[j-nsp] Using IPv4/IPv6 combined filter/policy with layer4 filtering
Sebastian Wiesinger
sebastian at karotte.org
Thu May 4 09:17:53 EDT 2017
* Dragan Jovicic <draganj84 at gmail.com> [2017-05-04 14:30]:
> To nitpick, policing is terminating (implicit accept for conforming
> traffic), so you'd need "the next-term" to pass conforming traffic to next
> term. Otherwise you'd pass 200m of ntp plus 1g of other traffic.
> Cascaded policing:
>
> term agg
> then policer 1g
> then next-term
> term ntp
> from ntp
> then policer 200m
> term non-ntp
> then accept
I just noticed, you put agg before the ntp term, which would be bad
because 800Mbit/s of NTP would first steal these from the 1g policer
and after that get policed to 200m if I'm not mistaken?
So I think the correct order would be:
term ntp
from ntp
then policer 200m
then next-term
term agg
then policer 1g
then accept
Regards
Sebastian
--
GPG Key: 0x93A0B9CE (F4F6 B1A3 866B 26E9 450A 9D82 58A2 D94A 93A0 B9CE)
'Are you Death?' ... IT'S THE SCYTHE, ISN'T IT? PEOPLE ALWAYS NOTICE THE SCYTHE.
-- Terry Pratchett, The Fifth Elephant
More information about the juniper-nsp
mailing list