[j-nsp] firewall policer

Riku Valpas riku at valpas.com
Wed Apr 15 08:56:04 EDT 2009



Or use the "interface-specific" command in the firewall filter.

In this case you can use the same filter in multiple interfaces without
having shared bandwidth.

/riku

-- 
Riku Valpas
riku at valpas.com
+966 56 2526691 (KSA)
+358 40 7296561 (FIN)


> The way you have done it, the bandwidth will be shared
>
>
> Adding filter-specific knob to the policer will make them unique ... i.e.
>
> policer P {
>      filter-specific;<----
>      if-exceeding {
>          bandwidth-limit 1000k;
>          burst-size-limit 15k;
>      }
>      then discard;
> }
>
>
>
> On 4/15/09 1:33 PM, Bit Gossip wrote:
>> platform MX480 junos 9.3
>>
>> in the following config the same policer is appllied to 2 different
>> interfaces via 2 different firewall filters.
>>
>> Will the policer police at 1 mbps the aggregate traffic of the 2
>> interfaces; or it will police independent at 1 mbps the 2 differrent
>> interfaces?
>>
>>   ge-5/2/1 {
>>      unit 0 {
>>              filter {
>>                  output F1;
>>              }
>>          }
>>      }
>> ge-5/2/2 {
>>      unit 0 {
>>              filter {
>>                  output F2;
>>              }
>>          }
>>      }
>>
>> policer P {
>>      if-exceeding {
>>          bandwidth-limit 1000k;
>>          burst-size-limit 15k;
>>      }
>>      then discard;
>> }
>>
>> filter F1 {
>>      term NATIONAL {
>>          from {
>>              source-class C1;
>>          }
>>          then {
>>              policer P;
>>              count C1;
>>              accept;
>>          }
>>      }
>>      term REMAINING {
>>          then {
>>              count REMAINING;
>>              accept;
>>          }
>>      }
>> }
>> filter F2 {
>>      term NATIONAL {
>>          from {
>>              source-class C2;
>>          }
>>          then {
>>              policer P;
>>              count C2;
>>              accept;
>>          }
>>      }
>>      term REMAINING {
>>          then {
>>              count REMAINING;
>>              accept;
>>          }
>>      }
>> }
>>
>>
>> _______________________________________________
>> juniper-nsp mailing list juniper-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>>
>>
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>




More information about the juniper-nsp mailing list