Policy Framework Configuration Guide - Juniper Networks

Junos 10.4 Policy Framework Configuration Guide
The policer classifies traffic into two groups: traffic that conforms to the bandwidth limit
or the peak burst size, and traffic that exceeds the bandwidth limit and the peak burst
size. Each category is associated with an action. For conforming traffic (also called green
traffic), the action is to transmit the packet. For nonconforming traffic (also called red
traffic), the action might be to discard the packet or to first mark the packet with a higher
drop priority and then transmit the packet. If congestion occurs downstream, the packets
with higher loss priority are more likely to be discarded.
The following configuration demonstrates how the policer works in a sample scenario.
firewall {
policer two-color-policer {
logical-interface-policer;
if-exceeding {
bandwidth-percent 90;
burst-size-limit 300k;
}
then loss-priority high;
}
}
If traffic arriving on or exiting the interface exceeds 90 percent of the available bandwidth
and exceeds the 300 KB burst-size limit, the packets are marked with a high loss priority.
As the traffic rate slows and the newly arriving traffic conforms to the configured limits,
Junos OS stops marking packets with the high loss priority.
Configuring a Single-Rate Two-Color Policer
You can apply a single-rate two-color policer to incoming packets, outgoing packets, or
both.
To configure a single-rate two-color policer:
1. Configure the policer.
[edit firewall policer policer1]
user@host# set if-exceeding bandwidth-percent 90 burst-size-limit 300k
user@host# set then loss-priority high
Instead of specifying the bandwidth limit as a percentage, you can configure an
absolute size limit with the bandwidth-limit statement.
2. Configure the policer type.
[edit firewall policer policer1]
user@host# set logical-interface-policer
Instead of logical-interface-policer, you can use physical-interface-policer or
logical-bandwidth-policer. Physical interface policers are for policers that you reference
in firewall filters. Logical bandwidth policers are based on a percentage of the logical
interface shaping rate rather than a percentage of the physical interface media rate.
3. (Optional) Reference the policer in a firewall filter, for all traffic types or for a specific
traffic type.
[edit firewall]
user@host# set filter limit-hosts term term1 then policer policer1
284
Copyright © 2010, Juniper Networks, Inc.