Policy Framework Configuration Guide - Juniper Networks

Junos 10.4 Policy Framework Configuration Guide
• show policer command in the Junos Routing Protocols and Policies Command Reference
Hierarchical Policers
Hierarchical Policer Overview
Configuring a Hierarchical Policer
• Hierarchical Policer Overview on page 292
• Configuring a Hierarchical Policer on page 292
The Enhanced IQ (IQE) PIC can police traffic at Layer 2 in a hierarchical manner.
Hierarchical policing maintains two rates: an aggregate rate and a high-priority, premium
rate. The traffic is marked differently depending on service class (currently, the classes
are expedited forwarding and nonexpedited forwarding). The expedited traffic has an
additional rate configured, the committed information rate (CIR), which is only marked
above that limit. If there is no expedited traffic present, then the nonexpedited traffic is
able to use the aggregate bandwidth rate before being marked with a packet loss priority.
When expedited traffic is present, it is marked when it exceeds the guaranteed rate, but
also uses bandwidth from the nonexpedited range.
For example, consider an aggregate rate of 10 Mbps and a premium rate of 2 Mbps for a
Fast Ethernet interface. The guaranteed rate is also set at 2 Mbps for expedited forwarding
traffic. If there is no expedited traffic present, then nonexpedited traffic can use up to 10
Mbps before being marked. When expedited forwarding traffic is present, the expedited
traffic is guaranteed 2 Mbps (of the 10 Mbps) without being marked, but is marked above
the 2-Mbps limit. In this case, the nonexpedited forwarding traffic can use the remaining
8 Mbps before being marked.
The Enhanced IQ (IQE) PIC can police traffic at Layer 2 in a hierarchical manner.
Hierarchical policing maintains two rates: an aggregate rate and a high-priority rate. The
traffic is marked differently depending on class of service, currently expedited forwarding
and nonexpedited forwarding. You can apply a hierarchical policer to incoming packets,
outgoing packets, or both.
To configure a single-rate two-color policer:
1. Configure the forwarding classes.
[edit class-of-service forwarding-classes]
user@host# set class fc0 queue-num 0 priority high policing-priority premium
user@host# set class fc1 queue-num 1 priority low policing-priority normal
user@host# set class fc2 queue-num 2 priority low policing-priority normal
user@host# set class fc3 queue-num 3 priority low policing-priority normal
For the premium policer, the only configurable action is to discard the packet.
2. Configure the aggregate policer.
[edit firewall policer policer1]
user@host# set aggregate if-exceeding bandwidth-limit 100m burst-size-limit 20k
user@host# set aggregate then forwarding-class fc1
292
Copyright © 2010, Juniper Networks, Inc.