Table of Contents
Advertisement
JUNOSe 11.1.x Policy Management Configuration Guide
Hierarchical Classifier Groups
Rate-limit hierarchies can be intra-interface, where different flows from classifier
groups are in one policy attachment on an interface. Each time the policy is attached
to another interface the rate-limit hierarchy is replicated, with no rate limits shared
between attachments. Hierarchical rate-limits are only applied at forwarding interfaces
because they provide the most accurate classification of packets.
You can configure rate-limit hierarchies by defining a hierarchy of policy classifier
and parent groups, each with a rate limit. This hierarchy applies to the packet flow
on one interface attachment for the policy. Each policy attachment creates its own
copy of the rate-limit hierarchy. There are no shared rate limits across interface
attachments.
A policy-based rate-limit hierarchy consists of classifier groups with an aggregate
node policy object. Aggregate nodes create the interior nodes of a policy-based
hierarchy; they are not classifier groups and the only policy rule applicable to them
is the rate limit rule. Every classifier group or aggregate node can select another
aggregate node as its parent. The policy manager ensures that these choices always
result in a hierarchy. Not every classifier group with a parent aggregate node must
have a rate limit rule; multiple classifier groups can share a common parent group,
which may have a rate limit rule.
A policy imposes a limit of three parent groups that can be traversed from any
classifier group. However, the total number of parent groups in one policy can be
up to 512, but every packet must pass through no more than three parent groups at
any point.
In a hierarchy of rate limits, a rate limit can be color-blind or color-aware; color-blind
rate limits run the same algorithm for all packets, regardless of their color. Color-aware
rate limits can change the algorithm used, depending on the color of the incoming
packet (possibly set in the previous rate limit or an earlier policy, such as a VLAN
policy on ingress or an IP policy). The color mark profile action changes the ToS field
for the packet, depending on packet type (EXP for MPLS, DSCP or ToS for IPv4), and
transmits the packet. If the mark action uses a color-mark profile, the ToS values
marked can depend on the color of the packet.
Hierarchical Rate-Limit Profiles
Hierarchical rate-limit profiles are independent from interface types. You can apply
the green, yellow, or red mark values to the rate-limit profile for every type of
forwarding interface that accepts ToS marking for packets. The same rate limit can
be reused for a different interface type. Hierarchical rate limits have two-rate or
TCP-friendly rate types.
The value applied to the ToS field is configured in the CLACL group for green, yellow,
or red packets but the coloring of the packet as green, yellow, or red depends on the
entire rate-limit hierarchy.
64
Hierarchical Rate Limits Overview
Advertisement
Table of Contents
