Technical Documentation

Configuring a Hierarchical Policer

The Enhanced IQ (IQE) PIC can police traffic at Layer 2 in a hierarchical manner. Hierarchical policing maintains two rates: an aggregate rate and a high-priority rate. The traffic is marked differently depending on class of service, currently expedited forwarding and nonexpedited forwarding. You can apply a hierarchical policer to incoming packets, outgoing packets, or both.

To configure a single-rate two-color policer:

  1. Configure the forwarding classes.
    [edit class-of-service forwarding-classes]user@host# set class fc0 queue-num 0 priority high policing-priority premiumuser@host# set class fc1 queue-num 1 priority low policing-priority normaluser@host# set class fc2 queue-num 2 priority low policing-priority normaluser@host# set class fc3 queue-num 3 priority low policing-priority normal

    For the premium policer, the only configurable action is to discard the packet.

  2. Configure the aggregate policer.
    [edit firewall policer policer1]user@host# set aggregate if-exceeding bandwidth-limit 100m burst-size-limit 20kuser@host# set aggregate then forwarding-class fc1

    The configurable actions are to discard the packet, change the loss priority, or change the forwarding class.

  3. Configure the premium policer.
    [edit firewall policer policer1]user@host# set premium if-exceeding bandwidth-limit 200m burst-size-limit 50kuser@host# set premium then forwarding-class af

    For the premium policer, the only configurable action is to discard the packet.

  4. Apply the policer to an interface.
    [edit interfaces so-1/0/0 unit 0]user@host# set layer2–policer input-hierarchical-policer policer1
  5. Verify that the policer is working as expected.
    user@host> show interfaces so-0/0/0.0 detailuser@host> show interfaces so-0/0/0.0 statistics detailuser@host> show policer

Published: 2010-04-15