hi all,
I am trying to understand the differences between interface shaping-rate [edit class-of-service interfaces] versus [edit firewall policer]. I have read https://www.juniper.net/documentation/en_US/junos/information-products/pathway-pages/security/cos-overview.html but this article does not explain the differences to my understanding.
My goal is I have a 100Mbps untrust link, and would like to split to different trusts as an example, 50/20/20/10 Mbps. I have currently setup and tested the following:
root# show class-of-service
interfaces {
ge-0/0/0 {
shaping-rate 105m;
}
ge-0/0/1 {
shaping-rate 50m;
}
}
What I see: ISP has confirmed when i put in the shaping-rate for untrust (ge-0/0/0), they don't see drops; if i were to take it out, they have their monitoring software aggressively dropping packets (especially upload when doing speedtest, my assumption is Windows machine is seeing the interface as 1Gbps and turn it all the way up).
However when I apply the 50Mbps shaping-rate as above on the trust interface (ge-0/0/1) and run speedtest, download is correct, but upload still uses up to 98Mbps.
Initially i thought source NAT was a factor but i have already deactivated it and that didn't help. Is the only way to achieve download/upload shaping through policer? Would you be able to point any other document that would explain how it works in more detail apart from https://www.juniper.net/documentation/en_US/junos/topics/reference/configuration-statement/class-of-service-edit-shaping-rate-applying-to-interface.html ? or any other useful related topics.
Thanks.