 | Copyright © 2009, Juniper Networks, Inc. All rights reserved. Trademark Notice. | |
Policing, or rate limiting, enables you to limit the amount of traffic that passes into or out of an interface. It is an essential component of firewall filters that is designed to thwart denial-of-service (DoS) attacks. Policing applies two types of rate limits on the traffic:
Policing uses the token-bucket algorithm, which enforces a limit on average bandwidth while allowing bursts up to a specified maximum value. It offers more flexibility than the leaky bucket algorithm (see the JUNOS Class of Service Configuration Guide) in allowing a certain amount of bursty traffic before it starts discarding packets.
You can define specific classes of traffic on an interface and apply a set of rate limits to each. You can use a policer in one of two ways: as part of a filter configuration or as part of a logical interface (where the policer is applied to all traffic on that interface).
After you have defined and named a policer, it is stored as a template. You can later use the same policer name to provide the same policer configuration each time you wish to use it. This eliminates the need to define the same policer values more than once.
| Copyright © 2009, Juniper Networks, Inc. All rights reserved. Trademark Notice. | |