Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Configuring Aggregate Parent and Child Policers on ACX Series Routers

On ACX Series routers, two-level ingress hierarchical policing is supported. Single-level policers define a single bandwidth profile. You must first define the child or subordinate policers and associate or link them with the aggregate parent policer, which is globally applicable for the entire system. You can configure the mode of hierarchical or aggregate policing for the child policers, such as peak mode, guarantee mode, or hybrid mode of policing.

Note:

Hierarchical policer is not applicable on ACX5048, ACX5096, ACX7332, ACX7348, ACX7059, ACX7024, ACX7024X, and ACX7100 routers.

Note:

The hierarchical policing mechanism on ACX routers is different from the hierarching policing capability supported on MX Series routers. On MX Series routers, with a hierarchical policer, only one child or subordinate policer can be configured under a parent, top-level policer, whereas on ACX Series routers, you can aggregate and specify multiple child policers under a single parent policer under the [edit firewall] hierarchy level. The hierarchical policing methodology on ACX routers is also called aggregate policing. The hierarchical-policer statement and its substatements at the [edit firewall] hierarchy level that are supported on MX Series routers are not available for ACX Series routers.

To configure child or micro policers for an aggregate parent policer and associate the parent policer with the child policers:

  1. Configure one normal policer as a child policer and specify the aggregate policing mode.
  2. Configure another normal policer as a child policer and specify the aggregate policing mode. The aggregate-sharing-mode option is a Packet Forwarding Engine statement.
  3. Define the aggregate parent policer as the global policer for the system. The aggregate-sharing-mode option is a Packet Forwarding Engine statement.
  4. Verify the settings of all policer templates configured by using the show filter policer template command.
  5. View the configured policer instances that are linked to the aggregate parent policer by using the show filter aggregate-policer command.

The show filter policer template and show filter aggregate-policer CLI commands need to be run at the PFE level. To go to the PFE level, you need to:

  1. Enter the start shell CLI command.

  2. Establish a vty session by entering the vty shell command followed by the executable name for the component. For example, vty feb0.

  3. Type the show filter policer ... CLI command.