[j-nsp] Throttle based on AS

Piotr Marecki peter at mareccy.org
Tue Nov 15 17:58:05 EST 2005


> Hi,
>
> Does anyone have an example of a config, either a policer firewall rule or 
> a policy that would say rate limit by AS.
>
> The policer options dont seem to be able to do matching's on.
> The policy options seem like the best way, doing an as-path "some AS 
> regex" for example, but it doesnt seem to be able to throttle down the 
> bandwidth on
> a per AS basis.
>
> Im fairly sure this is possible to achieve. If anyone can point me at a 
> suitable source of info in order to achieve this so I can read through it 
> and
> see what the best options are to do this, it Would be a great help.
>
> Cheers
>

Try using dcu/scu feature and firewall filter matching destination or source 
class. Following example will police traffic
destined for prefixes originated by some AS :

policy-statement dcu {
    term t1 {
        from as-path orig1;
        then destination-class orig1;
    }
 }

[edit routing-options forwarding-table]
export dcu;

[edit firewall family inet filter f1]
term t1 {
    from {
        destination-class orig1;
    }
    then {
        policer policer1;
    }
}
term default {
    then accept;
}


regards

Piotr Marecki









More information about the juniper-nsp mailing list