On EX-4200 I can successfully rate-limit/police ingress and egress on a routed port with below config:
Firewall filter:
set firewall family inet filter RATE_LIMIT_25M term default_rate then policer 25M
set firewall family inet filter RATE_LIMIT_25M term default_rate then accept
Policer:
set firewall policer 25M if-exceeding bandwidth-limit 25m
set firewall policer 25M if-exceeding burst-size-limit 25m
The below interface config rate-limits for ingress only:
Interface config:
set interfaces ge-0/0/1 unit 0 family inet filter input RATE_LIMIT_25M
set firewall policer 25M then discard
On the EX-4200 class-of-service is used along with shaping to achieve rate-limiting because
a policer will not work for egress:
set class-of-service interfaces ge-0/0/1 shaping-rate 25m
The rate-limiting is successful on the routed port.
When I try to achieve the same result with an SVI/RVI ingress works fine, but egress will not be accepted. And it appears I cannot use class-of-service shaping as above with the routed port.
My question is how do I apply an egress rate limiter to an RVI?