[j-nsp] Aggregate policer config

Mark Tees marktees at gmail.com
Wed Apr 8 20:22:22 EDT 2015 

I would be curious to know if/how the aggregate behaviour works
between different line cards/PFE.

Just to clarify here:

set firewall policer POLICER-800M filter-specific
set firewall policer POLICER-800M if-exceeding bandwidth-limit 800m
set firewall policer POLICER-800M if-exceeding burst-size-limit 10m
set firewall policer POLICER-800M then discard

This should result in the policer/counter actions being created per
the filter they are used in but still shared within that filter
providing "interface-specific" is not used right?

On Thu, Apr 9, 2015 at 10:00 AM, Ben Dale <bdale at comlinx.com.au> wrote:
> Aggregate policing should be the default behaviour for a *filter*, as long as you don't apply the "interface-specific" knob.
>
> Create a dedicated filter for this customer and apply it to both interfaces.
>
> set firewall family any filter CUST-A-800M term POLICE-800M then policer POLICER-800M
> set firewall family any filter CUST-A-800M term POLICE-800M then accept
>
> traffic over either interface will contribute to the filter counter.
>
> The policer itself can be generic/re-used by other filters as long as you *include* filter-specific.
>
> set firewall policer POLICER-800M filter-specific
> set firewall policer POLICER-800M if-exceeding bandwidth-limit 800m
> set firewall policer POLICER-800M if-exceeding burst-size-limit 10m
> set firewall policer POLICER-800M then discard
>
> Cheers,
>
> Ben
>
> On 8 Apr 2015, at 7:15 am, Matthew Crocker <matthew at corp.crocker.com> wrote:
>
>>
>> Hello,
>>
>> A customer with two connections to my mx240.  I want to police their total bandwidth to 800mbps. Right now I have a 800mbps policer but that gives them 800mbps on each circuit.
>>
>> Customer Interface 1 is a VLAN on a 10G interface
>> Customer Interface 2 is a VLAN on a 1G interface
>>
>> Each interface has its own /30 IP subnet with a  BGP session on each customer IP
>>
>> Customer buys X bandwidth we want to give them X bandwidth over a pair of circuits.  If one circuit goes down the policer needs to be set to the X bandwidth the purchased.
>>
>> Thanks
>>
>> -Matt
>>
>> --
>> Matthew S. Crocker
>> President
>> Crocker Communications, Inc.
>> PO BOX 710
>> Greenfield, MA 01302-0710
>>
>> E: matthew at crocker.com
>> P: (413) 746-2760
>> F: (413) 746-3704
>> W: http://www.crocker.com
>>
>>
>>
>>
>> _______________________________________________
>> juniper-nsp mailing list juniper-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp



-- 
Regards,

Mark L. Tees

More information about the juniper-nsp mailing list