Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[Subscriber Management] How to check the programming of PFE for a normal policer and shared-bandwidth-policer of a subscriber session

0

0

Article ID: KB29705 KB Last Updated: 18 Jun 2015Version: 1.0
Summary:

This article provides additional commands to check the programming of a PFE for a normal policer and shared-bandwidth-policer of a subscriber session.

Symptoms:

The following is the configuration of a policer and shared-bandwidth-policer.

A normal policer polices at the configured rate per PFE. In the case of AE bundles spanning multiple FPCs, the overall rate for the subscriber might exceed the configured rate (depending on the number of PFEs involved). For more information on shared-bandwidth-policer, see http://www.juniper.net/documentation/en_US/junos13.3/topics/reference/configuration-statement/shared-bandwidth-policer-edit-firewall-cs.html.

The shared-bandwidth-policer dynamically allocates a share of bandwidth across the PFEs to effectively achieve the configured policed rate. If two PFEs are involved, then each PFE polices at 2.5m for a 5m policer. This is known as the "carve-up" factor.

test@ERX-MX480-1-RE0# show filter Service_test_Sym_in
interface-specific;
term 1 {
     then {
	 policer test_in;
 	 loss-priority high;
 	 forwarding-class BRONZE;
    }
}


 [edit firewall]
test@ERX-MX480-1-RE0# show policer Service_test_Sym_in >>> This is a normal policer

 [edit firewall]
test@ERX-MX480-1-RE0# show policer test_in
filter-specific;
if-exceeding {
    bandwidth-limit 5m;
    burst-size-limit 350k;
}
then discard;

 [edit firewall]
test@ERX-MX480-1-RE0# show filter Service_test_Sym_out
interface-specific;
term 1 {
     then {
	 policer test_out;
	 loss-priority high;
 	 forwarding-class BRONZE;
     }
}

 [edit firewall]
test@ERX-MX480-1-RE0# show policer test_out
filter-specific;
shared-bandwidth-policer; >>> This is the shared-bandwidth-policer
if-exceeding {
    bandwidth-limit 5m;
    burst-size-limit 350k;
}
then discard;

 [edit firewall]
test@ERX-MX480-1-RE0# top

 [edit]
test@ERX-MX480-1-RE0# quit
Exiting configuration mode
Solution:

To review more details of the subscriber session from the CLI:

 
test@ERX-MX480-1-RE0> show subscribers
Interface IP Address/VLAN ID User Name LS:RI
pp0.1073792646 44.160.1.2 amit2@mx.com default:default


jtac@ERX-MX480-1-RE0> show interfaces pp0.1073792646 extensive
Logical interface pp0.1073792646 (Index 366) (SNMP ifIndex 885) (Generation 51233) >>> note index no, i.e, ifl number
Flags: Point-To-Point 0x4000 Encapsulation: PPPoE
PPPoE:
State: SessionUp, Session ID: 1,
Session AC name: ERX-MX480-1-RE0, Remote MAC address: 1c:95:6c:41:00:00,
Underlying interface: demux0.100 (Index 334)
Link:
ge-0/0/1.32767 <-- down >>> Two FPCs and two PFEs involved in this session. Each gets 0.5 carve-up factor
ge-0/0/3.32767
ge-1/0/1.32767 <-- down
ge-1/0/3.32767
Traffic statistics:
Input bytes : 1687
Output bytes : 2201
Input packets: 62
Output packets: 63
Local statistics:
Input bytes : 259
Output bytes : 773
Input packets: 20
Output packets: 21
Transit statistics:
Input bytes : 1428 0 bps
Output bytes : 1428 0 bps
Input packets: 42 0 pps
Output packets: 42 0 pps
Keepalive settings: Interval 30 seconds, Up-count 1, Down-count 3
LCP state: Opened
NCP state: inet: Opened, inet6: Not-configured, iso: Not-configured, mpls: Not-configured
CHAP state: Success
PAP state: Closed
Protocol inet, MTU: 1492, Generation: 50939, Route table: 0
Flags: Sendbcast-pkt-to-re
Input Filters: Service_test_Sym_in-pp0.1073792646-in
Output Filters: Service_test_Sym_out-pp0.1073792646-out
Addresses, Flags: Is-Primary
Destination: Unspecified, Local: 172.16.65.32, Broadcast: Unspecified, Generation: 50649


test@ERX-MX480-1-RE0> start shell pfe network fpc0


NPC platform (1067Mhz MPC 8548 processor, 2048MB memory, 512KB flash)

