Using a Firewall Filter to Count Traffic on an Interface

Problem

You want to find out how much traffic is passing through an interface.

Solution

To check how much traffic is successfully passing through an interface, add the count option to a then clause that accepts traffic:

	[edit firewall filter incoming-to-me]
	aviva@RouterF# set term final-accept then count incoming-accepted
	aviva@RouterF# set term final-accept then accept

To track unwanted traffic, use the count option and a then clause that discards traffic:

	[edit firewall filter incoming-to-me]
	aviva@RouterF# set term reject-addresses then count bad-addresses
	aviva@RouterF# set term final-accept then discard

To look at the counters, use the show firewall filter command:

	aviva@RouterF> show firewall filter incoming-to-me
	Filter: incoming-to-me
	Counters:
	Name Bytes Packets
	incoming-accepted 246 4

 

Discussion

Either as part of your standard network practices or while tracking a problem, you often want to know how much traffic has either successfully passed through an interface or how much traffic attempted but failed to pass through an interface. You do this by counting the packets that match each term in a firewall filter.

The first command in this recipe counts all the traffic accepted by the interface other than the ICMP and BGP traffic. Each counter is identified by name, and this counter is called incoming-accepted.

Use the show firewall filter command to see the counters. The output is very straightforward, showing how many bytes and packets have matched the final-accept term in the filter.

The second command in this recipe shows how to count unwanted traffic. As a general point, you rarely just reject a firewall term without also either counting the rejections or logging or syslogging it (see Recipe 9.13). Tracking the rejections is useful for documenting abuse of your router, attacks on the router, or even misconfigurations.

As with routing policy, you define firewall filters in a common location in the configuration and then apply them where needed. Designing filters that apply to several interfaces in the router can help minimize your administrative overhead. If you do use the same filter on more than one interface, the packet counts from the two interfaces are stored in the same counter. Use the following configuration command to create separate counters for packets from the different interfaces:

	[edit firewall filter incoming-to-me]
	aviva@RouterF# set interface-specific

Again, use the show firewall filter command to see the counters:

	aviva@RouterF> show firewall filter ?
	Possible completions:
	counter Counter name
	incoming-to-me-fe-0/0/1.0-i
	incoming-to-me-t1-0/0/3.0-i
	aviva@RouterF> show firewall filter incoming-to-me-t1-0/0/3.0-i
	Filter: incoming-to-me-t1-0/0/3.0-i
	Counters:
	Name Bytes Packets
	incoming-accepted-t1-0/0/3.0-i 6474 105

The interface name andi are appended to the filter name to separate the counters into two different buckets.


Router Configuration and File Management

Basic Router Security and Access Control

IPSec

SNMP

Logging

NTP

Router Interfaces

IP Routing

Routing Policy and Firewall Filters

RIP

IS-IS

OSPF

BGP

MPLS

VPNs

IP Multicast



JUNOS Cookbook
Junos Cookbook (Cookbooks (OReilly))
ISBN: 0596100140
EAN: 2147483647
Year: 2007
Pages: 290
Authors: Aviva Garrett

Flylib.com © 2008-2020.
If you may any questions please contact us: flylib@qtcs.net