Mailing List Archive

Policer question
Something which doesnt seem to be answered anywhere in the documentation,
perhaps someone knows?

If I build a single firewall filter, containing a policer statement, and
apply that firewall filter to multiple interfaces, does the policer
bandwidth limiting get applied independently to the interfaces, or to
the total traffic on all interfaces.
That is, if i create a policer with a 100m and apply the filter to two
interfaces. will they each get policed to 50m or 100m?
I'm assuming it's independent, but you never know...

Thanks,
Ben
Policer question [ In reply to ]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

It is applied independently (i.e. 100Mbps per interface). Similarly,
if you apply it to the input and output of an interface, it is
applied independently there, too (i.e. 100Mbps in each direction).

Guy

> -----Original Message-----
> From: Ben Buxton [mailto:b.buxton@planettechnologies.nl]
> Sent: Thursday, October 03, 2002 8:35 AM
> To: 'juniper-nsp@puck.nether.net'
> Subject: [j-nsp] Policer question
>
>
>
> Something which doesnt seem to be answered anywhere in the
> documentation,
> perhaps someone knows?
>
> If I build a single firewall filter, containing a policer
> statement, and
> apply that firewall filter to multiple interfaces, does the policer
> bandwidth limiting get applied independently to the interfaces, or
> to the total traffic on all interfaces.
> That is, if i create a policer with a 100m and apply the filter to
> two interfaces. will they each get policed to 50m or 100m?
> I'm assuming it's independent, but you never know...
>
> Thanks,
> Ben
> _______________________________________________
> juniper-nsp mailing list juniper-nsp@puck.nether.net
> http://puck.nether.net/mailman/listinfo/juniper-nsp
>

-----BEGIN PGP SIGNATURE-----
Version: PGP 7.0.1

iQA/AwUBPZwI9o3dwu/Ss2PCEQIMWQCgvY19NDDzQDFPZJCTICKD3AFtbb4AmgPy
W6NAeC82oO/c7gOVA4aFMC8e
=WwVV
-----END PGP SIGNATURE-----


>>>
29th Telindus International Symposium
Thursday, October 24, 2002
Brussel Expo, Brussels, Belgium

Meet over 2.000 business & ICT professionals for an in-depth networking
update at Telindus' 29th International Symposium.

Check out the programme, partners, workshops and register now for free:
http://www.telindussymposium.com
<<<



This e-mail is private and may be confidential and is for the intended
recipient only. If misdirected, please notify us by telephone and confirm
that it has been deleted from your system and any copies destroyed. If you
are not the intended recipient you are strictly prohibited from using,
printing, copying, distributing or disseminating this e-mail or any
information contained in it. We use reasonable endeavors to virus scan all
e-mails leaving the Company but no warranty is given that this e-mail and
any attachments are virus free. You should undertake your own virus
checking. The right to monitor e-mail communications through our network is
reserved by us.
Policer question [ In reply to ]
Ben and Guy,

I forwarded this comment to the book's writer.

Thanks,
..Aviva

In message <C653AC166708D51195D600034723D86504C378F5@mail.odiham.telindus.co.uk
>you write:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> It is applied independently (i.e. 100Mbps per interface). Similarly,
> if you apply it to the input and output of an interface, it is
> applied independently there, too (i.e. 100Mbps in each direction).
>
> Guy
>
> > -----Original Message-----
> > From: Ben Buxton [mailto:b.buxton@planettechnologies.nl]
> > Sent: Thursday, October 03, 2002 8:35 AM
> > To: 'juniper-nsp@puck.nether.net'
> > Subject: [j-nsp] Policer question
> >
> >
> >
> > Something which doesnt seem to be answered anywhere in the
> > documentation,
> > perhaps someone knows?
> >
> > If I build a single firewall filter, containing a policer
> > statement, and
> > apply that firewall filter to multiple interfaces, does the policer
> > bandwidth limiting get applied independently to the interfaces, or
> > to the total traffic on all interfaces.
> > That is, if i create a policer with a 100m and apply the filter to
> > two interfaces. will they each get policed to 50m or 100m?
> > I'm assuming it's independent, but you never know...
> >
> > Thanks,
> > Ben
> > _______________________________________________
> > juniper-nsp mailing list juniper-nsp@puck.nether.net
> > http://puck.nether.net/mailman/listinfo/juniper-nsp
> >
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGP 7.0.1
>
> iQA/AwUBPZwI9o3dwu/Ss2PCEQIMWQCgvY19NDDzQDFPZJCTICKD3AFtbb4AmgPy
> W6NAeC82oO/c7gOVA4aFMC8e
> =WwVV
> -----END PGP SIGNATURE-----
>
>
> >>>
> 29th Telindus International Symposium
> Thursday, October 24, 2002
> Brussel Expo, Brussels, Belgium
>
> Meet over 2.000 business & ICT professionals for an in-depth networking
> update at Telindus' 29th International Symposium.
>
> Check out the programme, partners, workshops and register now for free:
> http://www.telindussymposium.com
> <<<
>
>
>
> This e-mail is private and may be confidential and is for the intended
> recipient only. If misdirected, please notify us by telephone and confirm
> that it has been deleted from your system and any copies destroyed. If you
> are not the intended recipient you are strictly prohibited from using,
> printing, copying, distributing or disseminating this e-mail or any
> information contained in it. We use reasonable endeavors to virus scan all
> e-mails leaving the Company but no warranty is given that this e-mail and
> any attachments are virus free. You should undertake your own virus
> checking. The right to monitor e-mail communications through our network is
> reserved by us.
>
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp@puck.nether.net
> http://puck.nether.net/mailman/listinfo/juniper-nsp
Policer question [ In reply to ]
At 03:08 AM 10/3/2002, Guy Davies wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>It is applied independently (i.e. 100Mbps per interface). Similarly,
>if you apply it to the input and output of an interface, it is
>applied independently there, too (i.e. 100Mbps in each direction).
>
>Guy


Make sure you use the keyword "interface-specific" in the firewall
filter. This creates a different instance for each policer bound in a
direction. Otherwise one instance is created in a direction and the
policer considers all traffic from those interfaces and contributes them
to the policer.

lab@aurora# show firewall filter foo
interface-specific;
policer foo1 {
if-exceeding {
bandwidth-limit 100m;
burst-size-limit 2m;
}
then discard;
}

-Paul




_____________________________________________________
Paul Leet // Field Support Engineer // Juniper Networks
AIM: pleetnet1 // ICQ:104190994 // Pager mailto:page-pleet@juniper.net
Office: 1-719-687-2587 // Cell: 719-439-9077
_____________________________________________________