[j-nsp] Aggregated policing question
Eduardo Schoedler
listas at esds.com.br
Sun Apr 12 14:17:18 EDT 2015
Try set "filter-specific" in the policer.
--
Eduardo Schoedler
Em domingo, 12 de abril de 2015, Cydon Satyr <cydonsatyr at gmail.com>
escreveu:
> Juniper documentation mentions that regular srTC policer applied in regular
> firewall filter will be shared among all interfaces that use that filter
> (if those interfaces share same PFE).
>
> So, the following configuration would mean that when applied to two inet
> IFL on the same IFF, ingress traffic would be policed at total of 256K.
>
>
> policer 256K-srTC {
> if-exceeding {
> bandwidth-limit 256k;
> burst-size-limit 15k;
> }
> then discard;
> }
>
> filter agg-inet-policer-256K {
> term 10 {
> then {
> policer 256K-srTC;
> }
> }
> }
>
> Except that it doesn't - if I apply this to say ge-1/0/0.10 and
> ge-1/0/0.20, aggregate rate is 500k.
>
> Am I missing something here?
>
> BTW, this is on M320 if it makes a difference.
>
> BR
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net <javascript:;>
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
--
Eduardo Schoedler
More information about the juniper-nsp
mailing list