[j-nsp] QPPB SCU DCU

Bit Gossip bit.gossip at chello.nl
Thu Mar 20 03:55:47 EDT 2008


Hi Raymond,
that is a good one; just one more thing: I would like to police traffic
to and from the customer, so I should match source and destination IP
against the community. How can I do that?
Thanks,
Luca.

On Wed, 2008-03-19 at 09:34, Raymond wrote:
> Maybe you'll like to try the under mentioned and tag QPPB_Policer-1 to your interface.
> Hopefully it helps and works.
> 
> 
> --raymondh
> 
> 
> Sample Config
> 
> [edit]
> policy-options {
>     policy-statement QPPB-64600-policy {
>         term term1 {
>             to community [ as-64600-1 ];
>             then {
>                 destination-class dest_class-1;
>                 accept;
>             }
>         }
>         term others {
>             to community all-others;
>             then {
>                 destination-class as-all-others;
>                 accept;
>             }
>         }
>     }
>     community all-others members *:*;
>     community as-64600-1 members 64600:1;
> }
> 
> [edit firewall]
> policer police-destination {
>    if-exceeding {
>             bandwidth-limit percent 10;
>             burst-size-limit 100k;
>    }
>    then {
>             discard;
>    }
> }
> 
> [edit firewall]
> filter QPPB_Policer-1 {
>         term match-dest_class-1 {
>             from {
>                 destination-class dest_class-1;
>             }
>             then policer police-destination;
>         }
>         term default {
>             then {
>                 accept;
>             }
>         }
>     }
> 
> [edit]
> routing-options {
>    forwarding-table {
> 	export QPPB-64600-policy;
>    }
> }
> 
> 
> 
> 
> 
> Bit Gossip wrote on Wed, Mar 19, 2008 at 05:32:33AM SGT :
> | Group,
> | I would like to implement the following with Junos 8.5:
> | 
> | Router A is connected to a number of BGP customers behind a 10GE
> | interfaces
> | 
> | Customer Cx tag with community community-x all the prefixes that it
> | announces to router A
> | 
> | I would like to police traffic of customer Cx at level police-x-in and
> | police-x-out traffic in and out that specific customer based on the
> | specific customer community.
> | 
> | I know that that this is possible if I create a fw rule for ingress and
> | inside I define a specific policer per customer based on customer
> | prefixes; and apply the fw rule on the 10GE interface as input filter.
> | Then same story output. But this is a pain for the number of prefixes to
> | mantain.
> | 
> | It would be nice if I could do the same based on BGP community.
> | 
> | Thanks in advance,
> | 
> | Bit.
> | 
> | _______________________________________________
> | juniper-nsp mailing list juniper-nsp at puck.nether.net
> | https://puck.nether.net/mailman/listinfo/juniper-nsp



More information about the juniper-nsp mailing list