ScreenOS Firewalls (NOT SRX)
Reply
Visitor
benqlk
Posts: 8
Registered: ‎11-29-2010
0

NS5200 can't monitor interfaces if the interfaces have sub-interfaces

HI,ALL:smileysurprised:

          Someone can help me ? NS5200 can't monitor some interfaces if the interfaces have sub-interfaces,can i use some command to find out OID about sub-interfaces?

Distinguished Expert
spuluka
Posts: 2,808
Registered: ‎03-30-2009
0

Re: NS5200 can't monitor interfaces if the interfaces have sub-interfaces

See this previous discussion.  The answer is on ASIC based platforms you can't.  On cpu flow platforms you can get the oid from the netscreen mib.  I can't find the spec architecture but I believe the NS series have the ASIC.

 

http://forums.juniper.net/t5/ScreenOS-Firewalls-NOT-SRX/oid-for-subinterfaces/m-p/2717#M1119

 


I asked JTAC and this is the response I got:

The RFC MIBs will respond back with hardware counter statistics that will correlate to a GET COUNTER STAT command. The Netscreen Private MIBS will return Flow statistics. The flow counters will only show traffic that passed the CPU. On an ASIC based system such as the ISG-1000 this will cause a difference in the numbers as most traffic will not pass through the CPU but be processed by the ASIC. Traffic that would pass by the CPU would be first packets, ICMP traffic, ALG traffic such as SQL H323, or packets needing fragmentation. The Netscreen MIB counters should match the GET COUNTER FLOW statistics.

As the SSG5 does not use an ASIC chip all traffic would pass by the CPU and the numbers would not match as you noted.

 

So everything is actually working as intended...

... and there's no way to monitor subinterface traffic on aggregate interfaces on ASIC platforms. 



Steve Puluka BSEET
Juniper Ambassador
Expert Network Security Engineer - UPMC Pittsburgh, PA
JNCIA-ER JNCIA-EX JNCIS-SEC JNCIP-SEC
JNCIS-FWV JNCIS-SSL
ACE PanOS 6
MCP - Managing Server 2003 MCP - Windows XP Professional
MCTS Windows 7
http://puluka.com/home
Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.