[j-nsp] Massive ICMP test. Could it generate problems?

Scotty scott at replicenter.com
Tue Dec 9 10:50:49 EST 2003


hmm So,

What are the Default filters?  If i remember I saw something on this
list saying 50pps on an m20 with SSB-E to the RE, yet this security doc
is limiting to 500kpps..  that doesnt make sense.  Wont the built-in
filter take over first?  Also when is this filter applied?  Only to
packets destined to the lo address or any icmp to any interface with a
real ip?

I'm asking cause Im seeing alot of throttled icmps..

scott at bdr1> show pfe statistics ip icmp
{snip}
ICMP Errors:
{snip}
           0 bad input interface
     6984689 throttled icmps
           0 runts

What condition causes throttled icmps?

-Scotty

On Tue, 2003-12-09 at 10:28, Gary Tate wrote:
> Traffic sourced from the RE (Routing Engine) is sent via the control 
> plain on an internal FastEthernet connection to the PFE (Packet 
> Forwarding Engine - Internet Processor) and then forwarded via the 
> forwarding plane.
> 
> Running ping tests from the the RE (Routing Engine) will not disturb 
> the other control traffic as this is prioritized and limited.  Routing 
> control traffic etc takes precedence over ICPM ping traffic sourced 
> from the RE.
> 
> There are queues and limiting of traffic types between the RE  and the 
> PFE in both directions to protect the RE from being overrun by traffic 
> in the event of DOS attacks etc.
> 
> Additional filters and policers can be added between the RE and the PFE 
> to further protect the system.
> 
> There is a publicly available document about security which has a 
> section detailing "Applying Firewall Filers to the Routing Engine" as 
> well as other useful security advise at the following location:
> 
> http://www.juniper.net/solutions/literature/app_note/350013.pdf
> 
> Additional information can be obtained through the Juniper JTAC.
> Thanks
> Gary
> 
> On Dec 9, 2003, at 5:56 AM, mark at glassbil.net wrote:
> 
> > Hi,
> >
> > Still rather new to Juniper and only have a basic knowledge
> > over how it works. But i have heard that when im doing massive
> > ping test from a Juniper i could disturb "live" traffic. I can´t
> > really find a simple answer to what or how this is.
> >
> > Question:
> > Could a massive ping test from a Juniper (M160 in this case) cause
> > disturbance in the orignal traffic flow / processes in a M160?
> >
> > Say you have 4 sessions and running 4 x rapid ping with 5000 bytes.
> > Could this overload the RE? Or the bus?
> >
> > Thanx for any replys.
> >
> > //Mark
> >
> > _______________________________________________
> > juniper-nsp mailing list juniper-nsp at puck.nether.net
> > http://puck.nether.net/mailman/listinfo/juniper-nsp
> >
> 
> 
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> http://puck.nether.net/mailman/listinfo/juniper-nsp
> 



More information about the juniper-nsp mailing list