[j-nsp] Using IPv4/IPv6 combined filter/policy with layer4 filtering
Dragan Jovicic
draganj84 at gmail.com
Thu May 4 10:11:42 EDT 2017
I was concentrating on 'then next-term" usage.
You are right, in this case second version is certainly better !
BR,
+Dragan
On Thu, May 4, 2017 at 3:17 PM, Sebastian Wiesinger <sebastian at karotte.org>
wrote:
> * Dragan Jovicic <draganj84 at gmail.com> [2017-05-04 14:30]:
> > To nitpick, policing is terminating (implicit accept for conforming
> > traffic), so you'd need "the next-term" to pass conforming traffic to
> next
> > term. Otherwise you'd pass 200m of ntp plus 1g of other traffic.
> > Cascaded policing:
> >
> > term agg
> > then policer 1g
> > then next-term
> > term ntp
> > from ntp
> > then policer 200m
> > term non-ntp
> > then accept
>
> I just noticed, you put agg before the ntp term, which would be bad
> because 800Mbit/s of NTP would first steal these from the 1g policer
> and after that get policed to 200m if I'm not mistaken?
>
> So I think the correct order would be:
>
> term ntp
> from ntp
> then policer 200m
> then next-term
> term agg
> then policer 1g
> then accept
>
> Regards
> Sebastian
>
> --
> GPG Key: 0x93A0B9CE (F4F6 B1A3 866B 26E9 450A 9D82 58A2 D94A 93A0 B9CE)
> 'Are you Death?' ... IT'S THE SCYTHE, ISN'T IT? PEOPLE ALWAYS NOTICE THE
> SCYTHE.
> -- Terry Pratchett, The Fifth Elephant
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
More information about the juniper-nsp
mailing list