[Contents] [Prev] [Next] [Index] [Report an Error]

Configuring a Policer for a Firewall Filter (Required)

You configure a policer to detect packets that exceed the limits established for DiffServ expedited forwarding. For DiffServ, packets that exceed these limits are given a higher loss priority than packets within the bandwidth and burst size limits.

The following example shows how to configure a policer called ef-policer that identifies for likely discard expedited forwarding packets with a burst size greater than 2000 bytes and a bandwidth greater than 10 percent.

For more information about firewall filters, see Configuring Firewall Filters and NAT and the JUNOS Policy Framework Configuration Guide.

To configure an expedited forwarding policer for a firewall filter for the Services Router:

  1. Navigate to the top of the configuration hierarchy in either the J-Web or CLI configuration editor.
  2. Perform the configuration tasks described in Table 122.
  3. Go on to Configuring and Applying a Firewall Filter for a Multifield Classifier (Required).

Table 122: Configuring a Policer for a Firewall Filter

Task

J-Web Configuration Editor

CLI Configuration Editor

Navigate to the Firewall level in the configuration hierarchy.

In the configuration editor hierarchy, select Firewall.

From the top of the configuration hierarchy, enter

edit firewall

Create and name the policer for expedited forwarding.
  1. Click Add new entry next to Policer.
  2. In the Policer name box, type a name for the EF policer—for example, ef-policer.

Enter

edit policer ef-policer

Enter the burst limit and bandwidth for the policer.
  1. Click Configure next to If exceeding.
  2. In the Burst size limit box, type a limit for the burst size allowed—for example, 2k.
  3. From the Bandwidth list, select a limit or percentage—for example, bandwidth-percent.
  4. In the Bandwidth percent box, type a percentage for the bandwidth allowed for this type of traffic—for example, 10.
  5. Click OK.

Enter

set if-exceeding burst-limit-size 2k

set if-exceeding bandwidth-percent 10

Enter the loss priority for packets exceeding the limits established by the policer.
  1. Click Configure next to Then.
  2. From the Loss priority list, select high.
  3. Click OK three times.

Enter

set then loss-priority high

[Contents] [Prev] [Next] [Index] [Report an Error]

[an error occurred while processing this directive]