[j-nsp] JunOS versions, MX and lots of policers

OBrien, Will ObrienH at missouri.edu
Fri Feb 12 21:00:11 EST 2010


I'm currently policing two /16s of ip space with a pair of MX960s. It has My policer config was originally written for a M20.
Here's an example of one of my policers: (real ips are used)

term 10.0.0.0 {
    from {
        address {
            10.0.0.0/26;
        }
    }
    then prefix-action 15MInbound;
}


prefix-action 15MOutbound {
    policer 15MPolicer;
    count;
    subnet-prefix-length 24;
    source-prefix-length 32;
}

and the policer it references:
if-exceeding {
    bandwidth-limit 15m;
    burst-size-limit 1500000;
}
then discard;

This behaves pretty well, but requires that the policer be applied on every /24 that I want.
With two /16s and some /26s in there, this makes for a pretty long config.

I'm curious if anyone has examples of better configs that the JunOS docs. The policer we have now is very close to the examples online.  I'd rather set some larger overall policers, then set exceptions for certain subnets - data center, etc. I'm pretty sure I'm only limited by the maximum number of policers that can be created per instance.

Next question:
I have issues when changing policers with my current code - I have to disable them, change them, the re-enable them to make changes take effect. Anyone else seen this? Will force reload deal with this?

Finally,
Is anyone running version 10 code on their production MXs? How's it doing?


More information about the juniper-nsp mailing list