[j-nsp] Aggregate policer config
Ben Dale
bdale at comlinx.com.au
Thu Apr 9 02:03:08 EDT 2015
On 9 Apr 2015, at 10:22 am, Mark Tees <marktees at gmail.com> wrote:
> I would be curious to know if/how the aggregate behaviour works
> between different line cards/PFE.
I was wondering this too, so I did a bit of digging - Page 198 of Doug Hanks' MX Series book suggests it doesn't - quoting:
"The same filter can be applied to multiple interfaces at the same time. By default on MX Routers, these filters will sum (or aggregate) their counters and policing actions when those interfaces share a PFE."
I've only got MX80s here in the lab just now, which I think share a PFE for both FPC 0 and FPC1 - I can apply the same filter/policer to both a 10G and a 1G interface and get the aggregate bandwidth between interfaces to be dictated by the policer.
> Just to clarify here:
>
> set firewall policer POLICER-800M filter-specific
> set firewall policer POLICER-800M if-exceeding bandwidth-limit 800m
> set firewall policer POLICER-800M if-exceeding burst-size-limit 10m
> set firewall policer POLICER-800M then discard
>
> This should result in the policer/counter actions being created per
> the filter they are used in but still shared within that filter
> providing "interface-specific" is not used right?
Yes, correct, however I suspect that the policer aggregate would again be per PFE.
So, back to the OP's question - you *should* be able to use a single filter, provided both your customer's links are on an MPC1 or MPC3E with 1G / 10G MICs.
If that's not the case, then stick with the per-interface 800M policer and just apply local-preference to your customers routes as you import them to ensure their traffic is always preferred via the 10G link (while it's up), and use MED/metric to encourage them to use the 10G link for their outbound.
Cheers,
Ben
More information about the juniper-nsp
mailing list