[j-nsp] Aggregated policing question
Cydon Satyr
cydonsatyr at gmail.com
Sun Apr 12 14:08:57 EDT 2015
Juniper documentation mentions that regular srTC policer applied in regular
firewall filter will be shared among all interfaces that use that filter
(if those interfaces share same PFE).
So, the following configuration would mean that when applied to two inet
IFL on the same IFF, ingress traffic would be policed at total of 256K.
policer 256K-srTC {
if-exceeding {
bandwidth-limit 256k;
burst-size-limit 15k;
}
then discard;
}
filter agg-inet-policer-256K {
term 10 {
then {
policer 256K-srTC;
}
}
}
Except that it doesn't - if I apply this to say ge-1/0/0.10 and
ge-1/0/0.20, aggregate rate is 500k.
Am I missing something here?
BTW, this is on M320 if it makes a difference.
BR
More information about the juniper-nsp
mailing list