Switching

 View Only
last person joined: 22 hours ago 

Ask questions and share experiences about EX and QFX portfolios and all switching solutions across your data center, campus, and branch locations.

CoS ingress policing on MGE inter

  • 1.  CoS ingress policing on MGE inter

    Posted 10-26-2021 12:57
    Edited by Annie Moncure 10-27-2021 09:32
    Hi,
    since the EX4300MP series does not support the "if-exceeding bandwidth-percent" inside a policer FW rule, my question is how to deal with dynamic speed interfaces (mge-)? I cannot determine the interface speed from the interface name anymore.  The can be 2.5, 5G, 10G speeds behind this mge- name. But I cannot police a 2,5G interface the same way as a 10G interface. But I have 24 workstations behind mge- interfaces that I need to police ingress.

    Example:
    interfaces {
    	mge-0/0/4 {
            unit 0 {
                family ethernet-switching {
                    filter {
                        input POLICE_INGRESS_FWFILTER_MGE;
                    }
                }
            }
        }
    }
    firewall {
    	policer POLICE_INGRESS_MGE_BESTEFFORT_FWCLASS { 
    			if-exceeding {
    				bandwidth-limit 9500m;
    				burst-size-limit 60m;
    			}
    			then discard; 		
    	}
             filter POLICE_INGRESS_FWFILTER_MGE {
                term POLICE-CATCHALL {
                    then {
                        accept;
    		    policer POLICE_INGRESS_MGE_BESTEFFORT_FWCLASS;
    		}
    	     }
    	 }
    }
    	

    Thanks for helping!