Junos OS

Hi Experts,

I have a requirement to police the following traffic flows to 10M.

TCP port 1719 & HTTP

UDP 1720

The total of the above should be policed to 10M.

Filter shouldn't match other traffic ( EX TCP1720 , UDP 1719 )

If I configure something like the following, this will include  TCP1720 & UDP 1719

But I need to match and police only

TCP port 1719 & HTTP

UDP 1720

[edit firewall family inet]

+     filter TRAFF-POLICING {

+         term 1 {

+             from {

+                 protocol [ tcp udp ];

+                 destination-port [ http 1719 1720 ];

+             }

+             then policer po-1s6-10m;

+         }

+         term 2 {

+             then accept;

+         }

+     }

Any suggestions?

Regards,

Moses N

http://www.juniper.net/techpubs/software/junos/junos94/swconfig-policy/configuring-filter-specific-policers.html

I think this will solve your problem...Dinesh

Thanks dineshg.

I missed this useful piece of information.

Pasting a sample config here for the benefit of others.

<firewall>

policer Test-10M {
    filter-specific;
    if-exceeding {
        bandwidth-limit 10m;
        burst-size-limit 512k;
    }
    then discard;
}

filter TEST-FILTER {
        term 1 {
            from {
                protocol icmp;
            }
            then {
                policer Policer_60M;
                accept;
            }
        }
        term 2 {
            from {
                protocol tcp;
                destination-port [ 1719 http ];
            }
            then {
                policer Test-10M;
                accept;
            }
        }
        term 3 {
            from {
                protocol udp;
                destination-port 1720;
            }
            then {
                policer Test-10M;
                accept;
            }
        }
        term FINAL {
            then accept;
        }
    }

Regards,

Moses N