[Contents] [Prev] [Next] [Index] [Report an Error]

Configuring a Policer for a Firewall Filter (Required)

You configure a policer to detect packets that exceed the limits established for DiffServ expedited forwarding. For DiffServ, packets that exceed these limits are given a higher loss priority than packets within the bandwidth and burst size limits.

The following example shows how to configure a policer called ef-policer that identifies for likely discard expedited forwarding packets with a burst size greater than 2000 bytes and a bandwidth greater than 10 percent.

For more information about firewall filters, see Configuring Firewall Filters and NAT and the JUNOS Policy Framework Configuration Guide.

To configure an expedited forwarding policer for a firewall filter for the Services Router:

  1. Navigate to the top of the configuration hierarchy in either the J-Web or CLI configuration editor.
  2. Perform the configuration tasks described in Table 161.
  3. Go on to Configuring and Applying a Firewall Filter for a Multifield Classifier (Required).

Table 161: Configuring a Policer for a Firewall Filter

Task

J-Web Configuration Editor

CLI Configuration Editor

Navigate to the Firewall level in the configuration hierarchy.

In the configuration editor hierarchy, select Firewall.

From the top of the configuration hierarchy, enter

edit firewall

Create the policer for expedited forwarding, and give the policer a name—for example, ef-policer.
  1. Click Add new entry next to Policer.
  2. In the Policer name box, type ef-policer.

Enter

edit policer ef-policer

Set the burst limit for the policer—for example, 2k.

Set the bandwidth limit or percentage for the bandwidth allowed for this type of traffic—for example, use a bandwidth percent of 10.
  1. Click Configure next to If exceeding.
  2. In the Burst size limit box, type a limit for the burst size allowed—for example, 2k.
  3. From the Bandwidth list, select bandwidth-percent.
  4. In the Bandwidth percent box, type 10.
  5. Click OK.

Enter

set if-exceeding burst-limit-size 2k

set if-exceeding bandwidth-percent 10

Enter the loss priority for packets exceeding the limits established by the policer—for example, high.
  1. Click Configure next to Then.
  2. From the Loss priority list, select high.
  3. Click OK three times.

Enter

set then loss-priority high

[Contents] [Prev] [Next] [Index] [Report an Error]

[an error occurred while processing this directive]