[j-nsp] Massive ICMP test. Could it generate problems?

mark at glassbil.net mark at glassbil.net
Tue Dec 9 11:24:47 EST 2003


Ok,

This was what i have been told.

But doens´t every "ping" from a Juniper cause a CPU interrupt? And this
will force it to respond and hence occupy cpu time? So in theory you could
disturb the Juniper (depending on CPU load) if you generate to mutch
traffic troght the RE/CPU or is this controlled by limiting the process of
ICMP?

My worry is that if several people is logged in to the M160 doing massive
ping tests at the same time it will cause problems with the Juniper.

Best Regards
Mark



> Traffic sourced from the RE (Routing Engine) is sent via the control
> plain on an internal FastEthernet connection to the PFE (Packet
> Forwarding Engine - Internet Processor) and then forwarded via the
> forwarding plane.
>
> Running ping tests from the the RE (Routing Engine) will not disturb
> the other control traffic as this is prioritized and limited.  Routing
> control traffic etc takes precedence over ICPM ping traffic sourced
> from the RE.
>
> There are queues and limiting of traffic types between the RE  and the
> PFE in both directions to protect the RE from being overrun by traffic
> in the event of DOS attacks etc.
>
> Additional filters and policers can be added between the RE and the PFE
> to further protect the system.
>
> There is a publicly available document about security which has a
> section detailing "Applying Firewall Filers to the Routing Engine" as
> well as other useful security advise at the following location:
>
> http://www.juniper.net/solutions/literature/app_note/350013.pdf
>
> Additional information can be obtained through the Juniper JTAC.
> Thanks
> Gary
>
> On Dec 9, 2003, at 5:56 AM, mark at glassbil.net wrote:
>
>> Hi,
>>
>> Still rather new to Juniper and only have a basic knowledge
>> over how it works. But i have heard that when im doing massive
>> ping test from a Juniper i could disturb "live" traffic. I can´t
>> really find a simple answer to what or how this is.
>>
>> Question:
>> Could a massive ping test from a Juniper (M160 in this case) cause
>> disturbance in the orignal traffic flow / processes in a M160?
>>
>> Say you have 4 sessions and running 4 x rapid ping with 5000 bytes.
>> Could this overload the RE? Or the bus?
>>
>> Thanx for any replys.
>>
>> //Mark
>>
>> _______________________________________________
>> juniper-nsp mailing list juniper-nsp at puck.nether.net
>> http://puck.nether.net/mailman/listinfo/juniper-nsp
>>
>
>



More information about the juniper-nsp mailing list