Junos
Highlighted
Junos

mx240 policer

‎05-29-2019 01:08 PM

Hey.
I want to set the speed of the client 5gb

 

show interfaces ae0 unit 5
vlan-id 5;
family inet {
filter {
input I-OUT;
output I-IN;

 

show firewall filter I-OUT

term 100 {
from {
source-prefix-list {
W-MY;
}
}
then {
policer 5000mbit;
count I-MY-OUT;
accept;
}
}

 

show firewall filter MY-IN
term 100 {
from {
destination-prefix-list {
I-MY;
}
}
then {
policer 5000mbit;
count I-MY-IN;
accept;
}
}

 

show policy-options prefix-list I-MY
10.5.0.0/24;

 

show firewall policer 5000mbit
if-exceeding {
bandwidth-limit 5g;
burst-size-limit 3125000;
}
then discard;

 

in the end, I get 20g!
all multiply by 4х....
for example policer 1g

if-exceeding {
bandwidth-limit 1g;
burst-size-limit 625k;
}
then discard;

get 4g!


2g will be 8g

 

MX240

FPC 1  MPC-3D-16XGE-SFPP
FPC 2  MPC-3D-16XGE-SFPP

6 REPLIES 6
Junos

Re: mx240 policer

‎05-29-2019 01:36 PM

Hi fiber,

 

If you want to police trafic on ae interface you need to use shared-bandwidth-policer feature.

Please check this article: Policer Support for Aggregated Ethernet Interfaces Overview

 

 

Thanks,

Alex

Junos

Re: mx240 policer

‎05-29-2019 10:33 PM

You have2 options 

1) shared-bandwidth-policer , as already recommended 

2) use targeted-distribution 

Junos

Re: mx240 policer

‎05-29-2019 11:53 PM
can i use policer only?
How to apply a filter for a specific prefix?
 do not limit other clients in the unit 40 interface!
 
 show interfaces ae0 unit 40
vlan-id 40;
family inet {
    filter {
        input MY;
    }
    address 10.2.0.0/24;
    address 10.50.5.0/24;
    address 10.9.0.1/30;
}
 
 
 show |compare
[edit firewall]
    policer 5g { ... }
+   policer MY {
+       shared-bandwidth-policer;
+       if-exceeding {
+           bandwidth-limit 5g;
+           burst-size-limit 25m;
+       }
+       then discard;
+   }
[edit firewall]
    filter MY-OUT { ... }
+   filter MY-OUT {
+       term 10 {
+           from {
+               source-prefix-list {
+                   MY;
+               }
+           }
+           then {
+               policer 5g;
+               accept;
+           }
+       }
+   }
 
show policy-options prefix-list MY
10.2.0.0/24;
 
commit
re0:
[edit firewall filter MY-OUT term 10 then policer]
  'policer 5g'
    Shared bandwidth policer '5g' can only be referenced by interface specific and physical interface specific filters
error: configuration check-out failed
 
 
thanks
Junos

Re: mx240 policer

‎05-30-2019 02:10 AM

if you want limit only some ip addresses - you should use filter. Just add interface-specific to filter

Junos
Solution
Accepted by topic author fiber
‎06-06-2019 01:58 AM

Re: mx240 policer

‎05-30-2019 03:42 AM

thanks for the help

works!

 

show firewall policer TEST
shared-bandwidth-policer;
if-exceeding {
bandwidth-limit 50m;
burst-size-limit 5m;
}
then discard;

 

 

show firewall filter TEST
interface-specific;
term 10 {
from {
source-prefix-list {
TEST;
}
}
then {
policer TEST;
accept;
}
}

Junos

Re: mx240 policer

‎05-30-2019 01:58 PM

Hi ,

 

If the above solution worked for you please flag the relevant post as an "Accepted Solution" so others can benefit..