Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

hierarchical-policer (aggregate or premium)

Syntax (M Series, MX Series, T Series - Bandwidth-Based)

Syntax (MX Series - Packets-Per-Second (pps)-Based)

Hierarchy Level

Description

Use a hierarchical policer to rate-limit ingress Layer 2 traffic at a physical or logical interface and apply different policing actions based on whether the packets are classified as premium for expedited forwarding (EF) or aggregate for a lower priority. The two policers defined within the hierarchical policer are aggregate and premium.

Hierarchical policers are supported on Enhanced Intelligent Queuing (IQE) PICs and SONET interfaces hosted on the M120 and M320 with incoming Flexible PIC Concentrators (FPCs) as SFPC and outgoing FPCs as FFPC; on MPCs hosted on MX Series routers; on the T320, T640, and T1600 with Enhanced Intelligent Queuing (IQE) PICs; and on the T4000 with Type 5 FPC and Enhanced Scaling Type 4 FPC.

Note:
  • The if-exceeding-pps statement is only supported on MX Series routers with MPCs.

  • The if-exceeding and if-exceeding-pps statements are mutually exclusive and, therefore, cannot be applied at the same time.

You can configure the policer in static firewall filters or dynamic firewall filters in a dynamic client profile or a dynamic service profile.

Options

hierarchical-policer-name—Name that identifies the policer. The name can contain letters, numbers, and hyphens (-), and can be up to 255 characters long. To include spaces in the name, enclose the name in quotation marks (“ ”).

uid—When you configure a hierarchical policer at the [edit dynamic-profiles profile name firewall] hierarchy level, you must assign a variable UID as the policer name.

The remaining statements are explained separately. Search for a statement in CLI Explorer or click a linked statement in the Syntax section for details.

Required Privilege Level

firewall—To view this statement in the configuration.

firewall-control—To add this statement to the configuration.

Release Information

Statement introduced in Junos OS Release 9.5.

Support at the [edit dynamic-profiles profile-name firewall] hierarchy level introduced in Junos OS Release 11.4.

Support for if-exceeding-pps statement on MX Series routers with MPCs introduced in Junos OS Release 15.2.