Overview
In this example, you configure prefix-specific counting and policing based on the last
octet of the source address field in packets matched by an IPv4 firewall filter.
The single-rate two-color policer named
1Mbps-policer
rate-limits traffic to a bandwidth
of 1,000,000 bps and a burst-size limit of 63,000 bytes, discarding any packets in a
traffic flow that exceeds the traffic limits.
Independent of the IPv4 addresses contained in any packets passed from a firewall filter,
the prefix-specific action named
psa-1Mbps-per-source-24-32-256
specifies a set of
256 counters and policers, numbered from 0 through 255. For each packet, the last octet
of the source address field is used to index into the associated prefix-specific counter
and policer in the set:
•
Packets with a source address ending with the octet 0x0000 00000 index the first
counter and policer in the set.
•
Packets with a source address ending with the octet 0x0000 0001 index the second
counter and policer in the set.
•
Packets with a source address ending with the octet 0x1111 1111 index the last counter
and policer in the set.
The
limit-source-one-24
firewall filter contains a single term that matches all packets
from the
/24
subnet of source address
10.10.10.0
, passing these packets to the
prefix-specific action
psa-1Mbps-per-source-24-32-256
.
Topology
In this example, because the filter term matches the
/24
subnet of a single source address,
each counting and policing instance in the prefix-specific set is used for only one source
address.
•
Packets with a source address
10.10.10.0
index the first counter and policer in the set.
•
Packets with a source address
10.10.10.1
index the second counter and policer in the
set.
•
Packets with a source address
10.10.10.255
index the last counter and policer in the
set.
This example shows the simplest case of prefix-specific actions, in which the filter term
matches on one address with a prefix length that is the same as the prefix length specified
in the prefix-specific action for indexing into the set of prefix-specific counters and policers.
For descriptions of other configurations for prefix-specific counting and policing, see
“Prefix-Specific Counting and Policing Configuration Scenarios” on page 107
.
Configuration
The following example requires you to navigate various levels in the configuration
hierarchy. For information about navigating the CLI, see
Using the CLI Editor in Configuration
Mode
.
101
Copyright © 2016, Juniper Networks, Inc.
Chapter 10: Prefix-Specific Counting and Policing Actions
Summary of Contents for EX9200 Series
Page 8: ...Copyright 2016 Juniper Networks Inc viii Traffic Policers Feature Guide for EX9200 Switches ...
Page 10: ...Copyright 2016 Juniper Networks Inc x Traffic Policers Feature Guide for EX9200 Switches ...
Page 12: ...Copyright 2016 Juniper Networks Inc xii Traffic Policers Feature Guide for EX9200 Switches ...
Page 20: ...Copyright 2016 Juniper Networks Inc 2 Traffic Policers Feature Guide for EX9200 Switches ...
Page 32: ...Copyright 2016 Juniper Networks Inc 14 Traffic Policers Feature Guide for EX9200 Switches ...
Page 34: ...Copyright 2016 Juniper Networks Inc 16 Traffic Policers Feature Guide for EX9200 Switches ...
Page 42: ...Copyright 2016 Juniper Networks Inc 24 Traffic Policers Feature Guide for EX9200 Switches ...
Page 54: ...Copyright 2016 Juniper Networks Inc 36 Traffic Policers Feature Guide for EX9200 Switches ...
Page 56: ...Copyright 2016 Juniper Networks Inc 38 Traffic Policers Feature Guide for EX9200 Switches ...
Page 72: ...Copyright 2016 Juniper Networks Inc 54 Traffic Policers Feature Guide for EX9200 Switches ...
Page 132: ...Copyright 2016 Juniper Networks Inc 114 Traffic Policers Feature Guide for EX9200 Switches ...
Page 152: ...Copyright 2016 Juniper Networks Inc 134 Traffic Policers Feature Guide for EX9200 Switches ...
Page 162: ...Copyright 2016 Juniper Networks Inc 144 Traffic Policers Feature Guide for EX9200 Switches ...
Page 178: ...Copyright 2016 Juniper Networks Inc 160 Traffic Policers Feature Guide for EX9200 Switches ...
Page 186: ...Copyright 2016 Juniper Networks Inc 168 Traffic Policers Feature Guide for EX9200 Switches ...
Page 188: ...Copyright 2016 Juniper Networks Inc 170 Traffic Policers Feature Guide for EX9200 Switches ...
Page 202: ...Copyright 2016 Juniper Networks Inc 184 Traffic Policers Feature Guide for EX9200 Switches ...
Page 212: ...Copyright 2016 Juniper Networks Inc 194 Traffic Policers Feature Guide for EX9200 Switches ...
Page 214: ...Copyright 2016 Juniper Networks Inc 196 Traffic Policers Feature Guide for EX9200 Switches ...
Page 278: ...Copyright 2016 Juniper Networks Inc 260 Traffic Policers Feature Guide for EX9200 Switches ...