Hi All.. To try and better explain what barry is trying to do.. hes trying to traffic shape certain IP addresses on his network based on the BGP community a specific route is a member of.. Eg domestic traffic is a member of community 100 and international is 200 Eg 1.2.3.4 on his network communicating with a route dest in community 100 = 128k Eg 1.2.3.4 on his network communicating with a route dest in community 200 = 64k I do this on our cisco's using BGP with ip-qos-map's and a service policy on the interface.. hes looking for the juniper equivalent.. Any ideas? Kind Regards, Craig Spiers - Network Manager Solarix Limited DDI: +64 9 974 4753 | FAX: +64 9 523 8057 FAULTS: 0800 89 41 42 MOB: +64 21 857 183 | email: craig.spiers(a)staff.solarix.co.nz The information contained in this email is privileged and confidential and intended for the addressee only. If you are not the intended recipient you are asked to respect that confidentiality and not disclose, copy or make use of its contents. If received in error you are asked to destroy this email and contact the sender immediately. -----Original Message----- From: Barry Murphy [mailto:barry(a)unix.co.nz] Sent: Thursday, 22 January 2009 3:42 p.m. To: Nznog Subject: [nznog] Juniper J2320,rate limit based on bgp community (national/international) Hey Guys, Hope this fits in with the AUP, however I'd hope so as not many forums show how to rate-limit based on national/international traffic as they don't bill accordingly, however in NZ this is standard practice so hoping someone with juniper knowledge can assist me here. Basically I want to allow all traffic to/from national without rate-limit, then restrict international, for eg 128k. icepick(a)NCCORE01# show firewall policer 128k { if-exceeding { bandwidth-limit 128k; burst-size-limit 4500; } then discard; } filter 128k { term 1 { from { forwarding-class assured-forwarding; } then accept; } term 2 { from { forwarding-class best-effort; } then { policer 128k; accept; } } } icepick(a)NCCORE01# show policy-options policy-statement Orcon-Primary-In term 1 { from community [ Orcon-Local Orcon-National Orcon-Peering Orcon-Telstra Orcon-Telecom ]; then { local-preference 110; forwarding-class assured-forwarding; accept; } } term 2 { from { route-filter 0.0.0.0/0 upto /24; } then { local-preference 110; forwarding-class best-effort; accept; } } term 3 { from { route-filter 0.0.0.0/0 exact; } then { local-preference 120; accept; } } term 4 { then reject; } icepick(a)NCCORE01# show interfaces ge-0/0/1 unit 55 description "Test interface"; vlan-id 55; family inet { filter { input 128k; output 128k; } address 113.21.x.x/29; } The problem I'm running into is all traffic is being rate-limited at 128k, rather than just the international. I was able to find one example located at http://archives.devshed.com/forums/networking-100/policer-based-on-commu nity-2015343.html however this describes the use of destination-class where I only have forwarding-class so I'm not sure if this has been depreciated or renamed or not supported by J2320. I understand this may be a question for JTAC, however I'd like to hear from users here in NZ that have managed to get this going with junos. To keep the list sane, please reply offlist, if many people are interested I'll post the working solution after being tested for archive purposes. Public holiday for Aucklanders next monday, extra long weekend of beer, mmmmm Thanks Barry _______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog