[j-nsp] Ex Series Bandwidth Policer
Brendan Mannella
bmannella at teraswitch.com
Tue May 19 17:45:41 EDT 2009
Here is what i came up with, but it didnt seem to work. I just want to rate-limit ALL traffic to 10 meg, so i assume using the source address of 0.0.0.0/0 is correct.
I had this interface pegged at 100 meg, and when i commited the filter it didnt seem to reduce the traffic. Any ideas?
ge-0/0/4 {
description Customer A;
unit 0 {
family ethernet-switching {
port-mode access;
vlan {
members 38;
}
filter {
input rate-limit-10m;
policer 10m {
filter-specific;
if-exceeding {
bandwidth-limit 10m;
burst-size-limit 100k;
}
then discard;
}
family ethernet-switching {
filter rate-limit-10m {
interface-specific;
term 1 {
from {
source-address {
0.0.0.0/0;
}
}
then policer 10m;
root at switch> show firewall filter rate-limit-10m-ge-0/0/4.0-i
Filter: rate-limit-10m-ge-0/0/4.0-i
Policers:
Name Packets
10m 2012276
----- Original Message -----
From: masood at nexlinx.net.pk
To: "Brendan" <Mannella at nexlinx.net.pk>, juniper-nsp at puck.nether.net
Sent: Tuesday, May 19, 2009 6:02:57 PM GMT -05:00 US/Canada Eastern
Subject: Re: [j-nsp] Ex Series Bandwidth Policer
The way you have done it, bandwidth will be shared among multiple
interfaces. Adding filter-specific knob to the policer will make them
unique. Further, use the "interface-specific" command in the firewall
filter, In this case you can use the same filter in multiple interfaces
without having shared bandwidth.
firewall {
policer 10m {
filter-specific;------------ this will make all policer unique.
if-exceeding {
bandwidth-limit 10m;
burst-size-limit 100k;
}
then discard;
Create a filter instead of applying filter directly on an interface and
use filter-specific under [edit firewall family family-name filter
filter-name]
Regards,
Masood
Blog: http://weblogs.com.pk/jahil/
-----Original Message-----
From: juniper-nsp-bounces at puck.nether.net
[mailto:juniper-nsp-bounces at puck.nether.net] On Behalf Of Brendan Mannella
Sent: Tuesday, May 19, 2009 7:36 PM
To: juniper-nsp at puck.nether.net
Subject: [j-nsp] Ex Series Bandwidth Policer
Hi,
I was wondering what the best way to limit bandwidth per customer port on
a EX3200 would be.
Lets say i have customer A on port 3 and customer B on port 4 and would
like to give each one 10 mbits per sec up and down. Something like this...
ge-0/0/3 {
description Customer A;
unit 0 {
family ethernet-switching {
port-mode access;
vlan {
members 43;
ge-0/0/4 {
description Customer B;
unit 0 {
family ethernet-switching {
port-mode access;
vlan {
members 44 ;
firewall {
policer 10m {
if-exceeding {
bandwidth-limit 10m;
burst-size-limit 100k;
}
then discard;
Then i would just apply the 10m policer to both interfaces for both input
and output?
Any clarification on this would be helpful.
Thanks,
Brendan
_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
More information about the juniper-nsp
mailing list