Junos OS

last person joined: yesterday 

Ask questions and share experiences about Junos OS.

  • 1.  prefix-specific policers with multiple match conditions

    Posted 06-12-2013 16:53

    hello,

     

    i found this article with an answer and ask myself if this is still the way to go? or is there any better solution? its 10 years old:

     

    http://www.atm.tut.fi/list-archive/juniper-nsp/msg01227.html

     

    I'd like to create a policer for 8-10 /24 Subnets, is there any way to do this w/o creating 8-10 policers?

     

    many thanks,

    Freemind



  • 2.  RE: prefix-specific policers with multiple match conditions

    Posted 06-13-2013 02:19

    Hello,

    May I ask why creating 8-10 policers is an issue?

    Thanks

    Alex



  • 3.  RE: prefix-specific policers with multiple match conditions

    Posted 06-13-2013 03:04

    hello,

     

    sure: its not just 8-10, its about 20-30 and not only /24 subnets, also tiny /29 ones and big /20 subnets - just wanted to know, if I need to create one policer for every single subnet please? 🙂

     

    thanks in advance for your help!

     

    greetings,

    freemind



  • 4.  RE: prefix-specific policers with multiple match conditions

    Posted 06-13-2013 03:08

    Hello,

    You can reuse same policer as "template" in different subnets.

    Or You can create a single policer per subnet with meaningful name but same BW/burst and use it only for a given subnet.

    The choice is Yours.

    HTH

    Thanks

    Alex



  • 5.  RE: prefix-specific policers with multiple match conditions

    Posted 06-13-2013 18:25

    hi, okay, but the policer itself(as template) wont help me with the multiple match-condition. will something like this work:

     

    prefix-action limit-all-ips {

              policer host-policer;
             count;
             subnet-prefix-length 24;
             destination-prefix-length 32;
    }

     

    filter discard-ddos {

             term policer {
                      from {
                               destination-address {
                                        1.2.3.0/24;

                                        1.2.4.0/24;

                                        1.2.5.0/24;
                               }
                      }
                      then prefix-action limit-all-ips;
    }

     

    policer host-policer {
             if-exceeding {
                      bandwidth-limit 1g;
                      burst-size-limit 625k;
             }
             then discard;
    }

     

    ...to limit all 765 IPs(thats what I need to achieve somehow)? or will the bandwidth be shared on all 3 subnets? maybe i need to specify "filter-specific" in the prefix-action?

     

    thanks in advance beforehand!

    freemind



  • 6.  RE: prefix-specific policers with multiple match conditions

    Posted 06-14-2013 03:19
      |   view attached

    Hello,

    I labed up Your config on MX80 running 12.3R2 and here are the results:

    1/ You are missing last term with "then accept" - once You commit Your original config, You will lose remote access to the router

    2/ one policer is created per every three /32 prefixes:

     

    aarseniev@mx80> show firewall prefix-action-stats  prefix-action limit-all-ips-policer  filter discard-ddos | no-more                          

