Juniper EX9200 Features Manual page 130

Traffic Policers Feature Guide for EX9200 Switches
112
NOTE: The firewall filter passes the prefix-specific action only packets with
source addresses that range from
prefix-specific action specifies a set of 256 counters and policers, numbered
from 0 through 255.
The matched packets that are passed to the prefix-specific action index into the lower
half of the counter and policer set only:
The first counter and policer in the set are indexed by packets with source address
.
10.10.10.0
The second counter and policer in the set are indexed by packets with source address
and
10.10.10.1 10.10.10.129
The 128th counter and policer in the set are indexed by packets with source address
.
10.10.10.127
The upper half of the set (instances numbered from 128 through 255) are not indexed
by packets passed to the prefix-specific action from this particular firewall filter.
The following configuration shows the statements for configuring the single-rate two-color
policer, the prefix-specific action that references the policer, and the IPv4 standard
stateless firewall filter that references the prefix-specific action:
[edit]
firewall {
policer 1Mbps-policer {
if-exceeding {
bandwidth-limit 1m;
burst-size-limit 63k;
}
then discard;
}
family inet {
prefix-action psa-1Mbps-per-source-24-32-256 {
policer 1Mbps-policer;
subnet-prefix-length 24;
source-prefix-length 32;
}
filter limit-source-one-25 {
term one {
from {
source-address {
10.10.10.0/25;
}
}
then prefix-action psa-1Mbps-per-source-24-32-256;
}
}
}
}
interfaces {
so-0/0/2 {
10.10.10.0
.
through , while the
10.10.10.127
Copyright © 2016, Juniper Networks, Inc.