11.2.5.1. Bandwidth limit (upper limit value) setting

Operation Confirmed Version:
 vSRX Version15.1X49-D105.1

This section describes the setting for imposing bandwidth restriction to traffic which passes through interface.

Setting for restricting communications initiated from a specific source IP address to 100 Mbps

Scenario of the sample setting

  • To restrict traffic which passes through interface (ge-0/0/1) to 100 Mbps in total

  • To make bandwidth restriction settings with interface (ge-0/0/1)

Setting flow in a presumed case

1.Set the target policy name as LIMIT_100M.
2.Set the restriction bandwidth (100 Mbps) to the set policy LIMIT_100M.
3.Apply LIMIT_100M to interface (ge-0/0/1).

Command to be entered with CLI

user01@vSRX-02# set firewall policer LIMIT_100M filter-specific
user01@vSRX-02# set firewall policer LIMIT_100M logical-interface-policer
user01@vSRX-02# set firewall policer LIMIT_100M if-exceeding bandwidth-limit 100m
user01@vSRX-02# set firewall policer LIMIT_100M if-exceeding burst-size-limit 1250000
user01@vSRX-02# set firewall policer LIMIT_100M then discard
user01@vSRX-02# set interfaces ge-0/0/1 unit 0 family inet policer input LIMIT_100M

The configuration after completion of appropriate settings is as follows.

interfaces {
    ge-0/0/1 {
       unit 0 {
           family inet {
               policer {
                   input LIMIT_100M;
               }
           }
       }
    }
    ge-0/0/2 {
       unit 0 {
           family inet {
               address 192.168.3.102/24;
           }
       }
    }
}
firewall {
    policer LIMIT_100M {
        filter-specific;
        logical-interface-policer;
        if-exceeding {
            bandwidth-limit 100m;
            burst-size-limit 1250000;
        }
        then discard;
   }
}

Operation check result

The verification result log below allowed to confirm that bandwidth control works properly because 98.3 Mbps resulted when Traffic 1Gbps addressed to virtual server (192.168.3.13) was applied from virtual server (192.168.2.12).

iperf result of virtual server (192.168.2.12) which transmitted 1Gbps

[user01@centsv-02 ~]$  iperf -c 192.168.3.13 -t 60 -u -b 1G -i 20
------------------------------------------------------------
Client connecting to 192.168.3.13, UDP port 5001
Sending 1470 byte datagrams, IPG target: 10.95 us (kalman adjust)
UDP buffer size:  208 KByte (default)
------------------------------------------------------------
[  3] local 192.168.2.12 port 38812 connected with 192.168.3.13 port 5001
[ ID] Interval       Transfer     Bandwidth
[  3]  0.0-20.0 sec  2.50 GBytes  1.07 Gbits/sec
[  3] 20.0-40.0 sec  2.50 GBytes  1.07 Gbits/sec
[  3]  0.0-60.0 sec  7.50 GBytes  1.07 Gbits/sec
[  3] Sent 5478275 datagrams
[  3] Server Report:
[  3]  0.0-60.0 sec   703 MBytes  98.3 Mbits/sec   0.000 ms 4976864/5478275 (0%)
[  3] 0.00-60.00 sec  3 datagrams received out-of-order
[user01@centsv-02 ~]$

iperf result of virtual server (192.168.3.13) which received 1Gbps

[user01@centsv-03 ~]$ iperf -s -u
------------------------------------------------------------
Server listening on UDP port 5001
Receiving 1470 byte datagrams
UDP buffer size:  208 KByte (default)
------------------------------------------------------------
[  3] local 192.168.3.13 port 5001 connected with 192.168.2.12 port 38812
[ ID] Interval       Transfer     Bandwidth        Jitter   Lost/Total Datagrams
[  3]  0.0-60.0 sec   703 MBytes  98.3 Mbits/sec   0.033 ms 4976864/5478275 (91%)
[  3] 0.00-60.00 sec  3 datagrams received out-of-order

Status of vSRX interface while 1 Gbps traffic is being applied