[j-nsp] firewall policer
Sean Clarke
sean at clarke-3.demon.nl
Wed Apr 15 07:53:20 EDT 2009
The way you have done it, the bandwidth will be shared
Adding filter-specific knob to the policer will make them unique ... i.e.
policer P {
filter-specific;<----
if-exceeding {
bandwidth-limit 1000k;
burst-size-limit 15k;
}
then discard;
}
On 4/15/09 1:33 PM, Bit Gossip wrote:
> platform MX480 junos 9.3
>
> in the following config the same policer is appllied to 2 different
> interfaces via 2 different firewall filters.
>
> Will the policer police at 1 mbps the aggregate traffic of the 2
> interfaces; or it will police independent at 1 mbps the 2 differrent
> interfaces?
>
> ge-5/2/1 {
> unit 0 {
> filter {
> output F1;
> }
> }
> }
> ge-5/2/2 {
> unit 0 {
> filter {
> output F2;
> }
> }
> }
>
> policer P {
> if-exceeding {
> bandwidth-limit 1000k;
> burst-size-limit 15k;
> }
> then discard;
> }
>
> filter F1 {
> term NATIONAL {
> from {
> source-class C1;
> }
> then {
> policer P;
> count C1;
> accept;
> }
> }
> term REMAINING {
> then {
> count REMAINING;
> accept;
> }
> }
> }
> filter F2 {
> term NATIONAL {
> from {
> source-class C2;
> }
> then {
> policer P;
> count C2;
> accept;
> }
> }
> term REMAINING {
> then {
> count REMAINING;
> accept;
> }
> }
> }
>
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
>
More information about the juniper-nsp
mailing list