Example: Configuring VPLS Policers
This example shows how to configure VPLS policers.
Before you begin:
Configure the interfaces that will carry the VPLS traffic between the PE router and the CE devices. See Example: Configuring Routing Interfaces on the VPLS PE Router and Example: Configuring the Interface to the VPLS CE Device.
Create a VPLS routing instance on each PE router that is participating in the VPLS. See Example: Configuring the VPLS Routing Instance.
Configure an IGP on the PE routers to exchange routing information. See Example: Configuring OSPF on the VPLS PE Router.
Configure RSVP-TE on the PE routers. See Example: Configuring RSVP on the VPLS PE Router.
This example describes how to configure policing and apply it on the interface for VPLS.
MPLS is disabled by default on SRX Series devices. You must explicitly configure your device to allow MPLS traffic. However, when MPLS is enabled, all flow-based security features are deactivated and the device performs packet-based processing. Flow-based services such as security policies, zones, NAT, ALGs, chassis clustering, screens, firewall authentication, and IPsec VPNs are unavailable on the device.
CLI Quick Configuration
To quickly configure VPLS policers, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, copy and paste the commands into the CLI at the  hierarchy level, and then enter commit from configuration mode.
To configure filters for VPLS:
- Configure bandwidth percentage.[edit ]user@host# set firewall policer police2 if-exceeding bandwidth-percent 10
- Configure the burst size limit.[edit ]user@host# set firewall policer police2 if-exceeding burst-size-limit 1500
- Configure the terminal action on the packet.[edit ]user@host# set firewall policer police2 then discard
- Apply the policer to the interface.[edit ]user@host# set interfaces ge-0/0/1 unit 512 family vpls policer input police2
- If you are done configuring the device, commit the configuration.[edit ]user@host# commit
To verify the configuration is working properly, enter the show firewall command.