[j-nsp] SRX-3600 Rate limit

DeathPacket deathpacket at gmail.com
Tue Nov 30 16:46:28 EST 2010


Atif,

I put this together to limit itunes traffic to 1mb.

Use a firewall filter to police the traffic (I did specify www.apple.com but
it resolved the address automatically, this may be an issue when round robin
DNS happens). You can more specific (i.e. Port 80 etc..) but I was just
checking base functionality.


firewall {
    policer Apple {
        if-exceeding {
            bandwidth-limit 1m;
            burst-size-limit 50k;
        }
        then discard;
    }
    filter Apple-Rate-Limit {
        term 1 {
            from {
                destination-address {
                    184.85.45.15/32;
                }
            }
            then {
                policer Apple;
                accept;
            }
        }
        term 2 {
            then accept;
        }
    }
}


Then add the filter to an interface: (this is my trust interface)


    fe-0/0/7 {
        unit 0 {
            family inet {
                filter {
                    input-list Apple-Rate-Limit;
                }
                address 192.168.200.238/24;
            }
        }
    }

--Ben

On Tue, Nov 30, 2010 at 10:11 AM, atif naeem <col.atif at gmail.com> wrote:

> Hi folks ,
> Can any one tell me how to implement rate limit on SRX-3600 .I have junos
> version 10.0R2.10 . i want to restrict user on 1mb.
>
> BR
> Atif Naeem
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>


More information about the juniper-nsp mailing list