[j-nsp] snmp count for arp policer?
Stefan Fouant
sfouant at shortestpathfirst.net
Tue Jul 12 13:10:25 EDT 2011
On 7/12/2011 11:06 AM, Clarke Morledge wrote:
> On an IP interface (on a router like the MX), you can configure filters
> to count different types of IP packets. But there does not appear to be
> a way to count ARP packets, since they do not have an IP header.
>
> I would like to be able to have some type of ARP packet counter per
> interface that I can query with SNMP, just like you would with the IP
> counters via filters that can be programmed into the router hardware.
>
> The closest thing I can find that might do it is using an ARP policer.
> Unfortunately, this will only catch packets that hit some limit on your
> policer. This is better than nothing, but not great. From the CLI, you
> can look at the number of hits on the __default_arp_policer__, which I
> assume will get superceded by any interface specific ARP policer. In
> this context, the "show policer" output via the CLI is helpful:
>
>> show policer
> Policers:
> Name Bytes Packets
> __default_arp_policer__ 22143436345 330586727
>
> But I do not know how to collect this information via SNMP.
>
> Does anyone have any clues on how to do this, aside from scripting it
> out via junoscript and the utility mib?
Hi Clarke,
If you are using an MX platform, instead of using family-inet on your
interfaces, configure them in a bridge-group using family bridge (simply
use an IRB interface for the routing functions). Then you can create
firewall filters for those respective interfaces under [firewall filter
family bridge] as in the following:
root at lab-mx1# show firewall
family bridge {
filter test {
term arp {
from {
ether-type arp;
}
then {
count arp;
accept;
}
}
}
}
Once you have a counter assigned, you can now poll this via SNMP as well.
HTHs.
Stefan Fouant
JNCIE-ER #70, JNCIE-M #513, JNCI
Technical Trainer, Juniper Networks
http://www.shortestpathfirst.net
http://www.twitter.com/sfouant
More information about the juniper-nsp
mailing list