Lastly you would need to consider all the "other" traffic, if other traffic is still able to overload the interface the above will be pointless, so its important to create another policer to capture the "all-else" and limit that traffic to allow bandwidth for voice. They didn't overload the processor, in comparison to the desktop version, right away, but once video started - 100 CPU, frozen video and broken audio. Obviously you can use Wireshark to debug all of this and perhaps start with an FTP client to generate traffic and confirm the speed limits. I tested the link for the web application and the chrome Skype plugin. This will then give you a process to identify the traffic as well as a way to process it on the SRX. Secondly you will configure your firewall policy to act on those markings as follows (remember to apply the filters to the interfaces required), you don't strictly speaking require a source address, but its just good practise to be as specific as you can be: I assume you are using the windows client? If so then create a group or local policy to classify traffic on the workstations as per this article, notice the application option in step 5, you should actually specify the skype.exe in the policy and set all DSCP marking to EF (46) for that application following the article. I dont think there is much the juniper boxes cannot handle □ I guess what I am saying is unless you understand the problem you cannot know the answer and by implication the solution. There is NO point using COS unless your slowest interface is actually overloaded, if not it will have no effect, you could also look at policing.Īnother feature that would affect any voice/video application is screening, do you have a screen configured on your SRX and applied to the untrust zone? One of the typical issues I come across is when the UDP flood threshold is configured too low, let’s say 500pps which roughly would equate to 500ppsx1500bytes (typical packet size) = 750000 b/s or 0.0075 Mb/s (You can view screen statistics to see if you trigger any screen configured elements. For the SRX you would need a DHCP connected internet interface for this to work end-to-end. Many ISP will actually honour some basic DSCP or COS tags. How are you connected to the internet? If you are connected with a PPP interface, all my testing has shown no matter what you do, the DSCP and COS marking will not be retained once the traffic leaves the SRX via PPP. are you actually trying to fix a quality issue?
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |