[j-nsp] Filter created from bgp route tag ?
Pedro Roque Marques
roque at juniper.net
Thu Aug 25 13:15:04 EDT 2005
Ezequiel Carson wrote:
> Pedro,
>
> Can i use this for emulating the Cisco's QPPB feature.
From what i can see from cisco documentation qppb sounds like DCU
without 1/2 the functionality. So i guess the answer is yes.
> Im
> trying to apply a policer for the incomming traffic when the
> destionation ip address matches with a BGP community.
Yes, you can do that with DCU.
>
> I understand that Junos can not do this in a easy way
I don't understand why you make that comment.
>, since
> the policer is applied before the routing lookup.
>
You can configure policers in any point at which you can configure a
firewall filter. That can be done in several different points of a
packet data path throuth the box.
It helps to have a top level idea of the packet forwarding path. In a
centralized architecture box (Martini chipset, i.e. all Mxx platforms),
this is something like:
if1 ---> if1-input-filter \
-- [ scu / rpf ] -- [ftf] -- dst lookup
if2 ---> if2-input-filter /
if x output filter -- encaps --- [out]
/
dst lookup
\
if y output filter -- encaps --- [out]
So if you configure an output filter that gets executed after the
destination lookup.
On T-series, it gets a little bit trickier... one can achieve this today
(> 7.0) w/ some tricks. More recent releases will have a clean way to
get this to work.
Pedro.
More information about the juniper-nsp
mailing list