On Thursday 20 March 2008, Bit Gossip wrote: > Hi Raymond, > that is a good one; just one more thing: I would like to > police traffic to and from the customer, so I should > match source and destination IP against the community. > How can I do that?
Not sure I understand your question... but if you want to
police based on the destination prefix, what Raymond
offered will work.
However, it would match all traffic coming from all
customers to the destinations defined by the BGP community.
If you want to be more specific on which customers this
feature is applied to (which is what I'd recommend as well,
unless otherwise), specify the source interface along with
the destination-class in the filter; to borrow from
Raymond's example:
[edit firewall]
filter QPPB_Policer-1 {
term match-dest_class-1 {
from {
destination-class dest_class-1;
interface ge-0/2/0.0; <=== this is the bit you add <===
}
then policer police-destination;
}
term default {
then {
accept;
}
}
}
Cheers,
Mark.
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
