Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Configuring and Applying Tricolor Marking Policers

A tricolor marking (TCM) policer polices traffic on the basis of metering rates, including the CIR, the PIR, their associated burst sizes, and any policing actions configured for the traffic.

This topic describes how to configure and apply TCM policers and includes the following topics:

Defining a Tricolor Marking Policer

To configure a TCM policer, first enable tricolor marking if not already enabled by default (see Enabling Tricolor Marking and Limitations of Three-Color Policers):

You can configure a tricolor policer to discard high loss priority traffic on a logical interface in the ingress or egress direction. statement.

In all cases, the range of allowable bits-per-second or byte values is 1500 to 100,000,000,000. You can specify the values for bps and bytes either as complete decimal numbers or as decimal numbers followed by the abbreviation k (1000), (1,000,000), or g (1,000,000,000).

The color-blind policer implicitly marks packets into three loss priority categories:

  • Low

  • Medium-high

  • High

Table 1 describes all the configurable TCM statements.

Table 1: Tricolor Marking Policer Statements

Statement

Meaning

Configurable Values

single-rate

Marking is based on the CIR, CBS, and EBS.

two-rate

Marking is based on the CIR, PIR, and rated burst sizes.

color-aware

Metering depends on the packet’s preclassification. Metering can increase a packet’s assigned PLP, but cannot decrease it.

color-blind

All packets are evaluated by the CIR or CBS. If a packet exceeds the CIR or CBS, it is evaluated by the PIR or EBS.

committed-information-rate

Guaranteed bandwidth under normal line conditions and the average rate up to which packets are marked green.

1500 through 100,000,000,000 bps

committed-burst-size

Maximum number of bytes allowed for incoming packets to burst above the CIR, but still be marked green.

1500 through 100,000,000,000 bytes

excess-burst-size

Maximum number of bytes allowed for incoming packets to burst above the CIR, but still be marked yellow.

1500 through 100,000,000,000 bytes

peak-information-rate

Maximum achievable rate. Packets that exceed the CIR but are below the PIR are marked yellow. Packets that exceed the PIR are marked red.

1500 through 100,000,000,000 bps

peak-burst-size

Maximum number of bytes allowed for incoming packets to burst above the PIR, but still be marked yellow.

1500 through 100,000,000,000 bytes

Define the TCM policer at the [edit firewall] hierarchy level:

  1. Create the TCM policer by defining a name for the policer.
  2. Discard traffic on a logical interface using tricolor marking policing.
  3. Define the filter as a logical interface policer.
  4. Configure a single-rate three-color policer in which marking is based on the committed information rate (CIR), committed burst size (CBS), and excess burst size (EBS).
  5. Configure a two-rate three-color policer in which marking is based on the committed information rate (CIR), committed burst size (CBS), peak information rate (PIR), and peak burst size (PBS).
  6. Confirm the configuration.
  7. Save the configuration.

Applying Tricolor Marking Policers to Firewall Filters

To rate-limit traffic by applying a tricolor marking policer to a firewall filter:

  • Set the three-color-policer statement at the edit firewall hierarchy level:

You can include this statement at the following hierarchy levels:

  • [edit firewall family family filter filter-name term rule-name then]

  • [edit firewall filter filter-name term rule-name then]

In the family statement, the protocol family can be any, ccc, inet, inet6, mpls, or vpls.

You must identify the referenced policer as a single-rate or two-rate policer, and this statement must match the configured TCM policer. Otherwise, an error message appears in the configuration listing.

For example, if you configure srTCM as a single-rate TCM policer and try to apply it as a two-rate policer, the following message appears:

Applying Firewall Filter Tricolor Marking Policers to Interfaces

To apply a tricolor marking policer to an interface, you must reference the filter name in the interface configuration.

  • Set the filter statement:

    Note:

    The filter name that you reference must have an attached tricolor marking policer.

You can include these statements at the following hierarchy levels:

  • [edit interfaces interface-name unit logical-unit-number family family]

  • [edit logical-systems logical-system-name interfaces interface-name unit logical-unit-number family family]

Example: Configuring and Applying a Single-Rate Tricolor Marking Policer

The following example requires that you navigate various levels in the configuration hierarchy. For information about navigating the CLI, see Using the CLI Editor in Configuration Mode in the Junos OS CLI User Guide.

This example describes how to configure and apply a color-blind, single-rate, tricolor policer.

  1. Configure the single-rate, color-blind, three-color policer.
  2. Apply the policer to the fil firewall filter.
  3. Apply the fil firewall filter to the logical interface:
  4. Verify the configuration.
  5. Save the configuration.