[j-nsp] Massive ICMP test. Could it generate problems?
Gary Tate
gtate at juniper.net
Tue Dec 9 10:28:31 EST 2003
Traffic sourced from the RE (Routing Engine) is sent via the control
plain on an internal FastEthernet connection to the PFE (Packet
Forwarding Engine - Internet Processor) and then forwarded via the
forwarding plane.
Running ping tests from the the RE (Routing Engine) will not disturb
the other control traffic as this is prioritized and limited. Routing
control traffic etc takes precedence over ICPM ping traffic sourced
from the RE.
There are queues and limiting of traffic types between the RE and the
PFE in both directions to protect the RE from being overrun by traffic
in the event of DOS attacks etc.
Additional filters and policers can be added between the RE and the PFE
to further protect the system.
There is a publicly available document about security which has a
section detailing "Applying Firewall Filers to the Routing Engine" as
well as other useful security advise at the following location:
http://www.juniper.net/solutions/literature/app_note/350013.pdf
Additional information can be obtained through the Juniper JTAC.
Thanks
Gary
On Dec 9, 2003, at 5:56 AM, mark at glassbil.net wrote:
> Hi,
>
> Still rather new to Juniper and only have a basic knowledge
> over how it works. But i have heard that when im doing massive
> ping test from a Juniper i could disturb "live" traffic. I can´t
> really find a simple answer to what or how this is.
>
> Question:
> Could a massive ping test from a Juniper (M160 in this case) cause
> disturbance in the orignal traffic flow / processes in a M160?
>
> Say you have 4 sessions and running 4 x rapid ping with 5000 bytes.
> Could this overload the RE? Or the bus?
>
> Thanx for any replys.
>
> //Mark
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> http://puck.nether.net/mailman/listinfo/juniper-nsp
>
More information about the juniper-nsp
mailing list