Defining a VPLS Firewall Policer
You can configure filters, policers, and broadcast and unknown filters to determine which kind of traffic is allowed into and out of a VPLS domain. You can apply these filters and policers to CE-facing interfaces only.
To process traffic as it enters a VPLS domain, you can define
a firewall policer and apply it to the input interface. To define
policer characteristics for incoming VPLS traffic, include the bandwidth-limit and burst-size-limit statements
at the [edit firewall policer policer-name if-exceeding] hierarchy level. Then, specify statements to
implement the desired action (for example, discard) for
the policed traffic at the [edit firewall policer policer-name then] hierarchy level. To apply the policer to a CE-facing
interface, include the input or output statements
and the name of the policer at the [edit interfaces interface-name unit unit-number family
vpls policer] hierarchy level.
[edit]
interfaces {
ge-2/1/0 {
vlan-tagging;
mtu 1544;
encapsulation vlan-vpls;
unit 0 {
encapsulation vlan-vpls;
vlan-id 600;
family vpls {
policer {
input vpls-policer;
}
}
}
}
}
firewall {
policer {
vpls-policer {
if-exceeding {
bandwidth-limit 5m;
burst-size-limit 1m;
}
then discard;
}
}
}