[j-nsp] Aggregate policer config

Ben Dale bdale at comlinx.com.au
Wed Apr 8 20:00:26 EDT 2015

Aggregate policing should be the default behaviour for a *filter*, as long as you don't apply the "interface-specific" knob.

Create a dedicated filter for this customer and apply it to both interfaces.

set firewall family any filter CUST-A-800M term POLICE-800M then policer POLICER-800M
set firewall family any filter CUST-A-800M term POLICE-800M then accept

traffic over either interface will contribute to the filter counter.

The policer itself can be generic/re-used by other filters as long as you *include* filter-specific.

set firewall policer POLICER-800M filter-specific
set firewall policer POLICER-800M if-exceeding bandwidth-limit 800m
set firewall policer POLICER-800M if-exceeding burst-size-limit 10m
set firewall policer POLICER-800M then discard



On 8 Apr 2015, at 7:15 am, Matthew Crocker <matthew at corp.crocker.com> wrote:

> Hello,
> A customer with two connections to my mx240.  I want to police their total bandwidth to 800mbps. Right now I have a 800mbps policer but that gives them 800mbps on each circuit.
> Customer Interface 1 is a VLAN on a 10G interface
> Customer Interface 2 is a VLAN on a 1G interface
> Each interface has its own /30 IP subnet with a  BGP session on each customer IP
> Customer buys X bandwidth we want to give them X bandwidth over a pair of circuits.  If one circuit goes down the policer needs to be set to the X bandwidth the purchased.
> Thanks
> -Matt
> --
> Matthew S. Crocker
> President
> Crocker Communications, Inc.
> PO BOX 710
> Greenfield, MA 01302-0710
> E: matthew at crocker.com
> P: (413) 746-2760
> F: (413) 746-3704
> W: http://www.crocker.com
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp

More information about the juniper-nsp mailing list