tim tiriche [[email protected]] wrote: > Hi, > > I am preparing for JNCIP-SP exam and would like to understand what > logical interface policer statement does? > The documentation says it is an aggregate policer but it is not very > clear to me. > > policer example: > > [edit firewall] > + policer policer-test { > + logical-interface-policer; > + if-exceeding { > + bandwidth-limit 10m; > + burst-size-limit 100k; > + } > + then discard; > + } > > > [edit interfaces ge-2/0/0 unit 0] > + family inet { > + policer { > + input policer-test; > + } > + address 1.1.1.1/30; > + } > + family inet6 { > + policer { > + input policer-test; > + } > + address abcd::1/64; > + } > [edit interfaces ge-2/0/0 unit 1] > + family inet { > + policer { > + input policer-test; > + } > + address 2.2.2.2/30; > + } > > > [edit interfaces] > + ge-2/0/1 { > + unit 0 { > + family inet { > + policer { > + input policer-test; > + } > + address 121.1.1.1/30; > + } > + } > + } > > does this mean that a total of 10M will be shared among all the > interfaces and protocol families on a first come first serve basis? > or does each unit get 10M (i.e ge-2/0/0 (inet+inet6) = 10M, ge-2/0/0.1 > = 10M, ge-2/0/1=10M? > or does each physical interface get 10M? (i.e ge-2/0/0 = 10M + ge-2/0/1 = 10M) > > is there any way to check this on a jseries router on a m/t series, i > believe there was a PFE command on the FPC to see the value.
You don't have any aggregated interfaces listed here. By applying the policer to each ge-x/x/x interface, you are applying separate rate limits to each interface. If your aggregation doesn't involve the specifically limited units ge-2/0/0.0, ge-2/0/0.1 or ge-2/0/1.0 then you won't see any rate limiting. _______________________________________________ juniper-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/juniper-nsp
