[an error occurred while processing this directive][an error occurred while processing this directive]

Configuring a Single-Rate Two-Color Policer

You can apply a single-rate two-color policer to incoming packets, outgoing packets, or both.

To configure a single-rate two-color policer:

  1. Configure the policer.
    [edit firewall policer policer1]user@host# set if-exceeding bandwidth-percent 90 burst-size-limit 300kuser@host# set then loss-priority high

    Instead of specifying the bandwidth limit as a percentage, you can configure an absolute size limit with the bandwidth-limit statement.

  2. Configure the policer type.
    [edit firewall policer policer1]user@host# set logical-interface-policer

    Instead of logical-interface-policer, you can use physical-interface-policer or logical-bandwidth-policer. Physical interface policers are for policers that you reference in firewall filters. Logical bandwidth policers are based on a percentage of the logical interface shaping rate rather than a percentage of the physical interface media rate.

  3. (Optional) Reference the policer in a firewall filter, for all traffic types or for a specific traffic type.
    [edit firewall]user@host# set filter limit-hosts term term1 then policer policer1
    [edit firewall]user@host# set family mpls filter limit-hosts term term1 then policer policer1
  4. Apply the policer to an interface.

    If you referenced the policer in a firewall filter, apply the filter to an interface. If an input filter is configured on the same logical interface as the policer, the policer is executed first.

    One possible configuration is to apply the policer to all traffic of a specific protocol family.

    [edit interfaces so-1/0/0 unit 0 family inet]user@host# set filter input policer1

    You can instead apply the policer to all traffic types, regardless of the protocol family.

    [edit interfaces so-1/0/0 unit 0]user@host# set policer input policer1

    To apply the policer to outgoing packets, include the output statement instead of the input statement.

    [edit interfaces so-1/0/0 unit 0]user@host# set policer output policer1

    On some platforms, you can apply a Layer 2 policer to all traffic types on Gigabit Ethernet (ge or xe) interfaces. Layer 2 policers must include the logical-interface-policer statement discussed in Step 2.

    [edit interfaces ge-1/0/0 unit 0]user@host# set layer2-policer input-policer policer1

    To apply a Layer 2 policer to outgoing packets, include the output-policer statement instead of the input-policer statement.

  5. For input policers on MX Series platforms only, configure a fixed classifier.

    A fixed classifier reclassifies all incoming packets, regardless of any preexisting classification.

    [edit class-of-service interfaces ge-0/0/0]user@host# set forwarding-class af

    The classifier name can be a configured classifier or one of the default classifiers.

  6. Verify that the policers are working as expected.
    user@host> show interfaces ge-0/0/0.0 detailuser@host> show interfaces ge-0/0/0.0 statistics detailuser@host> show interfaces so-0/0/0.0 detailuser@host> show interfaces so-0/0/0.0 statistics detailuser@host> show policer

Published: 2010-04-15

[an error occurred while processing this directive]