Hi Rene,
thanks once again for your great explanation. Just want to add some notes here.
I believe your configuration is correct. However with the rate of 15000 i didn’t get any drops.
I believe you also didn’t get any policy related drops as stated when you verified it with the commands:
vEdge2# show policy access-list-policers
OOS OOS
NAME POLICER NAME PACKETS BYTES
---------------------------------------------------
ACL-SITE2-POLICER 1.POLICER-TEST 0 0
vEdge2#
and
vEdge2# show interface detail ge0/3 | include policer
rx-policer-drops 0
cpu-policer-drops 0
tx-icmp-policer-drops 0
rx-policer-remark 0
vEdge2#
Your drops / packetloss seemed to be of a different nature and are not related to the policy drops.
When i did the same lab my ping tests were without any packet loss from SW2 to SW3.
I then played around with the policer rate in the “group of interest”.
When i change it down to 8000 i receive ~50 % packet loss.
And this time it is also displayed in the verification on vedge2:
You can clear the statisics using following commands:
vEdge2# clear interface statistics
vEdge2# clear policy access-list
vEdge2#
vEdge2#
vEdge2# show interface detail ge0/3 | include policer
rx-policer-drops 0
cpu-policer-drops 0
tx-icmp-policer-drops 0
rx-policer-remark 0
vEdge2#
vEdge2#
vEdge2# show policy access-list-policers
OOS OOS
NAME POLICER NAME PACKETS BYTES
---------------------------------------------------
ACL-SITE2-POLICER 1.POLICER-TEST 0 0
vEdge2#
SW2#ping 10.3.0.103 re 1000
Type escape sequence to abort.
Sending 1000, 100-byte ICMP Echos to 10.3.0.103, timeout is 2 seconds:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!U!
U!UU!UU!U!UU!UU!UU!UUU!UU!UU!UU!U!UUU!UUU!UU!UU!UUU!UU!UU!U!U!UUU!UU!U
U!UU!UU!UU!UU!UU!UU!UU!UU!UU!U!UU!UU!UU!UU!UU!UU!UU!UU!UU!UU!UU!UUU!UU
!UUU!UU!UUU!U!UU!U!UUU!UU!UU!UU!UU!UU!UU!UU!UU!UU!UU!UU!UUU!UUU!UU!UU!
UU!UU!UU!UUU!UU!UU!UU!UU!UUU!UU!U!UU!UU!UU!UU!UU!UU!UUU!U!UU!UU!UU!UU!
UU!UU!UUU!U!UU!UU!U!UU!UU!U!UUU!U!UU!UU!UUU!U!UU!UU!UU!UUU!UU!UU!UU!UU
U!UU!UU!UU!U!UU!UUU!UU!UU!UU!UUU!UU!UU!UU!UUU!UUU!UU!UU!UU!UU!UU!UUU!U
U!U!UU!UU!UU!UUU!UUU!UUU!UU!UU!UUU!UU!UU!UUU!UU!UU!UU!UU!UU!UU!UU!U!UU
U!!UU!UUU!UU!UU!UU!UUU!UU!UU!UU!U!UU!UU!UU!UU!UU!U!UUU!UU!UUU!UU!UUU!U
U!UU!UU!UU!UU!UUU!UUU!UU!UU!UUU!UU!UU!UUU!U!UU!UUU!U!U!UUU!UU!UU!UU!UU
!U!UU!UU!UU!UU!U!UU!
Success rate is 56 percent (561/1000), round-trip min/avg/max = 37/64/101 ms
SW2#
561 packet went through and 439 got blocked. You can see this also in the verification commands:
vEdge2# show policy access-list-policers
OOS OOS
NAME POLICER NAME PACKETS BYTES
---------------------------------------------------
ACL-SITE2-POLICER 1.POLICER-TEST **439** 50046
vEdge2#
vEdge2#
vEdge2# show interface detail ge0/3 | include policer
rx-policer-drops **439**
cpu-policer-drops 0
tx-icmp-policer-drops 0
rx-policer-remark 0
vEdge2#
vEdge2#
Also the U (Unreachable) indicates if an access list blocks the packet:
Interesting is that the first 100 packets are always without drops. it looks like that it takes some time to kick in.
Perhaps you can update the document if you like 
Kind Regards,
Olli