Once upon a time, Chris Adams <cmad...@hiwaay.net> said: > I'm currently using interface, policer, and filter config like this to > rate-limit ethernet interfaces to paid bandwidth on an M10i:
I got responses from several people along the same lines, but I figured I'd summarize my solution for the archives. Thanks to all that responded. Everybody suggested putting the policer directly on the interface and setting "logical-interface-policer" in the policer. The downside of that is that I lose my nice SNMP counters for traffic passed by the policer. I did figure a way to still get stats, although they are per-family (which will require configuring my monitoring system to add them together): interfaces { fe-1/0/1 { vlan-tagging; unit 148 { description "Some Customer"; bandwidth 10m; vlan-id 148; family inet { filter { input count; output count; } policer { input 10meg; output 10meg; } address x.x.x.x/x; } family inet6 { filter { input count6; output count6; } policer { input 10meg; output 10meg; } address xx::x/x; } } } } firewall { policer 10meg { logical-interface-policer; if-exceeding { bandwidth-limit 10m; burst-size-limit 1250000; } then discard; } family inet6 { filter count6 { interface-specific; term other { then { count rate; accept; } } } } filter count { interface-specific; term other { then { count rate; accept; } } } } I can monitor the SNMP variables for the "count" and "count6" counter "rate" and add them together to get the traffic that is actually sent/received on the interface. Not quite as nice, but it should work. -- Chris Adams <cmad...@hiwaay.net> Systems and Network Administrator - HiWAAY Internet Services I don't speak for anybody but myself - that's enough trouble. _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp