Three-Color Policer Configuration Overview
Table 1 describes the hierarchy levels at which you can configure and apply single-rate tricolor-marking (single-rate TCM) policers and two-rate tricolor-marking (two-rate TCM) policers to Layer 3 traffic. For information about applying three-color policers to Layer 2 traffic, see Three-Color Policing at Layer 2 Overview.
Table 1: Three-Color Policer Configuration and Application Overview
Policer Configuration | Layer 3 Application | Key Points |
|---|---|---|
| Single-Rate Three-Color
Policer Defines traffic rate limiting that you
can apply to Layer 3 protocol-specific traffic at a logical interface.
Can be applied as a firewall filter policer only. | ||
Basic single-rate TCM policer configuration: [edit firewall] three-color-policer policer-name {single-rate {(color-aware | color-blind);committed-information-rate bps;committed-burst-size bytes;excess-burst-size bytes;}action {loss-priority high then discard;}} | Reference the policer from a firewall filter, and apply the filter to a protocol family on a logical interface: [edit firewall] family family-name {filter filter-name {term term-name {from {... match-conditions ...}then {three-color-policer {single-rate policer-name;}}}}} Apply the filter to a logical interface at the protocol family level: [edit interfaces] interface-name {unit unit-number {family family-name {filter {input filter-name;output filter-name;}}}} | Policer configuration:
Firewall filter configuration:
Applying the firewall filter to the logical interface:
|
| Single-Rate Three-Color
Physical Interface Policer Defines traffic rate limiting that applies to all logical interfaces and protocol families configured on a physical interface, even if the interfaces belong to different routing instances. Can be applied as a firewall filter policer only. | ||
Physical interface single-rate TCM policer: [edit firewall] three-color-policer policer-name {physical-interface-policer;single-rate {(color-aware | color-blind);committed-information-rate bps;committed-burst-size bytes;excess-burst-size bytes;}action {loss-priority high then discard;}} | Reference the policer from a physical interface filter only, and apply the filter to a protocol family on a logical interface: [edit firewall] family family-name {filter filter-name {physical-interface-filterterm term-name {from {... match-conditions ...}then {three-color-policer {single-rate policer-name;}}}}} [edit interfaces] | Policer configuration:
Firewall filter configuration:
Application:
Verification
|
| Basic Two-Rate
Three-Color Policer Defines traffic rate limiting
that you can apply to Layer 3 protocol-specific traffic at a
logical interface. Can be applied as a firewall filter policer only. | ||
Basic two-rate TCM policer configuration: [edit firewall] three-color-policer policer-name {two-rate {(color-aware | color-blind);committed-information-rate bps;committed-burst-size bytes;peak-information-rate bps;peak-burst-size bytes;}action {loss-priority high then discard;}} | Reference the policer from a firewall filter, and apply the filter to a protocol family on a logical interface: [edit firewall] family family-name {filter filter-name {term term-name {from {... match-conditions ...}then {three-color-policer {two-rate policer-name;}}}}} [edit interfaces] interface-name {unit unit-number {family family-name {filter {input filter-name;output filter-name;}}}} | Policer configuration:
Firewall filter configuration:
Applying the firewall filter to the logical interface:
|
