policer-charge
Syntax
policer-charge
Hierarchy Level
[edit firewall family firewall filter family filter filter name term term name then]
Description
Hierarchical policers support policing of premium and non-premium traffic. The former is policed by a premium policer and the latter by an aggregate policer. Premium traffic is subject to expedited forwarding. Non-premium traffic is subject to non-expedited forwarding. Out of the aggregate bandwidth available to both types of traffic, a user-selectable bandwidth can be assigned to premium traffic. Assuming the aggregate traffic is 10 Mbps, and assured bandwidth for premium traffic is 5 mbps, the following scenarios are possible:
-
When premium traffic is present, then premium traffic gets an assured bandwidth of 5 mbps. Remaining bandwidth is available to non-premium traffic.
-
When premium traffic is absent, non-premium traffic can use upto 10 Mbps.
-
When premium traffic is present, and non-premium traffic is absent, then premium traffic gets an assured bandwith of not more than 5 Mpbs.
The policer-charge firewall filter action enables this type of
hierarchical policing on supported platforms. The following configuration is
representative of a typical firewall filter configuration with the
policer-charge action. Here, the
policer-charge substracts the available credits, and
makes it available to the aggregate policer. As an example, if aggregate
bandwidth is 10 Mpbs, and assured premium bandwidth is 5 Mbps, and premium
traffic is consuming 3 Mbps, then policer-charge substracts
3 Mbps from 10 Mbps. The remaining bandwith, 7 Mpbs, is made available to
the aggregate policer.
set firewall family inet filter f1 term t1 from Premium traffic set firewall family inet filter f1 term t1 then policer premium set firewall family inet filter f1 term t1 then next term set firewall family inet filter f1 term t2 from Premium traffic set firewall family inet filter f1 term t2 then policer-charge aggregate set firewall family inet filter f1 term t2 then accept set firewall family inet filter f1 term t3 then policer aggregate set firewall family inet filter f1 term t3 then accept
All the terms need to be configured in same order.
The term that has the policer-charge and the preceding
term that has the next term action, must have same match
conditions.
All the policers, be it premium or aggregate, must be of same type.
The premium and aggregate policers must have discard actions.
The aggregate bandwidth should always be higher than the premium bandwidth.
Policer overhead adjustment is supported.
Policer accuracy - To support higher policer accuracy, a new packet size is added, which enables higher policer support. Policer rate configurable is also increased to 14.4 tbps. Policer accuracy is provided as close as possible to configured rate.
Default
policer-charge aggregate policer
Required Privilege Level
firewall—To view this statement in the configuration.
firewall -control—To add this statement to the configuration.
Release Information
Statement introduced in Junos OS Evolved Release 23.4R1