Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

TechLibrary
Navigation

Supported Platforms

 

Related Documentation

 

Bandwidth Policers

Bandwidth Policer Overview

For a single-rate two-color policer only, you can specify the bandwidth limit as a percentage value from 1 through 100 instead of as an absolute number of bits per second. This type of two-color policer, called a bandwidth policer, rate-limits traffic to a bandwidth limit that is calculated as a percentage of either the physical interface media rate or the logical interface configured shaping rate.

Guidelines for Configuring a Bandwidth Policer

The following guidelines apply to configuring a bandwidth policer:

  • To specify a percentage bandwidth limit, you include the bandwidth-percent percentage statement in place of the bandwidth-limit bps statement.
  • By default, a bandwidth policer calculates the percentage bandwidth limit based on the physical interface port speed. To configure a bandwidth policer to calculate the percentage bandwidth limit based on the configured logical interface shaping rate instead, include the logical-bandwidth-policer statement at the [edit firewall policer policer-name] hierarchy level. This type of bandwidth policer is called a logical bandwidth policer.

    You can configure a logical interface shaping rate by including the shaping-rate bps statement at the [edit class-of-service interfaces interface interface-name unit logical-unit-number] hierarchy level. A logical interface shaping rate causes the specified amount of bandwidth to be allocated to the logical interface.

    Note: If you configure a logical-bandwidth policer and then apply the policer to a logical interface that is not configured with a shaping rate, then the policer rate-limits traffic on that logical interface to calculate the percentage bandwidth limit based on the physical interface port speed, even if you include the logical-bandwidth-policer statement in the bandwidth policer configuration.

  • If you reference a bandwidth policer from a stateless firewall filter term, you must include the interface-specific statement in the firewall filter configuration.

Guidelines for Applying a Bandwidth Policer

The following guidelines pertain to applying a bandwidth policer to traffic:

  • You can use a bandwidth policer to rate-limit protocol-specific traffic (not family any) at the input or output of a logical interface.
  • You can apply a bandwidth policer directly to protocol-specific input or output traffic at a logical interface.

  • To send only selected packets to a bandwidth policer, you can reference the bandwidth policer from a stateless firewall filter term and then apply the filter to logical interface traffic for a specific protocol family.

    • To reference a logical bandwidth policer from a firewall filter, you must include the interface-specific statement in the firewall filter configuration.
    • You cannot use a bandwidth policer for forwarding-table filters.
  • You cannot apply a bandwidth policer to an aggregate interface, a tunnel interface, or a software interface.

Example: Configuring a Logical Bandwidth Policer

This example shows how to configure a logical bandwidth policer.

Requirements

Before you begin, make sure that you have two logical units available on a Gigabit Ethernet interface.

Overview

In this example, you configure a single-rate two-color policer that specifies the bandwidth limit as a percentage value rather than as an absolute number of bits per second. This type of policer is called a bandwidth policer. By default, a bandwidth policer enforces a bandwidth limit based on the line rate of the underlying physical interface. As an option, you can configure a bandwidth policer to enforce a bandwidth limit based on the configured shaping rate of the logical interface. To configure this type of bandwidth policer, called a logical bandwidth policer, you include the logical-bandwidth-policer statement in the policer configuration.

To configure a logical interface shaping rate, include the shaping-rate bps statement at the [edit class-of-service interfaces interface interface-name unit logical-unit-number] hierarchy level. This class-of-service (CoS) configuration statement causes the specified amount of bandwidth to be allocated to the logical interface.

Note: If you configure a policer bandwidth limit as a percentage but a shaping rate is not configured for the target logical interface, the policer bandwidth limit is calculated as a percentage of the physical interface media rate, even if you enable the logical-bandwidth policing feature.

To apply a logical bandwidth policer to a logical interface, you can apply the policer directly to the logical interface at the protocol family level or (if you only need to rate-limit filtered packets) you can reference the policer from a stateless firewall filter configured to operate in interface-specific mode.