NPC0(ERX-MX480-1-RE0 vty)# show ifl 366 >>> ifl from pp0 interface

Logical interface pp0.1073792646 (Index 366, Alias-Index 0 Peer-Index 0 ifl address 0x4f0438c0)
Channel Mode DISABLED 1 0
Flags: (0x0000000600004010) Up Point-To-Point Accurate-Accounting Stacked-ifl
GEN Flags: (0x0002)Addresses:
Media address: Family: Link (18), Chan: 0, Length: 24 (1c:95:6c:41:00:00:2c:6b:f5:4c:4f:c1:81:00:00:64:88:64:11:00:00:01:00:00)
IRB ifl BD index 65535
Reroute Ref: 0, Restore Ref: 0, LRID: 0
Residue Stats in: 0 out: 0
Accounting Residue Stats in: 0 out: 0
Protocols:
Protocol: IPv4, MTU: 1492 bytes, Flags: 0x8000000200000000, Route table: 0
Maximum labels: 0
Input filter: 0, Output filter: 0, Interface class: 0, Dialer Filter: 0
Input Simple Filter: 0, Output Simple Filter: 0
Input implicit filters: 4194304; >>> input filter applied to pp0 interface
Output implicit filters: 4194305; >>> output filter applied to pp0 interface
L2 Input policer: 0, L2 Output policer: 0
Input policer: 0, Output policer: 0
RPF fail-filter: 0, Reroute Ref: 0, Restore Ref: 0
Service filters in: 0, 0, 0, 0, 0, 0, out: 0, 0, 0, 0, 0, 0, psf: 0
Media:
Type: VLAN Tagged, Encapsulation: Ethernet (0x0000000E)
MTU: 1522 bytes, Flags: 0x0000
Dependencies:
Underlying ifl index: 334
Parent ifl index: 366
Aggregate: (child_list)
Index Child name Channel
----- -------------------- -----------
355 ge-0/0/1.32767 1
361 ge-0/0/3.32767 1
368 ge-1/0/1.32767 1
374 ge-1/0/3.32767 1
Forwarding options: Empty
Storm control:
BC: 0, UC: 0, Flags: 0x0

NPC0(ERX-MX480-1-RE0 vty)# show filter index 4194304
Term Filters:
------------
Index Semantic Name
-------- ---------- ------
4194304 Classic Service_test_Sym_in-pp0.1073792646-in

NPC0(ERX-MX480-1-RE0 vty)# show filter index 4194304 program >>> simple policer on input direction
Filter index = 4194304
Optimization flag: 0x0
Filter notify host id = 0
Filter properties: None
Template index = 65599

NPC0(ERX-MX480-1-RE0 vty)# show filter index 65599 program >>> Check the reference of template
Filter index = 65599
Optimization flag: 0xf7
Filter notify host id = 0
Filter properties: None
Filter state = CONSISTENT
term 1
term priority 0

then
accept
forwarding-class 0
loss-priority 3
policer template test_in
policer test_in
app_type 0
bandwidth-limit 5000000 bits/sec >>> 5m is correctly programmed
burst-size-limit 350000 bytes
discard

NPC0(ERX-MX480-1-RE0 vty)# show filter index 4194305 program
Filter index = 4194305
Optimization flag: 0x0
Filter notify host id = 0
Filter properties: None
Template index = 65600

NPC0(ERX-MX480-1-RE0 vty)# show filter index 65600 program
Filter index = 65600
Optimization flag: 0xf7
Filter notify host id = 0
Filter properties: None
Filter state = CONSISTENT
term 1
term priority 0

then
accept
forwarding-class 0
loss-priority 3
policer template test_out
policer test_out
app_type 0
bandwidth-limit 5000000 bits/sec
burst-size-limit 350000 bytes
discard

NPC0(ERX-MX480-1-RE0 vty)#

NPC0(ERX-MX480-1-RE0 vty)# show policer pp0.1073792646 family inet >>> check pp0 interface
IFD pp0
Implicit input filter #1
No shared bandwidth policer on this interface
Implicit output filter #1
hardware instance:0
======================
Regular policer 'test_out'
dfw:4194305 pfe_id:0
carve-up factor:0.500 vcuf:0.500 >>> carve factor 0.5 indicates that this FPC will police 5/2=2.5m for this ppp interface
bandwidth:312500 bytes/sec, burst size:175000 bytes
----------------------

Regular policer 'test_out' >>> Underlying ae interface "demux0.100" does not span PFE1 (pfe_id:1) on FPC1, so this can be ignored.
dfw:4194305 pfe_id:1
carve-up factor:1.000 vcuf:0.000
bandwidth:625000 bytes/sec, burst size:350000 bytes
----------------------


