Junos OS

Expand all | Collapse all

mx240 policer

Jump to Best Answer
  • 1.  mx240 policer

    Posted 05-29-2019 13:09

    Hey.
    I want to set the speed of the client 5gb

     

    show interfaces ae0 unit 5
    vlan-id 5;
    family inet {
    filter {
    input I-OUT;
    output I-IN;

     

    show firewall filter I-OUT

    term 100 {
    from {
    source-prefix-list {
    W-MY;
    }
    }
    then {
    policer 5000mbit;
    count I-MY-OUT;
    accept;
    }
    }

     

    show firewall filter MY-IN
    term 100 {
    from {
    destination-prefix-list {
    I-MY;
    }
    }
    then {
    policer 5000mbit;
    count I-MY-IN;
    accept;
    }
    }

     

    show policy-options prefix-list I-MY
    10.5.0.0/24;

     

    show firewall policer 5000mbit
    if-exceeding {
    bandwidth-limit 5g;
    burst-size-limit 3125000;
    }
    then discard;

     

    in the end, I get 20g!
    all multiply by 4х....
    for example policer 1g

    if-exceeding {
    bandwidth-limit 1g;
    burst-size-limit 625k;
    }
    then discard;

    get 4g!


    2g will be 8g

     

    MX240

    FPC 1  MPC-3D-16XGE-SFPP
    FPC 2  MPC-3D-16XGE-SFPP


    #policermxjunos


  • 2.  RE: mx240 policer

    Posted 05-29-2019 13:37

    Hi fiber,

     

    If you want to police trafic on ae interface you need to use shared-bandwidth-policer feature.

    Please check this article: Policer Support for Aggregated Ethernet Interfaces Overview

     

     

    Thanks,

    Alex



  • 3.  RE: mx240 policer

    Posted 05-29-2019 22:34

    You have2 options 

    1) shared-bandwidth-policer , as already recommended 

    2) use targeted-distribution 



  • 4.  RE: mx240 policer

    Posted 05-29-2019 23:53
    can i use policer only?
    How to apply a filter for a specific prefix?
     do not limit other clients in the unit 40 interface!
     
     show interfaces ae0 unit 40
    vlan-id 40;
    family inet {
        filter {
            input MY;
        }
        address 10.2.0.0/24;
        address 10.50.5.0/24;
        address 10.9.0.1/30;
    }
     
     
     show |compare
    [edit firewall]
        policer 5g { ... }
    +   policer MY {
    +       shared-bandwidth-policer;
    +       if-exceeding {
    +           bandwidth-limit 5g;
    +           burst-size-limit 25m;
    +       }
    +       then discard;
    +   }
    [edit firewall]
        filter MY-OUT { ... }
    +   filter MY-OUT {
    +       term 10 {
    +           from {
    +               source-prefix-list {
    +                   MY;
    +               }
    +           }
    +           then {
    +               policer 5g;
    +               accept;
    +           }
    +       }
    +   }
     
    show policy-options prefix-list MY
    10.2.0.0/24;
     
    commit
    re0:
    [edit firewall filter MY-OUT term 10 then policer]
      'policer 5g'
        Shared bandwidth policer '5g' can only be referenced by interface specific and physical interface specific filters
    error: configuration check-out failed
     
     
    thanks


  • 5.  RE: mx240 policer

    Posted 05-30-2019 02:10

    if you want limit only some ip addresses - you should use filter. Just add interface-specific to filter



  • 6.  RE: mx240 policer
    Best Answer

    Posted 05-30-2019 03:43

    thanks for the help

    works!

     

    show firewall policer TEST
    shared-bandwidth-policer;
    if-exceeding {
    bandwidth-limit 50m;
    burst-size-limit 5m;
    }
    then discard;

     

     

    show firewall filter TEST
    interface-specific;
    term 10 {
    from {
    source-prefix-list {
    TEST;
    }
    }
    then {
    policer TEST;
    accept;
    }
    }



  • 7.  RE: mx240 policer

    Posted 05-30-2019 13:59

    Hi ,

     

    If the above solution worked for you please flag the relevant post as an "Accepted Solution" so others can benefit..