Technical Documentation

Configuring a Single-Rate Three-Color Policer

You can apply a single-rate three-color policer to the input or output interface.

To configure a single-rate three-color policer:

  1. Configure the policer.
    [edit firewall three-color-policer policer2]user@host# set single-rate color-awareuser@host# set single-rate committed-information-rate 40muser@host# set single-rate committed-burst-size 100kuser@host# set single-rate excess-burst-size 200k

    For three-color policers, the only configurable action is to discard red packets. Red packets are packets that have been assigned high loss priority because they exceeded the excess burst size (EBS).

    [edit firewall three-color-policer srTCM1-ca]user@host# set action loss-priority high then discard
  2. Configure the policer type.
    [edit firewall policer policer1]user@host# set logical-interface-policer

    Instead of logical-interface-policer, you can use physical-interface-policer. Physical interface policers are for policers that you reference in firewall filters.

  3. (Optional) Reference the policer in a firewall filter, for all traffic types or for a specific traffic type.
    [edit firewall]user@host# set filter limit-hosts term term1 then three-color-policer single-rate srTCM1-ca
    [edit firewall]user@host# set family mpls filter limit-hosts term term1 then three-color-policer single-rate srTCM1-ca
  4. Apply the policer to an interface.

    If you referenced the policer in a firewall filter, apply the filter to an interface.

    [edit interfaces so-1/0/0 unit 0 family inet]user@host# set filter input srTCM1-ca

    On some platforms, you can apply a Layer 2 policer to all traffic types on Gigabit Ethernet (ge or xe) interfaces. Layer 2 policers must include the logical-interface-policer statement discussed in Step 2.

    [edit interfaces ge-1/0/0 unit 0]user@host# set layer2-policer input-three-color srTCM1-ca

    To apply a policer to outgoing packets, include the output-three-color statement instead of the input-policer statement.

    [edit interfaces ge-1/0/0 unit 0]user@host# set layer2-policer output-three-color srTCM1-ca
  5. For input policers on MX Series platforms only, configure a fixed classifier.

    A fixed classifier reclassifies all incoming packets, regardless of any preexisting classification.

    [edit class-of-service interfaces ge-0/0/0]user@host# set forwarding-class af

    The classifier name can be a configured classifier or one of the default classifiers.

  6. Verify that the policer is working as expected.
    user@host> show interfaces ge-0/0/0.0 detailuser@host> show interfaces ge-0/0/0.0 statistics detailuser@host> show policer

Published: 2010-04-15