Controlling Network Access Using Traffic Policing Overview; Congestion Management For Ip Traffic Flows - Juniper ACX1000 Configuration Manual

ACX Series Universal Access Router Configuration Guide
Related
Documentation

Controlling Network Access Using Traffic Policing Overview

Congestion Management for IP Traffic Flows

908
fill-level percentage drop-probability percentage;
}
}
After you configure a drop profile, you must assign the drop profile to a drop-profile map,
and assign the drop-profile map to a scheduler, as discussed in Determining Packet Drop
Behavior by Configuring Drop Profile Maps for Schedulers.
Understanding Schedulers Overview on page 874
Understanding RED Drop Profiles Overview on page 907
This topic covers the following information:
Congestion Management for IP Traffic Flows on page 908
Traffic Limits on page 909
Traffic Color Marking on page 910
Forwarding Classes and PLP Levels on page 911
Policer Application to Traffic on page 912
Traffic policing, also known as rate limiting, is an essential component of network access
security that is designed to thwart denial-of-service (DoS) attacks. Traffic policing enables
you to control the maximum rate of IP traffic sent or received on an interface and also
to partition network traffic into multiple priority levels, also known as classes of service.
A policer defines a set of traffic rate limits and sets consequences for traffic that does not
conform to the configured limits. Packets in a traffic flow that do not conform to traffic
limits are either discarded or marked with a different forwarding class or packet loss
priority (PLP) level.
With the exception of policers configured to rate-limit aggregate traffic (all protocol
families and logical interfaces configured on a physical interface), you can apply a policer
to all IP packets in a Layer 2 or Layer 3 traffic flow at a logical interface.
With the exception of policers configured to rate-limit based on physical interface media
rate, you can apply a policer to specific IP packets in a Layer 3 traffic flow at a logical
interface by using a stateless firewall filter.
You can apply a policer to inbound or outbound interface traffic. Policers applied to
inbound traffic help to conserve resources by dropping traffic that does not need to be
routed through a network. Dropping inbound traffic also helps to thwart denial-of-service
(DoS) attacks. Policers applied to outbound traffic control the bandwidth used.
NOTE: Traffic policers are instantiated on a per-PIC basis. Traffic policing
does not work when the traffic for one local policy decision function (L-PDF)
subscriber is distributed over multiple Multiservices PICs in an AMS group.
Copyright © 2017, Juniper Networks, Inc.