Filter: discard-ddos                                           
Counters:
Name                                                Bytes              Packets
limit-all-ips-policer-0                                 0                    0
limit-all-ips-policer-1                                 0                    0
limit-all-ips-policer-2                                 0                    0
limit-all-ips-policer-3                                 0                    0
limit-all-ips-policer-4                                 0                    0
limit-all-ips-policer-5                                 0                    0
limit-all-ips-policer-6                                 0                    0
limit-all-ips-policer-7                                 0                    0
limit-all-ips-policer-8                                 0                    0
limit-all-ips-policer-9                                 0                    0
limit-all-ips-policer-10                                0                    0
limit-all-ips-policer-11                                0                    0
limit-all-ips-policer-12                                0                    0
limit-all-ips-policer-13                                0                    0
limit-all-ips-policer-14                                0                    0
limit-all-ips-policer-15                                0                    0
limit-all-ips-policer-16                                0                    0
limit-all-ips-policer-17                                0                    0
limit-all-ips-policer-18                                0                    0
limit-all-ips-policer-19                                0                    0
limit-all-ips-policer-20                                0                    0
limit-all-ips-policer-21                                0                    0
limit-all-ips-policer-22                                0                    0
limit-all-ips-policer-23                                0                    0
limit-all-ips-policer-24                                0                    0
limit-all-ips-policer-25                                0                    0
limit-all-ips-policer-26                                0                    0
limit-all-ips-policer-27                                0                    0
limit-all-ips-policer-28                                0                    0
limit-all-ips-policer-29                                0                    0
limit-all-ips-policer-30                                0                    0
limit-all-ips-policer-31                                0                    0
limit-all-ips-policer-32                                0                    0
limit-all-ips-policer-33                                0                    0
limit-all-ips-policer-34                                0                    0
limit-all-ips-policer-35                                0                    0
limit-all-ips-policer-36                                0                    0
limit-all-ips-policer-37                                0                    0
limit-all-ips-policer-38                                0                    0
limit-all-ips-policer-39                                0                    0
limit-all-ips-policer-40                                0                    0
limit-all-ips-policer-41                                0                    0
limit-all-ips-policer-42                                0                    0
limit-all-ips-policer-43                                0                    0
limit-all-ips-policer-44                                0                    0
limit-all-ips-policer-45                                0                    0
limit-all-ips-policer-46                                0                    0
limit-all-ips-policer-47                                0                    0
limit-all-ips-policer-48                                0                    0
limit-all-ips-policer-49                                0                    0
limit-all-ips-policer-50                                0                    0
limit-all-ips-policer-51                                0                    0
limit-all-ips-policer-52                                0                    0
limit-all-ips-policer-53                                0                    0
limit-all-ips-policer-54                                0                    0
limit-all-ips-policer-55                                0                    0
limit-all-ips-policer-56                                0                    0
limit-all-ips-policer-57                                0                    0
limit-all-ips-policer-58                                0                    0
limit-all-ips-policer-59                                0                    0
limit-all-ips-policer-60                                0                    0
limit-all-ips-policer-61                                0                    0
limit-all-ips-policer-62                                0                    0
limit-all-ips-policer-63                                0                    0
limit-all-ips-policer-64                                0                    0
limit-all-ips-policer-65                                0                    0
limit-all-ips-policer-66                                0                    0
limit-all-ips-policer-67                                0                    0
limit-all-ips-policer-68                                0                    0
limit-all-ips-policer-69                                0                    0
limit-all-ips-policer-70                                0                    0
limit-all-ips-policer-71                                0                    0
limit-all-ips-policer-72                                0                    0
limit-all-ips-policer-73                                0                    0
limit-all-ips-policer-74                                0                    0
limit-all-ips-policer-75                                0                    0
limit-all-ips-policer-76                                0                    0
limit-all-ips-policer-77                                0                    0
limit-all-ips-policer-78                                0                    0
limit-all-ips-policer-79                                0                    0
limit-all-ips-policer-80                                0                    0
limit-all-ips-policer-81                                0                    0
limit-all-ips-policer-82                                0                    0
limit-all-ips-policer-83                                0                    0
limit-all-ips-policer-84                                0                    0
limit-all-ips-policer-85                                0                    0
limit-all-ips-policer-86                                0                    0
limit-all-ips-policer-87                                0                    0
limit-all-ips-policer-88                                0                    0
limit-all-ips-policer-89                                0                    0
limit-all-ips-policer-90                                0                    0
limit-all-ips-policer-91                                0                    0
limit-all-ips-policer-92                                0                    0
limit-all-ips-policer-93                                0                    0
limit-all-ips-policer-94                                0                    0
limit-all-ips-policer-95                                0                    0
limit-all-ips-policer-96                                0                    0
limit-all-ips-policer-97                                0                    0
limit-all-ips-policer-98                                0                    0
limit-all-ips-policer-99                                0                    0
limit-all-ips-policer-100                               0                    0
