<html>
At 05:12 PM 1/15/2003, Jonathan
Tse wrote:<br>
<blockquote type=cite class=cite cite>Hi
Josef,<br><br>
just to double confirm. meaning
i can police up to 65536 hosts
per router if<br>
the destination-prefix-length
is /32?</blockquote><br>
Jonathan,<br><br>
the primarily restriction in
the number of policers comes
from the space<br>
of memory you have. If you have
an M20 with IPII
<font face="Arial, Helvetica" size=4>SSB-E-M20
you have<br>
</font>8Mbyte on DRAM on the
lookup Asic ( Internet
Processor II). Since the filter
programs and the<br>
active routes do share the same
memory you can run 400k
*active* routes<br>
and 65k policers. Please keep
in mind that every host in this
example<br>
gets its own policer. This is
the reason why the cli
restricted the amount<br>
of policers to a full class B
subnet. I would assume this is
already<br>
a lot and should meet most of
the requirements ....<br><br>
But if you have installed
SSB-E-16-M20 which is the
16Mbyte on DRAM<br>
which requires version 5.5 and
higher you can certainly
increase the<br>
number of policers extensively
more. <br><br>
<br>
hope this helps<br>
Josef<br><br>
<br><br>
<br>
<blockquote type=cite class=cite cite>regards,<br>
Jonathan.<br><br>
----- Original Message
-----<br>
From: "Josef
Buchsteiner"
<josefb@juniper.net><br>
To: "Jonathan Tse"
<jonathantse@pacific.net.sg>;<br>
<juniper-nsp@puck.nether.net><br>
Sent: Wednesday, January 15,
2003 11:56 PM<br>
Subject: Re: [j-nsp]
Prefix-Specific
Action<br><br>
<br>
> At 12:56 PM 1/15/2003,
Jonathan Tse wrote:<br>
> >Thanks Josef,<br>
> ><br>
> >Your explanation is
crystal clear! May be the
manual should follow your<br>
> >instead :)<br>
> ><br>
> >Is there any hardware
requirement like FPC-II to
enable such feature and<br>
how<br>
> >many subnet that a M20
can handle?<br>
><br>
> If you use a /16 subnet
and you want to police on a
/32<br>
>
destination-prefix-length<br>
> you basically use 65536
policers which is the current
maximum you can<br>
configure<br>
> for one subnet. You will
get a warning message in the
cli when you try to<br>
go<br>
> beyond this number.<br>
><br>
><br>
> thanks<br>
> Josef<br>
><br>
><br>
> >Million thanks!<br>
> >Jonathan.<br>
> ><br>
> >----- Original Message
-----<br>
> >From: "Josef
Buchsteiner"
<josefb@juniper.net><br>
> >To: "Jonathan
Tse"
<jonathantse@pacific.net.sg>;<br>
>
><juniper-nsp@puck.nether.net><br>
> >Sent: Wednesday,
January 15, 2003 7:38 PM<br>
> >Subject: Re: [j-nsp]
Prefix-Specific Action<br>
> ><br>
> ><br>
> > > At 12:43 AM
1/15/2003, Jonathan Tse
wrote:<br>
> > > >Hi
Josef,<br>
> > > ><br>
> > > >that is
cool! lots of people would love
it! one more question: if
two<br>
> > > >interfaces
shares the same filter with
prefix-specific action
being<br>
used<br>
> > > >(let's say
1Mbps per /32 in a /24), does
the policy shape the
traffic<br>
per<br>
> > > >interface
(meaning max 1Mbps each
interface for that /32)
or<br>
regardless<br>
> >of<br>
> > > >the number
of interfaces (meaning total
1Mbps thru the above two<br>
> >interfaces<br>
> > > >for that
/32)?<br>
> > ><br>
> > ><br>
> > > Jonathan,<br>
> >
>
the prefix-specific is done per
address not per
interface.<br>
> > > i.e. you want to
police all http traffic to
certain host in /24
subnet<br>
> >where<br>
> > > all the host are
in a /30 range you do this for
all your host<br>
regardless<br>
> > > of the
interface. You still can add an
interface-policer which
police<br>
> > > at the aggregate
level for a specific interface.
