[j-nsp] Ex Series Bandwidth Policer

masood at nexlinx.net.pk masood at nexlinx.net.pk
Tue May 19 19:30:08 EDT 2009


You don't need to write source address in filter. use this...

policer 10m {
     filter-specific;
     if-exceeding {
         bandwidth-limit 10m;
         burst-size-limit 100k;
     }
     then discard;
 }

 family ethernet-switching {
     filter rate-limit-10m {
         interface-specific;
         term 1 {
then policer 10m;
}

Regards,
Masood
Blog: http://weblogs.com.pk/jahil/




> Here is what i came up with, but it didnt seem to work. I just want to
> rate-limit ALL traffic to 10 meg, so i assume using the source address of
> 0.0.0.0/0 is correct.
>
> I had this interface pegged at 100 meg, and when i commited the filter it
> didnt seem to reduce the traffic. Any ideas?
>
>  ge-0/0/4 {
>         description Customer A;
>         unit 0 {
>             family ethernet-switching {
>                 port-mode access;
>                 vlan {
>                     members 38;
>                 }
>                 filter {
>                     input rate-limit-10m;
>
>
> policer 10m {
>     filter-specific;
>     if-exceeding {
>         bandwidth-limit 10m;
>         burst-size-limit 100k;
>     }
>     then discard;
> }
> family ethernet-switching {
>     filter rate-limit-10m {
>         interface-specific;
>         term 1 {
>             from {
>                 source-address {
>                     0.0.0.0/0;
>                 }
>             }
>             then policer 10m;
>
>
> root at switch> show firewall filter rate-limit-10m-ge-0/0/4.0-i
>
> Filter: rate-limit-10m-ge-0/0/4.0-i
> Policers:
> Name                                              Packets
> 10m                                               2012276
>
>
>
>
>
>
> ----- Original Message -----
> From: masood at nexlinx.net.pk
> To: "Brendan" <Mannella at nexlinx.net.pk>, juniper-nsp at puck.nether.net
> Sent: Tuesday, May 19, 2009 6:02:57 PM GMT -05:00 US/Canada Eastern
> Subject: Re: [j-nsp] Ex Series Bandwidth Policer
>
> The way you have done it, bandwidth will be shared among multiple
> interfaces. Adding filter-specific knob to the policer will make them
> unique. Further, use the "interface-specific" command in the firewall
> filter, In this case you can use the same filter in multiple interfaces
> without having shared bandwidth.
>
> firewall {
>     policer 10m {
>         filter-specific;------------ this will make all policer unique.
>         if-exceeding {
>             bandwidth-limit 10m;
>             burst-size-limit 100k;
>         }
>         then discard;
>
> Create a filter instead of applying filter directly on an interface and
> use filter-specific under [edit firewall family family-name filter
> filter-name]
>
> Regards,
> Masood
> Blog: http://weblogs.com.pk/jahil/
>
>
>
>
> -----Original Message-----
> From: juniper-nsp-bounces at puck.nether.net
> [mailto:juniper-nsp-bounces at puck.nether.net] On Behalf Of Brendan Mannella
> Sent: Tuesday, May 19, 2009 7:36 PM
> To: juniper-nsp at puck.nether.net
> Subject: [j-nsp] Ex Series Bandwidth Policer
>
>
>
> Hi,
>
>
>
> I was wondering what the best way to limit bandwidth per customer port on
> a EX3200 would be.
>
>
>
> Lets say i have customer A on port 3 and customer B on port 4 and would
> like to give each one 10 mbits per sec up and down. Something like this...
>
>
>
>
>
>  ge-0/0/3 {
>         description Customer A;
>         unit 0 {
>             family ethernet-switching {
>                 port-mode access;
>                 vlan {
>                     members 43;
>
>
>
>
>  ge-0/0/4 {
>         description Customer B;
>         unit 0 {
>             family ethernet-switching {
>                 port-mode access;
>                 vlan {
>                     members 44 ;
>
>
>
> firewall {
>     policer 10m {
>         if-exceeding {
>             bandwidth-limit 10m;
>             burst-size-limit 100k;
>         }
>         then discard;
>
>
> Then i would just apply the 10m policer to both interfaces for both input
> and output?
>
>
>
> Any clarification on this would be helpful.
>
>
>
> Thanks,
>
>
>
> Brendan
>
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>




More information about the juniper-nsp mailing list