Logical Interface (Aggregate) Policers; Physical Interface Policers; Policers Applied To Layer 2 Traffic - Juniper EX9200 Features Manual
Traffic policers feature guide ex series
Hide thumbs
Also See for EX9200:
- Features manual (448 pages) ,
- Manual (118 pages) ,
- Overview manual (72 pages)
Table of Contents
Advertisement
Traffic Policers Feature Guide for EX9200 Switches
10
Policers Applied to Layer 2 Traffic on page 10
Multifield Classification on page 11
Logical Interface (Aggregate) Policers
A logical interface policer can be a two-color policer, not a three-color policer. When you
apply a logical inteface policer to multiple protocol families on the same logical interface,
multiple instances of the policer are created, meaning that traffic for each protocol family
is policed separately. You apply a logical interface policer directly to a logical interface
configuration (and not by referencing the policer in a stateless firewall filter and then
applying the filter to the logical interface).
You can apply the policer at the interface logical unit level to rate-limit all traffic types,
regardless of the protocol family.
When applied in this manner, the logical interface policer will be used by all traffic
types (inet, intet6, etc.) and across all layers (layer 2, layer 3) no matter where the
policer is attached on the logical interface.
You can also apply the policer at the logical interface protocol family level, to rate-limit
traffic for a specific protocol family.
You can apply a logical interface policer to unicast traffic only. For information about
configuring a stateless firewall filter for flooded traffic, see "Applying Forwarding Table
Filters" in the "Traffic Sampling, Forwarding, and Monitoring" section of the Routing
Policies, Firewall Filters, and Traffic Policers Feature Guide.
Physical Interface Policers
A physical interface policer can be a two-color or three-color policer. When you apply
physical interface policer, to different protocol families on the same logical interface, the
protocol families share the same policer instance. This means that rate limiting is
performed aggregately for the protocol families for which the policer is applied. This
feature enables you to use a single policer instance to perform aggregate policing for
different protocol families on the same physical interface. If you want a policer instance
to be associated with a protocol family, the corresponding physical interface filter needs
to be applied to that protocol family. The policer is not automatically applied to all
protocol families configured on the physical interface.
In contrast, with logical interface policers there are multiple separate policer instances.
Policers Applied to Layer 2 Traffic
In addition to hierarchical policing, you can also apply single-rate two-color policers and
three-color policers (both single-rate and two-rate) to Layer 2 input or output traffic.
You must configure the two-color or three-color policer as a logical interface policer and
reference the policer in the interface configuration at the logical unit level, and not at the
protocol level. You cannot apply a two-color or three-color policer to Layer 2 traffic as
a stateless firewall filter action.
Copyright © 2016, Juniper Networks, Inc.
Advertisement
Table of Contents
