[j-nsp] Massive ICMP test. Could it generate problems?

Gary Tate gtate at juniper.net
Tue Dec 9 10:28:31 EST 2003

Traffic sourced from the RE (Routing Engine) is sent via the control 
plain on an internal FastEthernet connection to the PFE (Packet 
Forwarding Engine - Internet Processor) and then forwarded via the 
forwarding plane.

Running ping tests from the the RE (Routing Engine) will not disturb 
the other control traffic as this is prioritized and limited.  Routing 
control traffic etc takes precedence over ICPM ping traffic sourced 
from the RE.

There are queues and limiting of traffic types between the RE  and the 
PFE in both directions to protect the RE from being overrun by traffic 
in the event of DOS attacks etc.

Additional filters and policers can be added between the RE and the PFE 
to further protect the system.

There is a publicly available document about security which has a 
section detailing "Applying Firewall Filers to the Routing Engine" as 
well as other useful security advise at the following location:


Additional information can be obtained through the Juniper JTAC.

On Dec 9, 2003, at 5:56 AM, mark at glassbil.net wrote:

> Hi,
> Still rather new to Juniper and only have a basic knowledge
> over how it works. But i have heard that when im doing massive
> ping test from a Juniper i could disturb "live" traffic. I can´t
> really find a simple answer to what or how this is.
> Question:
> Could a massive ping test from a Juniper (M160 in this case) cause
> disturbance in the orignal traffic flow / processes in a M160?
> Say you have 4 sessions and running 4 x rapid ping with 5000 bytes.
> Could this overload the RE? Or the bus?
> Thanx for any replys.
> //Mark
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> http://puck.nether.net/mailman/listinfo/juniper-nsp

More information about the juniper-nsp mailing list