[j-nsp] Using IPv4/IPv6 combined filter/policy with layer4 filtering

Saku Ytti saku at ytti.fi
Fri May 5 05:54:04 EDT 2017


On 5 May 2017 at 12:02, Alexander Arseniev <arseniev at btinternet.com> wrote:
> to nitpick ^ 2, if You DON'T want Your conforming NTP traffic to be
> re-policed by AGG policer, You have to mark it somehow, i.e. with a
> forwarding-class.

I presume OP is selling 1GE service and protecting that 1GE service so
that NTP DoS can only eat 200Mbps out of it. I.e. you want NTP to hit
both policers, but NTP policer first.

Now another question entirely is, is policer even the right solution
here. Or should there be 1Gbps scheduler with 3 classes of low,
normal, high, and put NTP on low, transport 1Gbps of it, if there is
no demand in normal and high, but yield all of it to normal and high.

-- 
  ++ytti


More information about the juniper-nsp mailing list