Given the example<br>
above<br>
> > > you could
also<br>
> > > say that all the
http traffic to each hosts
should be 500kbps but the<br>
> >total<br>
> > > of all http
traffic should never go higher
then 1Mbps which can be<br>
> >accomplished<br>
> > > with the next
term statement ( aka multilevel
policer ... )<br>
> > ><br>
> > ><br>
> > > thanks<br>
> > > Josef<br>
> > ><br>
> > ><br>
> > ><br>
> > ><br>
> > ><br>
> > ><br>
> > >
>thanks!<br>
> > >
>Jonathan.<br>
> > > ><br>
> > > >-----
Original Message -----<br>
> > > >From:
"Josef Buchsteiner"
<josefb@juniper.net><br>
> > > >To:
"Jonathan Tse"
<jonathantse@pacific.net.sg>;<br>
> > >
><juniper-nsp@puck.nether.net><br>
> > > >Sent:
Wednesday, January 15, 2003
4:25 AM<br>
> > > >Subject: Re:
[j-nsp] Prefix-Specific
Action<br>
> > > ><br>
> > > ><br>
> > > > > At
05:31 AM 1/14/2003, Jonathan
Tse wrote:<br>
> > > > >
>Hi,<br>
> > > > >
><br>
> > > > >
>Any idea what is this
Prefix-Specific Action
for?<br>
> > > > >
><br>
> > > > ><br>
> > > ><br>
> ><br>
><a href="http://www.juniper.net/techpubs/software/junos/junos56/swconfig56-policy/ht" eudora="autourl">http://www.juniper.net/techpubs/software/junos/junos56/swconfig56-policy/ht</a><br>
> > > >m<br>
> > > > >
>l/policer-config9.html#1046287<br>
> > > > >
><br>
> > > > ><br>
> > > ><br>
> ><br>
><a href="http://www.juniper.net/techpubs/software/junos/junos56/swconfig56-policy/ht" eudora="autourl">http://www.juniper.net/techpubs/software/junos/junos56/swconfig56-policy/ht</a><br>
> > > >m<br>
> > > > >
>l/policer-config10.html#1046825<br>
> > > > >
><br>
> > > > > >In
layman's term, is it for
policing individual address
(like<br>
1Mbps<br>
> >per<br>
> > > >/32)<br>
> > > > >
>within a given prefixes
(/24)?<br>
> > > > ><br>
> > > > > this
is exactly what the motivation
is as you stated<br>
> > > > > to
police on a more granular
level<br>
> > > > ><br>
> > > > >
regards<br>
> > > > >
Josef<br>
> > > > ><br>
> > > > ><br>
> > > > >
>Thanks,<br>
> > > > >
>Jonathan Tse<br>
> > > > >
>Senior Network Engineer,
Pacific Internet -
Singapore<br>
> > > > >
>NOC: +65 6872-1010 DID: +65
6771-0843 FAX: +65
6872-6674<br>
> > > > >
><br>
> > > > >
>_______________________________________________<br>
> > > > >
>juniper-nsp mailing list
juniper-nsp@puck.nether.net<br>
> > > > >
><a href="http://puck.nether.net/mailman/listinfo/juniper-nsp" eudora="autourl">http://puck.nether.net/mailman/listinfo/juniper-nsp</a><br>
> > > > ><br>
> > > ><br>
> > >
>_______________________________________________<br>
> > > >juniper-nsp
mailing list
juniper-nsp@puck.nether.net<br>
> > >
><a href="http://puck.nether.net/mailman/listinfo/juniper-nsp" eudora="autourl">http://puck.nether.net/mailman/listinfo/juniper-nsp</a><br>
> > ><br>
> ><br>
>
>_______________________________________________<br>
> >juniper-nsp mailing
list
juniper-nsp@puck.nether.net<br>
>
><a href="http://puck.nether.net/mailman/listinfo/juniper-nsp" eudora="autourl">http://puck.nether.net/mailman/listinfo/juniper-nsp</a><br>
><br>
>
_______________________________________________<br>
> juniper-nsp mailing list
juniper-nsp@puck.nether.net<br>
>
<a href="http://puck.nether.net/mailman/listinfo/juniper-nsp" eudora="autourl">http://puck.nether.net/mailman/listinfo/juniper-nsp</a><br>
><br><br>
_______________________________________________<br>
juniper-nsp mailing list
juniper-nsp@puck.nether.net<br>
<a href="http://puck.nether.net/mailman/listinfo/juniper-nsp" eudora="autourl">http://puck.nether.net/mailman/listinfo/juniper-nsp</a></blockquote></html>