[j-nsp] Massive ICMP test. Could it generate problems?
Scotty
scott at replicenter.com
Tue Dec 9 10:50:49 EST 2003
hmm So,
What are the Default filters? If i remember I saw something on this
list saying 50pps on an m20 with SSB-E to the RE, yet this security doc
is limiting to 500kpps.. that doesnt make sense. Wont the built-in
filter take over first? Also when is this filter applied? Only to
packets destined to the lo address or any icmp to any interface with a
real ip?
I'm asking cause Im seeing alot of throttled icmps..
scott at bdr1> show pfe statistics ip icmp
{snip}
ICMP Errors:
{snip}
0 bad input interface
6984689 throttled icmps
0 runts
What condition causes throttled icmps?
-Scotty
On Tue, 2003-12-09 at 10:28, Gary Tate wrote:
> Traffic sourced from the RE (Routing Engine) is sent via the control
> plain on an internal FastEthernet connection to the PFE (Packet
> Forwarding Engine - Internet Processor) and then forwarded via the
> forwarding plane.
>
> Running ping tests from the the RE (Routing Engine) will not disturb
> the other control traffic as this is prioritized and limited. Routing
> control traffic etc takes precedence over ICPM ping traffic sourced
> from the RE.
>
> There are queues and limiting of traffic types between the RE and the
> PFE in both directions to protect the RE from being overrun by traffic
> in the event of DOS attacks etc.
>
> Additional filters and policers can be added between the RE and the PFE
> to further protect the system.
>
> There is a publicly available document about security which has a
> section detailing "Applying Firewall Filers to the Routing Engine" as
> well as other useful security advise at the following location:
>
> http://www.juniper.net/solutions/literature/app_note/350013.pdf
>
> Additional information can be obtained through the Juniper JTAC.
> Thanks
> Gary
>
> On Dec 9, 2003, at 5:56 AM, mark at glassbil.net wrote:
>
> > Hi,
> >
> > Still rather new to Juniper and only have a basic knowledge
> > over how it works. But i have heard that when im doing massive
> > ping test from a Juniper i could disturb "live" traffic. I can´t
> > really find a simple answer to what or how this is.
> >
> > Question:
> > Could a massive ping test from a Juniper (M160 in this case) cause
> > disturbance in the orignal traffic flow / processes in a M160?
> >
> > Say you have 4 sessions and running 4 x rapid ping with 5000 bytes.
> > Could this overload the RE? Or the bus?
> >
> > Thanx for any replys.
> >
> > //Mark
> >
> > _______________________________________________
> > juniper-nsp mailing list juniper-nsp at puck.nether.net
> > http://puck.nether.net/mailman/listinfo/juniper-nsp
> >
>
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> http://puck.nether.net/mailman/listinfo/juniper-nsp
>
More information about the juniper-nsp
mailing list