...
https://www.juniper.net/documentation/us/en/software/junos/cos/topics/example/policer-single-rate-two-color-mfc-example.html
| |
---|
discard | BW= 1M Burst-size: 1500 bytes Code Block |
---|
| set firewall policer discard if-exceeding bandwidth-limit 1m
set firewall policer discard if-exceeding burst-size-limit 1k1500
set firewall policer discard then discard |
|
forwarding class | BE-data > Q0 Premium-data > Q1 Voice > Q2 NC > Q3
Code Block |
---|
| set class-of-service forwarding-classes class BE-data queue-num 0
set class-of-service forwarding-classes class Premium-data queue-num 1
set class-of-service forwarding-classes class Voice queue-num 2
set class-of-service forwarding-classes class NC queue-num 3 |
|
firewall filter | tcp/80 or http > forwarding-class BE-data tcp/12345 > forwarding-class Voice ping > forwarding-class Premium-data
Code Block |
---|
| set firewall family inet filter mf-classifier term BE-data from protocol tcp
set firewall family inet filter mf-classifier term BE-data from port http
set firewall family inet filter mf-classifier term BE-data then forwarding-class BE-data
set firewall family inet filter mf-classifier term BE-data then policer discard
set firewall family inet filter mf-classifier term Premium-data from protocol tcp
set firewall family inet filter mf-classifier term Premium-data from port 12345
set firewall family inet filter mf-classifier term Premium-data then forwarding-class Voice
set firewall family inet filter mf-classifier term Premium-data then policer discard
set firewall family inet filter mf-classifier term PremiumPing-data from protocol icmp
#set firewall family inet filter mf-classifier term PremiumPing-data from port 12345
set firewall family inet filter mf-classifier term PremiumPing-data then forwarding-class BE-data
set firewall family inet filter mf-classifier term PremiumPing-data then policer discard
set firewall family inet filter mf-classifier term acceptAccept then accept |
|
Apply fw filter to interface |
Code Block |
---|
title | apply fw filter to interface |
---|
| #set interfaces ge-0/0/2 description to-Host
#set interfaces ge-0/0/2 unit 0 family inet address 1.1.1.1/24
set interfaces ge-0/0/2 unit 0 family inet filter input mf-classifier |
|
|
|
---|
|
|
...