[j-nsp] inbound policing

Richard A Steenbergen ras at e-gerbil.net
Mon Aug 30 12:16:30 EDT 2004


On Mon, Aug 30, 2004 at 09:41:54AM -0400, Jeff Wheeler wrote:
> On Mon, 2004-08-30 at 06:33, Przemekk wrote:
> > -- Hello There,
> > I've noticed (via snmp/mrtg) that input rate on the interface exceeds
> > the rate i've set.
> 
> You are probably polling layer 2 ethernet port tx/rx octet counters,
> while the IP-II is policing traffic based on layer 3 packet size.  I do
> not believe the IP-II has knowledge of what the packet will look like in
> the egress interface's layer 2 protocol, because that framing is done on
> the PIC when the packet is ready to be transmitted.

If he is taking snmp data off the Juniper, he would only be seeing layer 3 
packet statistics there too. One of those little known factoids that leads 
to people complaining about inaccurate bills, depending on which side is 
using the Juniper. :)

More than likely it is just the nature of the beast, policers can't be 
perfectly accurate. He might also be able to get more exact performance by 
tuning the burst limit, though "to what" is something I'm not even going 
to try and touch. Why Juniper hasn't added an "auto-burst-limit" directive 
or some kind of bandwidth/delay calculator with recommended values to the 
CLI is still beyond me. :P

-- 
Richard A Steenbergen <ras at e-gerbil.net>       http://www.e-gerbil.net/ras
GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC)


More information about the juniper-nsp mailing list