limit-all-ips-policer-101                               0                    0
limit-all-ips-policer-102                               0                    0
limit-all-ips-policer-103                               0                    0
limit-all-ips-policer-104                               0                    0
limit-all-ips-policer-105                               0                    0
limit-all-ips-policer-106                               0                    0
limit-all-ips-policer-107                               0                    0
limit-all-ips-policer-108                               0                    0
limit-all-ips-policer-109                               0                    0
limit-all-ips-policer-110                               0                    0
limit-all-ips-policer-111                               0                    0
limit-all-ips-policer-112                               0                    0
limit-all-ips-policer-113                               0                    0
limit-all-ips-policer-114                               0                    0
limit-all-ips-policer-115                               0                    0
limit-all-ips-policer-116                               0                    0
limit-all-ips-policer-117                               0                    0
limit-all-ips-policer-118                               0                    0
limit-all-ips-policer-119                               0                    0
limit-all-ips-policer-120                               0                    0
limit-all-ips-policer-121                               0                    0
limit-all-ips-policer-122                               0                    0
limit-all-ips-policer-123                               0                    0
limit-all-ips-policer-124                               0                    0
limit-all-ips-policer-125                               0                    0
limit-all-ips-policer-126                               0                    0
limit-all-ips-policer-127                               0                    0
limit-all-ips-policer-128                               0                    0
limit-all-ips-policer-129                               0                    0
limit-all-ips-policer-130                               0                    0
limit-all-ips-policer-131                               0                    0
limit-all-ips-policer-132                               0                    0
limit-all-ips-policer-133                               0                    0
limit-all-ips-policer-134                               0                    0
limit-all-ips-policer-135                               0                    0
limit-all-ips-policer-136                               0                    0
limit-all-ips-policer-137                               0                    0
limit-all-ips-policer-138                               0                    0
limit-all-ips-policer-139                               0                    0
limit-all-ips-policer-140                               0                    0
limit-all-ips-policer-141                               0                    0
limit-all-ips-policer-142                               0                    0
limit-all-ips-policer-143                               0                    0
limit-all-ips-policer-144                               0                    0
limit-all-ips-policer-145                               0                    0
limit-all-ips-policer-146                               0                    0
limit-all-ips-policer-147                               0                    0
limit-all-ips-policer-148                               0                    0
limit-all-ips-policer-149                               0                    0
limit-all-ips-policer-150                               0                    0
limit-all-ips-policer-151                               0                    0
limit-all-ips-policer-152                               0                    0
limit-all-ips-policer-153                               0                    0
limit-all-ips-policer-154                               0                    0
limit-all-ips-policer-155                               0                    0
limit-all-ips-policer-156                               0                    0
limit-all-ips-policer-157                               0                    0
limit-all-ips-policer-158                               0                    0
limit-all-ips-policer-159                               0                    0
limit-all-ips-policer-160                               0                    0
limit-all-ips-policer-161                               0                    0
limit-all-ips-policer-162                               0                    0
limit-all-ips-policer-163                               0                    0
limit-all-ips-policer-164                               0                    0
limit-all-ips-policer-165                               0                    0
limit-all-ips-policer-166                               0                    0
limit-all-ips-policer-167                               0                    0
limit-all-ips-policer-168                               0                    0
limit-all-ips-policer-169                               0                    0
limit-all-ips-policer-170                               0                    0
limit-all-ips-policer-171                               0                    0
limit-all-ips-policer-172                               0                    0
limit-all-ips-policer-173                               0                    0
limit-all-ips-policer-174                               0                    0
limit-all-ips-policer-175                               0                    0
limit-all-ips-policer-176                               0                    0
limit-all-ips-policer-177                               0                    0
limit-all-ips-policer-178                               0                    0
limit-all-ips-policer-179                               0                    0
limit-all-ips-policer-180                               0                    0
limit-all-ips-policer-181                               0                    0
limit-all-ips-policer-182                               0                    0
limit-all-ips-policer-183                               0                    0
limit-all-ips-policer-184                               0                    0
limit-all-ips-policer-185                               0                    0
limit-all-ips-policer-186                               0                    0
limit-all-ips-policer-187                               0                    0
limit-all-ips-policer-188                               0                    0
limit-all-ips-policer-189                               0                    0
limit-all-ips-policer-190                               0                    0
limit-all-ips-policer-191                               0                    0
limit-all-ips-policer-192                               0                    0
limit-all-ips-policer-193                               0                    0
limit-all-ips-policer-194                               0                    0
limit-all-ips-policer-195                               0                    0
limit-all-ips-policer-196                               0                    0
limit-all-ips-policer-197                               0                    0
limit-all-ips-policer-198                               0                    0
limit-all-ips-policer-199                               0                    0
limit-all-ips-policer-200                               0                    0
limit-all-ips-policer-201                               0                    0
limit-all-ips-policer-202                               0                    0
limit-all-ips-policer-203                               0                    0
