[c-nsp] CEF Scanner eating CPU in Supervisor 720

[Richard A Steenbergen]

On Sat, Jun 24, 2006 at 10:18:33AM +0300, Saku Ytti wrote:
> On (2006-06-23 16:26 -0400), Richard A Steenbergen wrote:
>  
> > No word yet on if it is reduced enough to stop causing latency spikes 
> > every 60 seconds on traceroutes going through the box, thus prompting 
> > stupid customers who have been spoiled by being on Juniper's for the past 
> > 5 years to send in tickets thinking something is "wrong". :)
>  
>  I think JNPR has it's share if issues here, as sending TTL exceeded is 
> capped on very low, unconfigurable number (500pps per PFC, 50pps per
> iface?). Of course as with CSCO, it'll only alarm users who measure
> transit latency, instead of end-to-end latency.

Not sure if the number is quite that low, but sure you can easily exhaust 
the Juniper exception processor CPU and make it generate laggy icmp 
responses (just turn on firewall logging of a few thousand packets/sec). 
But, given reasonable settings that is a rare event in production, as 
opposed to the Cisco "guaranteed to return bad data for several seconds 
out of every every 60 seconds like clockwork" whenever bgp scanner runs.

I would also advise you not to underestimate the number of people who know 
just enough to run MTR and send emails, or worse yet the numer of people 
who will gladly send you a word document containing a bmp screenshot of a 
windows desktop with a cmd.exe window running tracert. :)

-- 
Richard A Steenbergen <ras at e-gerbil.net>       http://www.e-gerbil.net/ras
GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC)