ACL Filter Policy Overview
478 Router Configuration Guide
Filter Policy Statistics
Filter policies support per-entry, packet/Byte match statistics. The cumulative matched
packet/Byte counters are available per ingress and per egress direction. Every packet arriving
on an interface/service/subscriber using a filter policy increments ingress or egress (as
applicable) matched packet/Byte count for a filter entry the packet matches (if any) on the
line card the packet ingresses/egresses. For each policy, the counters for all entries are
collected from all line cards, summed up and made available to an operator.
Starting with SR OS Release 11.0 R4, filter policies applied on access interfaces are
downloaded only when active and only to line cards that have interfaces associated with those
filter policies. If a filter policy is not downloaded to any line card, the statistics show 0 (zero).
If a filter policy is being removed from any of the line cards the policy is currently
downloaded to (as result of association change or when a filter becomes inactive), the
statistics for the filter are reset to 0 (zero). Downloading a filter policy to a new line card
keeps incrementing existing statistics.
Starting with SR OS Release 13.0R4, filter policies support bulk requests CPM cache for
policy interfaces created entries. The cache is periodically refreshed through a background
collection of counters from hardware. The counters are also refreshed when the ACL entry
corresponding to the cache entry has statistics read from hardware through any direct-read
from hardware mechanism. If a cache entry represents an entry for an ACL filter policy not
Table 43: Default behavior when a PBR/PBF target is down
PBR/PBF action Default behavior when down
forward esi (any type) Forward
forward lsp Forward
forward next-hop (any type) Drop
forward redirect-policy Forward when redirect policy is shutdown
forward redirect-policy Forward - when destination tests are enabled and the
best destination is not reachable
forward redirect-policy Drop - when destination tests are not enabled and the
best destination is not reachable
forward sap Drop
forward sdp Drop
forward router Drop
To Next Page
Loading...