limit-all-ips-policer-204                               0                    0
limit-all-ips-policer-205                               0                    0
limit-all-ips-policer-206                               0                    0
limit-all-ips-policer-207                               0                    0
limit-all-ips-policer-208                               0                    0
limit-all-ips-policer-209                               0                    0
limit-all-ips-policer-210                               0                    0
limit-all-ips-policer-211                               0                    0
limit-all-ips-policer-212                               0                    0
limit-all-ips-policer-213                               0                    0
limit-all-ips-policer-214                               0                    0
limit-all-ips-policer-215                               0                    0
limit-all-ips-policer-216                               0                    0
limit-all-ips-policer-217                               0                    0
limit-all-ips-policer-218                               0                    0
limit-all-ips-policer-219                               0                    0
limit-all-ips-policer-220                               0                    0
limit-all-ips-policer-221                               0                    0
limit-all-ips-policer-222                               0                    0
limit-all-ips-policer-223                               0                    0
limit-all-ips-policer-224                               0                    0
limit-all-ips-policer-225                               0                    0
limit-all-ips-policer-226                               0                    0
limit-all-ips-policer-227                               0                    0
limit-all-ips-policer-228                               0                    0
limit-all-ips-policer-229                               0                    0
limit-all-ips-policer-230                               0                    0
limit-all-ips-policer-231                               0                    0
limit-all-ips-policer-232                               0                    0
limit-all-ips-policer-233                               0                    0
limit-all-ips-policer-234                               0                    0
limit-all-ips-policer-235                               0                    0
limit-all-ips-policer-236                               0                    0
limit-all-ips-policer-237                               0                    0
limit-all-ips-policer-238                               0                    0
limit-all-ips-policer-239                               0                    0
limit-all-ips-policer-240                               0                    0
limit-all-ips-policer-241                               0                    0
limit-all-ips-policer-242                               0                    0
limit-all-ips-policer-243                               0                    0
limit-all-ips-policer-244                               0                    0
limit-all-ips-policer-245                               0                    0
limit-all-ips-policer-246                               0                    0
limit-all-ips-policer-247                               0                    0
limit-all-ips-policer-248                               0                    0
limit-all-ips-policer-249                               0                    0
limit-all-ips-policer-250                               0                    0
limit-all-ips-policer-251                               0                    0
limit-all-ips-policer-252                               0                    0
limit-all-ips-policer-253                               0                    0
limit-all-ips-policer-254                               0                    0
limit-all-ips-policer-255                               0                    0
Policers:
Name                                                Bytes              Packets
limit-all-ips-policer-0                                 0                    0
limit-all-ips-policer-1                                 0                    0
limit-all-ips-policer-2                                 0                    0
limit-all-ips-policer-3                                 0                    0
limit-all-ips-policer-4                                 0                    0
limit-all-ips-policer-5                                 0                    0
limit-all-ips-policer-6                                 0                    0
limit-all-ips-policer-7                                 0                    0
limit-all-ips-policer-8                                 0                    0
limit-all-ips-policer-9                                 0                    0
limit-all-ips-policer-10                                0                    0
limit-all-ips-policer-11                                0                    0
limit-all-ips-policer-12                                0                    0
limit-all-ips-policer-13                                0                    0
limit-all-ips-policer-14                                0                    0
limit-all-ips-policer-15                                0                    0
limit-all-ips-policer-16                                0                    0
limit-all-ips-policer-17                                0                    0
limit-all-ips-policer-18                                0                    0
limit-all-ips-policer-19                                0                    0
limit-all-ips-policer-20                                0                    0
limit-all-ips-policer-21                                0                    0
limit-all-ips-policer-22                                0                    0
limit-all-ips-policer-23                                0                    0
limit-all-ips-policer-24                                0                    0
limit-all-ips-policer-25                                0                    0
limit-all-ips-policer-26                                0                    0
limit-all-ips-policer-27                                0                    0
limit-all-ips-policer-28                                0                    0
limit-all-ips-policer-29                                0                    0
limit-all-ips-policer-30                                0                    0
limit-all-ips-policer-31                                0                    0
limit-all-ips-policer-32                                0                    0
limit-all-ips-policer-33                                0                    0
limit-all-ips-policer-34                                0                    0
limit-all-ips-policer-35                                0                    0
limit-all-ips-policer-36                                0                    0
limit-all-ips-policer-37                                0                    0
limit-all-ips-policer-38                                0                    0
limit-all-ips-policer-39                                0                    0
limit-all-ips-policer-40                                0                    0
limit-all-ips-policer-41                                0                    0
limit-all-ips-policer-42                                0                    0
limit-all-ips-policer-43                                0                    0
limit-all-ips-policer-44                                0                    0
limit-all-ips-policer-45                                0                    0
limit-all-ips-policer-46                                0                    0
limit-all-ips-policer-47                                0                    0
limit-all-ips-policer-48                                0                    0
limit-all-ips-policer-49                                0                    0
