[j-nsp] Using IPv4/IPv6 combined filter/policy with layer4 filtering
Dragan Jovicic
draganj84 at gmail.com
Fri May 5 05:28:38 EDT 2017
Hello,
But that would be just accepting 200m of ntp and 1g of other traffic, no
need to mark it?
term ntp
from ntp
then policer 200m
term agg
then policer 1g
For Hierarchical policer you have to mark forwarding class as premium and
then use this in policer, it's good for Voice traffic but quite a hassle
for ntp+internet, or maybe I'm missing something.
+Dragan
On Fri, May 5, 2017 at 11:02 AM, Alexander Arseniev <arseniev at btinternet.com
> wrote:
> Hello,
>
> to nitpick ^ 2, if You DON'T want Your conforming NTP traffic to be
> re-policed by AGG policer, You have to mark it somehow, i.e. with a
> forwarding-class.
>
> term ntp
> from ntp
> then policer 200m
> then next-term
> then forwarding-class MARKER
> term agg
> from forwarding-class-except MARKER
> then policer 1g
> then accept
>
>
> Or simply use hierarchical policer.
>
> HTH
>
> Thanks
> Alex
>
>
>
> On 04/05/2017 14:17, Sebastian Wiesinger wrote:
>
>> * Dragan Jovicic <draganj84 at gmail.com> [2017-05-04 14:30]:
>>
>>> To nitpick, policing is terminating (implicit accept for conforming
>>> traffic), so you'd need "the next-term" to pass conforming traffic to
>>> next
>>> term. Otherwise you'd pass 200m of ntp plus 1g of other traffic.
>>> Cascaded policing:
>>>
>>> term agg
>>> then policer 1g
>>> then next-term
>>> term ntp
>>> from ntp
>>> then policer 200m
>>> term non-ntp
>>> then accept
>>>
>> I just noticed, you put agg before the ntp term, which would be bad
>> because 800Mbit/s of NTP would first steal these from the 1g policer
>> and after that get policed to 200m if I'm not mistaken?
>>
>> So I think the correct order would be:
>>
>> term ntp
>> from ntp
>> then policer 200m
>> then next-term
>> term agg
>> then policer 1g
>> then accept
>>
>> Regards
>> Sebastian
>>
>>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
More information about the juniper-nsp
mailing list