The IQE PIC can police traffic at Layer 2 in a hierarchical manner. Policing is the practice of making sure that different streams of incoming traffic conform to certain parameters and limits. If the incoming traffic exceeds the established boundaries, that traffic can be marked or even ignored, depending on configuration. Hierarchical policing maintains two rates: an aggregate rate and a high-priority rate. The traffic is marked differently depending on service class (currently, the classes are expedited forwarding and nonexpedited forwarding). The expedited traffic has an additional rate configured, the guaranteed rate (CIR), which is only marked above that limit. If there is no expedited traffic present, then the non-expedited traffic is able to use the aggregate bandwidth rate before being marked with a packet loss priority. When expedited traffic is present, it is marked above the guaranteed rate, but also uses bandwidth from the nonexpedited range.
For example, consider an aggregate rate of 10 Mbps and a high-priority rate of 2 Mbps of a Fast Ethernet interface. The guaranteed rate is also set at 2 Mbps for expedited forwarding traffic. If there is no expedited traffic present, then nonexpedited traffic can use up to 10 Mbps before being marked. When expedited forwarding traffic is present, the expedited traffic is guaranteed 2 Mbps (of the 10 Mbps) without being marked, but is marked above the 2 Mbps limit. In this case, the nonexpedited forwarding traffic can use the remaining 8 Mbps before being marked.
This section discusses the following IQE PIC Layer 2 policing topics:
Layer 2 policers configured on IQE PICs have the following limitations:
To configure Layer 2 policing on the IQE PIC, include the policing-priority option for the forwarding-classes statement at the [edit class-of-service] hierarchy level. One forwarding class has the premium option and the others are configured as normal.
- [edit class-of-service]
- forwarding-classes {
- class fc1 queue-num 0 priority high policing-priority premium;
- class fc2 queue-num 1 priority low policing-priority normal;
- class fc3 queue-num 2 priority low policing-priority normal;
- class fc4 queue-num 3 priority low policing-priority normal;
- }
You must also configure the aggregate and premium statements in the firewall filter performing the policing.
- [edit firewall]
- hierarchical-policer hier_example1 {
-
- aggregate {
-
- if-exceeding {
- bandwidth-limit 70m;
- burst-size-limit 1800;
- }
-
- then {
- discard;
- }
- }
-
- premium {
-
- if-exceeding {
- bandwidth-limit 70m;
- burst-size-limit 3600;
- }
-
- then {
- forwarding-class fc1;
- }
- }
- }
You must also apply the policer to the logical or physical interface on the IQE PIC:
- [edit interfaces]
- so-6/0/0 {
-
- unit 0 {
-
- layer2-policer {
- input-hierarchical-policer hier_example1; # Apply policer
to logical unit.
- }
-
- family inet {
- address 10.0.22.1/30;
- }
- family iso;
- family mpls;
- }
- }
- so-5/0/0 {
-
- layer2-policer {
- input-hierarchical-policer hier_example1; # Apply policer
to physical interface.
- }
-
- unit 0 {
-
- family inet {
- address 10.0.22.1/30;
- }
- family iso;
- family mpls;
- }
- }
For SONET/SDH physical interfaces, the hierarchical policer configuration statements will only be visible for IQE PICs.
