Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Hierarchical Policer Configuration Overview

Hierarchically rate-limits Layer 2 ingress traffic for all protocol families. Cannot be applied to egress traffic, Layer 3 traffic, or at a specific protocol level of the interface hierarchy.

Supported on the following interfaces:

  • SONET interfaces hosted on M40e, M120, and M320 edge routers with incoming FPCs as SFPC and outgoing FPCs as FFPC.

  • SONET interfaces hosted on T320, T640, and T1600 core routers with Enhanced Intelligent Queuing (IQE) PICs.

  • Ethernet interfaces on Gigabit Ethernet Intelligent Queuing 2 (IQ2) and Ethernet Enhanced IQ2 (IQ2E) PICs.

  • MX Series routers with MPC or DPC.

Table 1 describes the hierarchy levels at which you can configure and apply hierarchical policers.

Table 1: Hierarchical Policer Configuration and Application Summary

Policer Configuration

Layer 2 Application

Key Points
Hierarchical Policer

Aggregate and premium policing components of a hierarchical policer:

[edit firewall]
hierarchical-policer policer-name {
    aggregate {
        if-exceeding {
            bandwidth-limit bps;
            burst-size-limit bytes;
        }
        then {
            discard;
            forwarding-class class-name;
            loss-priority supported-value;
        }
    }
    premium {
        if-exceeding {
            bandwidth-limit bps;
            burst-size-limit bytes;
        }
        then {
            discard;
        }
    }
}

Option A—Apply directly to Layer 2 input traffic on a physical interface:

[edit interfaces]
interface-name {
    layer2-policer {
        input-hierarchical-policer policer-name;
    }
}

Hierarchically rate-limit Layer 2 ingress traffic for all protocol families and logical interfaces configured on a physical interface.

Include the layer2-policer configuration statement at the [edit interfaces interface-name] hierarchy level.

Note:

If you apply a hierarchical policer at a physical interface, you cannot also apply a hierarchical policer to any of the member logical interfaces.

Option B—Apply directly to Layer 2 input traffic on a logical interface.

[edit interfaces]
interface-name {
    unit unit-number {
        layer2-policer {
            input-hierarchical-policer policer-name;
        }
    }
}

Hierarchically rate-limit Layer 2 ingress traffic for all protocol families configured on a specific logical interface.

Include the layer2-policer configuration statement at the [edit interfaces interface-name unit unit-number] hierarchy level.

Note:

You must configure at least one protocol family for the logical interface.

Related Documentation