[j-nsp] instance-specific filters for VPLS BUM/flood filtering
Saku Ytti
saku at ytti.fi
Tue Nov 6 08:25:31 EST 2012
On (2012-11-06 13:43 +0100), Sebastian Wiesinger wrote:
> Just to be sure, could you try to use the "interface-specific" keyword
> for your filter?
You should have tried that, it won't commit. It was first thing I tried
when testing VPLS.
> I wonder if someone can clear this up. I think shared filters are more
> intuitive and in line with how "normal" interface filters work. But
> then I would need that "instance-specific" knob.
Agreed. I was surprised by my results, infact so surprised I started to
doubt myself, so I just retested. nqe2 is sending traffic to nqe1, nqe1
is not sending anything, so traffic is unidirectional.
I have same FW filter attached to both vpls instances:
if-exceeding {
bandwidth-limit 10m;
burst-size-limit 100k;
}
then discard;
}
Here is what I'm seeing: http://ip.fi/uu10m.png
After issuing
[edit firewall policer POLICE-UNKNOWN_UNICAST]
ytti at nqe1-re0.dk# set if-exceeding bandwidth-limit 42m
Here is what I'm seeing: http://ip.fi/uu42m.png
> At the moment I only see the "solution" to have individual flood
> filters for every VPLS instance which makes large-scale deployment
> complicated (I wanted to apply a standard filter in an apply-group).
Yes.
--
++ytti
More information about the juniper-nsp
mailing list