Switching

IMPORTANT MODERATION NOTICE

This community is currently under full moderation, meaning  all posts will be reviewed before appearing in the community. Please expect a brief delay—there is no need to post multiple times. If your post is rejected, you'll receive an email outlining the reason(s). We've implemented full moderation to control spam. Thank you for your patience and participation.



CoS ingress policing on MGE inter

  • 1.  CoS ingress policing on MGE inter

    Posted 10-26-2021 12:57
    Hi,
    since the EX4300MP series does not support the "if-exceeding bandwidth-percent" inside a policer FW rule, my question is how to deal with dynamic speed interfaces (mge-)? I cannot determine the interface speed from the interface name anymore.  The can be 2.5, 5G, 10G speeds behind this mge- name. But I cannot police a 2,5G interface the same way as a 10G interface. But I have 24 workstations behind mge- interfaces that I need to police ingress.

    Example:
    interfaces {
    	mge-0/0/4 {
            unit 0 {
                family ethernet-switching {
                    filter {
                        input POLICE_INGRESS_FWFILTER_MGE;
                    }
                }
            }
        }
    }
    firewall {
    	policer POLICE_INGRESS_MGE_BESTEFFORT_FWCLASS { 
    			if-exceeding {
    				bandwidth-limit 9500m;
    				burst-size-limit 60m;
    			}
    			then discard; 		
    	}
             filter POLICE_INGRESS_FWFILTER_MGE {
                term POLICE-CATCHALL {
                    then {
                        accept;
    		    policer POLICE_INGRESS_MGE_BESTEFFORT_FWCLASS;
    		}
    	     }
    	 }
    }
    	

    Thanks for helping!