Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[M-series] How to determine the effectiveness of the ingress policer

0

0

Article ID: KB23532 KB Last Updated: 28 Dec 2018Version: 2.0
Summary:
This article provides information on how to determine the effectiveness of an ingress policer.
Symptoms:
The effectiveness of an ingress policer cannot be determined b referring to the input BPS statistics of the ingress interface.
Cause:
This is due to the policer action being performed after the ingress packet statistics are collected on the PFE.
Solution:
To determine the policer effect, the egress interface statistics must be referenced. Here is an example of the input policer configuration:
1.6 Mb ingress traffic -> [1MB POLICER ] ge-0/3/0 ROUTER ge-0/3/6 [egress interface] -> 1Mb egress traffic
 interfaces {
    ge-0/3/0 {
        unit 0 {
            family inet {
                filter {
                    input POLICER;
                }
                address 10.10.10.2/24;
            }
        }
    }
    ge-0/3/6 {
        unit 0 {
            family inet {
                address 20.20.10.2/24;
            }
        }
    }
}
firewall {
    policer 1MB {
        if-exceeding {
            bandwidth-limit 1m;
            burst-size-limit 10k;
        }
        then discard;
    }
    filter POLICER {
        term 1 {
            then {
                policer 1MB;
                accept;
            }
        }
    }
} 

Monitor interface output for real time traffic on the ge-0/3/0 ingress interface:

Interface: ge-0/3/0.0, Enabled, Link is Up
 
Input bytes:               79497298052 (1684696 bps)             [418732]
Output bytes:                        0 (0 bps)                        [0]
Input packets:               786969441 (2033 pps)                  [4044]
Output packets:                      0 (0 pps)                        [0]


Monitor interface output for real time traffic on the ge-0/3/6 egress interface:

Interface: ge-0/3/6.0, Enabled, Link is Up
 
Input bytes:                         0 (0 bps)                  [0]
Output bytes:              79239085176 (1002160 bps)            [7067428]
Input packets:                       0 (0 pps)                  [0]
Output packets:              784557469 (1226 pps)               [68698]

Note: The size of the 'burst-size-limit' policer has an impact on the policed rate.
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search