Configuring Bandwidth Policers

The JUNOS Software supports policers that rate-limit traffic based on a percentage of physical port speed on an interface.

A bandwidth policer provides similar rate limiting at the logical interface level. For a bandwidth policer, the rate-limiting policer is based on a percentage of the configured logical interface bandwidth, defined as the shaping rate on that logical interface configured with class-of-service statements.

You can configure a policer to limit the bandwidth and apply that policer to multiple logical interfaces.

To configure a bandwidth policer, include the logical-bandwidth-policer statement at the [edit firewall policer policer-name] hierarchy level:

logical-bandwidth-policer;

You can configure rate limiting on the logical interface policer. For information about configuring rate limiting, see Configuring Rate Limiting. You can configure a policer action for the logical interface policer. For information about configuring policy actions, see Configuring Policer Actions.

After configuring the bandwidth policer, you can apply the policer to an interface. To apply a bandwidth policer to a logical interface, include the policer policer-name statement at the [edit interfaces interface-name unit 0 family family-name] hierarchy level:

policer (arp | input | output) policer-name;

For more information about applying policers, see the JUNOS Class of Service Configuration Guide.

Example: Configuring a Bandwidth Policer

Configure a bandwidth policer to rate-limit traffic for a logical interface:

[edit firewall policer new-police1]if-exceeding {bandwidth-percent 10;burst-size-limit 125k;}logical-bandwidth-policer;then {discard;}

Apply the bandwidth policer to rate-limit IPv4 and IPv6 traffic on interface fe-0/1/1:

[edit interfaces fe-0/1/1 unit 0 family inet]policer input new-police1;[edit interfaces fe-0/1/1 unit 0 family inet6]policer output new-police1;