[j-nsp] Policer based on community

Harry Reynolds harry at juniper.net
Wed Oct 11 12:35:59 EDT 2006


Yes, scu/dcu can simply count packets.....

filter police {
> >>>
> >>>     term one {
> >>>
> >>>         from {
> >>>
> >>>             destination-class one;
> >>>
> >>>         }
> >>>
> >>>         then {
> >>>
> >>>             count counter_name; <<<<<<
> >>>
> >>>             accept;
> >>>
> >>>         }
> >>>
> >>>     }
 

> -----Original Message-----
> From: juniper-nsp-bounces at puck.nether.net 
> [mailto:juniper-nsp-bounces at puck.nether.net] On Behalf Of Ian 
> MacKinnon
> Sent: Wednesday, October 11, 2006 9:03 AM
> To: juniper-nsp at puck.nether.net
> Subject: Re: [j-nsp] Policer based on community
> 
> Could you use this to see how much traffic a given peer is being sent?
> Rather than rate limit just a count of some kind?
> 
> 
> Tommy J wrote:
> > Awesome Man
> > 
> > This is soooo cool. 
> > 
> > Tommy
> > 
> > --- Leigh Porter <leigh.porter at ukbroadband.com> wrote:
> > 
> >> Bloody clever them Junipers.
> >>
> >> Andrew Ramsey wrote:
> >>> You can do this with destination classes.  Please
> >> see config below:
> >>> policer police_one {
> >>>
> >>>     if-exceeding {
> >>>
> >>>         bandwidth-limit 1m;
> >>>
> >>>         burst-size-limit 4500;
> >>>
> >>>     }
> >>>
> >>>     then discard;
> >>>
> >>> }
> >>>
> >>> policer police_two {
> >>>
> >>>     if-exceeding {
> >>>
> >>>         bandwidth-limit 2m;
> >>>
> >>>         burst-size-limit 5500;
> >>>
> >>>     }
> >>>
> >>> }
> >>>
> >>>  
> >>>
> >>> filter police {
> >>>
> >>>     term one {
> >>>
> >>>         from {
> >>>
> >>>             destination-class one;
> >>>
> >>>         }
> >>>
> >>>         then {
> >>>
> >>>             policer police_one;
> >>>
> >>>             accept;
> >>>
> >>>         }
> >>>
> >>>     }
> >>>
> >>>     term two {
> >>>
> >>>         from {
> >>>
> >>>             destination-class two;
> >>>
> >>>         }
> >>>
> >>>         then {
> >>>
> >>>             policer police_2;
> >>>
> >>>             accept;
> >>>
> >>>         }
> >>>
> >>>     }
> >>>
> >>>     term three {
> >>>
> >>>         then accept;
> >>>
> >>>     }
> >>>
> >>> }
> >>>
> >>>  
> >>>
> >>> t1-0/3/0 {
> >>>
> >>>     unit 0 {
> >>>
> >>>         family inet {
> >>>
> >>>             filter {
> >>>
> >>>                 output police;
> >>>
> >>>             }
> >>>
> >>>             address 10.42.114.2/30;
> >>>
> >>>         }
> >>>
> >>>     }
> >>>
> >>> }
> >>>
> >>>  
> >>>
> >>> policy-statement police_destinations {
> >>>
> >>>     term one {
> >>>
> >>>         from community 100;
> >>>
> >>>         then destination-class one;
> >>>
> >>>     }
> >>>
> >>>     term two {
> >>>
> >>>         from community 200;
> >>>
> >>>         then destination-class two;
> >>>
> >>>     }
> >>>
> >>> }
> >>>
> >>>  
> >>>
> >>> routing-options {
> >>>     forwarding-table {
> >>>         export police_destinations;
> >>>     }
> >>> }
> >>>
> >>>   
> >>>> -----Original Message-----
> >>>> From: juniper-nsp-bounces at puck.nether.net
> >> [mailto:juniper-nsp-
> >>>> bounces at puck.nether.net] On Behalf Of Tommy J
> >>>> Sent: Tuesday, October 10, 2006 6:26 PM
> >>>> To: juniper-nsp at puck.nether.net
> >>>> Subject: [j-nsp] Policer based on community
> >>>>
> >>>> Can we police the traffic (rate limiting) based
> >> on bgp
> >>>> community ? I am trying to cap a customer whose
> >> access
> >>>> to certain peers is reduced to X amount of
> >> bandwidth.
> >>>> ~Tom
> >>>>
> >>>>
> >> __________________________________________________
> >>>> Do You Yahoo!?
> >>>> Tired of spam?  Yahoo! Mail has the best spam
> >> protection around
> >>>> http://mail.yahoo.com
> >>>> _______________________________________________
> >>>> juniper-nsp mailing list
> >> juniper-nsp at puck.nether.net
> >> https://puck.nether.net/mailman/listinfo/juniper-nsp
> >>>>     
> >>> _______________________________________________
> >>> juniper-nsp mailing list
> >> juniper-nsp at puck.nether.net
> >> https://puck.nether.net/mailman/listinfo/juniper-nsp
> >>>   
> > 
> > 
> > __________________________________________________
> > Do You Yahoo!?
> > Tired of spam?  Yahoo! Mail has the best spam protection around 
> > http://mail.yahoo.com 
> _______________________________________________
> > juniper-nsp mailing list juniper-nsp at puck.nether.net 
> > https://puck.nether.net/mailman/listinfo/juniper-nsp
> 
> 
> --
> Ian MacKinnon
> Lumison
> t: 0845 1199 900
> d: 0131 514 4055
> -- 
> 
> This email and any files transmitted with it are confidential 
> and intended solely for the use of the individual or entity 
> to whom they are addressed.  
> If you have received this email in error please notify the 
> sender. Any offers or quotation of service are subject to 
> formal specification.  
> Errors and omissions excepted.  Please note that any views or 
> opinions presented in this email are solely those of the 
> author and do not necessarily represent those of Lumison, 
> nplusone or lightershade ltd.  
> Finally, the recipient should check this email and any 
> attachments for the presence of viruses.  Lumison, nplusone 
> and lightershade ltd accepts no liability for any damage 
> caused by any virus transmitted by this email.
> 
> --
> --
> Virus scanned by Lumison.
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net 
> https://puck.nether.net/mailman/listinfo/juniper-nsp
> 



More information about the juniper-nsp mailing list