hierarchical-policer (aggregate or premium)
Syntax (M Series, MX Series, T Series - Bandwidth-Based)
hierarchical-policer hierarchical-policer-name | uid {
aggregate {
if-exceeding {
bandwidth-limit bps;
burst-size-limit bytes;
}
then {
discard;
}
}
premium {
if-exceeding {
bandwidth-limit bps;
burst-size-limit bytes;
}
then {
discard;
}
}
}
Syntax (MX Series - Packets-Per-Second (pps)-Based)
hierarchical-policer hierarchical-policer-name | uid {
aggregate {
if-exceeding-pps {
pps-limit pps;
packet-burst packets;
}
then {
discard;
}
}
premium {
if-exceeding-pps (Hierarchical Policer) {
pps-limit (Hierarchical Policer) pps;
packet-burst (Hierarchical Policer) packets;
}
then {
discard;
}
}
}
Hierarchy Level
[edit dynamic-profiles profile-name firewall], [edit firewall]
Description
Use a hierarchical policer to rate-limit ingress Layer 2 traffic
at a physical or logical interface and apply different policing actions
based on whether the packets are classified as premium for
expedited forwarding (EF) or aggregate for a lower priority.
The two policers defined within the hierarchical policer are aggregate and premium.
Hierarchical policers are supported on Enhanced Intelligent Queuing (IQE) PICs and SONET interfaces hosted on the M120 and M320 with incoming Flexible PIC Concentrators (FPCs) as SFPC and outgoing FPCs as FFPC; on MPCs hosted on MX Series routers; on the T320, T640, and T1600 with Enhanced Intelligent Queuing (IQE) PICs; and on the T4000 with Type 5 FPC and Enhanced Scaling Type 4 FPC.
The
if-exceeding-ppsstatement is only supported on MX Series routers with MPCs.The
if-exceedingandif-exceeding-ppsstatements are mutually exclusive and, therefore, cannot be applied at the same time.
You can configure the policer in static firewall filters or dynamic firewall filters in a dynamic client profile or a dynamic service profile.
Options
hierarchical-policer-name—Name that identifies the policer. The name can contain
letters, numbers, and hyphens (-), and can be up to 255 characters
long. To include spaces in the name, enclose the name in quotation
marks (“ ”).
uid—When you configure
a hierarchical policer at the [edit dynamic-profiles profile name firewall] hierarchy level, you must
assign a variable UID as the policer name.
The remaining statements are explained separately. Search for a statement in CLI Explorer or click a linked statement in the Syntax section for details.
Required Privilege Level
firewall—To view this statement in the configuration.
firewall-control—To add this statement to the configuration.
Release Information
Statement introduced in Junos OS Release 9.5.
Support at the [edit dynamic-profiles profile-name firewall] hierarchy level introduced in Junos OS Release 11.4.
Support for if-exceeding-pps statement on MX Series
routers with MPCs introduced in Junos OS Release 15.2.