[j-nsp] Destination-based policing on MX

Pavel Gulchouck gul at gul.kiev.ua
Fri Oct 9 03:14:38 EDT 2009


Is it possible to limit traffic from clients based on destination interface?

I have national and international upstreams and want to limit 
international traffic from clients independent of national traffic. 
Upstreams connected to different physical 10GE-interfaces on MX480, 
so I cannot policing on egress (different ICHIPs). But destination-class 
is not known for ingress filter because it needs routing lookup.
Needed feature is like using bgp table-map and "bgp-policy destination"
on cisco routers. Something like dynamic (bgp-based) acl or ingress 
policing after routing lookup.

Any solution or hint?



More information about the juniper-nsp mailing list