Filter
Top Products
To configure policing and marking of traffic entering a VPLS core:
1.
Configure policer bcast-unknown-unicast-non-ip-mcast-policer, a firewall policer to
limit the aggregate broadcast, unknown unicast, and non-IP multicast to 50 kbps:
[edit firewall]
policer bcast-unknown-unicast-non-ip-mcast-policer {
if-exceeding {
bandwidth-limit 50k;
burst-size-limit 150k;
}
then loss-priority high;
}
2.
Configure three-color-policer ip-multicast-traffic-policer, a three-color policer to limit
the IP multicast traffic:
[edit firewall]
three-color-policer ip-multicast-traffic-policer {
two-rate {
color-blind;
committed-information-rate 4m;
committed-burst-size 256k;
peak-information-rate 4100000;
peak-burst-size 256k;
}
}
3.
Configure customer-1, a firewall filter that uses the two policers to limit and mark
customer traffic. The first term marks the IP multicasttrafficbased on the destination
MAC address, and the second term polices the broadcast, unknown unicast, and
non-IP multicast traffic:
[edit firewall]
family vpls {
filter customer-1 {
term t0 {
from {
destination-mac-address {
01:00:5e:00:00:00/24;
}
}
then {
three-color-policer {
two-rate ip-multicast-traffic-policer;
}
forwarding-class expedited-forwarding;
}
}
term t1 {
from {
traffic-type [ broadcast unknown-unicast multicast ];
}
then policer bcast-unknown-unicast-non-ip-mcast-policer;
}
}
}
97Copyright © 2010, Juniper Networks, Inc.
Chapter 9: Layer 2 Firewall Filters