[j-nsp] Throttle based on AS
Piotr Marecki
peter at mareccy.org
Tue Nov 15 17:58:05 EST 2005
> Hi,
>
> Does anyone have an example of a config, either a policer firewall rule or
> a policy that would say rate limit by AS.
>
> The policer options dont seem to be able to do matching's on.
> The policy options seem like the best way, doing an as-path "some AS
> regex" for example, but it doesnt seem to be able to throttle down the
> bandwidth on
> a per AS basis.
>
> Im fairly sure this is possible to achieve. If anyone can point me at a
> suitable source of info in order to achieve this so I can read through it
> and
> see what the best options are to do this, it Would be a great help.
>
> Cheers
>
Try using dcu/scu feature and firewall filter matching destination or source
class. Following example will police traffic
destined for prefixes originated by some AS :
policy-statement dcu {
term t1 {
from as-path orig1;
then destination-class orig1;
}
}
[edit routing-options forwarding-table]
export dcu;
[edit firewall family inet filter f1]
term t1 {
from {
destination-class orig1;
}
then {
policer policer1;
}
}
term default {
then accept;
}
regards
Piotr Marecki
More information about the juniper-nsp
mailing list