juniper控制带宽策略

[edit firewall family inet]
user@Shiraz# show
filter limit-ftp {
policer policer-1 {
if-exceeding {
bandwidth-limit 400k; /**正常使用带宽 **/
burst-size-limit 100k; /**超出正常带宽后带宽 **/
}
then discard; /*** 如果应用超过500k 后丢弃 ***/
}
term ftp {
from {
source-address {
10.2.3/24;
}
protocol tcp;
destination-port [ftp ftp-data];
}
then {
policer policer-1; /*** 应用FTP **/
accept;
}
}
term accept-all {
then accept;
}
}
直接应用到interface,来限制流量
[edit firewall]
user@Shiraz# show
policer police-all-traffic {
if-exceeding {
bandwidth-limit 10m;
burst-size-limit 100k;
}
then {
discard;
}
}
[edit interfaces fe-0/0/0]
user@Shiraz# show
description "Connection to Customer-A";
unit 0 {
family inet {
policer {
input police-all-traffic;
output police-all-traffic;
}
address 10.100.1.1/24;
}
}