[j-nsp] juniper m5 and flapping pings
Sabri Berisha
sabri at cluecentral.net
Tue Mar 29 09:20:47 EST 2005
On Tue, Mar 29, 2005 at 01:47:56PM +0100, Boris Mimeur wrote:
Hi,
> I've already experience this kind of behaviour on Juniper routers (not
> too much loaded neither on CPU nor on bandwidth usage).
> If ICMP traffic is low-priority, may you tell us which kind of traffic
> is high-priority and maybe the different priority level within a Juniper ?
> Does JunOS use any of the FreeBSD kernel options like ICMP_BANDLIM or is
> it more complex than that (it makes sense if we consider this is the
> kernel which sends echo request - if you ping from the router - or
> receives echo request - if it's the target of the ping - ) ?
> Following my own results looking like the ones from Florian, it's not
> very obvious to understand when the priority occurs, from my
> understanding it's not rate-limiting, so if it's queueing how does it work ?
A Juniper treats an ICMP packet *transiting* the box the same as all
other traffic (unless some form of policy-policing is applied). A
Juniper has a different way of handling the following packets:
- packets with a destination address which is configured on an interface
which is up and running;
- packets which require a response from the router: ie a packet with a
TTL-value of 1;
- packets with an IP option value set;
These packets are handled, depending on the type of packet by either the
Routing-Engine or the CPU on the control board.
AFAIK does the kernel not support FreeBSD-style ICMP bandwith-limiting.
If you want this, you can create a firewall-filter for this and apply
this to the lo0.0 interface.
Thanks,
Sabri
(who passed the JNCIA exam today :-))
--
Sabri Berisha, - CCNA, JNCIA
Internetworking Professional - +31 (0) 6 19890416
http://www.cluecentral.net - http://www.virt-ix.net
More information about the juniper-nsp
mailing list