limit-all-ips-policer-50                                0                    0
limit-all-ips-policer-51                                0                    0
limit-all-ips-policer-52                                0                    0
limit-all-ips-policer-53                                0                    0
limit-all-ips-policer-54                                0                    0
limit-all-ips-policer-55                                0                    0
limit-all-ips-policer-56                                0                    0
limit-all-ips-policer-57                                0                    0
limit-all-ips-policer-58                                0                    0
limit-all-ips-policer-59                                0                    0
limit-all-ips-policer-60                                0                    0
limit-all-ips-policer-61                                0                    0
limit-all-ips-policer-62                                0                    0
limit-all-ips-policer-63                                0                    0
limit-all-ips-policer-64                                0                    0
limit-all-ips-policer-65                                0                    0
limit-all-ips-policer-66                                0                    0
limit-all-ips-policer-67                                0                    0
limit-all-ips-policer-68                                0                    0
limit-all-ips-policer-69                                0                    0
limit-all-ips-policer-70                                0                    0
limit-all-ips-policer-71                                0                    0
limit-all-ips-policer-72                                0                    0
limit-all-ips-policer-73                                0                    0
limit-all-ips-policer-74                                0                    0
limit-all-ips-policer-75                                0                    0
limit-all-ips-policer-76                                0                    0
limit-all-ips-policer-77                                0                    0
limit-all-ips-policer-78                                0                    0
limit-all-ips-policer-79                                0                    0
limit-all-ips-policer-80                                0                    0
limit-all-ips-policer-81                                0                    0
limit-all-ips-policer-82                                0                    0
limit-all-ips-policer-83                                0                    0
limit-all-ips-policer-84                                0                    0
limit-all-ips-policer-85                                0                    0
limit-all-ips-policer-86                                0                    0
limit-all-ips-policer-87                                0                    0
limit-all-ips-policer-88                                0                    0
limit-all-ips-policer-89                                0                    0
limit-all-ips-policer-90                                0                    0
limit-all-ips-policer-91                                0                    0
limit-all-ips-policer-92                                0                    0
limit-all-ips-policer-93                                0                    0
limit-all-ips-policer-94                                0                    0
limit-all-ips-policer-95                                0                    0
limit-all-ips-policer-96                                0                    0
limit-all-ips-policer-97                                0                    0
limit-all-ips-policer-98                                0                    0
limit-all-ips-policer-99                                0                    0
limit-all-ips-policer-100                               0                    0
limit-all-ips-policer-101                               0                    0
limit-all-ips-policer-102                               0                    0
limit-all-ips-policer-103                               0                    0
limit-all-ips-policer-104                               0                    0
limit-all-ips-policer-105                               0                    0
limit-all-ips-policer-106                               0                    0
limit-all-ips-policer-107                               0                    0
limit-all-ips-policer-108                               0                    0
limit-all-ips-policer-109                               0                    0
limit-all-ips-policer-110                               0                    0
limit-all-ips-policer-111                               0                    0
limit-all-ips-policer-112                               0                    0
limit-all-ips-policer-113                               0                    0
limit-all-ips-policer-114                               0                    0
limit-all-ips-policer-115                               0                    0
limit-all-ips-policer-116                               0                    0
limit-all-ips-policer-117                               0                    0
limit-all-ips-policer-118                               0                    0
limit-all-ips-policer-119                               0                    0
limit-all-ips-policer-120                               0                    0
limit-all-ips-policer-121                               0                    0
limit-all-ips-policer-122                               0                    0
limit-all-ips-policer-123                               0                    0
limit-all-ips-policer-124                               0                    0
limit-all-ips-policer-125                               0                    0
limit-all-ips-policer-126                               0                    0
limit-all-ips-policer-127                               0                    0
limit-all-ips-policer-128                               0                    0
limit-all-ips-policer-129                               0                    0
limit-all-ips-policer-130                               0                    0
limit-all-ips-policer-131                               0                    0
limit-all-ips-policer-132                               0                    0
limit-all-ips-policer-133                               0                    0
limit-all-ips-policer-134                               0                    0
limit-all-ips-policer-135                               0                    0
limit-all-ips-policer-136                               0                    0
limit-all-ips-policer-137                               0                    0
limit-all-ips-policer-138                               0                    0
limit-all-ips-policer-139                               0                    0
limit-all-ips-policer-140                               0                    0
limit-all-ips-policer-141                               0                    0
limit-all-ips-policer-142                               0                    0
limit-all-ips-policer-143                               0                    0
limit-all-ips-policer-144                               0                    0
limit-all-ips-policer-145                               0                    0
limit-all-ips-policer-146                               0                    0
limit-all-ips-policer-147                               0                    0
limit-all-ips-policer-148                               0                    0
limit-all-ips-policer-149                               0                    0
limit-all-ips-policer-150                               0                    0
limit-all-ips-policer-151                               0                    0
limit-all-ips-policer-152                               0                    0
