[j-nsp] Logical interface policer question

Stefan Fouant sfouant at shortestpathfirst.net
Tue Oct 11 22:08:55 EDT 2011 

Logical-interface policer will group all protocol families on a given logical interface (i.e. unit) into the same policer construct.  Normally, if you have an interface, say ge-0/0/0.0 and you have two protocol families, say family inet and family inet6, both referencing the same input policer, Junos actually invokes two separate policer instances - one for each protocol family. So if the policer was a 100 Mbps policer, each protocol family would get 100 megs...  By enabling the logical-interface policer command, you can think of it aggregating all protocol families on that interface, so now instead of each getting 100 meg, they actually share a single policer instance, effectively sharing 100 meg between the two.

Hope that helps and sorry for any typos, I am on my mobile...

Stefan Fouant
GPG Key ID: 0xB4C956EC

Sent from my HTC EVO.

----- Reply message -----
From: "tim tiriche" <tim.tiriche at gmail.com>
Date: Tue, Oct 11, 2011 8:29 pm
Subject: [j-nsp] Logical interface policer question
To: <juniper-nsp at puck.nether.net>

Hi,

I am preparing for JNCIP-SP exam and would like to understand what
logical interface policer statement does?
The documentation says it is an aggregate policer but it is not very
clear to me.

policer example:

[edit firewall]
+   policer policer-test {
+       logical-interface-policer;
+       if-exceeding {
+           bandwidth-limit 10m;
+           burst-size-limit 100k;
+       }
+       then discard;
+   }


[edit interfaces ge-2/0/0 unit 0]
+      family inet {
+          policer {
+              input policer-test;
+          }
+          address 1.1.1.1/30;
+      }
+      family inet6 {
+          policer {
+              input policer-test;
+          }
+          address abcd::1/64;
+      }
[edit interfaces ge-2/0/0 unit 1]
+      family inet {
+          policer {
+              input policer-test;
+          }
+          address 2.2.2.2/30;
+      }


[edit interfaces]
+   ge-2/0/1 {
+       unit 0 {
+           family inet {
+               policer {
+                   input policer-test;
+               }
+               address 121.1.1.1/30;
+           }
+       }
+   }

does this mean that a total of 10M will be shared among all the
interfaces and protocol families on a first come first serve basis?
or does each unit get 10M (i.e ge-2/0/0 (inet+inet6) = 10M, ge-2/0/0.1
= 10M, ge-2/0/1=10M?
or does each physical interface get 10M? (i.e ge-2/0/0 = 10M + ge-2/0/1 = 10M)

is there any way to check this on a jseries router on a m/t series, i
believe there was a PFE command on the FPC to see the value.

Thanks.
_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

More information about the juniper-nsp mailing list