Logical-interface policer will group all protocol families on a given logical interface (i.e. unit) into the same policer construct. Normally, if you have an interface, say ge-0/0/0.0 and you have two protocol families, say family inet and family inet6, both referencing the same input policer, Junos actually invokes two separate policer instances - one for each protocol family. So if the policer was a 100 Mbps policer, each protocol family would get 100 megs... By enabling the logical-interface policer command, you can think of it aggregating all protocol families on that interface, so now instead of each getting 100 meg, they actually share a single policer instance, effectively sharing 100 meg between the two.
Hope that helps and sorry for any typos, I am on my mobile... Stefan Fouant GPG Key ID: 0xB4C956EC Sent from my HTC EVO. ----- Reply message ----- From: "tim tiriche" <[email protected]> Date: Tue, Oct 11, 2011 8:29 pm Subject: [j-nsp] Logical interface policer question To: <[email protected]> Hi, I am preparing for JNCIP-SP exam and would like to understand what logical interface policer statement does? The documentation says it is an aggregate policer but it is not very clear to me. policer example: [edit firewall] + policer policer-test { + logical-interface-policer; + if-exceeding { + bandwidth-limit 10m; + burst-size-limit 100k; + } + then discard; + } [edit interfaces ge-2/0/0 unit 0] + family inet { + policer { + input policer-test; + } + address 1.1.1.1/30; + } + family inet6 { + policer { + input policer-test; + } + address abcd::1/64; + } [edit interfaces ge-2/0/0 unit 1] + family inet { + policer { + input policer-test; + } + address 2.2.2.2/30; + } [edit interfaces] + ge-2/0/1 { + unit 0 { + family inet { + policer { + input policer-test; + } + address 121.1.1.1/30; + } + } + } does this mean that a total of 10M will be shared among all the interfaces and protocol families on a first come first serve basis? or does each unit get 10M (i.e ge-2/0/0 (inet+inet6) = 10M, ge-2/0/0.1 = 10M, ge-2/0/1=10M? or does each physical interface get 10M? (i.e ge-2/0/0 = 10M + ge-2/0/1 = 10M) is there any way to check this on a jseries router on a m/t series, i believe there was a PFE command on the FPC to see the value. Thanks. _______________________________________________ juniper-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/juniper-nsp _______________________________________________ juniper-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/juniper-nsp
