Hierarchical Classifier Groups; Hierarchical Rate-Limit Profiles - Juniper JUNOSE SOFTWARE FOR E SERIES 11.3.X - POLICY MANAGEMENT CONFIGURATION GUIDE 2010-10-04 Configuration Manual

JunosE 11.3.x Policy Management Configuration Guide

Hierarchical Classifier Groups

Hierarchical Rate-Limit Profiles

60
Rate-limit hierarchies can be intra-interface, where different flows from classifier groups
are in one policy attachment on an interface. Each time the policy is attached to another
interface the rate-limit hierarchy is replicated, with no rate limits shared between
attachments. Hierarchical rate-limits are only applied at forwarding interfaces because
they provide the most accurate classification of packets.
You can configure rate-limit hierarchies by defining a hierarchy of policy classifier and
parent groups, each with a rate limit. This hierarchy applies to the packet flow on one
interface attachment for the policy. Each policy attachment creates its own copy of the
rate-limit hierarchy. There are no shared rate limits across interface attachments.
A policy-based rate-limit hierarchy consists of classifier groups with an aggregate node
policy object. Aggregate nodes create the interior nodes of a policy-based hierarchy; they
are not classifier groups and the only policy rule applicable to them is the rate limit rule.
Every classifier group or aggregate node can select another aggregate node as its parent.
The policy manager ensures that these choices always result in a hierarchy. Not every
classifier group with a parent aggregate node must have a rate limit rule; multiple classifier
groups can share a common parent group, which may have a rate limit rule.
A policy imposes a limit of three parent groups that can be traversed from any classifier
group. However, the total number of parent groups in one policy can be up to 512, but
every packet must pass through no more than three parent groups at any point.
In a hierarchy of rate limits, a rate limit can be color-blind or color-aware; color-blind rate
limits run the same algorithm for all packets, regardless of their color. Color-aware rate
limits can change the algorithm used, depending on the color of the incoming packet
(possibly set in the previous rate limit or an earlier policy, such as a VLAN policy on ingress
or an IP policy). The color mark profile action changes the ToS field for the packet,
depending on packet type (EXP for MPLS, DSCP or ToS for IPv4), and transmits the
packet. If the mark action uses a color-mark profile, the ToS values marked can depend
on the color of the packet.
Hierarchical rate-limit profiles are independent from interface types. You can apply the
green, yellow, or red mark values to the rate-limit profile for every type of forwarding
interface that accepts ToS marking for packets. The same rate limit can be reused for a
different interface type. Hierarchical rate limits have two-rate or TCP-friendly rate types.
The value applied to the ToS field is configured in the CLACL group for green, yellow, or
red packets but the coloring of the packet as green, yellow, or red depends on the entire
rate-limit hierarchy.
Preferred packets are transmitted unconditionally. Rate limits that process packets
transmitted unconditionally always decrement their token count, if necessary, making
it negative.
Red packets cannot be transmitted unconditionally, to avoid cases where an aggregate
rate limit is oversubscribed with transmit-unconditional rates.
Copyright © 2010, Juniper Networks, Inc.