Topology

In this example, you configure two logical interfaces on a single Gigabit Ethernet interface and configure a shaping rate on each logical interface. On logical interface ge-1/3/0.0, you allocate 4 Mbps of bandwidth. On logical interface ge-1/3/0.1, you allocate 2 Mbps of bandwidth.

You also configure a logical bandwidth policer with a bandwidth limit of 50 percent and a maximum burst size of 125,000 bytes, and then you apply the policer to input and output traffic at the logical units configured on ge-1/3/0.0. For logical interface ge-1/3/0.0, the policer rate-limits to a bandwidth limit of 2 Mbps (50 percent of the 4 Mbps shaping rate configured for the logical interface). For logical interface ge-1/3/0.1, the policer rate-limits traffic to a bandwidth limit of 1 Mbps (50 percent of the 2 Mbps shaping rate configured for the logical interface).

If no shaping rate is configured for a target logical interface, the policer rate-limits to a bandwidth limit calculated as 50 percent of the physical interface media rate. For example, if you apply a 50 percent bandwidth policer to input or output traffic at a Gigabit Ethernet logical interface without rate shaping, the policer applies a bandwidth limit of 500 Mbps (50 percent of 1000 Mbps).

Configuration

The following example requires you to navigate various levels in the configuration hierarchy. For information about navigating the CLI, see Using the CLI Editor in Configuration Mode.

To configure this example, perform the following tasks:

CLI Quick Configuration

To quickly configure this example, copy the following configuration commands into a text file, remove any line breaks, and then paste the commands into the CLI at the [edit] hierarchy level.

set interfaces ge-1/3/0 per-unit-schedulerset interfaces ge-1/3/0 vlan-taggingset interfaces ge-1/3/0 unit 0 vlan-id 100set interfaces ge-1/3/0 unit 0 family inet address 172.1.1.1/30set interfaces ge-1/3/0 unit 1 vlan-id 200set interfaces ge-1/3/0 unit 1 family inet address 172.2.1.1/30set class-of-service interfaces ge-1/3/0 unit 0 shaping-rate 4mset class-of-service interfaces ge-1/3/0 unit 1 shaping-rate 2mset firewall policer LB-policer logical-bandwidth-policerset firewall policer LB-policer if-exceeding bandwidth-percent 50set firewall policer LB-policer if-exceeding burst-size-limit 125kset firewall policer LB-policer then discardset interfaces ge-1/3/0 unit 0 family inet policer input LB-policerset interfaces ge-1/3/0 unit 0 family inet policer output LB-policerset interfaces ge-1/3/0 unit 1 family inet policer input LB-policerset interfaces ge-1/3/0 unit 1 family inet policer output LB-policer

Configuring the Logical Interfaces

Step-by-Step Procedure

To configure the logical interfaces:

  1. Enable configuration of the physical interface.

    [edit]user@host# edit interfaces ge-1/3/0 [edit interfaces ge-1/3/0]user@host# set per-unit-scheduleruser@host# set vlan-tagging

  2. Configure the first logical interface.

    [edit interfaces ge-1/3/0]user@host# set unit 0 vlan-id 100user@host# set unit 0 family inet address 172.1.1.1/30

  3. Configure the second logical interface.

    [edit interfaces ge-1/3/0]user@host# set unit 1 vlan-id 200user@host# set unit 1 family inet address 172.2.1.1/30

Results

Confirm the configuration of the interfaces by entering the show interfaces configuration mode command. If the command output does not display the intended configuration, repeat the instructions in this procedure to correct the configuration.

