[j-nsp] Using IPv4/IPv6 combined filter/policy with layer4 filtering

Sebastian Wiesinger sebastian at karotte.org
Thu May 4 09:13:14 EDT 2017


* Dragan Jovicic <draganj84 at gmail.com> [2017-05-04 14:30]:
> To nitpick, policing is terminating (implicit accept for conforming
> traffic), so you'd need "the next-term" to pass conforming traffic to next
> term. Otherwise you'd pass 200m of ntp plus 1g of other traffic.
> Cascaded policing:
> 
> term agg
>    then policer 1g
>    then next-term
> term ntp
>    from ntp
>    then policer 200m
> term non-ntp
>    then accept

Of course, you're right. I was thinking about policy filters.

Regards

Sebastian

-- 
GPG Key: 0x93A0B9CE (F4F6 B1A3 866B 26E9 450A  9D82 58A2 D94A 93A0 B9CE)
'Are you Death?' ... IT'S THE SCYTHE, ISN'T IT? PEOPLE ALWAYS NOTICE THE SCYTHE.
            -- Terry Pratchett, The Fifth Elephant


More information about the juniper-nsp mailing list