[j-nsp] Ex Series Bandwidth Policer
masood at nexlinx.net.pk
masood at nexlinx.net.pk
Tue May 19 19:30:08 EDT 2009
You don't need to write source address in filter. use this...
policer 10m {
filter-specific;
if-exceeding {
bandwidth-limit 10m;
burst-size-limit 100k;
}
then discard;
}
family ethernet-switching {
filter rate-limit-10m {
interface-specific;
term 1 {
then policer 10m;
}
Regards,
Masood
Blog: http://weblogs.com.pk/jahil/
> Here is what i came up with, but it didnt seem to work. I just want to
> rate-limit ALL traffic to 10 meg, so i assume using the source address of
> 0.0.0.0/0 is correct.
>
> I had this interface pegged at 100 meg, and when i commited the filter it
> didnt seem to reduce the traffic. Any ideas?
>
> ge-0/0/4 {
> description Customer A;
> unit 0 {
> family ethernet-switching {
> port-mode access;
> vlan {
> members 38;
> }
> filter {
> input rate-limit-10m;
>
>
> policer 10m {
> filter-specific;
> if-exceeding {
> bandwidth-limit 10m;
> burst-size-limit 100k;
> }
> then discard;
> }
> family ethernet-switching {
> filter rate-limit-10m {
> interface-specific;
> term 1 {
> from {
> source-address {
> 0.0.0.0/0;
> }
> }
> then policer 10m;
>
>
> root at switch> show firewall filter rate-limit-10m-ge-0/0/4.0-i
>
> Filter: rate-limit-10m-ge-0/0/4.0-i
> Policers:
> Name Packets
> 10m 2012276
>
>
>
>
>
>
> ----- Original Message -----
> From: masood at nexlinx.net.pk
> To: "Brendan" <Mannella at nexlinx.net.pk>, juniper-nsp at puck.nether.net
> Sent: Tuesday, May 19, 2009 6:02:57 PM GMT -05:00 US/Canada Eastern
> Subject: Re: [j-nsp] Ex Series Bandwidth Policer
>
> The way you have done it, bandwidth will be shared among multiple
> interfaces. Adding filter-specific knob to the policer will make them
> unique. Further, use the "interface-specific" command in the firewall
> filter, In this case you can use the same filter in multiple interfaces
> without having shared bandwidth.
>
> firewall {
> policer 10m {
> filter-specific;------------ this will make all policer unique.
> if-exceeding {
> bandwidth-limit 10m;
> burst-size-limit 100k;
> }
> then discard;
>
> Create a filter instead of applying filter directly on an interface and
> use filter-specific under [edit firewall family family-name filter
> filter-name]
>
> Regards,
> Masood
> Blog: http://weblogs.com.pk/jahil/
>
>
>
>
> -----Original Message-----
> From: juniper-nsp-bounces at puck.nether.net
> [mailto:juniper-nsp-bounces at puck.nether.net] On Behalf Of Brendan Mannella
> Sent: Tuesday, May 19, 2009 7:36 PM
> To: juniper-nsp at puck.nether.net
> Subject: [j-nsp] Ex Series Bandwidth Policer
>
>
>
> Hi,
>
>
>
> I was wondering what the best way to limit bandwidth per customer port on
> a EX3200 would be.
>
>
>
> Lets say i have customer A on port 3 and customer B on port 4 and would
> like to give each one 10 mbits per sec up and down. Something like this...
>
>
>
>
>
> ge-0/0/3 {
> description Customer A;
> unit 0 {
> family ethernet-switching {
> port-mode access;
> vlan {
> members 43;
>
>
>
>
> ge-0/0/4 {
> description Customer B;
> unit 0 {
> family ethernet-switching {
> port-mode access;
> vlan {
> members 44 ;
>
>
>
> firewall {
> policer 10m {
> if-exceeding {
> bandwidth-limit 10m;
> burst-size-limit 100k;
> }
> then discard;
>
>
> Then i would just apply the 10m policer to both interfaces for both input
> and output?
>
>
>
> Any clarification on this would be helpful.
>
>
>
> Thanks,
>
>
>
> Brendan
>
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
More information about the juniper-nsp
mailing list