Hi Ev,
The configuration shown will police traffic for all prefixes and not a 64K policer for each individual prefixes.
To have a single firewall and limit on each prefix use the following:
firewall {
filter Rate-limit {
policer x.64Kbps {
if-exceeding {
bandwidth-limit 64k;
burst-size-limit 16k;
}
then discard;
}
policer y.64Kbps {
if-exceeding {
bandwidth-limit 64k;
burst-size-limit 16k;
}
then discard;
}
term x.x.x.x {
from {
address {
x.x.x.x/19;
}
}
then {
count 64Kbps-accepted;
policer x.64Kbps;
accept;
}
term y.y.y.y {
from {
address {
y.y.y.y/19;
}
}
then {
count 64Kbps-accepted;
policer y.64Kbps;
accept;
}
term final {
then accept;
}
}
}
Hope this helps
Gary
>-----Original Message-----
>From: ev [mailto:eva@siol.net]
>Sent: 19 November 2001 15:26
>To: juniper-nsp@puck.nether.net
>Subject: [j-nsp] Rate-limit
>
>
>Hi all,
>
>I'm using firewall filter for rate-limiting traffic for some
>networks. Can
>anyone explain me if the following lines from my example allow
>64Kbps in
>total amount for all defined networks together or do they
>realize the limit
>of 64Kbps for each separate prefix?
>
>
> filter Rate-limit {
> policer 64Kbps {
> if-exceeding {
> bandwidth-limit 64k;
> burst-size-limit 16k;
> }
> then discard;
> }
> term 1 {
> from {
> address {
> x.x.x.x/19;
> y.y.y.y/19;
> z.z.z.z/18;
> p.p.p.p/18;
> }
> }
> then {
> count 64Kbps-accepted;
> policer 64Kbps;
> accept;
> term 2 {
> then accept;
> }
>
>Thanks for your help,
>ev
>
>
This archive was generated by hypermail 2b29 : Mon Aug 05 2002 - 10:42:38 EDT