[j-nsp] Aggregate policer config
Ben Dale
bdale at comlinx.com.au
Wed Apr 8 20:00:26 EDT 2015
Aggregate policing should be the default behaviour for a *filter*, as long as you don't apply the "interface-specific" knob.
Create a dedicated filter for this customer and apply it to both interfaces.
set firewall family any filter CUST-A-800M term POLICE-800M then policer POLICER-800M
set firewall family any filter CUST-A-800M term POLICE-800M then accept
traffic over either interface will contribute to the filter counter.
The policer itself can be generic/re-used by other filters as long as you *include* filter-specific.
set firewall policer POLICER-800M filter-specific
set firewall policer POLICER-800M if-exceeding bandwidth-limit 800m
set firewall policer POLICER-800M if-exceeding burst-size-limit 10m
set firewall policer POLICER-800M then discard
Cheers,
Ben
On 8 Apr 2015, at 7:15 am, Matthew Crocker <matthew at corp.crocker.com> wrote:
>
> Hello,
>
> A customer with two connections to my mx240. I want to police their total bandwidth to 800mbps. Right now I have a 800mbps policer but that gives them 800mbps on each circuit.
>
> Customer Interface 1 is a VLAN on a 10G interface
> Customer Interface 2 is a VLAN on a 1G interface
>
> Each interface has its own /30 IP subnet with a BGP session on each customer IP
>
> Customer buys X bandwidth we want to give them X bandwidth over a pair of circuits. If one circuit goes down the policer needs to be set to the X bandwidth the purchased.
>
> Thanks
>
> -Matt
>
> --
> Matthew S. Crocker
> President
> Crocker Communications, Inc.
> PO BOX 710
> Greenfield, MA 01302-0710
>
> E: matthew at crocker.com
> P: (413) 746-2760
> F: (413) 746-3704
> W: http://www.crocker.com
>
>
>
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
More information about the juniper-nsp
mailing list