meter doesn't work for me
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎07-26-2016 12:59 PM
Hi,
On summmit X670-48x with 15.5.4.2 v1554b2-patch1-5 I have problem with meter, i try to limit icmp traffic but looks that ingress shaper doesn't work.
i see packets on counter icmp but i don't see any dropped packets. After the switch, on router, i also see all packets, nothing was dropped..
test:
ping 192.168.65.23 -i 0.0001 -c 100000
Here is my config
entry 1 {
if {
protocol icmp;
destination-address 192.168.65.23/32 ;
} then {
# deny ;
# permit ;
count icmp;
meter meter_10_K;
}
}
configure access-list icmp_drop ports 25 ingress
create meter meter_10_K
configure meter meter_10_K committed-rate 10 Kbps out-actions drop
create meter meter_100_K
configure meter meter_100_K committed-rate 100 Kbps out-actions drop
Summit1.27 # show access-list counter ports 25 ingressPolicy Name Vlan Name Port Direction
Counter Name Packet Count Byte Count
==================================================================
icmp_drop * 25 ingress
icmp 18981
Summit1.26 # show access-list meter ports 25 ingressPolicy Name Vlan Name Port
Committed Max Burst Out-of-Profile Out-of-Profile
Meter Rate (Kbps) Size (K) Action DSCP Packet Count
===============================================================================
icmp_drop * 25
meter_10_K 10 Max Drop 0
Thanks for any help or advice
On summmit X670-48x with 15.5.4.2 v1554b2-patch1-5 I have problem with meter, i try to limit icmp traffic but looks that ingress shaper doesn't work.
i see packets on counter icmp but i don't see any dropped packets. After the switch, on router, i also see all packets, nothing was dropped..
test:
ping 192.168.65.23 -i 0.0001 -c 100000
Here is my config
entry 1 {
if {
protocol icmp;
destination-address 192.168.65.23/32 ;
} then {
# deny ;
# permit ;
count icmp;
meter meter_10_K;
}
}
configure access-list icmp_drop ports 25 ingress
create meter meter_10_K
configure meter meter_10_K committed-rate 10 Kbps out-actions drop
create meter meter_100_K
configure meter meter_100_K committed-rate 100 Kbps out-actions drop
Summit1.27 # show access-list counter ports 25 ingressPolicy Name Vlan Name Port Direction
Counter Name Packet Count Byte Count
==================================================================
icmp_drop * 25 ingress
icmp 18981
Summit1.26 # show access-list meter ports 25 ingressPolicy Name Vlan Name Port
Committed Max Burst Out-of-Profile Out-of-Profile
Meter Rate (Kbps) Size (K) Action DSCP Packet Count
===============================================================================
icmp_drop * 25
meter_10_K 10 Max Drop 0
Thanks for any help or advice
9 REPLIES 9
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎08-02-2016 11:16 AM
It's not a bug. there are 2 kinds of meters: defined by user and 15 predefined in system.
Traps, logs and port disable work only with predefined meter.
# show configuration | include meterconfigure meter ingmeter0 committed-rate 10 Pps max-burst-size 1 packets out-actions drop log trap ports 11
entry 1 {
if match all {
protocol udp ;
}
then {
count icmp_udp ;
meter ingmeter0 ;
log ;
}
}
Traps, logs and port disable work only with predefined meter.
# show configuration | include meterconfigure meter ingmeter0 committed-rate 10 Pps max-burst-size 1 packets out-actions drop log trap ports 11
entry 1 {
if match all {
protocol udp ;
}
then {
count icmp_udp ;
meter ingmeter0 ;
log ;
}
}
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎08-02-2016 08:48 AM
now i have xos 16.1.3.6 patch1-8 on some test summit670 and some problem with this snmptrap. I have tried to set trap action in acl in global meter configuration but without success
# configure meter meter_1_K committed-rate 10 Pps max-burst-size 1 packets out-actions drop trap
Software actions (log, trap, disable port) are not supported for global meters
8 # configure meter meter_1_K committed-rate 10 Pps max-burst-size 1 packets out-actions drop trap log ports "group_port_11"
Software actions (log, trap, disable port) are not supported for global meters
i tried using acl but also failed.
entry 1 {
if match all {
protocol udp ;
# destination-address 192.168.65.23/32 ;
}
then {
count icmp_udp ;
meter meter_1_K ;
log ;
trap ;
}
}
# refresh policy "icmp_drop"
Error: Was not able to refresh policy icmp_drop Line 11 : "trap" is not a valid attribute
I can set snmp trap only broadcast flood on ingress port
# show configuration | include trap
configure port "group_port_11" rate-limit flood broadcast 100 out-actions log trap
Can i use snmptrap with meter ? How i can set "no global" action ? I'm doing something wrong or it's just a bug ?
thanks for help
# configure meter meter_1_K committed-rate 10 Pps max-burst-size 1 packets out-actions drop trap
Software actions (log, trap, disable port) are not supported for global meters
8 # configure meter meter_1_K committed-rate 10 Pps max-burst-size 1 packets out-actions drop trap log ports "group_port_11"
Software actions (log, trap, disable port) are not supported for global meters
i tried using acl but also failed.
entry 1 {
if match all {
protocol udp ;
# destination-address 192.168.65.23/32 ;
}
then {
count icmp_udp ;
meter meter_1_K ;
log ;
trap ;
}
}
# refresh policy "icmp_drop"
Error: Was not able to refresh policy icmp_drop Line 11 : "trap" is not a valid attribute
I can set snmp trap only broadcast flood on ingress port
# show configuration | include trap
configure port "group_port_11" rate-limit flood broadcast 100 out-actions log trap
Can i use snmptrap with meter ? How i can set "no global" action ? I'm doing something wrong or it's just a bug ?
thanks for help
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎07-29-2016 02:26 PM
Hi Pedro, you are correct.
I forgot to mention that the trap option was introduced in EXOS 16.1, sorry about that.
I forgot to mention that the trap option was introduced in EXOS 16.1, sorry about that.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎07-29-2016 02:20 PM
Hi,
How you can get trap parameter ? Maybe in 16.x xos ? For now i have only 15.5.4.2
i try
Summit1.27 # configure meter meter_1_M committed-rate 1000 Kbps max-burst-size 2 Kb out-actions drop trap
^%% Invalid input detected at '^' marker.
In acl i also can't use snmtrap
entry 1 {if {
protocol udp;
destination-address 192.168.65.23/32 ;
} then {
# deny ;
# permit ;
count icmp_udp;
meter meter_10_K;
snmptrap 123 "Traffic icmp_drop entry 1 exceeds threshold";
}
}
Line 11 : Statements from Access Control List applicaton line 10 cannot be mixed with statements from Clear Flow application.
How you can get trap parameter ? Maybe in 16.x xos ? For now i have only 15.5.4.2
i try
Summit1.27 # configure meter meter_1_M committed-rate 1000 Kbps max-burst-size 2 Kb out-actions drop trap
^%% Invalid input detected at '^' marker.
In acl i also can't use snmtrap
entry 1 {if {
protocol udp;
destination-address 192.168.65.23/32 ;
} then {
# deny ;
# permit ;
count icmp_udp;
meter meter_10_K;
snmptrap 123 "Traffic icmp_drop entry 1 exceeds threshold";
}
}
Line 11 : Statements from Access Control List applicaton line 10 cannot be mixed with statements from Clear Flow application.
