[j-nsp] policer useless

[Blaz Zupan]

I've searched through the archives for this list and found a few mentions of
this problem but no real solutions or useful answers.

I'm trying to use a policer to limit a certain customer on a FastEthernet
interface to say 4Mbps:

filter test {
    policer p1 {
        if-exceeding {
            bandwidth-limit 4m;
            burst-size-limit 1m;
        }
        then discard;
    }
    term limit {
        then {
            policer p1;
            accept;
        }
    }
}


No matter what I do, a single FTP session never even remotely reaches 4 Mbps
with this configuration, it is around 3.1 Mbps. Tried all possible
configurations of burst size limit, from small values to big values with only
slight variations in speed.

I do understand that the policer is working like CAR on Cisco's, but a simple

rate-limit output 4096000 768000 1536000 conform-action transmit exceed-action
drop

on a Cisco results in an exact limit of 4 Mbps, even for a single FTP session
I get exactly the expected result, while I can not find a working
configuration for JunOS.

Even if I try to run multiple parallel FTP sessions through our Juniper, the
sum of all sessions also never reaches 4 Mbps but stays at around 3.1 Mbps.

I tried other values (smaller and bigger) for the policed bandwidth and no
matter what I try I never get the configured speed. I even looked at the
Juniper whitepaper which talks about policing and it as an example of 256k
bandwidth-limit and 2k of burst-size-limit. With such a configuration, a FTP
transfer yields a mere 11 Kbps instead of the expected 256 Kbps.

So, to clear this up, can anybody supply me the bandwidth-limit values and
burst-size-limit values that would give me a 4 Mbps on a fast ethernet
interface?