• Supported Platforms
• M Series
• MX Series
• T Series

• Related Topics
• show interfaces (Gigabit Ethernet) command in the Junos Interfaces Command Reference
• show interfaces statistics command in the Junos Interfaces Command Reference
• show policer command in the Junos Routing Protocols and Policies Command Reference

Configuring a Two-Rate Three-Color Policer

You can apply a two-rate three-color policer to the input or output interface.

To configure a two-rate three-color policer:

1. Configure the policer.
   [edit firewall three-color-policer trTCM1-ca]user@host# set two-rate color-awareuser@host# set two-rate committed-information-rate 40muser@host# set two-rate committed-burst-size 100kuser@host# set two-rate peak-information-rate 60muser@host# set two-rate peak-burst-size 200k
2. (Optional) Configure the policer action.

   For three-color policers, the only configurable action is to discard red packets. Red packets are packets that have been assigned high loss priority because they exceeded the peak information rate (PIR) and the peak burst size (PBS).

   [edit firewall three-color-policer trTCM1-ca]user@host# set action loss-priority high then discard
3. Configure the policer type.
   [edit firewall policer trTCM1-ca]user@host# set logical-interface-policer

   Instead of logical-interface-policer, you can use physical-interface-policer. Physical interface policers are for policers that you reference in firewall filters.

4. (Optional) Reference the policer in a firewall filter, for all traffic types or for a specific traffic type.
   [edit firewall]user@host# set filter limit-hosts term term1 then three-color-policer two-rate trTCM1-ca
   [edit firewall]user@host# set family mpls filter limit-hosts term term1 then three-color-policer two-rate trTCM1-ca
5. Apply the policer to an interface.

   If you referenced the policer in a firewall filter, apply the filter to an interface.

   [edit interfaces ge-0/0/0 unit 0 family inet]user@host# set filter input trTCM1-ca

   On some platforms, you can apply a Layer 2 policer to all traffic types on Gigabit Ethernet (ge or xe) interfaces. Layer 2 policers must include the logical-interface-policer statement discussed in Step 3.

   [edit interfaces ge-1/0/0 unit 0]user@host# set layer2-policer input-three-color trTCM1-ca

   To apply a policer to outgoing packets, include the output-three-color statement instead of the input-policer statement.

   [edit interfaces ge-1/0/0 unit 0]user@host# set layer2-policer output-three-color trTCM1-ca
6. For input policers on MX Series platforms only, configure a fixed classifier.

   A fixed classifier reclassifies all incoming packets, regardless of any preexisting classification.

   The classifier name can be a configured classifier or one of the default classifiers.

   [edit class-of-service interfaces ge-0/0/0]user@host# set forwarding-class af
7. Verify that the policer is working as expected.
   user@host> show interfaces ge-0/0/0.0 detailuser@host> show interfaces ge-0/0/0.0 statistics detailuser@host> show policer