[Contents] [Prev] [Next] [Index] [Report an Error]

Example: Setting a Rate Limit for Incoming Layer 2 Control Packets

Configure rate limiting for incoming Layer 2 control packets. In order to meet this requirement, you must configure an input filter with the family type any and apply this filter to the interface:

[edit]
firewall {
policer p1 {
if-exceeding {
bandwidth-limit 5m;
burst-size-limit 10m;
}
then discard;
}
policer p2 {
if-exceeding {
bandwidth-limit 40m;
burst-size-limit 100m;
}
then discard;
}
policer p3 {
if-exceeding {
bandwidth-limit 600m;
burst-size-limit 1g;
}
then discard;
}
interface-set ifset {
fe-*;
}
family any {
filter L2-filter {
term t1 {
from {
interface fe-0/0/0.0;
}
then policer p1;
}
term t2 {
from {
interface-set ifset;
}
then policer p2;
}
term t3 {
then policer p3;
}
}
}
}
[edit]
interfaces {
fe-0/0/0 {
unit 0 {
family inet {
address 10.1.1.1/30;
}
}
}
fe-1/0/0 {
unit 0 {
family inet {
address 10.2.2.1/30;
}
}
}
lo0 {
unit 0 {
family any {
filter {
input L2-filter;
}
}
}
}
}
[Contents] [Prev] [Next] [Index] [Report an Error]

Copyright © 2009, Juniper Networks, Inc. All rights reserved. Trademark Notice.