[j-nsp] Per next-hop or MAC accounting/firewall/policer on same interface

Kevin Day toasty at dragondata.com
Tue Aug 2 01:51:08 EDT 2005

Does anyone have a solution for measuring / rate-limiting traffic  
going to different destinations on the same interface?

For example: If I'm connected to an layer 2 exchange-style switch  
with 50 different peers, and I want to measure how much I'm sending/ 
receiving to/from each one and rate limit how much I send to a few of  

Is there anyway to see from a firewall{} block where the packet will  
go? Being able to apply firewall actions depending on the next-hop or  
the source/dest mac address would be great, but I can't seem to find  
a way to make the connection between routing/layer 2 and firewall  

As an alternate route, CoS classifiers looked promising, but most of  
what it looked like I needed wasn't possible on an M5 without IQ  
pics, which are out of our budget. (Or I'm just understanding the  
examples incorrectly)

I know moving each peer to a separate vlan would work, but isn't  
practical in this situation.

Anyone been in this situation before?



More information about the juniper-nsp mailing list