applied to the interface through a firewall filter, and one policer is applied directly to the
interface.
You configure one policer, named
p-all-1m-5k-discard
, to rate-limit traffic to 1 Mbps with
a burst size of 5000 bytes. You apply this policer directly to IPv4 input traffic at the logical
interface. When you apply a policer directly to protocol-specific traffic at a logical
interface, the policer is said to be applied as an
interface policer
.
You configure the other two policers to allow burst sizes of 500 KB, and you apply these
policers to IPv4 input traffic at the logical interface by using an IPv4 standard stateless
firewall filter. When you apply a policer to protocol-specific traffic at a logical interface
through a firewall filter action, the policer is said to be applied as a
firewall-filter policer
.
•
You configure the policer named
p-icmp-500k-500k-discard
to rate-limit traffic to
500 Kbps with a burst size of 500 K bytes by discarding packets that do not conform
to these limits. You configure one of the firewall filter terms to apply this policer to
Internet Control Message Protocol (ICMP) packets.
•
You configure the policer named
p-ftp-10p-500k-discard
to rate-limit traffic to a
10 percent bandwidth with a burst size of 500 KB by discarding packets that do not
conform to these limits. You configure another firewall-filter term to apply this policer
to File Transfer Protocol (FTP) packets.
A policer that you configure with a bandwidth limit expressed as a percentage value
(rather than as an absolute bandwidth value) is called a
bandwidth policer
. Only
single-rate two-color policers can be configured with a percentage bandwidth
specification. By default, a bandwidth policer rate-limits traffic to the specified percentage
of the line rate of the physical interface underlying the target logical interface.
Topology
You configure the target logical interface as a single-tag VLAN logical interface on a Fast
Ethernet interface operating at 100 Mbps. This means that the policer you configure with
the 10-percent bandwidth-limit (the policer that you apply to FTP packets) rate-limits
the FTP traffic on this interface to 10 Mbps.
NOTE:
In this example, you do not configure the bandwidth policer as a
logical-bandwidth policer. Therefore, the percentage is based on the physical
media rate rather than on the configured shaping rate of the logical interface.
The firewall filter that you configure to reference two of the policers must be configured
as an
interface-specific filter
. Because the policer that is used to rate-limit FTP packets
specifies the bandwidth limit as a percentage value, the firewall filter that references
this policer must be configured as an interface-specific filter. Thus, if this firewall filter
were to be applied to multiple interfaces instead of just the Fast Ethernet interface in
this example, unique policers and counters would be created for each interface to which
the filter is applied.
65
Copyright © 2016, Juniper Networks, Inc.
Chapter 7: Basic Single-Rate Two-Color Policers
Summary of Contents for EX9200 Series
Page 8: ...Copyright 2016 Juniper Networks Inc viii Traffic Policers Feature Guide for EX9200 Switches ...
Page 10: ...Copyright 2016 Juniper Networks Inc x Traffic Policers Feature Guide for EX9200 Switches ...
Page 12: ...Copyright 2016 Juniper Networks Inc xii Traffic Policers Feature Guide for EX9200 Switches ...
Page 20: ...Copyright 2016 Juniper Networks Inc 2 Traffic Policers Feature Guide for EX9200 Switches ...
Page 32: ...Copyright 2016 Juniper Networks Inc 14 Traffic Policers Feature Guide for EX9200 Switches ...
Page 34: ...Copyright 2016 Juniper Networks Inc 16 Traffic Policers Feature Guide for EX9200 Switches ...
Page 42: ...Copyright 2016 Juniper Networks Inc 24 Traffic Policers Feature Guide for EX9200 Switches ...
Page 54: ...Copyright 2016 Juniper Networks Inc 36 Traffic Policers Feature Guide for EX9200 Switches ...
Page 56: ...Copyright 2016 Juniper Networks Inc 38 Traffic Policers Feature Guide for EX9200 Switches ...
Page 72: ...Copyright 2016 Juniper Networks Inc 54 Traffic Policers Feature Guide for EX9200 Switches ...
Page 132: ...Copyright 2016 Juniper Networks Inc 114 Traffic Policers Feature Guide for EX9200 Switches ...
Page 152: ...Copyright 2016 Juniper Networks Inc 134 Traffic Policers Feature Guide for EX9200 Switches ...
Page 162: ...Copyright 2016 Juniper Networks Inc 144 Traffic Policers Feature Guide for EX9200 Switches ...
Page 178: ...Copyright 2016 Juniper Networks Inc 160 Traffic Policers Feature Guide for EX9200 Switches ...
Page 186: ...Copyright 2016 Juniper Networks Inc 168 Traffic Policers Feature Guide for EX9200 Switches ...
Page 188: ...Copyright 2016 Juniper Networks Inc 170 Traffic Policers Feature Guide for EX9200 Switches ...
Page 202: ...Copyright 2016 Juniper Networks Inc 184 Traffic Policers Feature Guide for EX9200 Switches ...
Page 212: ...Copyright 2016 Juniper Networks Inc 194 Traffic Policers Feature Guide for EX9200 Switches ...
Page 214: ...Copyright 2016 Juniper Networks Inc 196 Traffic Policers Feature Guide for EX9200 Switches ...
Page 278: ...Copyright 2016 Juniper Networks Inc 260 Traffic Policers Feature Guide for EX9200 Switches ...