beautypg.com

Juniper Networks JUNOS OS 10.4 User Manual

Page 122

background image

NOTE:

You should deploy firewall filters carefully because it is easy to cause

unforeseen side effects on all traffic, especially traffic that is not the intended
target of the filter. For more information about configuring firewall filters,
see the Routing Policy Configuration Guide.

NOTE:

If the chassis is running in Enhanced IP mode, a single shared filter

instance is created for a filter applied across bridge domains. However, if the
chassis is not running in Enhanced IP mode, then separate filter instances
are created for each bridge domain that the filter is applied to.

Related

Documentation

Layer 2 Firewall Filters

Example: Configuring Policing and Marking of Traffic Entering a VPLS Core on page 102

Example: Configuring Filtering of Frames by MAC Address on page 104

Example: Configuring Filtering of Frames by IEEE 802.1p Bits on page 106

Example: Configuring Filtering of Frames by Packet Loss Priority on page 107

Example: Configuring Policing and Marking of Traffic Entering a VPLS Core

This example firewall filter allows a service provider to limit the aggregate broadcast
traffic entering the virtual private LAN service (VPLS) core. The broadcast, unknown
unicast, and non-IP multicast traffic received from one of the service provider’s customers
on a logical interface has a policer applied. The service provider has also configured a
two-rate, three-color policer to limit the customer’s IP multicast traffic. For more
information on the configuration of policers, see the Junos OS Class of Service
Configuration Guide.

The position of the router is shown in

Figure 14 on page 102

.

Figure 14: Policing and Marking Traffic Entering a VPLS Core

There are four major parts to the configuration:

The policer for broadcast, unknown unicast, and non-IP multicast traffic. This example
marks the loss priority as high if this type of traffic exceeds 50 Kbps.

The two-rate, three-color policer for IP multicast traffic. This example configures a
committed information rate (CIR) of 4 Mbps, a committed burst size of 256 Kbytes, a
peak information rate of 4.1 Mbps, and a peak burst size of 256 Kbytes (the same as
the CIR).

Copyright © 2013, Juniper Networks, Inc.

102

Junos OS 13.1 MX Series 3D Universal Edge Routers Solutions Guide

See also other documents in the category Juniper Networks Hardware: