[j-nsp] Filter-based forwarding
Stefan Fouant
sfouant at gmail.com
Wed Jun 25 10:22:12 EDT 2008
I can't really comment on any anomalies seen when using FBF as I
haven't seen any, but performance shouldn't be an issue due to the
Juniper packet forwarding architecture. The IPII processor was
designed to make route lookups, forwarding decisions, and firewall
filtering (amongst other features) at very high speeds and the
technology has been proven for quite some time now. The notification
cells are going to the IPII Processor regardless of whether you've got
FBF enabled or not, therefore in theory, there really shouldn't be any
performance impact at all. The reality is that under certain
scenarios there might be a very slight performance impact on smaller
packet sizes (< 128Byes), but that impact is mostly negligible.
There are numerous case-studies as well as independant lab tests which
confirm it as such and if you do a google search you should be able to
find ample information to confirm this.
HTHs.
Stefan Fouant
Principal Network Engineer
NeuStar, Inc. - http://www.neustar.biz
GPG Key ID: 0xB5E3803D
On Wed, Jun 25, 2008 at 9:02 AM, Boyd, Benjamin R
<Benjamin.R.Boyd at windstream.com> wrote:
> All,
>
> I've been toying around in the lab with some implementations of
> filter-based forwarding
> (http://www.juniper.net/techpubs/software/junos/junos72/swconfig72-polic
> y/html/firewall-config33.html) and before I deployed it in production I
> would like to hear of the successes/failures the community has had with
> this. Let me know if you've experienced any traffic slowdown, any
> anomalies, etc.
>
> Thanks,
> Ben
>
>
> ***************************************************************************************
>
> The information contained in this message, including attachments, may contain
> privileged or confidential information that is intended to be delivered only to the
> person identified above. If you are not the intended recipient, or the person
> responsible for delivering this message to the intended recipient, Windstream requests
> that you immediately notify the sender and asks that you do not read the message or its
> attachments, and that you delete them without copying or sending them to anyone else.
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
More information about the juniper-nsp
mailing list