To all of the Juniper Lovers Out there,
Today I was working on a case with one of my customers and decided to write about it here.
Basically my customer had a QoS policy in place to rate limit traffic from a specific subnet (let´s say 192.168.10.0/24) to 2 mb with a exceed action of dropping the traffic.
That was working perfectly but he wanted to provide 1 user (192.168.10.2) the ability to use as much bandwidth as required.
In order to do this you have to understand how Policing works and also how the Firewall Filters on a Junos Box works.
I will configure this from scratch so you all can see how to build this from zero.
Note: the policy will be applied on interface em0 on the input direction.
Step 1. Create the Policer Policy
root@Jcarvaja# set firewall policer iNetworks_Test if-exceeding bandwidth-limit 2m burst-size-limit 1m
root@Jcarvaja#set firewall policer iNetworks_Test then discard
Step 2. Create the Firewall Filter Policy
root@Jcarvaja# set firewall filter iNetworks_em0 term POLICE from source-address 192.168.10.0/24
root@Jcarvaja#set firewall filter iNetworks_em0 term POLICE from source-address 192.168.10.2/32 except
root@Jcarvaja#set firewall filter iNetworks_em0 term POLICE then policer Julio_Test
root@Jcarvaja#set firewall filter iNetworks_em0 term No_POLICE from source-address 192.168.10.2/32
root@Jcarvaja#set firewall filter iNetworks_em0 term No_POLICE then accept
Step 3. Apply the Firewall Filter and Firewall Policer to the right interface
root@Jcarvaja#set interface em0 family inet filter input iNetworks_em0
Step 4. Save the configuration
That’s it, we have successfully configured a policer on a Junos Box, Another happy customer!
Additional info: There is a filter-specific option to configure withing the policer configuration, what this does is basically (if-configured) limit the traffic to the rate specific by all the terms that make reference to it (Like the Cisco aggregate-policer).