[j-nsp] QPPB SCU DCU

[Bit Gossip]

Mark,
I would like to police traffic to and from a specific customer.
The customer announces its own prefixes which are marked with a specific
bgp community.
I think that Raymond proposal will match and police traffic for which
the destination IP matches the customer community; this is traffic to
the customer.
If I want to match and police traffic originated by the customer I
should match source ip against the community; is it possible? How?
I can not relay on interface because customers share the same interface
on the router.
Thanks,
Bit

On Fri, 2008-03-21 at 17:09 +0800, Mark Tinka wrote:
> On Thursday 20 March 2008, Bit Gossip wrote:
> 
> > Hi Raymond,
> > that is a good one; just one more thing: I would like to
> > police traffic to and from the customer, so I should
> > match source and destination IP against the community.
> > How can I do that?
> 
> Not sure I understand your question... but if you want to 
> police based on the destination prefix, what Raymond 
> offered will work.
> 
> However, it would match all traffic coming from all 
> customers to the destinations defined by the BGP community. 
> If you want to be more specific on which customers this 
> feature is applied to (which is what I'd recommend as well, 
> unless otherwise), specify the source interface along with 
> the destination-class in the filter; to borrow from 
> Raymond's example:
> 
> [edit firewall]
> filter QPPB_Policer-1 {
>         term match-dest_class-1 {
>             from {
>                 destination-class dest_class-1;
> 		interface ge-0/2/0.0; <=== this is the bit you add <===
>             }
>             then policer police-destination;
>         }
>         term default {
>             then {
>                 accept;
>             }
>         }
>     }
> 
> Cheers,
> 
> Mark.