[j-nsp] Logical interface policer question
Chris Cappuccio
chris at nmedia.net
Tue Oct 11 20:59:34 EDT 2011
tim tiriche [tim.tiriche at gmail.com] wrote:
> Hi,
>
> I am preparing for JNCIP-SP exam and would like to understand what
> logical interface policer statement does?
> The documentation says it is an aggregate policer but it is not very
> clear to me.
>
> policer example:
>
> [edit firewall]
> + policer policer-test {
> + logical-interface-policer;
> + if-exceeding {
> + bandwidth-limit 10m;
> + burst-size-limit 100k;
> + }
> + then discard;
> + }
>
>
> [edit interfaces ge-2/0/0 unit 0]
> + family inet {
> + policer {
> + input policer-test;
> + }
> + address 1.1.1.1/30;
> + }
> + family inet6 {
> + policer {
> + input policer-test;
> + }
> + address abcd::1/64;
> + }
> [edit interfaces ge-2/0/0 unit 1]
> + family inet {
> + policer {
> + input policer-test;
> + }
> + address 2.2.2.2/30;
> + }
>
>
> [edit interfaces]
> + ge-2/0/1 {
> + unit 0 {
> + family inet {
> + policer {
> + input policer-test;
> + }
> + address 121.1.1.1/30;
> + }
> + }
> + }
>
> does this mean that a total of 10M will be shared among all the
> interfaces and protocol families on a first come first serve basis?
> or does each unit get 10M (i.e ge-2/0/0 (inet+inet6) = 10M, ge-2/0/0.1
> = 10M, ge-2/0/1=10M?
> or does each physical interface get 10M? (i.e ge-2/0/0 = 10M + ge-2/0/1 = 10M)
>
> is there any way to check this on a jseries router on a m/t series, i
> believe there was a PFE command on the FPC to see the value.
You don't have any aggregated interfaces listed here. By applying the policer to each ge-x/x/x interface, you are applying separate rate limits to each interface. If your aggregation doesn't involve the specifically limited units ge-2/0/0.0, ge-2/0/0.1 or ge-2/0/1.0 then you won't see any rate limiting.
More information about the juniper-nsp
mailing list