Aggregate policers perform second stage policing (the first stage is controlled by individual policers) allowing policing of multiple flows/categories in aggregate. This allows first stage policers to become oversubscribed while still limiting aggregate incoming traffic from a given traffic category. The aggregate fill rate for an Aggregate policer is equal to the maximum value of the fill rates of referencing policers.
The following table defines the bucket sizes and fill rates (in packets/second) for aggregate policers.
Aggregate Policer Bucket Sizes and Fill Rates
Aggregate Policer Name | Bucket Size | Fill Rate | Comment |
---|
routing/billing | 50 | 2,500 (SBC 5000 series) 7,500 (SBC 7000 series) | Referencing ACLs include all defaulted PSX, DNS, NTP and RADIUS-accounting client rules. All clients and only clients are in this aggregate. |
SFTP/Platform | 50 | 10,000 (SBC 5000 series) 30,000 (SBC 7000 series) | Referencing ACLs include all defaulted rules for SFTP server (2024), EMA HTTPS server (443), and EMA server via Platform Mode access (444). |
ICMP | 50 | 100 | Referencing ACLs include all defaulted ICMPv4 and ICMPv6 rules. |
IKE | 50 | 750 | |
OAM | 50 | 1,000 | Referencing ACLs include all defaulted EMA (port 80 and port 443), netconf (port 2022), SNMP (udp port 161), SSH CLI (port 22) server rules. |
Operator configured permit rules | 50 | 20,000 | Referencing ACLs include all operator created permit rules. |
Zone aggregate signaling | Zone CAC settings | Zone CAC settings | |