[j-nsp] Policer Statistics (fwd)
Tay Chee Yong
tcy at pacific.net.sg
Fri Jan 31 11:17:19 EST 2003
Hi Robert,
Thanks for your reply.
>From our configuration, the count comes before the policer statement. Even if I
type policer statement before the count statement, the config will still display
the count statement before the policer statement, as shown below.
policer icmp-cap {
if-exceeding {
bandwidth-limit 2m;
burst-size-limit 16k;
}
then discard;
}
term icmp-anti-flooding {
from {
protocol icmp;
}
then {
count icmp-anti-flooding;
policer icmp-cap;
sample;
accept;
}
}
So does the above config means that JUNOS will count the packets matching the
filter, then apply the policer?
Regards,
Cheeyong
On Thu, 30 Jan 2003, Robert O'Hara wrote:
: Hi CheeYong,
:
: In the following example:
:
: [edit firewall]
: filter limit-ftp {
: policer p1{
: if-exceeding {
: bandwidth-limit 400k;
: burst-size-limit 20k;
: }
: then {
: discard;
: }
: }
:
: When you do 'show firewall' you will see a
: counter "limit-ftp". This counter associated
: with this policer and is counting the packets dropped/discarded.
:
:
: term t-ftp{
: from {
: source-address 1.2.3/24;
: protocol tcp;
: destination-port ftp;
: }
: then {
: policer limit-ftp;
: accept;
: count count-ftp; <== packets that passed the
: policer
:
: This counter will counter the packets that passed the policer.
: In the then clause, the policer is applied first. After
: this, if the packet did not get discarded, it will go
: on to the next action, which is count.
:
: Thanks,
:
: Bob O'Hara
:
: Systems Engineer/Northeast Region
: Juniper Networks
:
: -----Original Message-----
: From: Tay Chee Yong [mailto:tcy at pacific.net.sg]
: Sent: Thursday, January 30, 2003 5:44 AM
: To: juniper-nsp at puck.nether.net
: Subject: [j-nsp] Policer Statistics (fwd)
:
:
: Does someone has any findings for the following?
:
: Thanks.
: Cheeyong
:
:
: ---------- Forwarded message ----------
: Date: Wed, 29 Jan 2003 01:13:48 +0800 (Singapore Standard Time)
: From: Tay Chee Yong <tcy at pacific.net.sg>
: To: juniper-nsp at puck.nether.net
: Subject: Policer Statistics
:
: Hi all,
:
: I was wondering if Juniper running JUNOS 5.3 has a way of displaying a
: policer's
: conformed/exceeded packets/bytes, as per a Cisco's rate-limit/service
: policy
: show output.
:
: Seems that the output results of the policer only shows the number of
: packets
: being discarded (as per the policer's action - discard)
:
: Policer: at-0/3/0.10-in-policer
: at-0/3/0.10-in-policer
: 0 packets
:
: Is there a way to display more information such as number of
: conformed/exceeded packets/bytes for real-time debugging using the
: monitor
: command?
:
: I believe the common practice of using the policer is within the [edit
: firewall
: filter] hierarchy, however, we are still unable to determine how well
: the
: policer is functioning. From the show results, we are only able to see
: the hits
: on the filter.
:
: Will the later release of JUNOS allow us to view more details about the
: policer
: that is applied on the filter, or interface?
:
: Any comments is appreciated.
:
: Many Thanks.
:
: Regards,
: Cheeyong
:
: _______________________________________________
: juniper-nsp mailing list juniper-nsp at puck.nether.net
: http://puck.nether.net/mailman/listinfo/juniper-nsp
:
More information about the juniper-nsp
mailing list