[j-nsp] Rate limiting v4 and v6 together
Chris Adams
cmadams at hiwaay.net
Wed Jun 1 21:07:48 EDT 2011
I'm currently using interface, policer, and filter config like this to
rate-limit ethernet interfaces to paid bandwidth on an M10i:
interfaces {
fe-1/0/1 {
unit 148 {
description "Some Customer";
bandwidth 10m;
vlan-id 148;
family inet {
filter {
input 10meg;
output 10meg;
}
address x.x.x.x/x;
}
}
}
}
firewall {
policer 10meg {
filter-specific;
if-exceeding {
bandwidth-limit 10m;
burst-size-limit 1250000;
}
then discard;
}
filter 10meg {
interface-specific;
term other {
then {
policer 10meg;
count rate;
accept;
}
}
}
}
This gives me SNMP-graphable in/out counters for each interface that
show after-rate-limiting bits.
Now, I want to add IPv6, but I want to limit (and hopefully graph) the
total bandwidth, not the bandwidth per address family. If I create a
"10megv6" filter under firewall family inet6, the policer is filter
specific, so I would expect the interface to allow 10meg of IPv4 plus
10meg of IPv6.
I used to put a policer directly on the unit under "family inet" (no
counters for SNMP though), but I would also assume doing that under
"family inet" and "family inet6" would also result in separate bandwidth
for IPv4 and IPv6, not shared.
I looked at "family any" filters, but they don't have the same options
(no "interface-specific").
Any suggestions?
--
Chris Adams <cmadams at hiwaay.net>
Systems and Network Administrator - HiWAAY Internet Services
I don't speak for anybody but myself - that's enough trouble.
More information about the juniper-nsp
mailing list