[j-nsp] Aggregate policer config
marktees at gmail.com
Wed Apr 8 20:22:22 EDT 2015
I would be curious to know if/how the aggregate behaviour works
between different line cards/PFE.
Just to clarify here:
set firewall policer POLICER-800M filter-specific
set firewall policer POLICER-800M if-exceeding bandwidth-limit 800m
set firewall policer POLICER-800M if-exceeding burst-size-limit 10m
set firewall policer POLICER-800M then discard
This should result in the policer/counter actions being created per
the filter they are used in but still shared within that filter
providing "interface-specific" is not used right?
On Thu, Apr 9, 2015 at 10:00 AM, Ben Dale <bdale at comlinx.com.au> wrote:
> Aggregate policing should be the default behaviour for a *filter*, as long as you don't apply the "interface-specific" knob.
> Create a dedicated filter for this customer and apply it to both interfaces.
> set firewall family any filter CUST-A-800M term POLICE-800M then policer POLICER-800M
> set firewall family any filter CUST-A-800M term POLICE-800M then accept
> traffic over either interface will contribute to the filter counter.
> The policer itself can be generic/re-used by other filters as long as you *include* filter-specific.
> set firewall policer POLICER-800M filter-specific
> set firewall policer POLICER-800M if-exceeding bandwidth-limit 800m
> set firewall policer POLICER-800M if-exceeding burst-size-limit 10m
> set firewall policer POLICER-800M then discard
> On 8 Apr 2015, at 7:15 am, Matthew Crocker <matthew at corp.crocker.com> wrote:
>> A customer with two connections to my mx240. I want to police their total bandwidth to 800mbps. Right now I have a 800mbps policer but that gives them 800mbps on each circuit.
>> Customer Interface 1 is a VLAN on a 10G interface
>> Customer Interface 2 is a VLAN on a 1G interface
>> Each interface has its own /30 IP subnet with a BGP session on each customer IP
>> Customer buys X bandwidth we want to give them X bandwidth over a pair of circuits. If one circuit goes down the policer needs to be set to the X bandwidth the purchased.
>> Matthew S. Crocker
>> Crocker Communications, Inc.
>> PO BOX 710
>> Greenfield, MA 01302-0710
>> E: matthew at crocker.com
>> P: (413) 746-2760
>> F: (413) 746-3704
>> W: http://www.crocker.com
>> juniper-nsp mailing list juniper-nsp at puck.nether.net
> juniper-nsp mailing list juniper-nsp at puck.nether.net
Mark L. Tees
More information about the juniper-nsp