You can configure filters, policers, and broadcast/unknown filters to determine which kind of traffic is allowed into and out of a VPLS domain. You can apply these filters and policers to CE-facing interfaces only.
To process traffic as it enters a VPLS domain, you can define a firewall policer and apply it to the input interface. To define policer characteristics for incoming VPLS traffic, include the bandwidth-limit and burst-size-limit statements at the [edit firewall policer policer-name if-exceeding] hierarchy level. Then, specify statements to implement the desired action (for example, discard) for the policed traffic at the [edit firewall policer policer-name then] hierarchy level. To apply the policer to a CE-facing interface, include the input or output statements and the name of the policer at the [edit interfaces interface-name unit unit-number family vpls policer] hierarchy level.
- [edit]
- interfaces {
-
- ge-2/1/0 {
- vlan-tagging;
- mtu 1544;
- encapsulation vlan-vpls;
-
- unit 0 {
- encapsulation vlan-vpls;
- vlan-id 600;
-
- family vpls {
-
- policer {
- input vpls-policer;
- }
- }
- }
- }
- }
- firewall {
-
- policer {
-
- vpls-policer {
-
- if-exceeding {
- bandwidth-limit 5m;
- burst-size-limit 1m;
- }
- then discard;
- }
- }
- }
