Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[EX] Policer counter shows incorrect value on EX2200 and EX3300

0

0

Article ID: KB34796 KB Last Updated: 13 Aug 2019Version: 1.0
Summary:

Due to a limitation specific to EX2200 and EX3300, the policer counter does not read the correct packets value that's being passed.

Symptoms:

The output below shows extremely high packets counter value while there is no traffic passing through.

root@ex3300# run show firewall

Filter: policer-limit
Policers:
Name                                                Bytes              Packets
limit-10m                                              NA        8406733840408
limit-15m                                              NA        8465692585536
limit-20m                                              NA        6854870057181

In another case, the packets value is not increased while the policer is effectively working.

root@ex3300# run show firewall

Filter: policer-limit
Policers:
Name                                                Bytes              Packets
limit-10m                                              NA                    0
limit-15m                                              NA                    0
limit-20m                                              NA                    0


Note: You can check the amount of traffic on a policer enabled port. If the policer is effectively working, the amount of egress traffic of that port will be reduced along with policer setting value.

This difference is coming from the software version, but there is no version which the policer counter works properly.

Cause:

EX2200 and EX3300 read counter values from the PFE, and cannot read the proper value even though it is accessing correct registers directly.

This is due to a chip limitation that is specific to EX2200 and EX3300 only.

Solution:

There is no workaround for this behavior, but the policer itself works properly.

This limitation is described in PR1395506 : Ex2200 / EX3300: Firewall policer counters showing incorrect values

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search