limit-all-ips-policer-153                               0                    0
limit-all-ips-policer-154                               0                    0
limit-all-ips-policer-155                               0                    0
limit-all-ips-policer-156                               0                    0
limit-all-ips-policer-157                               0                    0
limit-all-ips-policer-158                               0                    0
limit-all-ips-policer-159                               0                    0
limit-all-ips-policer-160                               0                    0
limit-all-ips-policer-161                               0                    0
limit-all-ips-policer-162                               0                    0
limit-all-ips-policer-163                               0                    0
limit-all-ips-policer-164                               0                    0
limit-all-ips-policer-165                               0                    0
limit-all-ips-policer-166                               0                    0
limit-all-ips-policer-167                               0                    0
limit-all-ips-policer-168                               0                    0
limit-all-ips-policer-169                               0                    0
limit-all-ips-policer-170                               0                    0
limit-all-ips-policer-171                               0                    0
limit-all-ips-policer-172                               0                    0
limit-all-ips-policer-173                               0                    0
limit-all-ips-policer-174                               0                    0
limit-all-ips-policer-175                               0                    0
limit-all-ips-policer-176                               0                    0
limit-all-ips-policer-177                               0                    0
limit-all-ips-policer-178                               0                    0
limit-all-ips-policer-179                               0                    0
limit-all-ips-policer-180                               0                    0
limit-all-ips-policer-181                               0                    0
limit-all-ips-policer-182                               0                    0
limit-all-ips-policer-183                               0                    0
limit-all-ips-policer-184                               0                    0
limit-all-ips-policer-185                               0                    0
limit-all-ips-policer-186                               0                    0
limit-all-ips-policer-187                               0                    0
limit-all-ips-policer-188                               0                    0
limit-all-ips-policer-189                               0                    0
limit-all-ips-policer-190                               0                    0
limit-all-ips-policer-191                               0                    0
limit-all-ips-policer-192                               0                    0
limit-all-ips-policer-193                               0                    0
limit-all-ips-policer-194                               0                    0
limit-all-ips-policer-195                               0                    0
limit-all-ips-policer-196                               0                    0
limit-all-ips-policer-197                               0                    0
limit-all-ips-policer-198                               0                    0
limit-all-ips-policer-199                               0                    0
limit-all-ips-policer-200                               0                    0
limit-all-ips-policer-201                               0                    0
limit-all-ips-policer-202                               0                    0
limit-all-ips-policer-203                               0                    0
limit-all-ips-policer-204                               0                    0
limit-all-ips-policer-205                               0                    0
limit-all-ips-policer-206                               0                    0
limit-all-ips-policer-207                               0                    0
limit-all-ips-policer-208                               0                    0
limit-all-ips-policer-209                               0                    0
limit-all-ips-policer-210                               0                    0
limit-all-ips-policer-211                               0                    0
limit-all-ips-policer-212                               0                    0
limit-all-ips-policer-213                               0                    0
limit-all-ips-policer-214                               0                    0
limit-all-ips-policer-215                               0                    0
limit-all-ips-policer-216                               0                    0
limit-all-ips-policer-217                               0                    0
limit-all-ips-policer-218                               0                    0
limit-all-ips-policer-219                               0                    0
limit-all-ips-policer-220                               0                    0
limit-all-ips-policer-221                               0                    0
limit-all-ips-policer-222                               0                    0
limit-all-ips-policer-223                               0                    0
limit-all-ips-policer-224                               0                    0
limit-all-ips-policer-225                               0                    0
limit-all-ips-policer-226                               0                    0
limit-all-ips-policer-227                               0                    0
limit-all-ips-policer-228                               0                    0
limit-all-ips-policer-229                               0                    0
limit-all-ips-policer-230                               0                    0
limit-all-ips-policer-231                               0                    0
limit-all-ips-policer-232                               0                    0
limit-all-ips-policer-233                               0                    0
limit-all-ips-policer-234                               0                    0
limit-all-ips-policer-235                               0                    0
limit-all-ips-policer-236                               0                    0
limit-all-ips-policer-237                               0                    0
limit-all-ips-policer-238                               0                    0
limit-all-ips-policer-239                               0                    0
limit-all-ips-policer-240                               0                    0
limit-all-ips-policer-241                               0                    0
limit-all-ips-policer-242                               0                    0
limit-all-ips-policer-243                               0                    0
limit-all-ips-policer-244                               0                    0
limit-all-ips-policer-245                               0                    0
limit-all-ips-policer-246                               0                    0
limit-all-ips-policer-247                               0                    0
limit-all-ips-policer-248                               0                    0
limit-all-ips-policer-249                               0                    0
limit-all-ips-policer-250                               0                    0
limit-all-ips-policer-251                               0                    0
limit-all-ips-policer-252                               0                    0
limit-all-ips-policer-253                               0                    0
limit-all-ips-policer-254                               0                    0
limit-all-ips-policer-255                               0                    0

