If I remember correctly, if you specify both 'log' and 'discard', it'll
show up as 'pfe', because the 'discard' happens before the logging
mechanism has a chance to figure out what filter ruleset is discarding
it (for performance reasons). If you do 'reject' and 'log', it should
show up as a filter-list. If you're trying to squelch a high-traffic
DoS or somesuch, stick with discard (you might even want to ditch the
'log')
pfe stands for packet forwarding engine, also known as the ssb/ssb2
note: i could be horribly wrong.
±è Á¾¿ø wrote:
> Hi! Juniper folks.
>
> This is knight .
>
> I have a question about pfe hardware filter .
>
> I have applied some filter at our juniper router interfaces and check a
> filter log.
>
> When i check a filter log , i see a pfe as follow.
>
> Time Filter A Interface Pro Source address Destination
> address
> 13:24:41 pfe R fe-3/2/0.0 ICM xxx.xxx.183.54 xxx.xxx.32.69:744
> 13:08:16 pfe R t3-0/3/1.0 TCP xxx.xxx.211.19
> xxx.xxx.183.59:12345
> 13:08:13 pfe R t3-0/3/1.0 TCP xxx.xxx.211.19
> xxx.xxx.183.59:12345
> 13:08:01 pfe R t3-0/3/1.0 TCP xxx.xxx.211.19
> xxx.xxx.183.56:12345
> 13:07:58 pfe R t3-0/3/1.0 TCP xxx.xxx.211.19
> xxx.xxx.183.56:12345
> 12:50:42 pfe R t3-0/3/1.0 TCP xxx.xxx.235.210
> xxx.xxx.183.59:12345
> 12:50:39 pfe R t3-0/3/1.0 TCP xxx.xxx.235.210
> xxx.xxx.183.59:12345
>
> I have heard that pfe means pfe hardware filter , but i can't find
> any info about it in juniper homepage.
>
> Would you let me know how does pfe hardware filter act ?
>
> Any comments will be appreciated .
>
> Regards,
>
>
>
> /Jongwon Kim e-mail:knight@npix.net
> Network Manager Office:+82-2-571-0611
> IBR, Inc. Mobile:+82-16-332-5902
>
-- nicholas harteau nrh@ikami.com
This archive was generated by hypermail 2b29 : Mon Aug 05 2002 - 10:42:40 EDT