[edit]user@host# show interfaces
ge-1/3/0 {per-unit-scheduler;vlan-tagging;unit 0 {vlan-id 100;family inet {address 172.1.1.1/30;}}unit 1 {vlan-id 200;family inet {address 172.2.1.1/30;}}}

Configuring Traffic Rate-Shaping by Specifying the Amount of Bandwidth to be Allocated to the Logical Interface

Step-by-Step Procedure

To configure rate shaping by specifying the bandwidth to be allocated to the logical interface:

  1. Enable CoS configuration on the physical interface.

    [edit]user@host# edit class-of-service interfaces ge-1/3/0

  2. Configure rate shaping for the logical interfaces.

    [edit]user@host# set unit 0 shaping-rate 4muser@host# set unit 1 shaping-rate 2m
    These statements allocate 4 Mbps of bandwidth to logical unit ge-1/3/0.0 and 2 Mbps of bandwidth to logical unit ge-1/3/0.1.

Results

Confirm the configuration of the rate shaping by entering the show class-of-service configuration mode command. If the command output does not display the intended configuration, repeat the instructions in this procedure to correct the configuration.

[edit]user@host# show class-of-service
interfaces {ge-1/3/0 {unit 0 {shaping-rate 4m;}unit 1 {shaping-rate 2m;}}}

Configuring the Logical Bandwidth Policer

Step-by-Step Procedure

To configure the logical bandwidth policer:

  1. Enable configuration of a single-rate two-color policer.

    [edit]user@host# edit firewall policer LB-policer

  2. Configure the policer as a logical-bandwidth policer.

    [edit firewall policer LB-policer]user@host# set logical-bandwidth-policer
    This applies the rate-limiting to logical interfaces.

  3. Configure the policer traffic limits and actions.

    [edit firewall policer LB-policer]user@host# set if-exceeding bandwidth-percent 50user@host# set if-exceeding burst-size-limit 125kuser@host# set then discard

Results

Confirm the configuration of the policer by entering the show firewall configuration mode command. If the command output does not display the intended configuration, repeat the instructions in this procedure to correct the configuration.

[edit]user@host# show firewall
policer LB-policer {logical-bandwidth-policer;if-exceeding {bandwidth-percent 50;burst-size-limit 125k;}then discard;}

Applying the Logical Bandwidth Policers to the Logical Interfaces

Step-by-Step Procedure

To configure the logical bandwidth policers to the logical interfaces:

  1. Enable configuration of the interface.

    [edit]user@host# edit interfaces ge-1/3/0

  2. Apply the logical bandwidth policer to the first logical interface.

    [edit interfaces ge-1/3/0]user@host# set unit 0 family inet policer input LB-policeruser@host# set unit 0 family inet policer output LB-policer

  3. Apply the policing to the second logical interface.

    [edit interfaces ge-1/3/0]user@host# set unit 1 family inet policer input LB-policeruser@host# set unit 1 family inet policer output LB-policer

Results

Confirm the configuration of the interfaces by entering the show interfaces configuration mode command. If the command output does not display the intended configuration, repeat the instructions in this procedure to correct the configuration.

[edit]user@host# show interfaces
ge-1/3/0 {per-unit-scheduler;vlan-tagging;unit 0 {vlan-id 100;family inet {policer {input LB-policer;output LB-policer;}address 172.1.1.1/30;}}unit 1 {vlan-id 200;family inet {policer {input LB-policer;output LB-policer;}address 172.2.1.1/30;}}}

If you are done configuring the device, enter commit from configuration mode.

Verification

Confirm that the configuration is working properly.

Displaying Traffic Statistics and Policers for the Logical Interface

Purpose

Verify the traffic flow through the logical interface and that the policer is evaluated when packets are received on the logical interface.

