunose]user@host# edit service GoldMetered [edit services scope EntJunose service GoldMetered]user@host# set type normal [edit services scope EntJunose service GoldMetered]user@host# set category "Quality of Service" [edit services scope EntJunose service GoldMetered]user@host# set policy-group /ent/tierpolicy [edit services scope EntJunose service GoldMetered]user@host# set radius-class GoldMetered
  2. Edit the parameter for the GoldMetered service, and add the following substitutions:
  • dept—Create a parameter called dept that is parameter type (role) network. This is the subnet of the department that the service will apply to.
  • qos—Fix the qos parameter to 50% of the interface_speed parameter. (interface_speed is a global runtime parameter that the SAE fills in with the actual speed of the router interface).
  • outside—Set the outside parameter to the value dept, which effectively renames the outside parameter to dept.
  • inside—Set the inside parameter to a value of any, which applies to any subnet inside the service provider’s network.
    [edit services scope EntJunose service GoldMetered]user@host# set parameter substitution [ "dept:network//the subnet of the department to apply the service to" "!inside:network = any//always apply to any subnet inside the service provider" "!outside:network = dept//rename outside policy parameter to dept" "!qos = interface_speed*0.5//gold qos is 50% of interface speed" ]

Configuration Results

[edit services scope EntJunose service GoldMetered]
user@host# show 
description "Provides gold level quality of service to given enterprise
 department subnet charged on volume";
type normal;
category "Quality of Service";
policy-group /ent/tierpolicy;
radius-class GoldMetered;
status active;
parameter { 
  substitution [ "dept:network//the subnet of the department to apply the 
service to" "!inside:network = any//always apply to any subnet inside the
 service provider" "!outside:network = dept//rename outside policy parameter 
to dept" "!qos = interface_speed*0.5//gold qos is 50% of interface speed" ];
}

Creating an Enterprise Subscriber

Create the eng parameter for use in parameter substitution. this parameter represents an enterprise subscriber. You can configure the substitution in the SRC CLI, the sample enterprise service portal, or the C-Web interface.

CLI Quick Configuration

To quickly configure the global parameter any, copy the following commands into a text editor, and modify them as needed; then load the configuration from the file.

[edit] set subscribers retailer default subscriber-folder local enterprise ABCInc substitution [ " acct : network = 208.93.36.80 / 28" "eng : network = 208.93.36.6 4 / 28" ] set subscribers retailer default subscriber-folder local enterprise ABCInc substitution [ "acct : network = 208.93.36.80 / 28" "eng : network = 208.93.36.64 / 28" ]

Step-by-Step Procedure

To create a parameter called eng in an existing enterprise:

  1. Create the eng parameter with parameter type (role) network, and set the value of eng to 192.0.2.22/28.
    [edit subscribers retailer default subscriber-folder local enterprise ABCInc]user@host# set substitution [ "acct : network = 208.93.36.80 / 28" "eng : network = 208.93.36.6 4 / 28" ]
  2. Create the eng parameter as part of the subscriber definition.
    • To create the eng parameter with the SRC CLI:
      [edit subscribers retailer default subscriber-folder local enterprise ABCInc]user@host# set substitution [ "acct : network = 208.93.36.80 / 28" "eng : network = 208.93.36.64 / 28" ]
    • To create the eng parameter in the sample enterprise service portal, select the Departments tab, add eng to the department field, and enter 192.0.2.22/28 as the network address of the department.

Configuration Results

[edit subscribers retailer default subscriber-folder local enterprise ABCInc]
user@host# show 
...
substitution [ "acct : network = 208.93.36.80 / 28" "eng : network = 208.93.36.6
4 / 28" ];
...
subscription GoldSecured {
    status active;
    activation manual;
    substitution "!dept : network = eng";
  }

Subscribing ABCInc to the GoldMetered Service

Subscribe to the GoldMetered service.

Step-by-Step Procedure

To subscribe the ABCInc subscriber to the GoldMetered service through the sample enterprise service portal.

  1. Select ABCInc. in the navigation pane.
  2. Select the Services tab.

    The Services pane appears.

  3. Click Subscribe in the GoldMetered service row.
  4. Select the Subscriptions tab.

    The Subscriptions pane appears.

  5. In the dept= field of the Service Parameters box, set the value of the dept parameter to eng.

Related Documentation

Modified: 2015-06-19