Juniper Networks JUNOS OS 10.4 User Manual

•

The filter that applies the two policers to VPLS.

•

The application of the filter to the customer interface configuration as an input filter.

NOTE:

This example does not present exhaustive configuration listings for

all routers in the figures. However, you can use this example with a broader
configuration strategy to complete the MX Series router network Ethernet
Operations, Administration, and Maintenance (OAM) configurations.

To configure policing and marking of traffic entering a VPLS core:

1.

Configure

policer bcast-unknown-unicast-non-ip-mcast-policer

, a firewall policer to

limit the aggregate broadcast, unknown unicast, and non-IP multicast to 50 kbps:

[edit firewall]
policer bcast-unknown-unicast-non-ip-mcast-policer {

if-exceeding {

bandwidth-limit 50k;
burst-size-limit 150k;

}
then loss-priority high;

}

2.

Configure

three-color-policer ip-multicast-traffic-policer

, a three-color policer to limit

the IP multicast traffic:

[edit firewall]
three-color-policer ip-multicast-traffic-policer {

two-rate {

color-blind;
committed-information-rate 4m;
committed-burst-size 256k;
peak-information-rate 4100000;
peak-burst-size 256k;

}

}

3.

Configure

customer-1

, a firewall filter that uses the two policers to limit and mark

customer traffic. The first term marks the IP multicast traffic based on the destination
MAC address, and the second term polices the broadcast, unknown unicast, and
non-IP multicast traffic:

[edit firewall]
family vpls {

filter customer-1 {

term t0 {

from {

destination-mac-address {

01:00:5e:00:00:00/24;

}

}
then {

three-color-policer {

two-rate ip-multicast-traffic-policer;

}

103

Copyright © 2013, Juniper Networks, Inc.

Chapter 9: Layer 2 Firewall Filters