0

The aforementioned MX router is a BRAS providing access for about 3,000 subscribers, using the 'dynamic-clients' functionality. Each subscriber demux interface gets assigned a specific firewall rate-limit filter according to their data plan. Most of these are low-bandwidth, 5 to 20 Mbit/s.

I need to let the subscribers bypass shaping to access a few IPs. I was able to make do by amending the input firewall filter with an address-matching term like:

term BYPASS {
    from {
        address {
            192.0.2.1/24;
        }
    }
    then accept;

...before the actual term police ruleset that defines traffic shaping.

This ostensibly works. Is this the best solution I might devise?

What are the best practices regarding traffic shaping/policing fine-tuning in JunOS, assuming I might want to add a few more non-shaped destinations in the future?

Branislav Krzanic
  • 1
  • Do let me know if any additional information is required. Thanks. – Branislav Krzanic Jan 02 '20 at 09:16
  • From what I can tell the way you're approaching it for 3000 subscribers should be fine. However, I'd really like to give you a comprehensive answer. Can you post the configuration for the firewall filter that term is contained in and the layer-3 dynamic-profile configuration. Output from "show chassis hardware" would also be helpful. Feel free to obfuscate any IP addresses or private information. – Jordan Head Jan 16 '20 at 20:45

0 Answers0