Example: Computation of the Threshold Value by Using Interface and Policy Counters for the Detection of Corruption in the FPGA Statistics

The difference between interface and policy counters retrieved and computed during two consecutive polling intervals is compared with the configured threshold value. In the following examples, the differential value is zero, which signifies that no corruption is identified in the statistics. If the differential value is greater than or equal to the threshold value, corruption is detected.

The packets that do not match any of the classifier rules configured within a policy are considered as part of a default classifier control list. To avoid discrepancies in the calculated interface counters and policy counters, a default classifier group should be added to the policy so that no traffic remains unaccounted.

The following sections describe sample computations of the differences between interface and policy counters for ingress and egress packets.

Statistics Calculation for Incoming Packets

The following example describes how the difference between interface and policy counters for traffic arriving at an interface to which policies are applied is calculated:

Ingress Interface Packet Counter = In Received Packets = 775,132

Ingress Policy Packet Counter = Sum of Ingress Policy Counters = 0 + 1000 + 774,132 = 775,132

Difference between ingress policy and interface counters as numbers of packets = {(Ingress Interface Packet Counter – Ingress Policy Packet Counter) } = {(775,132 – 775,132)} = 0

The difference in counter values is 0. That means no corruption has occurred.

Ingress Interface Byte Counter = In Received Bytes = 155,026,400

Ingress Policy Byte Counter = Sum of Ingress Policy Bytes – (Ingress Policy Packet Counter x Extra Header)

The inbound policy byte counter contains an extra header of 10 bytes (PPP + L2TP).

Ingress Policy Byte Counter = 210,000 + 162,567,720 – (775,132 x 10) = 155,026,400

Difference between ingress policy and interface counters as numbers of bytes = ([Ingress Interface Byte Counter] – [Ingress Policy Byte Counter]) = ([155,026,400] – [155,026,400]) = 0

The difference in counter values is 0. That means no corruption has occurred.

Statistics Calculation for Outgoing Packets

The following example describes how the difference between interface and policy counters for traffic being forwarded from an interface and for which policies are applied is calculated:

Egress Interface Packet Counter = Out Forwarded Packets = 775,140

Egress Policy Packet Counter = Sum of Egress Policy Counter – Out Policed Packets

Egress Policy Packet Counter = (774,140 + 1000) – 0 = 775,140

Difference between egress policy and interface counters as numbers of packets = ([Egress Interface Packet Counter – Egress Policy Packet Counter]) = ([775,140] – [775,140]) = 0

The difference in counter values is 0. That means no corruption has occurred.

Egress Interface Byte Counter = Out Forwarded Bytes = 184,483,320

Egress Policy Byte Counter = (Sum of Egress Policy Bytes) – (Egress Policy Packet counter x Extra Header) – (Out Policed Bytes)

The outbound policy byte counter contains an extra header of 38 bytes (headers for IP, UDP, PPP, and L2TP).

Egress Policy Byte Counter = (213,662,640 + 276,000) – (775,140 x 38) – 0 = 184,483,320

Difference between egress policy and interface counters as numbers of bytes = ([Egress Interface Byte Counter] – [Egress Policy Byte Counter]) = ([184,483,320] – [184,483,320]) = 0

The difference in counter values is 0. That means no corruption has occurred.