[j-nsp] EX3200/EX4200 Rate-Limit

Felix Schueren felix.schueren at hosteurope.de
Mon Nov 16 13:22:49 EST 2009


Dan,

> 
> firewall {
>     policer 500m {
>         if-exceeding {
>             bandwidth-limit 600m;
>             burst-size-limit 15m;
>         }
>         then discard;
>     }
>     family inet {
>         filter 500m-limit {
>             term default {
>                 then policer 500m;
>             }
>         }
>     }
> }
> 
> 
> dang at cs0.sov.uk# show interfaces ge-0/0/4  
> description SERVER::mirror0.sov.uk;
> unit 0 {
>     family inet {
>         filter {
>             input 500m-limit;
>         }
>         address x.x.x.x/y;
>     }
> }
> 
> 

if you apply that firewall-filter to multiple interfaces (or simply
reference the same policer from within different filters), they will all
share the same bucket. I.e. if one of those interfaces exceeds the
limit, all other interfaces using the same policer will drop packets,
even if they're different customers or different filters. If you want a
generic "500m" limit and reference that from different filters, on
M-series you can simply use "filter-specific" within the policer and it
will generate internal policers automatically for each reference within
a different filter - the EXes won't.

Kind regards.

Felix

-- 
Felix Schüren
Head of Network

-----------------------------------------------------------------------
Host Europe GmbH - http://www.hosteurope.de
Welserstraße 14 - 51149 Köln - Germany
Telefon: 0800 467 8387 - Fax: +49 180 5 66 3233 (*)
HRB 28495 Amtsgericht Köln - USt-IdNr.: DE187370678
Geschäftsführer:
Uwe Braun - Alex Collins - Mark Joseph - Patrick Pulvermüller

(*) 0,14 EUR/Min. aus dem dt. Festnetz, Mobilfunkpreise ggf. abweichend


More information about the juniper-nsp mailing list