[j-nsp] QPPB SCU DCU
Mark Tinka
mtinka at globaltransit.net
Fri Mar 21 05:09:45 EDT 2008
On Thursday 20 March 2008, Bit Gossip wrote:
> Hi Raymond,
> that is a good one; just one more thing: I would like to
> police traffic to and from the customer, so I should
> match source and destination IP against the community.
> How can I do that?
Not sure I understand your question... but if you want to
police based on the destination prefix, what Raymond
offered will work.
However, it would match all traffic coming from all
customers to the destinations defined by the BGP community.
If you want to be more specific on which customers this
feature is applied to (which is what I'd recommend as well,
unless otherwise), specify the source interface along with
the destination-class in the filter; to borrow from
Raymond's example:
[edit firewall]
filter QPPB_Policer-1 {
term match-dest_class-1 {
from {
destination-class dest_class-1;
interface ge-0/2/0.0; <=== this is the bit you add <===
}
then policer police-destination;
}
term default {
then {
accept;
}
}
}
Cheers,
Mark.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 832 bytes
Desc: This is a digitally signed message part.
Url : https://puck.nether.net/pipermail/juniper-nsp/attachments/20080321/8c8e904a/attachment.bin
More information about the juniper-nsp
mailing list