     As one can see, there are 3 * 256 = 768 individual IPs in these 3 prefixes but only 256 policers are created.

     

    3/ the correct config is below:

     

    aarseniev@mx80# show | compare rollback 12 | no-more 
[edit]
[edit firewall family inet]
+     prefix-action limit-all-ips {
+         policer host-policer;
+         count;
+         subnet-prefix-length 24;
+         destination-prefix-length 32;
+     }
[edit firewall family inet]
+     filter discard-ddos {
+         term subnet1 {
+             from {
+                 destination-address {
+                     1.2.3.0/24;
+                 }
+             }
+             then {
+                 accept;
+                 prefix-action limit-all-ips;
+             }
+         }
+         term subnet2 {
+             from {
+                 destination-address {
+                     1.2.4.0/24;
+                 }
+             }
+             then {
+                 accept;
+                 prefix-action limit-all-ips;
+             }
+         }
+         term subnet3 {
+             from {
+                 destination-address {
+                     1.2.5.0/24;
+                 }
+             }
+             then {
+                 accept;
+                 prefix-action limit-all-ips;
+             }
+         }
+         term else {
+             then accept;
+         }
+     }
[edit firewall]
+   policer host-policer {
+       if-exceeding {
+           bandwidth-limit 1g;
+           burst-size-limit 625k;
+       }
+       then discard;
+   }

    The verification printouts are attached.

    As You can see, same policer as used as "template" to create individual per-host policers for all 3 subnets.

    HTH

    Thanks

    Alex

     

    Attachment(s)

    txt
    pref-action.txt   121 KB 1 version


  • 7.  RE: prefix-specific policers with multiple match conditions

    Posted 06-14-2013 04:53

    hello and thank you very much so far!

     

    if I get u right, there is no way to do it without a term for every single subnet?

    I thought the prefix-action option "filter-specific" may help to solve it?

     

    do you have any idea how much policers an mx240 can handle?

     

    btw: i tried the config already with one subnet successfully, there was no need for "then accept", it was accepted and policed right without it 🙂

     

    freemind



  • 8.  RE: prefix-specific policers with multiple match conditions
    Best Answer

    Posted 06-14-2013 05:44

    Hello,

     

    @Freemind wrote:

     

    if I get u right, there is no way to do it without a term for every single subnet?

    I thought the prefix-action option "filter-specific" may help to solve it?

     

     

    "filter-specific" turns a default term-specific policer into a policer which can be referenced further in same filter, it won't help You to create more policers.

     

    @Freemind wrote:

     

     

    do you have any idea how much policers an mx240 can handle?

     

     


    This depends on linecard hardware. Such type of questions are normally answered by Juniper Systems Engineers, please get to know one nearest to You, they are useful.

     

    @Freemind wrote:

     

    btw: i tried the config already with one subnet successfully, there was no need for "then accept", it was accepted and policed right without it 🙂

     

     

    This works as long as the default stays "accept if only a modifying action is explicitly configured". Best practice is to hardcode FW filter/policy actions so that bugs/change in defaults does not wraek havoc to Your network.

    HTH

    Thanks
    Alex