[j-nsp] Using IPv4/IPv6 combined filter/policy with layer4 filtering

Alexander Arseniev arseniev at btinternet.com
Fri May 5 05:40:44 EDT 2017 

Hi,
With just 2 classes (NTP and else) and 1 policer action (if-exceeding 
discard) - yes, correct.
But generally speaking, if You have >2 classes with different kinds of 
policing (i.e. classA policer "if-exceeding discard", classB policer 
"if-exceeding remark", classC policer "if-exceeding remark" + aggregate 
policer "if-exceeding discard") You'd want to avoid AGG policer acting 
on traffic conforming with other policers and that's where FC 
remark/hierarchical policer is needed.
HTH
Thx
Alex

On 05/05/2017 10:28, Dragan Jovicic wrote:
> Hello,
>
> But that would be just accepting 200m of ntp and 1g of other traffic, 
> no need to mark it?
>
> term ntp
>    from ntp
>    then policer 200m
> term agg
>    then policer 1g
>
> For Hierarchical policer you have to mark forwarding class as premium 
> and then use this in policer, it's good for Voice traffic but quite a 
> hassle for ntp+internet, or maybe I'm missing something.
>
> +Dragan
>
>
> On Fri, May 5, 2017 at 11:02 AM, Alexander Arseniev 
> <arseniev at btinternet.com <mailto:arseniev at btinternet.com>> wrote:
>
>     Hello,
>
>     to nitpick ^ 2, if You DON'T want Your conforming NTP traffic to
>     be re-policed by AGG policer, You have to mark it somehow, i.e.
>     with a forwarding-class.
>
>     term ntp
>        from ntp
>        then policer 200m
>        then next-term
>        then forwarding-class MARKER
>     term agg
>     from forwarding-class-except MARKER
>        then policer 1g
>        then accept
>
>
>     Or simply use hierarchical policer.
>
>     HTH
>
>     Thanks
>     Alex
>
>
>
>     On 04/05/2017 14:17, Sebastian Wiesinger wrote:
>
>         * Dragan Jovicic <draganj84 at gmail.com
>         <mailto:draganj84 at gmail.com>> [2017-05-04 14:30]:
>
>             To nitpick, policing is terminating (implicit accept for
>             conforming
>             traffic), so you'd need "the next-term" to pass conforming
>             traffic to next
>             term. Otherwise you'd pass 200m of ntp plus 1g of other
>             traffic.
>             Cascaded policing:
>
>             term agg
>                 then policer 1g
>                 then next-term
>             term ntp
>                 from ntp
>                 then policer 200m
>             term non-ntp
>                 then accept
>
>         I just noticed, you put agg before the ntp term, which would
>         be bad
>         because 800Mbit/s of NTP would first steal these from the 1g
>         policer
>         and after that get policed to 200m if I'm not mistaken?
>
>         So I think the correct order would be:
>
>         term ntp
>             from ntp
>             then policer 200m
>             then next-term
>         term agg
>             then policer 1g
>             then accept
>
>         Regards
>         Sebastian
>
>
>     _______________________________________________
>     juniper-nsp mailing list juniper-nsp at puck.nether.net
>     <mailto:juniper-nsp at puck.nether.net>
>     https://puck.nether.net/mailman/listinfo/juniper-nsp
>     <https://puck.nether.net/mailman/listinfo/juniper-nsp>
>
>

More information about the juniper-nsp mailing list