Figure 10: Single-Rate Two-Color Policer Scenario - Juniper EX9200 Features Manual

Traffic Policers Feature Guide for EX9200 Switches
58
policer to use bandwidth percent for aggregate, tunnel, and software
interfaces.
In this example, the host is a traffic generator emulating a webserver. Devices R1 and R2
are owned by a service provider. The webserver is accessed by users on Device Host2.
Device Host1 will be sending traffic with a source TCP HTTP port of 80 to the users. A
single-rate two-color policer is configured and applied to the interface on Device R1 that
connects to Device Host1. The policer enforces the contractual bandwidth availability
made between the owner of the webserver and the service provider that owns Device R1
for the web traffic that flows over the link that connects Device Host1 to Device R1.
In accordance with the contractual bandwidth availability made between the owner of
the webserver and the service provider that owns Devices R1 and R2, the policer will limit
the HTTP port 80 traffic originating from Device Host1 to using 700 Mbps (70 percent)
of the available bandwidth with an allowable burst rate of 10 x the MTU size of the gigabit
Ethernet interface between the host Device Host1 and Device R1.
NOTE: In a real-world scenario you would probably also rate limit traffic for
a variety of other ports such as FTP, SFTP, SSH, TELNET, SMTP, IMAP, and
POP3 because they are often included as additional services with web hosting
services.
NOTE: You need to leave some additional bandwidth available that is not
rate limited for network control protocols such as routing protocols, DNS,
and any other protocols required to keep network connectivity operational.
This is why the firewall filter has a final accept condition on it.
Topology
This example uses the topology in

Figure 10: Single-Rate Two-Color Policer Scenario

Figure 11 on page 59 shows the policing behavior.
Figure 10 on page 58.
Copyright © 2016, Juniper Networks, Inc.