Regarding traffic shaping on juniper SRX550

Posted by peilin on Server Fault See other posts from Server Fault or by peilin
Published on 2013-11-06T02:17:37Z Indexed on 2013/11/06 3:58 UTC
Read the original article Hit count: 431

Filed under:

junos

We have implemented the Juniper SRX550 in our company.

Now we have one issue that how to restrict the internal user download speed from internet.

Take one example that i want to restrict the end user with IP:192.168.1.20/32 downloading

speed up to 1M via my external port ge-0/0/6.0.

Below is my setting:

[edit firewall policer p1M]

root@SRX550# show

if-exceeding {

bandwidth-limit 1m;

burst-size-limit 15k;

}

then discard;

[edit firewall family inet]

root@SRX550# show filter limit-user

term 10 {

from {

    destination-address {

        192.168.1.20/32;

    }

}

then policer p1M;

}

term else {

then accept;

}

[edit interfaces ge-0/0/6]

root@SRX550# show

per-unit-scheduler;

unit 0 {

family inet {

    filter {

        input limit-user;

    }

    address Hidden Here;

}

}

As per the setting, the end user downloading speed should not exceed the 1m (125KB in

windows), but the result is the downloading speed for this end users still can up to 400KB

via HTTP/HTTPS.

Please advise. Thanks.

Related posts about junos

Junos custom-attack signature pattern syntax

as seen on Server Fault - Search for 'Server Fault'
I am stuck at a point with the configuration of a custom-attack signature in Junos. According to the Junos Custom Attack Definition documentation page, I can set up a custom attack based upon a signature in the packet. In the documentation you can specify a "pattern" to match, but it fails to describe… >>> More
Login configuration script for Junos EX 2200 using minicom

as seen on Server Fault - Search for 'Server Fault'
I am connecting to Junos OS on Juniper EX-2200 switches using minicom as shown below minicom -C log_sw1 sw1 Now I have a series of commands that I need to execute on sw1.(example shown below) cli request system zeroize show config show interface edit delete protocols set system arp aging-timer… >>> More
ECMP Load Balancing in JUNOS

as seen on Server Fault - Search for 'Server Fault'
I'm trying to figure out how to use ECMP load balancing in JUNOS. I know this isn't the best way to load balance, but its quick and dirty and gets done what I need to. In ScreenOS this was pretty easy. Device: SRX220 JunOS: 10.3R2.11 Here's what I've got so far: routing-options { static { … >>> More
ECMP Load Balancing in JUNOS

as seen on Server Fault - Search for 'Server Fault'
I'm trying to figure out how to use ECMP load balancing in JUNOS. I know this isn't the best way to load balance, but its quick and dirty and gets done what I need to. In ScreenOS this was pretty easy. Device: SRX220 JunOS: 10.3R2.11 Here's what I've got so far: routing-options { static { … >>> More
Juniper EX3300 routing issue

as seen on Server Fault - Search for 'Server Fault'
The routing on my Juniper EX3300 does not seem to be working. My ISP's gateway is at xx.xx.xx.xx. And I have the following in the configuration: routing-options { static { route 0.0.0.0/0 { next-hop xx.xx.xx.xx; retain; } } … >>> More

Developer IT