Knowledge Search


×
 

[EX] Policer counter shows incorrect value on EX2200 and EX3300

  [KB34796] Show Article Properties


Summary:

Due to a limitation specific to EX2200 and EX3300, the policer counter does not read the correct packets value that's being passed.

Symptoms:

The output below shows extremely high packets counter value while there is no traffic passing through.

root@ex3300# run show firewall

Filter: policer-limit
Policers:
Name                                                Bytes              Packets
limit-10m                                              NA        8406733840408
limit-15m                                              NA        8465692585536
limit-20m                                              NA        6854870057181

In another case, the packets value is not increased while the policer is effectively working.

root@ex3300# run show firewall

Filter: policer-limit
Policers:
Name                                                Bytes              Packets
limit-10m                                              NA                    0
limit-15m                                              NA                    0
limit-20m                                              NA                    0


Note: You can check the amount of traffic on a policer enabled port. If the policer is effectively working, the amount of egress traffic of that port will be reduced along with policer setting value.

This difference is coming from the software version, but there is no version which the policer counter works properly.

Cause:

EX2200 and EX3300 read counter values from the PFE, and cannot read the proper value even though it is accessing correct registers directly.

This is due to a chip limitation that is specific to EX2200 and EX3300 only.

Solution:

There is no workaround for this behavior, but the policer itself works properly.

This limitation is described in PR1395506 : Ex2200 / EX3300: Firewall policer counters showing incorrect values

Related Links: