[j-nsp] Aggregated policing question
Cydon Satyr
cydonsatyr at gmail.com
Tue Apr 14 13:42:29 EDT 2015
Maybe somebody has another idea?
Eduardo, thanks for the suggestion again.
BR
On Sun, Apr 12, 2015 at 8:28 PM, Cydon Satyr <cydonsatyr at gmail.com> wrote:
> Doesn't help.
>
> Wouldn't that know make it non-aggregate anyway?
>
> BR
>
> On Sun, Apr 12, 2015 at 8:17 PM, Eduardo Schoedler <listas at esds.com.br>
> wrote:
>
>> Try set "filter-specific" in the policer.
>>
>> --
>> Eduardo Schoedler
>>
>> Em domingo, 12 de abril de 2015, Cydon Satyr <cydonsatyr at gmail.com>
>> escreveu:
>>
>>> Juniper documentation mentions that regular srTC policer applied in
>>> regular
>>> firewall filter will be shared among all interfaces that use that filter
>>> (if those interfaces share same PFE).
>>>
>>> So, the following configuration would mean that when applied to two inet
>>> IFL on the same IFF, ingress traffic would be policed at total of 256K.
>>>
>>>
>>> policer 256K-srTC {
>>> if-exceeding {
>>> bandwidth-limit 256k;
>>> burst-size-limit 15k;
>>> }
>>> then discard;
>>> }
>>>
>>> filter agg-inet-policer-256K {
>>> term 10 {
>>> then {
>>> policer 256K-srTC;
>>> }
>>> }
>>> }
>>>
>>> Except that it doesn't - if I apply this to say ge-1/0/0.10 and
>>> ge-1/0/0.20, aggregate rate is 500k.
>>>
>>> Am I missing something here?
>>>
>>> BTW, this is on M320 if it makes a difference.
>>>
>>> BR
>>> _______________________________________________
>>> juniper-nsp mailing list juniper-nsp at puck.nether.net
>>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>>>
>>
>>
>> --
>> Eduardo Schoedler
>>
>>
>
More information about the juniper-nsp
mailing list