[ Contents] [ Prev] [ Next] [ Index] [ Report an Error]

Configuring a Policer for a Firewall Filter

You configure a policer to detect packets that exceed the limits established for expedited forwarding. The packets that exceed these limits are given a higher loss priority than packets within the bandwidth and burst size limits.

The following example shows how to configure a policer called ef-policer that identifies for likely discard expedited forwarding packets with a burst size greater than 2000 bytes and a bandwidth greater than 10 percent.

For more information about firewall filters, see Configuring Stateless Firewall Filters and the JUNOS Policy Framework Configuration Guide.

To configure an expedited forwarding policer for a firewall filter for the Services Router:

  1. Navigate to the top of the configuration hierarchy in either the J-Web or CLI configuration editor.
  2. Perform the configuration tasks described in Table 121.
  3. Go on to Configuring and Applying a Firewall Filter for a Multifield Classifier.

Table 121: Configuring a Policer for a Firewall Filter

Task

J-Web Configuration Editor

CLI Configuration Editor

Navigate to the Firewall level in the configuration hierarchy.
  1. In the J-Web interface, select Configuration>View and Edit>Edit Configuration.
  2. Next to Firewall, click Configure or Edit.

From the [edit] hierarchy level, enter

edit firewall

Create the policer for expedited forwarding, and give the policer a name—for example, ef-policer.
  1. Click Add new entry next to Policer.
  2. In the Policer name box, type ef-policer.

Enter

edit policer ef-policer

Set the burst limit for the policer—for example, 2k.

Set the bandwidth limit or percentage for the bandwidth allowed for this type of traffic—for example, use a bandwidth percent of 10.
  1. Click Configure next to If exceeding.
  2. In the Burst size limit box, type a limit for the burst size allowed—for example, 2k.
  3. From the Bandwidth list, select bandwidth-percent.
  4. In the Bandwidth percent box, type 10.
  5. Click OK.

Enter

set if-exceeding burst-limit-size 2k

set if-exceeding bandwidth-percent 10

Enter the loss priority for packets exceeding the limits established by the policer—for example, high.
  1. Click Configure next to Then.
  2. From the Loss priority list, select high.
  3. Click OK.

Enter

set then loss-priority high

[ Contents] [ Prev] [ Next] [ Index] [ Report an Error]

[an error occurred while processing this directive]