[j-nsp] Ex Series Bandwidth Policer

Brendan Mannella bmannella at teraswitch.com
Tue May 19 17:45:41 EDT 2009


Here is what i came up with, but it didnt seem to work. I just want to rate-limit ALL traffic to 10 meg, so i assume using the source address of 0.0.0.0/0 is correct.

I had this interface pegged at 100 meg, and when i commited the filter it didnt seem to reduce the traffic. Any ideas?

 ge-0/0/4 {
        description Customer A;
        unit 0 {
            family ethernet-switching {
                port-mode access;
                vlan {
                    members 38;
                }
                filter {
                    input rate-limit-10m;


policer 10m {
    filter-specific;
    if-exceeding {
        bandwidth-limit 10m;
        burst-size-limit 100k;
    }
    then discard;
}
family ethernet-switching {
    filter rate-limit-10m {
        interface-specific;
        term 1 {
            from {
                source-address {
                    0.0.0.0/0;
                }
            }
            then policer 10m;


root at switch> show firewall filter rate-limit-10m-ge-0/0/4.0-i

Filter: rate-limit-10m-ge-0/0/4.0-i
Policers:
Name                                              Packets
10m                                               2012276






----- Original Message -----
From: masood at nexlinx.net.pk
To: "Brendan" <Mannella at nexlinx.net.pk>, juniper-nsp at puck.nether.net
Sent: Tuesday, May 19, 2009 6:02:57 PM GMT -05:00 US/Canada Eastern
Subject: Re: [j-nsp] Ex Series Bandwidth Policer

The way you have done it, bandwidth will be shared among multiple
interfaces. Adding filter-specific knob to the policer will make them
unique. Further, use the "interface-specific" command in the firewall
filter, In this case you can use the same filter in multiple interfaces
without having shared bandwidth.

firewall {
    policer 10m {
        filter-specific;------------ this will make all policer unique.
        if-exceeding {
            bandwidth-limit 10m;
            burst-size-limit 100k;
        }
        then discard;

Create a filter instead of applying filter directly on an interface and
use filter-specific under [edit firewall family family-name filter
filter-name]

Regards,
Masood
Blog: http://weblogs.com.pk/jahil/




-----Original Message-----
From: juniper-nsp-bounces at puck.nether.net
[mailto:juniper-nsp-bounces at puck.nether.net] On Behalf Of Brendan Mannella
Sent: Tuesday, May 19, 2009 7:36 PM
To: juniper-nsp at puck.nether.net
Subject: [j-nsp] Ex Series Bandwidth Policer



Hi,



I was wondering what the best way to limit bandwidth per customer port on
a EX3200 would be.



Lets say i have customer A on port 3 and customer B on port 4 and would
like to give each one 10 mbits per sec up and down. Something like this...





 ge-0/0/3 {
        description Customer A;
        unit 0 {
            family ethernet-switching {
                port-mode access;
                vlan {
                    members 43;




 ge-0/0/4 {
        description Customer B;
        unit 0 {
            family ethernet-switching {
                port-mode access;
                vlan {
                    members 44 ;



firewall {
    policer 10m {
        if-exceeding {
            bandwidth-limit 10m;
            burst-size-limit 100k;
        }
        then discard;


Then i would just apply the 10m policer to both interfaces for both input
and output?



Any clarification on this would be helpful.



Thanks,



Brendan


_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp


_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp


More information about the juniper-nsp mailing list