Tuesday, May 10, 2011

Simple rate limit on Juniper SRX

Here's how to apply a simple rate limit to an interface on JunOS 10.2 (SRX):

root@labsrx# show interfaces ge-0/0/1
unit 0 {
    family inet {
        filter {
            input download-limit;
            output upload-limit;
        }
        dhcp {
            client-identifier ascii labsrx;
        }
    }
}

root@labsrx# show firewall
policer rate-limit {
    filter-specific;
    if-exceeding {
        bandwidth-limit 10m;
        burst-size-limit 1m;
    }
    then discard;
}
filter upload-limit {
    term limit-up {
        from {
            source-address {
                192.168.1.0/24;
            }
        }
        then policer rate-limit;
    }

    term accept_all {
        then accept;
    }
}
filter download-limit {
    term limit-down {
        from {
            destination-address {
                192.168.1.0/24;
            }
        }
        then policer rate-limit;
    }

    term accept_all {
        then accept;
    }
}



No comments:

Post a Comment