bandwidth-percent
Syntax
bandwidth-percent percentage;
Hierarchy Level
[edit dynamic-profiles profile-name firewall policer policer-name if-exceeding], [edit firewall policer policer-name if-exceeding], [edit logical-systems logical-system-name policer policer-name if-exceeding]
Description
For a single-rate two-color policer, configure the bandwidth limit as a percentage value. Single-rate two-color policing uses the single token bucket algorithm to measure traffic-flow conformance to a two-color policer rate limit.
Traffic at the interface that conforms to the bandwidth limit
is categorized green. Traffic that exceeds the specified rate is also
categorized as green provided that sufficient tokens remain in the
single token bucket. Packets in a green flow are implicitly marked
with low packet loss priority and then passed through the
interface.
Traffic that exceeds the specified rate when insufficient tokens remain in the single token bucket is categorized red. Depending on the configuration of the two-color policer, packets in a red traffic flow might be implicitly discarded; or the packets might be re-marked with a specified forwarding class, a specified PLP, or both, and then passed through the interface.
This statement specifies the bandwidth limit as a
percentage of either the physical interface port speed or the configured
logical interface shaping rate. Alternatively, you can use the bandwidth-limit bps statement to
specify the bandwidth limit as an absolute number of bits per
second.
The function of the bandwidth limit is extended
by the burst size (configured using the burst-size-limit bytes statement) to allow bursts of traffic up to
a limit based on the overall traffic load:
When a single-rate two-color policer is applied to the input or output traffic at an interface, the initial capacity for traffic bursting is equal to the number of bytes specified by this statement.
During periods of relatively low traffic (traffic that arrives at or departs from the interface at overall rates below the token arrival rate), unused tokens accumulate in the bucket, but only up to the configured token bucket depth.
Single-rate two-color policing allows bursts of traffic for short periods, whereas single-rate and two-rate three-color policing allows more sustained bursts of traffic.
Hierarchical policing is a form of two-color policing that applies different policing actions based on whether the packets are classified for expedited forwarding (EF) or for a lower priority. You apply a hierarchical policer to ingress Layer 2 traffic to allows bursts of EF traffic for short period and bursts of non-EF traffic for short periods, with EF traffic always taking precedence over non-EF traffic.
Options
percentage—Traffic
rate as a percentage of either the physical interface media rate or
the logical interface configured shaping rate. You can configure a
shaping rate on a logical interface by using class-of-service statement.
The bandwidth percentage policer cannot be used to rate-limit
tunnel or software interfaces, or for forwarding table filters. It
is only valid for interface-specific filters. When used for matching
bandwidth or burst-size on aggregated Ethernet or SONET bundles, bandwidth
percentage policers must be used in conjunction with shared-bandwidth-policer.
Range: 0 through 100
Default: None.
Required Privilege Level
firewall—To view this statement in the configuration.firewall-control—To add this statement to the configuration.
Release Information
Statement introduced before Junos OS Release 7.4.
Support at the [edit dynamic-profiles ... if-exceeding] hierarchy level introduced in Junos OS Release 11.4.