Action

Use the show interfaces operational mode command for logical interfaces ge-1/3/0.0 and ge-1/3/0.1, and include the detail or extensive option. The command output section for Traffic statistics lists the number of bytes and packets received and transmitted on the logical interface, and the Protocol inet section contains a Policer field that lists the policer LB-policer as an input or output policer as follows:

  • Input: LB-policer-ge-1/3/0.0-inet-i
  • Output: LB-policer-ge-1/3/0.0-inet-o

In this example, the policer is applied to logical interface traffic in both the input and output directions.

user@host> show interfaces ge-1/3/0.0 detail
  Logical interface ge-1/3/0.0 (Index 80) (SNMP ifIndex 154) (Generation 150)
    Flags: SNMP-Traps 0x4000 VLAN-Tag [ 0x8100.100 ]  Encapsulation: ENET2
    Traffic statistics:
     Input  bytes  :                    0
     Output bytes  :                   46
     Input  packets:                    0
     Output packets:                    1
    Local statistics:
     Input  bytes  :                    0
     Output bytes  :                   46
     Input  packets:                    0
     Output packets:                    1
    Transit statistics:
     Input  bytes  :                    0                    0 bps
     Output bytes  :                    0                    0 bps
     Input  packets:                    0                    0 pps
     Output packets:                    0                    0 pps
    Protocol inet, MTU: 1500, Generation: 174, Route table: 0
      Flags: Sendbcast-pkt-to-re
      Policer: Input: LB-policer-ge-1/3/0.0-inet-i, Output: LB-policer-ge-1/3/0.0-inet-o
      Addresses, Flags: Is-Preferred Is-Primary
        Destination: 172.1.1.0/30, Local: 172.1.1.1, Broadcast: 172.1.1.3, Generation: 165
user@host> show interfaces ge-1/3/0.1 detail
  Logical interface ge-1/3/0.1 (Index 81) (SNMP ifIndex 543) (Generation 151)
    Flags: SNMP-Traps 0x4000 VLAN-Tag [ 0x8100.200 ]  Encapsulation: ENET2
    Traffic statistics:
     Input  bytes  :                    0
     Output bytes  :                   46
     Input  packets:                    0
     Output packets:                    1
    Local statistics:
     Input  bytes  :                    0
     Output bytes  :                   46
     Input  packets:                    0
     Output packets:                    1
    Transit statistics:
     Input  bytes  :                    0                    0 bps
     Output bytes  :                    0                    0 bps
     Input  packets:                    0                    0 pps
     Output packets:                    0                    0 pps
    Protocol inet, MTU: 1500, Generation: 175, Route table: 0
      Flags: Sendbcast-pkt-to-re
      Policer: Input: LB-policer-ge-1/3/0.1-inet-i, Output: LB-policer-ge-1/3/0.1-inet-o
      Addresses, Flags: Is-Preferred Is-Primary
        Destination: 172.2.1.0/30, Local: 172.2.1.1, Broadcast: 172.2.1.3, Generation: 167

Displaying Statistics for the Policer

Purpose

Verify the number of packets evaluated by the policer.

Action

Use the show policer operational mode command and optionally specify the name of the policer. The command output displays the number of packets evaluated by each configured policer (or the specified policer), in each direction. For the policer LB-policer, the input and output policer names are displayed as follows:

  • LB-policer-ge-1/3/0.0-inet-i
  • LB-policer-ge-1/3/0.0-inet-o
  • LB-policer-ge-1/3/0.1-inet-i
  • LB-policer-ge-1/3/0.1-inet-o

The -inet-i suffix denotes a policer applied to logical interface input traffic, while the -inet-o suffix denotes a policer applied to logical interface output traffic. In this example, the policer is applied to both input and output traffic on logical interface ge-1/3/0.0 and logical interface ge-1/3/0.1.

user@host> show policer
Policers:
Name                                              Packets 
__default_arp_policer__                                 0
LB-policer-ge-1/3/0.0-inet-i                            0
LB-policer-ge-1/3/0.0-inet-o                            0
LB-policer-ge-1/3/0.1-inet-i                            0
LB-policer-ge-1/3/0.1-inet-o                            0
 

Related Documentation

 

Published: 2013-08-28

Supported Platforms

 

Related Documentation

 

Published: 2013-08-28

Previous Page Next Page