Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

TechLibrary
Navigation

Three-Color Policing at Layer 2 Overview

This topic covers the following information:

Guidelines for Configuring Three-Color Policing of Layer 2 Traffic

The following guidelines apply to three-color policing of Layer 2 traffic:

  • You can apply a three-color policer to Layer 2 traffic at a logical interface hosted on a Gigabit Ethernet interface (ge-) or a 10-Gigabit Ethernet interface (xe-) only.
  • A single logical interface supports Layer 2 policing in both directions.
  • You can apply a three-color policer to Layer 2 traffic as a logical interface policer only. You cannot apply a two-color policer to Layer 2 traffic as a stateless firewall filter action.
  • You can apply a three-color policer to Layer 2 traffic by referencing the policer in the interface configuration at the logical unit level, and not at the protocol level.
  • You can apply a color-aware three-color policer to Layer 2 traffic in the egress direction only, but you apply a color-blind three-color policer to Layer 2 traffic in either direction.

For information about configuring two-color policing of Layer 2 traffic, see Two-Color Policing at Layer 2 Overview.

Statement Hierarchy for Configuring a Three-Color Policer for Layer 2 Traffic

To enable a single-rate or two-rate three-color policer to rate-limit Layer 2 traffic, include the logical-interface-policer statement in the three-color-policer configuration.

firewall {three-color-policer policer-name {action {loss-priority high then discard;}logical-interface-policer;single-rate {(color-aware | color-blind);committed-burst-size bytes;committed-information-rate bps;excess-burst-size bytes;}two-rate {(color-aware | color-blind);committed-burst-size bytes;committed-information-rate bps;peak-burst-size bytes;peak-information-rate bps;}}}

You can include the configuration at the following hierarchy levels:

  • [edit]
  • [edit logical-systems logical-system-name]

Statement Hierarchy for Applying a Three-Color Policer to Layer 2 Traffic

To apply a logical interface policer to Layer 2 traffic, include the layer2-policer statement for a supported logical interface at the logical unit level. Use the input-three-color policer-name statement or output-three-color policer-name statement to specify the direction of the traffic to be policed.

interfaces {(ge-fpc/pic/port | xe-fpc/pic/port) {unit unit-number {layer2-policer {input-three-color policer-name;output-three-color policer-name;}}}}

You can include the configuration at the following hierarchy levels:

  • [edit]
  • [edit logical-systems logical-system-name]
 

Related Documentation

 

Published: 2012-11-16

Previous Page Next Page