Monitoring Interface Bandwidth Utilization on a NetScreen Firewall

From the web-based GUI on a NetScreen firewall/router, such as the NetScreen 5GT, you can check the bandwidth utilization by clicking on Reports then selecting Interface Bandwidth.

Bandwidth utilization - traffic shaping 
off

On the above screen shot, the total utilized bandwidth for all interfaces is 0 Kbps. You will see zero utilization unless you turn traffic shaping on You don't actually need to "shape" the network traffic by giving preference to some traffic over other traffic, but you need to enable traffic shaping to see the bandwidth being used through this report.

From a command line interface (CLI), which you can get from an SSH connection to the firewall, you can use the get traffic-shaping interface command to see the configured and real bandwidth for an interface. The options for the command are shown below:

ns5gt-> get traffic-shaping ?
>                    redirect output
|                    match output
*lt;return>
dscp-class-selector  dscp class selector behavior
interface            traffic shaping info for an interface
ip_precedence        priority to IP precedence (TOS) mapping
mode                 traffic shaping mode

Example output from a Netscreen 5GT device is shown below:

ns5gt-> get traffic-shaping interface
v1-trust: physical bw=0kbps, config bw=0kbps, real bw=0kbps
  total configured gbw=0kbps, total allocated gbw=0kbps
v1-untrust: physical bw=0kbps, config bw=0kbps, real bw=0kbps
  total configured gbw=0kbps, total allocated gbw=0kbps
trust: physical bw=100000kbps, config bw=100000kbps, real bw=0kbps
  total configured gbw=0kbps, total allocated gbw=0kbps
untrust: physical bw=100000kbps, config bw=100000kbps, real bw=0kbps
  total configured gbw=0kbps, total allocated gbw=0kbps
serial: physical bw=92kbps, config bw=0kbps, real bw=0kbps
  total configured gbw=0kbps, total allocated gbw=0kbps

In the above example, the interface on the firewall is 100,000 Kbs, i.e., 100 Mbs for the trust and untrust interfaces, which are the Internet-facing and LAN-facing interfaces respectively on the firewall. The above example shows results when traffic shaping isn't enabled. You can use the set traffic-shaping command to configure traffic shaping and thus be able to use the Interface Bandwidth report to monitor traffic through the firewall/router. To see available options for the command, you can use set traffic-shaping ?.

ns5gt-> set traffic-shaping ?
dscp-class-selector  clear dscp class selector
ip_precedence        priority to IP precedence (TOS) mapping
mode                 traffic shaping mode
ns5gt-> set traffic-shaping mode ?
auto                 automatically turn on/off traffic shaping
off                  turn off traffic shaping

To enable traffic shaping and thus be able to monitor the bandwidth through the Interface Bandwidth report available through the web-based management interface or via the CLI using the get traffic-shaping interface command, use the command set traffic-shaping mode on .

ns5gt-> set traffic-shaping mode on

When traffic shaping is on, the Interface Bandwidth report will show the total utilized bandwidth on each interface as shown below.

Bandwidth utilization - traffic shaping 
on

And the command get traffic-shaping interface will also display the bandwidth being used as shown below.

oreilly.com - Your tech ebook super store
ns5gt-> get traffic-shaping interface
v1-trust: physical bw=0kbps, config bw=0kbps, real bw=0kbps
  total configured gbw=0kbps, total allocated gbw=0kbps
v1-untrust: physical bw=0kbps, config bw=0kbps, real bw=0kbps
  total configured gbw=0kbps, total allocated gbw=0kbps
trust: physical bw=100000kbps, config bw=100000kbps, real bw=48kbps
  total configured gbw=0kbps, total allocated gbw=0kbps
untrust: physical bw=100000kbps, config bw=100000kbps, real bw=3657kbps
  total configured gbw=0kbps, total allocated gbw=0kbps
serial: physical bw=92kbps, config bw=0kbps, real bw=0kbps
  total configured gbw=0kbps, total allocated gbw=0kbps

If you wish to see only the bandwidth being used on a particular interface, e.g., the "untrust" interface, you can specify that interface at the end of the command as shown below where the traffic on that interface is about 4 Mbs.

O'Reilly 50% Ebook Deal of the Day
ns5gt-> get traffic-shaping interface untrust
untrust: physical bw=100000kbps, config bw=100000kbps, real bw=3755kbps
  total configured gbw=0kbps, total allocated gbw=0kbps

References:

  1. [ScreenOS] Monitoring the interface bandwidth
    Knowledge Base ID: KB4248
    Last Updated: 17 Dec 2012
    Version: 10.0
    Juniper Networks - Knowledge Base

 

TechRabbit ad 300x250 newegg.com

Justdeals Daily Electronics Deals1x1 px

Valid HTML 4.01 Transitional

Created: Wednesday May 13, 2015