[j-nsp] How to calculate "burst-size-limit" in JUNOS Firewall Policer

Arun Kumar narain.arun at gmail.com
Thu Mar 8 06:24:45 EST 2012


Hi All,

I am facing some issues in calculating the right burst size limit for
Firewall policer in Junos. As per the document, the burst size limit is
calculated like below:

1. The minimum value allowed is 1500 bytes.
2. The minimum value should be 10 times of interface MTU.
3. Burst size limit is calculated for 5ms for data burst. Burst size limit
= (bandwdith limit *0.005)/8

That is for CIR=2048000 (bandwidth limit 2048000 bps), burst size limit is
2048000  * 0.005 / 8 = 1480 bytes. Since this violates point no 2, I set
burst-size-limit to 15180 bytes (interface Gigabit MTU is 1518 bytes). When
I set this, I am not able to pass traffic more than 200kbps. Only I
increase the burst-size-limit to higher random value policer works as
expected.

user at host# show firewall policer TEST
if-exceeding {
    bandwidth-limit 2048000;
    burst-size-limit 15180;
}
then discard;

How to calculate the correct burst-size-limit for Junos Firewall Policer?

thanks
Arun


More information about the juniper-nsp mailing list