[j-nsp] Aggregated policing question

Cydon Satyr cydonsatyr at gmail.com
Thu Apr 16 09:51:03 EDT 2015


It works :)
Thanks!

Please, if you don't mind just helping me clear this confusion - why does
documentation says that filter using policer will by default share one
instance of that policer? When does this apply then?
Also will your physical-interface-filter share policer instance if applied
to different physical interfaces, for example 2/0/1.10 and 2/0/2.10? How to
share among these when they have same PFE?

Thanks a lot again you don't need to answer above I'm just confused a bit
about what documentation says.

Regards!!

On Wed, Apr 15, 2015 at 7:04 PM, Amarjeet Singh <techie.logging at gmail.com>
wrote:

> Hello Cydon - adding "filter-specific" knob will not help if you want to
>> police 2 x IFL's as aggregate/combines rate.
>>
>
> Use "physical-interface" knob for policer & Filter if you want your IFL's
> ge-1/0/0.10 & ge-1/0/0.20 don't exceed rate 256kbs.
>
> In your example
>
> policer 256K-srTC {
> physical-interface-policer ######
>     if-exceeding {
>          bandwidth-limit 256k;
>          burst-size-limit 15k;
>      }
>     then discard;
>  }
>
> filter agg-inet-policer-256K {
> physical-interface-filter; #####
>       term 10 {
>          then {
>              policer 256K-srTC;
>          }
>       }
>     }
>
> Apply above on input of your both IFL's and thanks me later ;)
>
> Br, Amarjeet
>
>
>>
>>
>>
>>
>> Date: Tue, 14 Apr 2015 19:42:29 +0200
>> From: Cydon Satyr <cydonsatyr at gmail.com>
>> To: Eduardo Schoedler <listas at esds.com.br>
>> Cc: "juniper-nsp at puck.nether.net" <juniper-nsp at puck.nether.net>
>> Subject: Re: [j-nsp] Aggregated policing question
>> Message-ID:
>>         <CAF0PUwdf6jBJ_zEXLiho16E6qLY2i909QpUT_+=
>> QJYYZoL5yQg at mail.gmail.com>
>> Content-Type: text/plain; charset=UTF-8
>>
>>
>> Maybe somebody has another idea?
>>
>> Eduardo, thanks for the suggestion again.
>>
>> BR
>>
>> On Sun, Apr 12, 2015 at 8:28 PM, Cydon Satyr <cydonsatyr at gmail.com>
>> wrote:
>>
>> > Doesn't help.
>> >
>> > Wouldn't that know make it non-aggregate anyway?
>> >
>> > BR
>> >
>> > On Sun, Apr 12, 2015 at 8:17 PM, Eduardo Schoedler <listas at esds.com.br>
>> > wrote:
>> >
>> >> Try set "filter-specific" in the policer.
>> >>
>> >> --
>> >> Eduardo Schoedler
>> >>
>> >> Em domingo, 12 de abril de 2015, Cydon Satyr <cydonsatyr at gmail.com>
>> >> escreveu:
>> >>
>> >>> Juniper documentation mentions that regular srTC policer applied in
>> >>> regular
>> >>> firewall filter will be shared among all interfaces that use that
>> filter
>> >>> (if those interfaces share same PFE).
>> >>>
>> >>> So, the following configuration would mean that when applied to two
>> inet
>> >>> IFL on the same IFF, ingress traffic would be policed at total of
>> 256K.
>> >>>
>> >>>
>> >>> policer 256K-srTC {
>> >>>     if-exceeding {
>> >>>         bandwidth-limit 256k;
>> >>>         burst-size-limit 15k;
>> >>>     }
>> >>>     then discard;
>> >>> }
>> >>>
>> >>>   filter agg-inet-policer-256K {
>> >>>       term 10 {
>> >>>           then {
>> >>>               policer 256K-srTC;
>> >>>            }
>> >>>       }
>> >>>     }
>> >>>
>> >>> Except that it doesn't - if I apply this to say ge-1/0/0.10 and
>> >>> ge-1/0/0.20, aggregate rate is 500k.
>> >>>
>> >>> Am I missing something here?
>> >>>
>> >>> BTW, this is on M320 if it makes a difference.
>> >>>
>> >>> BR
>> >>> _______________________________________________
>> >>> juniper-nsp mailing list juniper-nsp at puck.nether.net
>> >>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>> >>>
>> >>
>> >>
>> >> --
>> >> Eduardo Schoedler
>> >>
>> >>
>> >
>>
>>
>> -
>
>


More information about the juniper-nsp mailing list