[j-nsp] Policer Statistics (fwd)

Robert O'Hara rohara at juniper.net
Thu Jan 30 04:58:23 EST 2003 

Hi CheeYong,

In the following example:

 [edit firewall]
  filter limit-ftp {
  	 policer p1{
  	 	 if-exceeding {
  	 	 	 bandwidth-limit 400k;
  	 	 	 burst-size-limit 20k; 
  	 	 }
  	 	 then {
  	 	 	 discard;
  	 	 }
  	 }

When you do 'show firewall' you will see a
counter "limit-ftp". This counter associated 
with this policer and is counting the packets dropped/discarded.


  	 term t-ftp{
  	 	 from {
  	 	 	 source-address 1.2.3/24;
  	 	 	 protocol tcp;
  	 	 	 destination-port ftp;
  	 	 }
  	 	 then {
  	 	 	 policer limit-ftp;
  	 	 	 accept;
  	 	 	 count count-ftp;  <==  packets that passed the
policer
 
This counter will counter the packets that passed the policer.
In the then clause, the policer is applied first. After
this, if the packet did not get discarded, it will go
on to the next action, which is count.

Thanks,

Bob O'Hara  

Systems Engineer/Northeast Region
Juniper Networks

-----Original Message-----
From: Tay Chee Yong [mailto:tcy at pacific.net.sg]
Sent: Thursday, January 30, 2003 5:44 AM
To: juniper-nsp at puck.nether.net
Subject: [j-nsp] Policer Statistics (fwd)


Does someone has any findings for the following?

Thanks.
Cheeyong


---------- Forwarded message ----------
Date: Wed, 29 Jan 2003 01:13:48 +0800 (Singapore Standard Time)
From: Tay Chee Yong <tcy at pacific.net.sg>
To: juniper-nsp at puck.nether.net
Subject: Policer Statistics

Hi all,

I was wondering if Juniper running JUNOS 5.3 has a way of displaying a
policer's
conformed/exceeded packets/bytes, as per a Cisco's rate-limit/service
policy
show output.

Seems that the output results of the policer only shows the number of
packets
being discarded (as per the policer's action - discard)

Policer: at-0/3/0.10-in-policer
    at-0/3/0.10-in-policer
                    0 packets

Is there a way to display more information such as number of
conformed/exceeded packets/bytes for real-time debugging using the
monitor
command?

I believe the common practice of using the policer is within the [edit
firewall
filter] hierarchy, however, we are still unable to determine how well
the
policer is functioning. From the show results, we are only able to see
the hits
on the filter.

Will the later release of JUNOS allow us to view more details about the
policer
that is applied on the filter, or interface?

Any comments is appreciated.

Many Thanks.

Regards,
Cheeyong

_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net
http://puck.nether.net/mailman/listinfo/juniper-nsp

More information about the juniper-nsp mailing list