[j-nsp] uRPF - Performance (fwd)

Rubens Kuhl Jr. rubens at email.com
Thu Jun 26 00:58:22 EDT 2003


Although it's the same IP2, M40e has twice the FPCs of the M20 I've tested
(8 vs 4). Also, FPCs for the M40e comes in two flavors: FPC1 and FPC2, and
they are both different from the M20 FPC (used on the M40)... JunOS version
may also be different.


Rubens


----- Original Message ----- 
From: "Igor Gashinsky" <igor at nullrouteit.net>
To: <juniper-nsp at puck.nether.net>
Sent: Wednesday, June 25, 2003 7:03 PM
Subject: Re: [j-nsp] uRPF - Performance (fwd)


| We have conducted tests that show that with very heavy firewall filters
| (3000 terms ingress and egress, lotsa layer4 ops, port ranges, etc), you
| will get 22.4M pps, not 12.5. If you are getting 12.5, then your line
| cards aren't well distributed on the FPC's to assure that packets will
| always egress out all FPCs (statistical varience due to the stipe-write
| of jcells to all FPCs).
|
| The test was on an M40e, but it's the same IP2.
|
| -igor
|
| On
| Tue, 24 Jun 2003, Rubens Kuhl Jr. wrote:
|
| >
| > There is a performance drop from 40Mpps to 12.5Mpps when use anything
other
| > than standard plain routing... if you have a firewall-filter configured,
it
| > already has such a penalty in place.Although it's 125 times your peak
| > traffic flow, you should consider the peak traffic that a DoS attack can
| > generate on the router, not your usual traffic. Even than, it's very
| > unlikely that usual configurations of M-5, M-10 and M-20 interfaces can
sum
| > up to that amount.
| >
| >
| >
| > Rubens
| >
| >
| > ----- Original Message ----- 
| > From: <Jack.W.Parks at alltel.com>
| > To: <juniper-nsp at puck.nether.net>
| > Sent: Monday, June 23, 2003 2:25 PM
| > Subject: [j-nsp] uRPF - Performance
| >
| >
| > | We are looking to enable uRPF on our M-series routers (M20's and
below).
| > | The benefits of enabling this feature are obvious, but the unknown
side
| > | effects are what I'm concerned about.  What performance impact could I
| > | expect by enabling uRPF at a peak traffic flow of 100k pps/600Mbps?
| > |
| > | Has anyone enabled uRPF on their network and do you have any lessoned
| > | learned?  I would like to iron out the quirks prior to deployment.
| > |
| > | Jack W. Parks IV
| > | Sr. Network Engineer
| > | ALLTEL Communications
| > | jack.w.parks at alltel.com
| > | Work: 501-905-5961
| > | Cell: 501-680-3341
| > |
| > | _______________________________________________
| > | juniper-nsp mailing list juniper-nsp at puck.nether.net
| > | http://puck.nether.net/mailman/listinfo/juniper-nsp
| > |
| > |
| >
| >
| > _______________________________________________
| > juniper-nsp mailing list juniper-nsp at puck.nether.net
| > http://puck.nether.net/mailman/listinfo/juniper-nsp
| >
|
|
| _______________________________________________
| juniper-nsp mailing list juniper-nsp at puck.nether.net
| http://puck.nether.net/mailman/listinfo/juniper-nsp
|




More information about the juniper-nsp mailing list