Configuring Interface-Specific Counters

When you configure a firewall filter that is applied to multiple interfaces, you can name individual counters specific to each interface. These counters enable you to easily maintain statistics on the traffic transiting the different interfaces.

NOTE: Configuration of interface-specific counters also creates separate instances of any policers you have configured for the same interface. For more information about policers, see Policer Configuration.

To configure interface-specific counters, include the interface-specific statement at the [edit firewall family family-name filter filter-name] hierarchy level:

[edit firewall family family-name filter filter-name]

interface-specific;

 


   
NOTE: The counter name is restricted to 24 bytes. If the renamed counter exceeds this maximum length, the policy framework software might reject it.


 

Example: Configuring Interface-Specific Counters

Configure an interface-specific counter:

[edit firewall]

    family inet {

        filter test {

            interface-specific;

            term 1 {

                from {

                    address {

                        10.0.0.0/12;

                    }

                    protocol tcp;

                }

                then {

                    count sample1;

                    accept;

                }

            }

        }

    }

}

When you apply this filter to the input interface of at-1/1/1.0 and the output interface of so-2/2/2.2, the counters are named sample1-at-1/1/1.0-i and sample1-so-2/2/2/.2-o. The suffixes -i (input) and -o (output) are added to the counter names automatically.

The JUNOS software does not sample packets originating from the router. If you configure a sampling filter and apply it to the output side of an interface, then only the transit packets going through that interface are sampled. Packets that are sent from the Routing Engine to the Packet Forwarding Engine are not sampled.