[j-nsp] Aggregated policing question
Amarjeet Singh
techie.logging at gmail.com
Wed Apr 15 13:04:53 EDT 2015
>
> Hello Cydon - adding "filter-specific" knob will not help if you want to
> police 2 x IFL's as aggregate/combines rate.
>
Use "physical-interface" knob for policer & Filter if you want your IFL's
ge-1/0/0.10 & ge-1/0/0.20 don't exceed rate 256kbs.
In your example
policer 256K-srTC {
physical-interface-policer ######
if-exceeding {
bandwidth-limit 256k;
burst-size-limit 15k;
}
then discard;
}
filter agg-inet-policer-256K {
physical-interface-filter; #####
term 10 {
then {
policer 256K-srTC;
}
}
}
Apply above on input of your both IFL's and thanks me later ;)
Br, Amarjeet
>
>
>
>
> Date: Tue, 14 Apr 2015 19:42:29 +0200
> From: Cydon Satyr <cydonsatyr at gmail.com>
> To: Eduardo Schoedler <listas at esds.com.br>
> Cc: "juniper-nsp at puck.nether.net" <juniper-nsp at puck.nether.net>
> Subject: Re: [j-nsp] Aggregated policing question
> Message-ID:
> <CAF0PUwdf6jBJ_zEXLiho16E6qLY2i909QpUT_+=
> QJYYZoL5yQg at mail.gmail.com>
> Content-Type: text/plain; charset=UTF-8
>
> Maybe somebody has another idea?
>
> Eduardo, thanks for the suggestion again.
>
> BR
>
> On Sun, Apr 12, 2015 at 8:28 PM, Cydon Satyr <cydonsatyr at gmail.com> wrote:
>
> > Doesn't help.
> >
> > Wouldn't that know make it non-aggregate anyway?
> >
> > BR
> >
> > On Sun, Apr 12, 2015 at 8:17 PM, Eduardo Schoedler <listas at esds.com.br>
> > wrote:
> >
> >> Try set "filter-specific" in the policer.
> >>
> >> --
> >> Eduardo Schoedler
> >>
> >> Em domingo, 12 de abril de 2015, Cydon Satyr <cydonsatyr at gmail.com>
> >> escreveu:
> >>
> >>> Juniper documentation mentions that regular srTC policer applied in
> >>> regular
> >>> firewall filter will be shared among all interfaces that use that
> filter
> >>> (if those interfaces share same PFE).
> >>>
> >>> So, the following configuration would mean that when applied to two
> inet
> >>> IFL on the same IFF, ingress traffic would be policed at total of 256K.
> >>>
> >>>
> >>> policer 256K-srTC {
> >>> if-exceeding {
> >>> bandwidth-limit 256k;
> >>> burst-size-limit 15k;
> >>> }
> >>> then discard;
> >>> }
> >>>
> >>> filter agg-inet-policer-256K {
> >>> term 10 {
> >>> then {
> >>> policer 256K-srTC;
> >>> }
> >>> }
> >>> }
> >>>
> >>> Except that it doesn't - if I apply this to say ge-1/0/0.10 and
> >>> ge-1/0/0.20, aggregate rate is 500k.
> >>>
> >>> Am I missing something here?
> >>>
> >>> BTW, this is on M320 if it makes a difference.
> >>>
> >>> BR
> >>> _______________________________________________
> >>> juniper-nsp mailing list juniper-nsp at puck.nether.net
> >>> https://puck.nether.net/mailman/listinfo/juniper-nsp
> >>>
> >>
> >>
> >> --
> >> Eduardo Schoedler
> >>
> >>
> >
>
>
> -
More information about the juniper-nsp
mailing list