[j-nsp] Filter-based forwarding

Stefan Fouant sfouant at gmail.com
Wed Jun 25 10:35:57 EDT 2008


After reading my previous post, I realize it was targeted towards M/T
Series architectures... the J-Series don't have the IPII but do have
the 'fwdd' daemon which is essentially a virtualize PFE (emulating the
ASICs and forwarding hardware which is normally found on the M/T
Series).  This process has been tuned to provide deterministic
performance comparable to that which you would see on the M/T Series
as well... so rest assured if you're planning to run FBF on a J-Series
there should be little performance impact.

Good luck,

Stefan Fouant
Principal Network Engineer
NeuStar, Inc. - http://www.neustar.biz
GPG Key ID: 0xB5E3803D

On Wed, Jun 25, 2008 at 10:22 AM, Stefan Fouant <sfouant at gmail.com> wrote:
> I can't really comment on any anomalies seen when using FBF as I
> haven't seen any, but performance shouldn't be an issue due to the
> Juniper packet forwarding architecture.  The IPII processor was
> designed to make route lookups, forwarding decisions, and firewall
> filtering (amongst other features) at very high speeds and the
> technology has been proven for quite some time now.  The notification
> cells are going to the IPII Processor regardless of whether you've got
> FBF enabled or not, therefore in theory, there really shouldn't be any
> performance impact at all.  The reality is that under certain
> scenarios there might be a very slight performance impact on smaller
> packet sizes (< 128Byes), but that impact is mostly negligible.
>
> There are numerous case-studies as well as independant lab tests which
> confirm it as such and if you do a google search you should be able to
> find ample information to confirm this.
>
> HTHs.
>
> Stefan Fouant
> Principal Network Engineer
> NeuStar, Inc. - http://www.neustar.biz
> GPG Key ID: 0xB5E3803D
>
> On Wed, Jun 25, 2008 at 9:02 AM, Boyd, Benjamin R
> <Benjamin.R.Boyd at windstream.com> wrote:
>> All,
>>
>> I've been toying around in the lab with some implementations of
>> filter-based forwarding
>> (http://www.juniper.net/techpubs/software/junos/junos72/swconfig72-polic
>> y/html/firewall-config33.html) and before I deployed it in production I
>> would like to hear of the successes/failures the community has had with
>> this.  Let me know if you've experienced any traffic slowdown, any
>> anomalies, etc.
>>
>> Thanks,
>> Ben
>>
>>
>> ***************************************************************************************
>>
>> The information contained in this message, including attachments, may contain
>> privileged or confidential information that is intended to be delivered only to the
>> person identified above. If you are not the intended recipient, or the person
>> responsible for delivering this message to the intended recipient, Windstream requests
>> that you immediately notify the sender and asks that you do not read the message or its
>> attachments, and that you delete them without copying or sending them to anyone else.
>>
>> _______________________________________________
>> juniper-nsp mailing list juniper-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>>
>


More information about the juniper-nsp mailing list