firewall {
filter Rate-limit {
policer 10.1.0.0_2m {
if-exceeding {
bandwidth-limit 2m;
burst-size-limit 200k;
}
then discard;
}
policer 10.2.0.0_10m {
if-exceeding {
bandwidth-limit 10m;
burst-size-limit 1m;
}
then discard;
}
term 10.1.0.0 {
from {
source-address {
10.1.0.0/24;
}
}
then {
count 2m-accepted;
policer 10.1.0.0._2m;
accept;
}
term 10.2.0.0 {
from {
source-address {
10.2.0.0/24;
}
}
then {
count 10m-accepted;
policer 10.2.0.0_10m;
accept;
}
term final {
then accept;
}
}
}
then apply the filter to the interface fe-0/0/0
set interfaces fe-0/0/0 unit 0 family inet filter input Rate-limit
There could be typos, I'm not in front of a routers at the moment. (and you don't need the counters but they can be handy.)
Hope this helps
Gary
>-----Original Message-----
>From: Mourad BERKANE [mailto:mourad.berkane@lambdanet.fr]
>Sent: 17 December 2001 16:56
>To: 'juniper-nsp@puck.nether.net'
>Subject: [j-nsp] Rate Limiting based on Source IP Addresse
>
>
>Hello everyone,
>
>I would like to know if and how could we limiting the traffic on an
>interface depending on the IP Source Addresse ?
>For example , on an interface fe-0/0/0 , I would like to rate limit the
>incoming traffic from 10.1.0.0/24 at 2 Mbps and the traffic
>from 10.2.0.0/24
>at 10 Mbps
>
>Is someone have an example of the Firewall configuration ?
>
>Thanks for your help
>
>Regards
>Mourad
>
>
This archive was generated by hypermail 2b29 : Mon Aug 05 2002 - 10:42:38 EDT