On 7/12/2011 11:06 AM, Clarke Morledge wrote:
On an IP interface (on a router like the MX), you can configure filters
to count different types of IP packets. But there does not appear to be
a way to count ARP packets, since they do not have an IP header.
I would like to be able to have some type of ARP packet counter per
interface that I can query with SNMP, just like you would with the IP
counters via filters that can be programmed into the router hardware.
The closest thing I can find that might do it is using an ARP policer.
Unfortunately, this will only catch packets that hit some limit on your
policer. This is better than nothing, but not great. From the CLI, you
can look at the number of hits on the __default_arp_policer__, which I
assume will get superceded by any interface specific ARP policer. In
this context, the "show policer" output via the CLI is helpful:
show policer
Policers:
Name Bytes Packets
__default_arp_policer__ 22143436345 330586727
But I do not know how to collect this information via SNMP.
Does anyone have any clues on how to do this, aside from scripting it
out via junoscript and the utility mib?
Hi Clarke,
If you are using an MX platform, instead of using family-inet on your
interfaces, configure them in a bridge-group using family bridge (simply
use an IRB interface for the routing functions). Then you can create
firewall filters for those respective interfaces under [firewall filter
family bridge] as in the following:
root@lab-mx1# show firewall
family bridge {
filter test {
term arp {
from {
ether-type arp;
}
then {
count arp;
accept;
}
}
}
}
Once you have a counter assigned, you can now poll this via SNMP as well.
HTHs.
Stefan Fouant
JNCIE-ER #70, JNCIE-M #513, JNCI
Technical Trainer, Juniper Networks
http://www.shortestpathfirst.net
http://www.twitter.com/sfouant
_______________________________________________
juniper-nsp mailing list [email protected]
https://puck.nether.net/mailman/listinfo/juniper-nsp
