 | Copyright © 2008, Juniper Networks, Inc. All rights reserved. Trademark Notice. | |
To rate-limit traffic by attaching a tricolor marking policer to a firewall filter, include the three-color-policer statement:
- three-color-policer {
- (single-rate | two-rate) policer-name;
- }
You can include this statement at the following hierarchy levels:
In the family statement, the protocol family can be any, ccc, inet, inet6, mpls, or vpls.
You must identify the referenced policer as a single-rate or two-rate policer, and this statement must match the configured TCM policer. Otherwise, an error message appears in the configuration listing.
For example, if you configure srTCM as a single-rate TCM policer and try to apply it as a two-rate policer, the following message appears:
- [edit firewall]
- user@host# show three-color-policer srTCM
- single-rate {
- color-aware;
- . . .
- }
- user@host# show filter TESTER
- term A {
-
- then {
-
- three-color-policer {
- ##
- ## Warning: Referenced two-rate policer does not exist
- ##
-
two-rate srTCM;
- }
- }
- }
Apply the trtcm1-cb policer to a firewall filter:
- firewall {
- three-color-policer trtcm1-cb { # Configure
the trtcm1-cb policer.
-
- two-rate {
- color-blind;
- committed-information-rate 1048576;
- committed-burst-size 65536;
- peak-information-rate 10485760;
- peak-burst-size 131072;
- }
- }
- filter fil { # Configure the fil firewall
filter, attaching the trtcm1-cb policer.
- term default {
-
- then {
-
- three-color-policer {
- two-rate trtcm1-cb;
- }
- }
- }
For more information about applying policers to firewall filters, see the JUNOS Policy Framework Configuration Guide.
| Copyright © 2008, Juniper Networks, Inc. All rights reserved. Trademark Notice. | |