[j-nsp] Aggregated policing question
Cydon Satyr
cydonsatyr at gmail.com
Sun Apr 12 14:28:13 EDT 2015
Doesn't help.
Wouldn't that know make it non-aggregate anyway?
BR
On Sun, Apr 12, 2015 at 8:17 PM, Eduardo Schoedler <listas at esds.com.br>
wrote:
> Try set "filter-specific" in the policer.
>
> --
> Eduardo Schoedler
>
> Em domingo, 12 de abril de 2015, Cydon Satyr <cydonsatyr at gmail.com>
> escreveu:
>
>> Juniper documentation mentions that regular srTC policer applied in
>> regular
>> firewall filter will be shared among all interfaces that use that filter
>> (if those interfaces share same PFE).
>>
>> So, the following configuration would mean that when applied to two inet
>> IFL on the same IFF, ingress traffic would be policed at total of 256K.
>>
>>
>> policer 256K-srTC {
>> if-exceeding {
>> bandwidth-limit 256k;
>> burst-size-limit 15k;
>> }
>> then discard;
>> }
>>
>> filter agg-inet-policer-256K {
>> term 10 {
>> then {
>> policer 256K-srTC;
>> }
>> }
>> }
>>
>> Except that it doesn't - if I apply this to say ge-1/0/0.10 and
>> ge-1/0/0.20, aggregate rate is 500k.
>>
>> Am I missing something here?
>>
>> BTW, this is on M320 if it makes a difference.
>>
>> BR
>> _______________________________________________
>> juniper-nsp mailing list juniper-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>>
>
>
> --
> Eduardo Schoedler
>
>
More information about the juniper-nsp
mailing list