[j-nsp] Per next-hop or MAC accounting/firewall/policer on same
interface
Kevin Day
toasty at dragondata.com
Tue Aug 2 01:51:08 EDT 2005
Does anyone have a solution for measuring / rate-limiting traffic
going to different destinations on the same interface?
For example: If I'm connected to an layer 2 exchange-style switch
with 50 different peers, and I want to measure how much I'm sending/
receiving to/from each one and rate limit how much I send to a few of
them.
Is there anyway to see from a firewall{} block where the packet will
go? Being able to apply firewall actions depending on the next-hop or
the source/dest mac address would be great, but I can't seem to find
a way to make the connection between routing/layer 2 and firewall
actions.
As an alternate route, CoS classifiers looked promising, but most of
what it looked like I needed wasn't possible on an M5 without IQ
pics, which are out of our budget. (Or I'm just understanding the
examples incorrectly)
I know moving each peer to a separate vlan would work, but isn't
practical in this situation.
Anyone been in this situation before?
Thanks,
Kevin
More information about the juniper-nsp
mailing list