routed through a network. Dropping inbound traffic also helps to thwart denial-of-service
(DoS) attacks. Policers applied to outbound traffic control the bandwidth used.
NOTE:
Traffic policers are instantiated on a per-PIC basis. Traffic policing
does not work when the traffic for one local policy decision function (L-PDF)
subscriber is distributed over multiple Multiservices PICs in an AMS group.
Traffic Limits
Junos OS policers use a
token bucket algorithm
to enforce a limit on an average transmit
or receive rate of traffic at an interface while allowing bursts of traffic up to a maximum
value based on the configured bandwidth limit and configured burst size. The token
bucket algorithm offers more flexibility than a
leaky bucket algorithm
in that you can
allow a specified traffic burst before starting to discard packets or apply a penalty such
as packet output-queuing priority or packet-drop priority.
In the token-bucket model, the bucket represents the rate-limiting function of the policer.
Tokens are added to the bucket at a fixed rate, but once the specified depth of the bucket
is reached, tokens allocated after cannot be stored and used. Each token represents a
“credit” for some number of bits, and tokens in the bucket are “cashed in” for the ability
to transmit or receive traffic at the interface. When sufficient tokens are present in the
bucket, a traffic flow continues unrestricted. Otherwise, packets might be dropped or
else re-marked with a lower forwarding class, a higher packet loss priority (PLP) level,
or both.
•
The rate at which tokens are added to the bucket represents the highest average
transmit or receive rate in bits per second allowed for a given service level. You specify
this highest average traffic rate as the
bandwidth limit
of the policer. If the traffic arrival
rate (or fixed bits-per-second) is so high that at some point insufficient tokens are
present in the bucket, then the traffic flow is no longer conforming to the traffic limit.
During periods of relatively low traffic (traffic that arrives at or departs from the interface
at average rates below the token arrival rate), unused tokens accumulate in the bucket.
•
The depth of the bucket in bytes controls the amount of back-to-back bursting allowed.
You specify this factor as the
burst-size limit
of the policer. This second limit affects
the average transmit or receive rate by limiting the number of bytes permitted in a
transmission burst for a given interval of time. Bursts exceeding the current burst-size
limit are dropped until there are sufficient tokens available to permit the burst to
proceed.
Copyright © 2016, Juniper Networks, Inc.
4
Traffic Policers Feature Guide for EX9200 Switches
Summary of Contents for EX9200 Series
Page 8: ...Copyright 2016 Juniper Networks Inc viii Traffic Policers Feature Guide for EX9200 Switches ...
Page 10: ...Copyright 2016 Juniper Networks Inc x Traffic Policers Feature Guide for EX9200 Switches ...
Page 12: ...Copyright 2016 Juniper Networks Inc xii Traffic Policers Feature Guide for EX9200 Switches ...
Page 20: ...Copyright 2016 Juniper Networks Inc 2 Traffic Policers Feature Guide for EX9200 Switches ...
Page 32: ...Copyright 2016 Juniper Networks Inc 14 Traffic Policers Feature Guide for EX9200 Switches ...
Page 34: ...Copyright 2016 Juniper Networks Inc 16 Traffic Policers Feature Guide for EX9200 Switches ...
Page 42: ...Copyright 2016 Juniper Networks Inc 24 Traffic Policers Feature Guide for EX9200 Switches ...
Page 54: ...Copyright 2016 Juniper Networks Inc 36 Traffic Policers Feature Guide for EX9200 Switches ...
Page 56: ...Copyright 2016 Juniper Networks Inc 38 Traffic Policers Feature Guide for EX9200 Switches ...
Page 72: ...Copyright 2016 Juniper Networks Inc 54 Traffic Policers Feature Guide for EX9200 Switches ...
Page 132: ...Copyright 2016 Juniper Networks Inc 114 Traffic Policers Feature Guide for EX9200 Switches ...
Page 152: ...Copyright 2016 Juniper Networks Inc 134 Traffic Policers Feature Guide for EX9200 Switches ...
Page 162: ...Copyright 2016 Juniper Networks Inc 144 Traffic Policers Feature Guide for EX9200 Switches ...
Page 178: ...Copyright 2016 Juniper Networks Inc 160 Traffic Policers Feature Guide for EX9200 Switches ...
Page 186: ...Copyright 2016 Juniper Networks Inc 168 Traffic Policers Feature Guide for EX9200 Switches ...
Page 188: ...Copyright 2016 Juniper Networks Inc 170 Traffic Policers Feature Guide for EX9200 Switches ...
Page 202: ...Copyright 2016 Juniper Networks Inc 184 Traffic Policers Feature Guide for EX9200 Switches ...
Page 212: ...Copyright 2016 Juniper Networks Inc 194 Traffic Policers Feature Guide for EX9200 Switches ...
Page 214: ...Copyright 2016 Juniper Networks Inc 196 Traffic Policers Feature Guide for EX9200 Switches ...
Page 278: ...Copyright 2016 Juniper Networks Inc 260 Traffic Policers Feature Guide for EX9200 Switches ...