Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Example: Configuring Policing and Marking of Traffic Entering a VPLS Core

This example firewall filter allows a service provider to limit the aggregate broadcast traffic entering the virtual private LAN service (VPLS) core. The broadcast, unknown unicast, and non-IP multicast traffic received from one of the service provider’s customers on a logical interface has a policer applied. The service provider has also configured a two-rate, three-color policer to limit the customer’s IP multicast traffic. For more information on the configuration of policers, see the Junos OS Class of Service User Guide for Routing Devices.

The position of the router is shown in Figure 1.

Figure 1: Policing and Marking Traffic Entering a VPLS CorePolicing and Marking Traffic Entering a VPLS Core

There are four major parts to the configuration:

  • The policer for broadcast, unknown unicast, and non-IP multicast traffic. This example marks the loss priority as high if this type of traffic exceeds 50 Kbps.

  • The two-rate, three-color policer for IP multicast traffic. This example configures a committed information rate (CIR) of 4 Mbps, a committed burst size of 256 Kbytes, a peak information rate of 4.1 Mbps, and a peak burst size of 256 Kbytes (the same as the CIR).

  • The filter that applies the two policers to VPLS.

  • The application of the filter to the customer interface configuration as an input filter.

Note:

This example does not present exhaustive configuration listings for all routers in the figures. However, you can use this example with a broader configuration strategy to complete the MX Series router network Ethernet Operations, Administration, and Maintenance (OAM) configurations.

To configure policing and marking of traffic entering a VPLS core:

  1. Configure policer bcast-unknown-unicast-non-ip-mcast-policer, a firewall policer to limit the aggregate broadcast, unknown unicast, and non-IP multicast to 50 kbps:

  2. Configure three-color-policer ip-multicast-traffic-policer, a three-color policer to limit the IP multicast traffic:

  3. Configure customer-1, a firewall filter that uses the two policers to limit and mark customer traffic. The first term marks the IP multicast traffic based on the destination MAC address, and the second term polices the broadcast, unknown unicast, and non-IP multicast traffic:

  4. Apply the firewall filter as an input filter to the customer interface at ge-2/1/0: