Topology
In this example, you apply a color-aware, single-rate three-color policer to the input IPv4
traffic at logical interface
ge-2/0/5.0
. The IPv4 firewall filter term that references the
policer does not apply any packet-filtering. The filter is used only to apply the three-color
policer to the interface.
You configure the policer to rate-limit traffic to a bandwidth limit of 40 Mbps and a
burst-size limit of 100 KB for green traffic but also allow an excess burst-size limit of
200 KB for yellow traffic. Only nonconforming traffic that exceeds the peak burst-size
limit is categorized as red. In this example, you configure the three-color policer action
loss-priority high then discard
, which overrides the implicit marking of red traffic to a
high
loss priority.
Configuration
The following example requires you to navigate various levels in the configuration
hierarchy. For information about navigating the CLI, see
Using the CLI Editor in Configuration
Mode
.
To configure this example, perform the following tasks:
•
Configuring a Single-Rate Three-Color Policer on page 155
•
Configuring an IPv4 Stateless Firewall Filter That References the Policer on page 156
•
Applying the Filter to the Logical Interface on page 157
CLI Quick
Configuration
To quickly configure this example, copy the following configuration commands into a
text file, remove any line breaks, and then paste the commands into the CLI at the
[edit]
hierarchy level.
set firewall three-color-policer srTCM1-ca single-rate color-aware
set firewall three-color-policer srTCM1-ca single-rate committed-information-rate 40m
set firewall three-color-policer srTCM1-ca single-rate committed-burst-size 100k
set firewall three-color-policer srTCM1-ca single-rate excess-burst-size 200k
set firewall three-color-policer srTCM1-ca action loss-priority high then discard
set firewall family inet filter filter-srtcm1ca-all term 1 then three-color-policer single-rate
srTCM1-ca
set class-of-service interfaces ge-2/0/5 unit 0 forwarding-class af
set interfaces ge-2/0/5 unit 0 family inet address 10.20.130.1/24
set interfaces ge-2/0/5 unit 0 family inet filter input filter-srtcm1ca-all
Configuring a Single-Rate Three-Color Policer
Step-by-Step
Procedure
To configure a single-rate three-color policer:
Enable configuration of a three-color policer.
[edit]
1.
user@host#
edit firewall
srTCM1-ca
2.
Configure the color mode of the single-rate three-color policer.
[edit firewall three-color-policer srTCM1-ca]
user@host#
set
155
Copyright © 2016, Juniper Networks, Inc.
Chapter 14: Basic Single-Rate Three-Color Policers
Summary of Contents for EX9200 Series
Page 8: ...Copyright 2016 Juniper Networks Inc viii Traffic Policers Feature Guide for EX9200 Switches ...
Page 10: ...Copyright 2016 Juniper Networks Inc x Traffic Policers Feature Guide for EX9200 Switches ...
Page 12: ...Copyright 2016 Juniper Networks Inc xii Traffic Policers Feature Guide for EX9200 Switches ...
Page 20: ...Copyright 2016 Juniper Networks Inc 2 Traffic Policers Feature Guide for EX9200 Switches ...
Page 32: ...Copyright 2016 Juniper Networks Inc 14 Traffic Policers Feature Guide for EX9200 Switches ...
Page 34: ...Copyright 2016 Juniper Networks Inc 16 Traffic Policers Feature Guide for EX9200 Switches ...
Page 42: ...Copyright 2016 Juniper Networks Inc 24 Traffic Policers Feature Guide for EX9200 Switches ...
Page 54: ...Copyright 2016 Juniper Networks Inc 36 Traffic Policers Feature Guide for EX9200 Switches ...
Page 56: ...Copyright 2016 Juniper Networks Inc 38 Traffic Policers Feature Guide for EX9200 Switches ...
Page 72: ...Copyright 2016 Juniper Networks Inc 54 Traffic Policers Feature Guide for EX9200 Switches ...
Page 132: ...Copyright 2016 Juniper Networks Inc 114 Traffic Policers Feature Guide for EX9200 Switches ...
Page 152: ...Copyright 2016 Juniper Networks Inc 134 Traffic Policers Feature Guide for EX9200 Switches ...
Page 162: ...Copyright 2016 Juniper Networks Inc 144 Traffic Policers Feature Guide for EX9200 Switches ...
Page 178: ...Copyright 2016 Juniper Networks Inc 160 Traffic Policers Feature Guide for EX9200 Switches ...
Page 186: ...Copyright 2016 Juniper Networks Inc 168 Traffic Policers Feature Guide for EX9200 Switches ...
Page 188: ...Copyright 2016 Juniper Networks Inc 170 Traffic Policers Feature Guide for EX9200 Switches ...
Page 202: ...Copyright 2016 Juniper Networks Inc 184 Traffic Policers Feature Guide for EX9200 Switches ...
Page 212: ...Copyright 2016 Juniper Networks Inc 194 Traffic Policers Feature Guide for EX9200 Switches ...
Page 214: ...Copyright 2016 Juniper Networks Inc 196 Traffic Policers Feature Guide for EX9200 Switches ...
Page 278: ...Copyright 2016 Juniper Networks Inc 260 Traffic Policers Feature Guide for EX9200 Switches ...