[j-nsp] dropped packet counter and stat of traffic policer

Thu Jul 1 09:21:23 EDT 2010

Samit,
> samit at gw-router> show firewall filter test-traffic-limit
>
> Filter: test-traffic-limit
> Counters:
> Name                                                Bytes
> Packets
> test-count                                173823870          4588919
> Policers:
> Name                                              Packets
> test-police-test-limit-prefix                  290558 <======= this is 
> counter of packets discarded by policer

There is no built-in counter for dicarded bytes. You have to rewrite a 
policer and add a special filter term like this:
policer test-police {
if-exceeding {
    bandwidth-limit XXXM;
    burst-size-limit YYYM;
}
then forwarding-class assured-forwarding; ## any unused forwarding-class
}

term test-limit-prefix-FCtag {
    then {
        policer test-police;
        next term;
    }
 }
term test-limit-prefix-discard {
  from forwarding-class {
        assured-forwarding;
    }
    then {
        discard;
        count test-count-bytes+packets;
        }
 }

This will _only_ work on T-series/M320/M120 and MX. It will _not_ work on 
any regular M-series M5/M10/M20/M160/M7i/M10i.
HTH
Regards
Alex

----- Original Message ----- 
From: "Samit" <janasamit at wlink.com.np>
To: "juniper-nsp" <juniper-nsp at puck.nether.net>
Sent: Thursday, July 01, 2010 8:50 AM
Subject: [j-nsp] dropped packet counter and stat of traffic policer

> Hi,
>
> I am testing the rate limiting in junos 9.2, M7i series. Everything is
> working as expected but, I could not find and figure out the command
> which can show the statistics specially the dropped/discard packets
> counter by the traffic police rules. Any tips would be appreciated.
>
> samit at gw-router# show
> term test-limit-prefix {
>    from {
>        destination-address {
>            0.0.0.0/0;
>        }
>    }
>    then {
>        policer test-police;
>        count test-count;
>        accept;
>    }
> }
>
> [edit firewall filter test-traffic-limit]
>
> samit at gw-router#
>
> samit at gw-router# show firewall policer test-police
> if-exceeding {
>    bandwidth-limit 256k;
>    burst-size-limit 16k;
> }
> then discard;
>
> [edit]
>
>
> samit at gw-router> show policer ?
> Possible completions:
>  <[Enter]>            Execute this command
>  <policer>            Policer name
>  __auto_policer_template_1__
>  __auto_policer_template_2__
>  __auto_policer_template_3__
>  __auto_policer_template_4__
>  __auto_policer_template__
>  __default_arp_policer__
>  |                    Pipe through a command
> samit at gw-router> show policer
>
>
> samit at gw-router> show firewall filter test-traffic-limit
>
> Filter: test-traffic-limit
> Counters:
> Name                                                Bytes
> Packets
> test-count                                173823870          4588919
> Policers:
> Name                                              Packets
> test-police-test-limit-prefix                  290558
>
> samit at gw-router>
>
>
> samit at gw-router# show interfaces ge-0/0/0
> description "sw-test Gi0/1";
> vlan-tagging;
> unit 0 {
>    vlan-id 12;
>    family inet {
>        filter {
>            output test-traffic-limit;
>        }
>        address 192.168.0.1/24;
>    }
> }
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
> 