[j-nsp] Aggregated policing question

Amarjeet Singh techie.logging at gmail.com
Wed Apr 15 13:04:53 EDT 2015


>
> Hello Cydon - adding "filter-specific" knob will not help if you want to
> police 2 x IFL's as aggregate/combines rate.
>

Use "physical-interface" knob for policer & Filter if you want your IFL's
ge-1/0/0.10 & ge-1/0/0.20 don't exceed rate 256kbs.

In your example

policer 256K-srTC {
physical-interface-policer ######
    if-exceeding {
         bandwidth-limit 256k;
         burst-size-limit 15k;
     }
    then discard;
 }

filter agg-inet-policer-256K {
physical-interface-filter; #####
      term 10 {
         then {
             policer 256K-srTC;
         }
      }
    }

Apply above on input of your both IFL's and thanks me later ;)

Br, Amarjeet


>
>
>
>
> Date: Tue, 14 Apr 2015 19:42:29 +0200
> From: Cydon Satyr <cydonsatyr at gmail.com>
> To: Eduardo Schoedler <listas at esds.com.br>
> Cc: "juniper-nsp at puck.nether.net" <juniper-nsp at puck.nether.net>
> Subject: Re: [j-nsp] Aggregated policing question
> Message-ID:
>         <CAF0PUwdf6jBJ_zEXLiho16E6qLY2i909QpUT_+=
> QJYYZoL5yQg at mail.gmail.com>
> Content-Type: text/plain; charset=UTF-8
>
> Maybe somebody has another idea?
>
> Eduardo, thanks for the suggestion again.
>
> BR
>
> On Sun, Apr 12, 2015 at 8:28 PM, Cydon Satyr <cydonsatyr at gmail.com> wrote:
>
> > Doesn't help.
> >
> > Wouldn't that know make it non-aggregate anyway?
> >
> > BR
> >
> > On Sun, Apr 12, 2015 at 8:17 PM, Eduardo Schoedler <listas at esds.com.br>
> > wrote:
> >
> >> Try set "filter-specific" in the policer.
> >>
> >> --
> >> Eduardo Schoedler
> >>
> >> Em domingo, 12 de abril de 2015, Cydon Satyr <cydonsatyr at gmail.com>
> >> escreveu:
> >>
> >>> Juniper documentation mentions that regular srTC policer applied in
> >>> regular
> >>> firewall filter will be shared among all interfaces that use that
> filter
> >>> (if those interfaces share same PFE).
> >>>
> >>> So, the following configuration would mean that when applied to two
> inet
> >>> IFL on the same IFF, ingress traffic would be policed at total of 256K.
> >>>
> >>>
> >>> policer 256K-srTC {
> >>>     if-exceeding {
> >>>         bandwidth-limit 256k;
> >>>         burst-size-limit 15k;
> >>>     }
> >>>     then discard;
> >>> }
> >>>
> >>>   filter agg-inet-policer-256K {
> >>>       term 10 {
> >>>           then {
> >>>               policer 256K-srTC;
> >>>            }
> >>>       }
> >>>     }
> >>>
> >>> Except that it doesn't - if I apply this to say ge-1/0/0.10 and
> >>> ge-1/0/0.20, aggregate rate is 500k.
> >>>
> >>> Am I missing something here?
> >>>
> >>> BTW, this is on M320 if it makes a difference.
> >>>
> >>> BR
> >>> _______________________________________________
> >>> juniper-nsp mailing list juniper-nsp at puck.nether.net
> >>> https://puck.nether.net/mailman/listinfo/juniper-nsp
> >>>
> >>
> >>
> >> --
> >> Eduardo Schoedler
> >>
> >>
> >
>
>
> -


More information about the juniper-nsp mailing list