Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

Enhanced Hierarchical Policer Overview (Junos OS Evolved)

Enhanced hierarchical policer configuration enables traffic rate limiting of data packets based on the traffic priority. You can configure enhanced hierarchical policer under dynamic profile to rate limit traffic for subscribers. Traffic policing is supported at four levels of hierarchies with respect to the traffic priority- High, Medium-High, Medium-Low, and Low.

In an enhanced hierarchical policer configuration, you can define up to four policers. Each policer maps to a traffic priority. The four traffic priorities, arranged as per their order of precedence are High, Medium-High, Medium-Low, and Low. The traffic priorities are hierarchical – High is the traffic priority with the highest precedence and Low is the traffic priority with the lowest precedence. It implies that a policer defined for the High traffic priority has a higher precedence than the rest of the policers or a policer defined for the Low traffic priority has a lower precedence than the rest of the policers.

Each policer is allotted a Confirmed Information Rate (CIR) and Maximum Confirmed Information Rate (MAX CIR). Residue bandwidth or unused bandwidth is carried over to lower precedence policers. As the Table 1 shows, medium-high policer inherits unused bandwidth from high policer. Medium-low policer inherits from high and medium-high policers. Low policer inherits from the other three higher precedence policers. It is recommended that MAX CIR of a particular level is equal to the CIR of current level + combined CIR of previous/top levels.

Table 1: Example enhanced hierarchical policer configuration

Policer Configurations

Policer-level/traffic-priority

CIR

MAX CIR

high

10mbps

10mbps

medium-high

10mbps

20mbps

medium-low

10mbps

30mbps

low

10mbps

40mbps

Guidelines for Configuring Enhanced Hierarchical Policer

  • The CIR and Max CIR values must be the same for the policer with the highest precedence.

  • The minimum bandwidth rate that you can allot for CIR or MAX CIR is 22KB.

  • It is mandatory to configure all the levels (four) of an enhanced hierarchical policer with respective policer bandwidth rates and burst size. However, the firewall filter can refer to any number (one to four) of policers based on the requirement. If you do not want all the four levels of enhanced hierarchical policer but need only two levels, then all the firewall filters can refer to only two active levels. If you do not want all the four levels of enhanced hierarchical policer, but need only one level, then all the firewall filters can refer to only one level. If there is no requirement to configure all four levels, the unwanted levels must specify least supported CIR, MAX CIR and CBS rates. It is recommended that firewall filter terms not be mapped to these unwanted levels.

  • Configuration of both hierarchical policer and enhanced hierarchical policer inside Dynamic Profile is not allowed.

  • You must configure each enhanced hierarchical policer level with the action discard to drop the packets exceeding the configured bandwidth.

Enhanced Hierarchical Policer Applied as Filter Action

You can apply enhanced hierarchical policer to a logical interface as a filter action for aggregate traffic levels. Junos OS Evolved supports the use of logical-interface-policer (also known as an aggregate policer) within the enhanced hierarchical policer configuration. It enables traffic rate limiting at the interface level across multiple protocol families (inet and inet6), without requiring separate policer instances for each family.

Note:

  • You can configure logical-interface-policer only for families inet and inet6.

  • On Junos OS Evolved devices, logical-interface-policer applies only for input direction.

To apply the policer function specific to an interface, include the interface-specific statement in the firewall filter configuration.

You can define a logical interface policer by including the logical-interface-policer statement when configuring the enhanced hierarchical policer.