Configure a Gigabit Ethernet QPP Policer

[Contents] [Prev] [Next] [Index] [Report an Error]

Configure a Gigabit Ethernet QPP Policer
On Gigabit Ethernet QPP interfaces, you can define rate limits for premium and aggregate traffic received on the interface. These policers allow you to perform simple traffic policing on Gigabit Ethernet QPP interfaces without configuring a firewall filter. First you configure the Ethernet policer profile, then you can apply the policer to a logical interface. For information about applying a policer to a logical interface, see Apply a Gigabit Ethernet QPP Policer.

To configure an Ethernet policer profile, include the ethernet-policer-profile statement at the [edit interfaces interface-name gigether-options ethernet-switch-profile] hierarchy level:
[edit interfaces interface-name gigether-options ethernet-switch-profile]
ethernet-policer-profile {
    policer cos-policer-name {
        aggregate {
            bandwidth-limit bps;
            burst-size-limit length;
        }
        premium {
            bandwidth-limit bps;
            burst-size-limit length;
        }
    }
}
In the Ethernet policer profile, the aggregate-priority policer is mandatory; the premium-priority policer is optional.

For aggregate and premium policers, you specify the bandwidth limit in bits per second. You can specify the value as a complete decimal number or as a decimal number followed by the abbreviation k (1000), m (1,000,000), or g (1,000,000,000). There is no absolute minimum value for bandwidth limit, but any value below 61,040 bps will result in an effective rate of 30,520 bps. The maximum bandwidth limit is 4.29 Gbps.

The maximum burst size controls the amount of traffic bursting allowed. To determine the burst-size limit, you can multiply the bandwidth of the interface on which you are applying the filter by the amount of time you allow a burst of traffic at that bandwidth to occur:

burst size = bandwidth x allowable time for burst traffic

If you do not know the interface bandwidth, you can multiply the maximum transmission unit (MTU) of the traffic on the interface by 10 to obtain a value. For example, the burst size for an MTU of 4700 would be 47,000 bytes. The burst size should be at least 10 interface MTUs. The maximum value for the burst-size limit is 100 MB.

Specify Premium IEEE 802.1p Bits

If you include a premium-priority policer, you can specify premium IEEE 802.1p bits by including the ieee802.1-priority-map statement at the [edit interfaces interface-name gigether-options ethernet-policer-profile] hierarchy level:
[edit interfaces interface-name gigether-options ethernet-policer-profile]
ieee802.1-priority-map premium [ bits ];
Specify values of the code-point bits, in binary code. The remaining bits are classified as nonpremium (or aggregate).

Apply a Gigabit Ethernet QPP Policer

On Gigabit Ethernet QPP logical interfaces, you can apply input and output policers that define rate limits for premium and aggregate traffic received on the interface. These policers allow you to perform simple traffic policing on Gigabit Ethernet QPP interfaces without configuring a firewall filter. For information about defining these policers, see Configure a Gigabit Ethernet QPP Policer.

You apply policers to specific source MAC addresses by including the accept-source-mac statement:
accept-source-mac {
    mac-address mac-address {
        policer {
            input cos-policer-name;
            output cos-policer-name;
        }
    }
}
You can configure these statements at the following hierarchy levels:

[edit interfaces interface-name unit logical-unit-number]

[edit logical-routers logical-router-name interfaces interface-name unit logical-unit-number]

You can specify the MAC address as nn:nn:nn:nn:nn:nn or nnnn.nnnn.nnnn, where n is a hexadecimal number. To specify more than one address, include multiple mac-address statements in the logical interface configuration.

If the remote Ethernet card is changed, the interface does not accept traffic from the new card because the new card has a different MAC address.

The MAC addresses you include in the configuration are entered into the router's MAC database. To view the router's MAC database, enter the show interfaces mac-database interface-name command:
user@host> show interfaces mac-address interface-name
In the input statement, list the name of one policer template to be evaluated when packets are received on the interface.

In the output statement, list the name of one policer template to be evaluated when packets are transmitted on the interface.

You can use the same policer one or more times.

If you apply both policers and firewall filters to an interface, input policers are evaluated before input firewall filters, and output policers are evaluated after output firewall filters.

Configure Gigabit Ethernet QPP MAC Address Filtering

You cannot explicitly define traffic with specific source MAC addresses to be rejected; however, you can block all incoming packets that do not have a source address specified in the accept-source-mac statement. To enable this blocking, include the source-filtering statement at the [edit interfaces interface-name gigether-options] hierarchy level:
[edit interfaces interface-name gigether-options]
source-filtering; 
For more information about the source-filtering statement, see Enable Ethernet MAC Address Filtering.

To accept traffic even though it does not have a source address specified in the accept-source-mac statement, include the no-source-filtering statement at the [edit interfaces interface-name gigether-options] hierarchy level:
[edit interfaces interface-name gigether-options]
no-source-filtering;
Example: Configure a Gigabit Ethernet QPP Policer

Configure interface ge-6/0/0 to treat priority levels 2 and 3 as premium. On ingress, this means that IEEE 802.1p priority values 2 and 3 are premium. On egress, it means traffic classified into Queue 1 is premium. Define a policer that limits the premium bandwidth to 100 Mbps and burst size to 3 k, and the aggregate bandwidth to 200 Mbps and burst size to 3 k. Specify that frames received from the MAC address 00:01:02:03:04:05 and the VLAN ID 600 are subject to the policer on input and output. On input, this means frames received with the source MAC address 00:01:02:03:04:05 and the VLAN ID 600 are subject to the policer. On output, this means frames transmitted from the router with the destination MAC address 00:01:02:03:04:05 and the VLAN ID 600 are subject to the policer.
[edit interfaces]
ge-6/0/0 {
    gigether-options {
        ether-switch-profile {
            ether-policer-profile {
                ieee802.1-priority-map {
                    premium [ 2 3 ];
                }
                policer policer-1 {
                    premium {
                        bandwidth-limit 100m;
                        burst-size-limit 3k;
                    }
                    aggregate {
                        bandwidth-limit 200m;
                        burst-size-limit 3k;
                    }
                }
            }
        }
    }
    unit 0 {
        accept-source-mac {
            mac-address 00:01:02:03:04:05 {
                policer {
                    input policer-1;
                    output policer-1;
                }
            }
        }
    }
}

[Contents] [Prev] [Next] [Index] [Report an Error]