Juniper JUNOSE SOFTWARE FOR E SERIES 11.3.X - POLICY MANAGEMENT CONFIGURATION GUIDE 2010-10-04 Configuration Manual page 28

JunosE 11.3.x Policy Management Configuration Guide
4
Networks E Series Broadband Services Router rate limits are calculated based on the
layer 2 packet size. To configure rate limiting, you first create a rate-limit profile, which
is a set of bandwidth attributes and associated actions. You next create a policy list
with a rule that has rate limit as the action and associate a rate-limit profile with this
rule. You can configure rate-limit profiles to provide a variety of services, including
tiered bandwidth service where traffic conforming to configured bandwidth levels is
treated differently than traffic that exceeds the configured values, and a hard-limit
service where a fixed bandwidth limit is applied to a traffic flow. Finally, you can
configure rate-limit profiles to provide a TCP-friendly rate-limiting service that works
in conjunction with TCP's native flow-control functionality.
Security—Provides a level of network security by using policy rules that selectively
forward or filter packet flows. You can use a filter rule to stop a denial-of-service attack.
You can use secure policies to mirror packets and send them to an analyzer.
RADIUS policy support—Enables you to create and attach a policy to an interface
through RADIUS.
Packet tagging—Enables the traffic-class rule in policies to tag a packet flow so that
the Quality of Service (QoS) application can provide traffic-class queuing. Policies can
perform both in-band and out-of-band packet tagging.
Packet forwarding—Allows forwarding of packets in a packet flow.
Packet filtering—Drops packets in a packet flow.
Packet mirroring—Uses secure policies to mirror packets and send them to an analyzer.
Packet logging—Logs packets in a packet flow.
Policy management gives you the CLI tools to build databases, which can then be drawn
from to implement a policy. Each database contains global traffic specifications. When
building a policy, you specify input from one or more of these databases and then attach
the policy to an interface. By combining the information from the various databases into
policies, you can deploy a wide variety of services.
NOTE: When applying policies to interfaces that are managed by the SRC,
avoid using any other policy management tools, such as CLI, RADIUS, CoA,
or Service Manager. SRC is not compatible with other types of policy
management tools. When policies are applied to the interface before SRC
management begins, such as at access-accept time, these policies are
properly replaced. However, if other policy managers change existing policies
while SRC management is active, problems can occur. The precedence of
each source when modifying configurations is:
If you have a pre-configured policy through CLI as part of subscriber
PVC/VLAN provisioning, SRC overwrites the policy when the SRC manages
the interface
If you have a policy in the Access-Accept, SRC overwrites the policy when
the SRC manages the interface
Copyright © 2010, Juniper Networks, Inc.