NPC0(ERX-MX480-1-RE0 vty)# exit



test@ERX-MX480-1-RE0> start shell pfe network fpc1 >>> Now check the same on FPC1


NPC platform (1067Mhz MPC 8548 processor, 2048MB memory, 512KB flash)

NPC1(ERX-MX480-1-RE0 vty)# show ifl 366

Logical interface pp0.1073792646 (Index 366, Alias-Index 0 Peer-Index 0 ifl address 0x4ddc9e70)
Channel Mode DISABLED 1 0
Flags: (0x0000000600004010) Up Point-To-Point Accurate-Accounting Stacked-ifl
GEN Flags: (0x0002)Addresses:
Media address: Family: Link (18), Chan: 0, Length: 24 (1c:95:6c:41:00:00:2c:6b:f5:4c:4f:c1:81:00:00:64:88:64:11:00:00:01:00:00)
IRB ifl BD index 65535
Reroute Ref: 0, Restore Ref: 0, LRID: 0
Residue Stats in: 0 out: 0
Accounting Residue Stats in: 0 out: 0
Protocols:
Protocol: IPv4, MTU: 1492 bytes, Flags: 0x8000000200000000, Route table: 0
Maximum labels: 0
Input filter: 0, Output filter: 0, Interface class: 0, Dialer Filter: 0
Input Simple Filter: 0, Output Simple Filter: 0
Input implicit filters: 4194304;
Output implicit filters: 4194305;
L2 Input policer: 0, L2 Output policer: 0
Input policer: 0, Output policer: 0
RPF fail-filter: 0, Reroute Ref: 0, Restore Ref: 0
Service filters in: 0, 0, 0, 0, 0, 0, out: 0, 0, 0, 0, 0, 0, psf: 0
Media:
Type: VLAN Tagged, Encapsulation: Ethernet (0x0000000E)
MTU: 1522 bytes, Flags: 0x0000
Dependencies:
Underlying ifl index: 334
Parent ifl index: 366
Aggregate: (child_list)
Index Child name Channel
----- -------------------- -----------
355 ge-0/0/1.32767 1
361 ge-0/0/3.32767 1
368 ge-1/0/1.32767 1
374 ge-1/0/3.32767 1
Forwarding options: Empty
Storm control:
BC: 0, UC: 0, Flags: 0x0

NPC1(ERX-MX480-1-RE0 vty)# show filter index 4194304 program
Filter index = 4194304
Optimization flag: 0x0
Filter notify host id = 0
Filter properties: None
Template index = 65599

NPC1(ERX-MX480-1-RE0 vty)# show filter index 65599 program
Filter index = 65599
Optimization flag: 0xf7
Filter notify host id = 0
Filter properties: None
Filter state = CONSISTENT
term 1
term priority 0

then
accept
forwarding-class 0
loss-priority 3
policer template test_in
policer test_in
app_type 0
bandwidth-limit 5000000 bits/sec
burst-size-limit 350000 bytes
discard

NPC1(ERX-MX480-1-RE0 vty)# show filter index 4194305 program
Filter index = 4194305
Optimization flag: 0x0
Filter notify host id = 0
Filter properties: None
Template index = 65600

NPC1(ERX-MX480-1-RE0 vty)# show filter index 65600 program
Filter index = 65600
Optimization flag: 0xf7
Filter notify host id = 0
Filter properties: None
Filter state = CONSISTENT
term 1
term priority 0

then
accept
forwarding-class 0
loss-priority 3
policer template test_out
policer test_out
app_type 0
bandwidth-limit 5000000 bits/sec
burst-size-limit 350000 bytes
discard

NPC1(ERX-MX480-1-RE0 vty)#
NPC1(ERX-MX480-1-RE0 vty)# show policer pp0.1073792646 family inet
IFD pp0
Implicit input filter #1
No shared bandwidth policer on this interface
Implicit output filter #1
hardware instance:0
======================
Regular policer 'test_out'
dfw:4194305 pfe_id:0
carve-up factor:0.500 vcuf:0.500
bandwidth:312500 bytes/sec, burst size:175000 bytes
----------------------

Regular policer 'test_out'
dfw:4194305 pfe_id:1
carve-up factor:1.000 vcuf:0.000
bandwidth:625000 bytes/sec, burst size:350000 bytes
----------------------


NPC1(ERX-MX480-1-RE0 vty)# exit



test@ERX-MX480-1-RE0>
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search