Knowledge Center Search


 

How to rate limit traffic to a Routed VLAN Interface (RVI) on an EX Series Switch

  [KB14250] Show KB Properties

  [KB14250] Hide KB Properties

Categories:
Knowledge Base ID: KB14250
Last Updated: 19 Aug 2009
Version: 1.0

Summary:
Rate limiting traffic on an EX Series Switch Routed VLAN Interface (RVI) can be accomplished using a policer and firewall filter.  This allows you to limit the traffic across specific vlans if required.

Problem or Goal:

Solution:

Toplogy:

  • EX Switch with VLAN A and VLAN B
  • Each VLAN on the EX Switch has a Routed VLAN Interface (RVI) configured to perform inter-VLAN routing within the switch (This can also be referred to as Integrated Routing Bridging Interface (IRB))


Configuration:

  • Write the policer to rate limit traffic and firewall filter to apply it:

policer icmp {
       if-exceeding {
             bandwidth-limit 100k;
             burst-size-limit 100;
       }
       then discard;
}
family inet {
        filter icmp_protect {
            term test {
                  from {
                          destination-address {
                                   10.102.0.1/32;
                         }
                         protocol icmp;
                    }
                    then {
                             policer icmp;
                             count icmp_packet;
                    }
               }
               term default {
                          then accept;
                           }
                   }
}

Apply the firewall filter to the "input" RVI of VLAN A or VLAN B:

  • prompt# set interface vlan.10 family inet filter input icmp_protect

Purpose:
Configuration

Related Links:

 

 

ASK THE KB

Question or KB ID:


 


 

 
Copyright© 1999-2012 Juniper Networks, Inc. All rights reserved.