Configuring CoS for L2TP Tunnels on ATM Interfaces
The Layer 2 Tunneling Protocol (L2TP) is often used to carry traffic securely between an L2TP network server (LNS) to an L2TP access concentrator (LAC). CoS is supported for L2TP session traffic to a LAC on platforms configured as an LNS that include egress IQ2 PICs. Supported routers are:
M7i and M10i routers
M120 routers
To enable session-aware CoS on an L2TP interface, include the per-session-scheduler statement at the [edit interfaces
unit logical-unit-number] hierarchy level.
[edit interfaces interface-name unit logical-unit-number] per-session-scheduler;
You also must set the IQ2 PIC mode for session-aware traffic
shaping and set the number of bytes to add to or subtract from the
packet before ATM cells are created. To configure these options on
the ingress side of the tunnel, include the ingress-shaping-overhead and mode session-shaping statements at the [edit
chassis fpc slot-number pic pic-number traffic-manager] hierarchy level.
[edit chassis fpc slot-number pic pic-number] traffic-manager { ingress-shaping-overhead number; mode session-shaping; }
Various limitations apply to this feature:
Only 991 shapers are supported on each IQ2 PIC.
Sessions in excess of 991 cannot be shaped (but they can be policed).
There is no support for PPP multilinks.
The overall traffic rate cannot exceed the L2TP traffic rate, or else random drops result.
There is no support for logical interface scheduling and shaping at the ingress because all schedulers are now reserved for L2TP.
There is no support for physical interface rate shaping at the ingress.
You can provide policing support for sessions with more than
the 991 shapers on each IQ2 PIC. Each session can have four or eight
different classes of traffic (queues). Each class needs its own policer;
for example, one for voice and one for data traffic. The policer is
configured within a simple-filter statement and only forwarding class is supported in the from clause.
Only one policer can be referenced in each simple filter.
The following example shows a policer within a simple filter applied to two assured forwarding classes:
[edit firewall]
policer P1 {
if-exceeding {
bandwidth-limit 400k;
burst-size-limit 1500;
}
then discard;
}
family inet {
simple-filter SF-1 {
term T-1 {
from {
forwarding-class [ af11 af21 ];
}
then policer P1;
}
}
}
You can also set the number of bytes to add to or subtract from
the packet at the egress of the tunnel. To configure these options
on the egress side of the tunnel, include the egress-shaping-overhead and mode session-shaping statements at the [edit
chassis fpc slot-number pic pic-number traffic-manager] hierarchy level.
[edit chassis fpc slot-number pic pic-number]
traffic-manager {
egress-shaping-overhead number;
mode session-shaping;
}