Re: MX204 tunnel services BW

[Ryan Kozak <ryan () kozak io>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

According to: 
[https://www.juniper.net/documentation/us/en/software/junos/interfaces-encryption/topics/topic-map/configuring-tunnel-interfaces.html\#id-configuring-tunnel-interfaces-on-mx-204-routers][https_www.juniper.net_documentation_us_en_software_junos_interfaces-encryption_topics_topic-map_configuring-tunnel-interfaces.html_id-configuring-tunnel-interfaces-on-mx-204-routers]

"The MX204 router supports two inline tunnels - one per PIC. To configure the tunnel interfaces, include the 
tunnel-services statement and an optional bandwidth of 1 Gbps through 200 Gbps at the \[edit chassis fpc fpc-slot pic 
number\] hierarchy level. If you do not specify the tunnel bandwidth then, the tunnel interface can have a maximum 
bandwidth of up to 200 Gbps."

If JTAC is saying it's no longer optional they need to update their docs.

AFAIK, tunnel services doesn't directly take bandwidth from physical ports, but it does take from the total available 
PFE bandwidth. Disabling a port may be required as the MX204 has a maximum PFE bandwidth of 400G and you can 
oversubscribe that with the fixed physical ports.

I just checked a production config as an example, note how et-0/0/3 is not configured so the total bandwidth adds up to 
400g:

set chassis fpc 0 pic 0 tunnel-services bandwidth 20g
set chassis fpc 0 pic 0 port 0 speed 100g
set chassis fpc 0 pic 0 port 1 speed 100g
set chassis fpc 0 pic 0 port 2 speed 100g
set chassis fpc 0 pic 1 port 0 speed 10g
set chassis fpc 0 pic 1 port 1 speed 10g
set chassis fpc 0 pic 1 port 2 speed 10g
set chassis fpc 0 pic 1 port 3 speed 10g
set chassis fpc 0 pic 1 port 4 speed 10g
set chassis fpc 0 pic 1 port 5 speed 10g
set chassis fpc 0 pic 1 port 6 speed 10g
set chassis fpc 0 pic 1 port 7 speed 10g



Regards,


Ryan








\-------- Original Message --------
On Oct. 16, 2023, 12:49, Jeff Behrns via NANOG < nanog () nanog org> wrote:

> JTAC says we must disable a physical port to allocate BW for tunnel-services. Also leaving tunnel-services bandwidth 
> unspecified is not possible on the 204. I haven't independently tested / validated in lab yet, but this is what they 
> have told me. I advised JTAC to update the MX204 "port-checker" tool with a tunnel-services knob to make this caveat 
> more apparent.


[https_www.juniper.net_documentation_us_en_software_junos_interfaces-encryption_topics_topic-map_configuring-tunnel-interfaces.html_id-configuring-tunnel-interfaces-on-mx-204-routers]:
 
https://www.juniper.net/documentation/us/en/software/junos/interfaces-encryption/topics/topic-map/configuring-tunnel-interfaces.html#id-configuring-tunnel-interfaces-on-mx-204-routers
-----BEGIN PGP SIGNATURE-----
Version: ProtonMail

wnUEARYIACcFAmUt4VMJEP7aH/V1zBsBFiEExqGOs9CyQpg6/JJ5/tof9XXM
GwEAAJF0AQCDM0b/X+LFPSXjVfC6NQGEyszqkIkbq84tmzl+boOJgwD+NM8u
n7o4e2SoCYs8yOIyaii2ElG+SFT735zXQhFx6A4=
=JuZc
-----END PGP SIGNATURE-----

Attachment: publickey - EmailAddress(s=ryan@kozak.io) - 0xC6A18EB3.asc
Description:

Attachment: publickey - EmailAddress(s=ryan@kozak.io) - 0xC6A18EB3.asc.sig
Description: