[j-nsp] Filter-based forwarding

Boyd, Benjamin R Benjamin.R.Boyd at windstream.com
Wed Jun 25 10:38:52 EDT 2008 

I'm planning on implementing it on an m-series.  I'm fairly certain
there won't be any problems, but it's always better to hear from the
community about any unforeseen problems first :)

-Ben 

-----Original Message-----
From: Stefan Fouant [mailto:sfouant at gmail.com] 
Sent: Wednesday, June 25, 2008 9:36 AM
To: Boyd, Benjamin R
Cc: juniper-nsp at puck.nether.net
Subject: Re: [j-nsp] Filter-based forwarding

After reading my previous post, I realize it was targeted towards M/T
Series architectures... the J-Series don't have the IPII but do have the
'fwdd' daemon which is essentially a virtualize PFE (emulating the ASICs
and forwarding hardware which is normally found on the M/T Series).
This process has been tuned to provide deterministic performance
comparable to that which you would see on the M/T Series as well... so
rest assured if you're planning to run FBF on a J-Series there should be
little performance impact.

Good luck,

Stefan Fouant
Principal Network Engineer
NeuStar, Inc. - http://www.neustar.biz
GPG Key ID: 0xB5E3803D

On Wed, Jun 25, 2008 at 10:22 AM, Stefan Fouant <sfouant at gmail.com>
wrote:
> I can't really comment on any anomalies seen when using FBF as I 
> haven't seen any, but performance shouldn't be an issue due to the 
> Juniper packet forwarding architecture.  The IPII processor was 
> designed to make route lookups, forwarding decisions, and firewall 
> filtering (amongst other features) at very high speeds and the 
> technology has been proven for quite some time now.  The notification 
> cells are going to the IPII Processor regardless of whether you've got

> FBF enabled or not, therefore in theory, there really shouldn't be any

> performance impact at all.  The reality is that under certain 
> scenarios there might be a very slight performance impact on smaller 
> packet sizes (< 128Byes), but that impact is mostly negligible.
>
> There are numerous case-studies as well as independant lab tests which

> confirm it as such and if you do a google search you should be able to

> find ample information to confirm this.
>
> HTHs.
>
> Stefan Fouant
> Principal Network Engineer
> NeuStar, Inc. - http://www.neustar.biz GPG Key ID: 0xB5E3803D
>
> On Wed, Jun 25, 2008 at 9:02 AM, Boyd, Benjamin R 
> <Benjamin.R.Boyd at windstream.com> wrote:
>> All,
>>
>> I've been toying around in the lab with some implementations of 
>> filter-based forwarding 
>> (http://www.juniper.net/techpubs/software/junos/junos72/swconfig72-po
>> lic
>> y/html/firewall-config33.html) and before I deployed it in production

>> I would like to hear of the successes/failures the community has had 
>> with this.  Let me know if you've experienced any traffic slowdown, 
>> any anomalies, etc.
>>
>> Thanks,
>> Ben
>>
>>
>> *********************************************************************
>> ******************
>>
>> The information contained in this message, including attachments, may

>> contain privileged or confidential information that is intended to be

>> delivered only to the person identified above. If you are not the 
>> intended recipient, or the person responsible for delivering this 
>> message to the intended recipient, Windstream requests that you 
>> immediately notify the sender and asks that you do not read the
message or its attachments, and that you delete them without copying or
sending them to anyone else.
>>
>> _______________________________________________
>> juniper-nsp mailing list juniper-nsp at puck.nether.net 
>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>>
>



***************************************************************************************

The information contained in this message, including attachments, may contain 
privileged or confidential information that is intended to be delivered only to the 
person identified above. If you are not the intended recipient, or the person 
responsible for delivering this message to the intended recipient, Windstream requests 
that you immediately notify the sender and asks that you do not read the message or its 
attachments, and that you delete them without copying or sending them to anyone else.

More information about the juniper-nsp mailing list