[j-nsp] firewall policer
Riku Valpas
riku at valpas.com
Wed Apr 15 08:56:04 EDT 2009
Or use the "interface-specific" command in the firewall filter.
In this case you can use the same filter in multiple interfaces without
having shared bandwidth.
/riku
--
Riku Valpas
riku at valpas.com
+966 56 2526691 (KSA)
+358 40 7296561 (FIN)
> The way you have done it, the bandwidth will be shared
>
>
> Adding filter-specific knob to the policer will make them unique ... i.e.
>
> policer P {
> filter-specific;<----
> if-exceeding {
> bandwidth-limit 1000k;
> burst-size-limit 15k;
> }
> then discard;
> }
>
>
>
> On 4/15/09 1:33 PM, Bit Gossip wrote:
>> platform MX480 junos 9.3
>>
>> in the following config the same policer is appllied to 2 different
>> interfaces via 2 different firewall filters.
>>
>> Will the policer police at 1 mbps the aggregate traffic of the 2
>> interfaces; or it will police independent at 1 mbps the 2 differrent
>> interfaces?
>>
>> ge-5/2/1 {
>> unit 0 {
>> filter {
>> output F1;
>> }
>> }
>> }
>> ge-5/2/2 {
>> unit 0 {
>> filter {
>> output F2;
>> }
>> }
>> }
>>
>> policer P {
>> if-exceeding {
>> bandwidth-limit 1000k;
>> burst-size-limit 15k;
>> }
>> then discard;
>> }
>>
>> filter F1 {
>> term NATIONAL {
>> from {
>> source-class C1;
>> }
>> then {
>> policer P;
>> count C1;
>> accept;
>> }
>> }
>> term REMAINING {
>> then {
>> count REMAINING;
>> accept;
>> }
>> }
>> }
>> filter F2 {
>> term NATIONAL {
>> from {
>> source-class C2;
>> }
>> then {
>> policer P;
>> count C2;
>> accept;
>> }
>> }
>> term REMAINING {
>> then {
>> count REMAINING;
>> accept;
>> }
>> }
>> }
>>
>>
>> _______________________________________________
>> juniper-nsp mailing list juniper-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>>
>>
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
More information about the juniper-nsp
mailing list