Applying a Policer

[Contents] [Prev] [Next] [Index] [Report an Error]

Applying a Policer
On Gigabit Ethernet IQ and Gigabit Ethernet PICs with SFPs (except the 10-port Gigabit Ethernet PIC and the built-in Gigabit Ethernet port on the M7i platform), you can apply input and output policers that define rate limits for premium and aggregate traffic received on the logical interface. Aggregate policers are supported on Gigabit Ethernet PICs with SFPs (except the 10-port Gigabit Ethernet PIC and the built-in Gigabit Ethernet port on the M7i platform).

These policers allow you to perform simple traffic policing without configuring a firewall filter. For information about defining these policers, see Configuring Gigabit Ethernet Policers.

To apply policers to specific source MAC addresses, include the accept-source-mac statement:
accept-source-mac {
    mac-address mac-address {
        policer {
            input cos-policer-name;
            output cos-policer-name;
        }
    }
}
You can include these statements at the following hierarchy levels:

[edit interfaces interface-name unit logical-unit-number]

[edit logical-routers logical-router-name interfaces interface-name unit logical-unit-number]

You can specify the MAC address as nn:nn:nn:nn:nn:nn or nnnn.nnnn.nnnn, where n is a hexadecimal number. You can configure up to 64 source addresses. To specify more than one address, include multiple mac-address statements in the logical interface configuration.

NOTE: If the remote Ethernet card is changed, the interface does not accept traffic from the new card because the new card has a different MAC address.

The MAC addresses you include in the configuration are entered into the routing platform's MAC database. To view the routing platform's MAC database, enter the show interfaces mac-database interface-name command:
user@host> show interfaces mac-database interface-name
In the input statement, list the name of one policer template to be evaluated when packets are received on the interface.

In the output statement, list the name of one policer template to be evaluated when packets are transmitted on the interface.

You can use the same policer one or more times.

If you apply both policers and firewall filters to an interface, input policers are evaluated before input firewall filters, and output policers are evaluated after output firewall filters.

[Contents] [Prev] [Next] [Index] [Report an Error]