Mark, I would like to police traffic to and from a specific customer. The customer announces its own prefixes which are marked with a specific bgp community. I think that Raymond proposal will match and police traffic for which the destination IP matches the customer community; this is traffic to the customer. If I want to match and police traffic originated by the customer I should match source ip against the community; is it possible? How? I can not relay on interface because customers share the same interface on the router. Thanks, Bit
On Fri, 2008-03-21 at 17:09 +0800, Mark Tinka wrote: > On Thursday 20 March 2008, Bit Gossip wrote: > > > Hi Raymond, > > that is a good one; just one more thing: I would like to > > police traffic to and from the customer, so I should > > match source and destination IP against the community. > > How can I do that? > > Not sure I understand your question... but if you want to > police based on the destination prefix, what Raymond > offered will work. > > However, it would match all traffic coming from all > customers to the destinations defined by the BGP community. > If you want to be more specific on which customers this > feature is applied to (which is what I'd recommend as well, > unless otherwise), specify the source interface along with > the destination-class in the filter; to borrow from > Raymond's example: > > [edit firewall] > filter QPPB_Policer-1 { > term match-dest_class-1 { > from { > destination-class dest_class-1; > interface ge-0/2/0.0; <=== this is the bit you add <=== > } > then policer police-destination; > } > term default { > then { > accept; > } > } > } > > Cheers, > > Mark. _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp