[j-nsp] Using IPv4/IPv6 combined filter/policy with layer4 filtering
Alexander Arseniev
arseniev at btinternet.com
Fri May 5 05:02:10 EDT 2017
Hello,
to nitpick ^ 2, if You DON'T want Your conforming NTP traffic to be
re-policed by AGG policer, You have to mark it somehow, i.e. with a
forwarding-class.
term ntp
from ntp
then policer 200m
then next-term
then forwarding-class MARKER
term agg
from forwarding-class-except MARKER
then policer 1g
then accept
Or simply use hierarchical policer.
HTH
Thanks
Alex
On 04/05/2017 14:17, Sebastian Wiesinger wrote:
> * Dragan Jovicic <draganj84 at gmail.com> [2017-05-04 14:30]:
>> To nitpick, policing is terminating (implicit accept for conforming
>> traffic), so you'd need "the next-term" to pass conforming traffic to next
>> term. Otherwise you'd pass 200m of ntp plus 1g of other traffic.
>> Cascaded policing:
>>
>> term agg
>> then policer 1g
>> then next-term
>> term ntp
>> from ntp
>> then policer 200m
>> term non-ntp
>> then accept
> I just noticed, you put agg before the ntp term, which would be bad
> because 800Mbit/s of NTP would first steal these from the 1g policer
> and after that get policed to 200m if I'm not mistaken?
>
> So I think the correct order would be:
>
> term ntp
> from ntp
> then policer 200m
> then next-term
> term agg
> then policer 1g
> then accept
>
> Regards
> Sebastian
>
More information about the juniper-nsp
mailing list