Policer Configuration > Configuring a Bandwidth Policer

JUNOS software supports policers that rate-limit based on a percentage of physical port speed on an interface.

A bandwidth policer provides similar rate limiting at the logical interface level. For a bandwidth policer, the rate-limiting policer is based on a percentage of the configured logical-interface bandwidth, defined as the shaping rate on that logical interface configured with class-of-service statements.

You can configure a policer to limit the bandwidth and apply that policer on multiple logical interfaces.

To configure a bandwidth policer, include the logical-bandwidth-policer statement at the [edit firewall policer policer-name] hierarchy level:

logical-bandwidth-policer;

You can configure rate limiting on the logical-interface policer. For information on configuring rate limiting, see Configuring Rate Limiting. You can configure a policer action for the logical-interface policer. For information on configuring policy actions, see Configuring a Policer Action.

After configuring the bandwidth policer, you can apply the policer to an interface. To apply a bandwidth policer on a logical interface, include the policer policer-name statement at the [edit interfaces interface-name unit 0 family] hierarchy level:

policer policer-name;

For more information about applying policers, see the JUNOS Class of Service Configuration Guide.

Example: Configuring a Bandwidth Policer

Configure a bandwidth policer to rate-limit at the logical interface level:

[edit firewall policer new-police1]

if-exceeding {

    bandwidth-percent 10;

    burst-size-limit 125k;

} 

logical-bandwidth-policer;

then {

    discard;

}

Apply the bandwidth policer to rate-limit IPv4 and IPv6 traffic on interface fe-0/1/1:

[edit interfaces fe-0/1/1 unit 0 family inet]

policer new-police1;

[edit interfaces fe-0/1/1 unit 0 family inet6]

policer new-police1;