[j-nsp] Filtering and policer examples
Thomas Salmen
tsalmen at orcon.net.nz
Fri Dec 30 19:02:30 EST 2005
>
> Thomas Salmen wrote:
> > I haven't tested this, and it's pretty much from memory, but it should
> be
> > roughly what you're looking for. I think.
> >
> > [filter snippage]
>
> Interesting; could this be used to rate limit an interface based on
> source-address? i.e. a 10 meg policer from 1.2.3.4/24 and 1 meg for
> everything else?
>
I would expect this to be achievable:
policer 1M {
if-exceeding {
bandwidth-limit 1024k;
burst-size-limit 128k;
}
then discard;
}
policer 10M {
if-exceeding {
bandwidth-limit 10m;
burst-size-limit 1m;
}
then discard;
}
filter filter-inbound {
/* Police traffic from 1.2.3.4/24 to 10M */
term 1 {
from {
source-address {
1.2.3.4/24;
}
then {
policer 10M;
accept;
}
}
/* Police all other traffic to 1M */
term accept-all {
then {
policer 1M;
accept;
}
}
}
ge-1/3/0 {
vlan-tagging;
unit 100 {
vlan-id 100;
family inet {
filter {
input filter-inbound;
}
address 172.16.1.1/30;
}
}
}
/t
More information about the juniper-nsp
mailing list