Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Understanding Enhanced Hierarchical Policers

Use the enhanced hierarchical policer configuration to rate limit traffic based on packets classified on the traffic priority. Configure traffic policing at four levels of hierarchies with respect to the traffic priority.

Note:

This feature is available only on ACX7100-32C, ACX7100-48L, ACX7509, and ACX7024 devices.

In an enhanced hierarchical policer configuration, up to four policers are defined. Each policer maps to a traffic priority. The four traffic priorities, arranged as per their order of precedence are High, Medium-High, Medium-Low, and Low. The traffic priorities are hierarchical – High is the traffic priority with the highest precedence and Low is the traffic priority with the lowest precedence. It implies that a policer defined for the High traffic priority has a higher precedence than the rest of the policers or a policer defined for the Low traffic priority has a lower precedence than the rest of the policers.

All policers (one or up to four) in an enhanced hierarchical policer configuration, consume bandwidth from a maximum allotted bandwidth – in Table 1 this maximum allotted bandwidth is 65 mbps. Each policer is allotted a Confirmed Information Rate (CIR) and Maximum Confirmed Information Rate from this maximum allotted bandwidth. As a guideline, the CIR and Max CIR values are always the same for the policer with the highest precedence.

Residue bandwidth or unused bandwidth is carried over to lower precedence policers. As can be noted in Table 1, medium-high policer inherits unused bandwidth from high policer. Medium-low policer inherits from high and medium-high policers. Low policer inherits from the other three higher precedence policers. It is recommended that MAX CIR of a particular level is equal to the CIR of current level + combined CIR of previous/top levels.

Table 1: Example enhanced hierarchical policer configuration

Policer Configurations

Policer-level/traffic-priority

CIR

MAX CIR

high

5mbps

5mbps

medium-high

10mbps

15mbps

medium-low

20mbps

35mbps

low

30mbps

65mbps

Guidelines for configuring enhanced hierarchical policer

  • An enhanced hierarchical policer is filter-specific. Filter-specific policer semantics is to be used for hierarchical policer as multiple terms will point to same policer.

  • Counter name must be same for all the terms mapped to enhanced-hierarchical-policer action under same hierarchy level.

  • It is mandatory to configure all the levels of an enhanced hierarchical policer with respective policer bandwidth rates and burst size configurations. If there is no requirement to configure all four levels, the unwanted levels must specify least supported CIR, MAX CIR and CBS rates. It is recommended that firewall filter terms not be mapped to these unwanted levels.

  • Each enhanced hierarchical policer level must be configured with the action to discard the packets exceeding the configured bandwidth.

Example: Configuring an enhanced hierarchical policer

In this example:

  • An enhanced hierarchical policer is defined.

  • A firewall filter is defined and policer is applied in the firewall filter. The firewall filter is applied to an interface.

  • Policer statistics is displayed.

Requirements:

  • Junos OS Release 23.3 R1 or later.

  • An ACX7100-32C, ACX7100-48L, ACX7509, or ACX7024 device.

Step-by-Step Procedure

  1. Define the policer name.

  2. Define committed information rate (CIR), maximum committed information rate (MIR), and committed burst size (CBS) for the four traffic priorities, namely high, medium-high, medium-low, and low.

  3. Define a firewall filter. Apply the enhanced hierarchical policer by specifying the traffic priority in the action of the firewall filter term.

  4. Apply the firewall filter to an interface.

  5. Display enhanced hierarchical policer statistics. The dropped/red bytes and packets are displayed per level.