[j-nsp] Discard Interface
Chris Morrow
morrowc at ops-netman.net
Tue Apr 7 13:49:37 EDT 2015
On 04/07/2015 01:46 PM, harbor235 wrote:
> Correct, I see rpf failures, however the firewall log specified on the
> dsc.0 interface is the reporting filter of the discarded traffic? Is there
> a solution to correct the problem?
>
I'm not a juniper engineer, but I believe most of their decisions are
made (for acls) on input, so I bet they can't do what you want... unless
you remove the dsc.0 deny and let the traffic flow out the dsc.0
interface (of course it won't go anywhere, but it might start counting
on the interface for you).
it's been a while since I looked at this in particular.
>
> Mike
>
> On Tue, Apr 7, 2015 at 1:29 PM, Chris Morrow <morrowc at ops-netman.net> wrote:
>
>>
>>
>> On 04/07/2015 01:23 PM, harbor235 wrote:
>>> I am having issues updating interface stats via the discard interface,
>> dsc.0
>>>
>>> I have successfully setup a trigger router for injecting routes I need
>>> discarded at the edge.
>>> The Edge router is a J series router (J2350) I have configured S/RTBH
>>> routing and I am using dsc.0 for discarded traffic, coloring, and
>> logging.
>>>
>>> My problem, traffic is discarded correctly, the output filter configured
>> on
>>> the dsc.0 interface correctly logs and discards the traffic. This is
>>> verified via the :show firewall log" cmds, but, I see no stats updates
>> via
>>> "show interface dsc.0 extensive" for the dsc.0 interface. The route for
>>> the discarded prefix(s) correctly points to the destination address of
>> the
>>> dsc.0 interface. What am i missing here? Should I expect traffic stats
>> on
>>> dsc.0 and the firewall log output?
>>
>> I bet you see discards on the input interface.
>> _______________________________________________
>> juniper-nsp mailing list juniper-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>>
>
More information about the juniper-nsp
mailing list