[j-nsp] Stealing from MX firewall jtree space
Richard A Steenbergen
ras at e-gerbil.net
Wed Dec 16 14:26:55 EST 2009
Anybody know the command on MX to steal unused memory from the firewall
rldram segment to use it for routing data? I remember reading about
this, I just can't remember the actual command. Last night I was trying
to fire up a routing-instance and it ran out of fib memory much sooner
than I expected, at around 750k routes total:
Dec 16 07:42:14.831 re1.xxx.xxxx fpc3 RSMON: %PFE-4: Resource
Category:jtree Instance:jtree2-seg0 Type:free-dwords Available:104576
is less than LWM limit:104857, rsmon_syslog_limit()
With a main and logical-system each holding full v4/v6 routing tables it
seems to have less than 4MB free on segment 0, but plenty left available
in segment 1.
ADPC3(re1.xxx.xxxx vty)# sh jtree 0 memory
Jtree memory segment 0 (Context: 0x4430cfe0)
-------------------------------------------
Memory Statistics:
16777216 bytes total
10233192 bytes used
6539472 bytes available (3949056 bytes from free pages)
4032 bytes wasted
520 bytes unusable
32768 pages total
17138 pages used (2574 pages used in page alloc)
7917 pages partially used
7713 pages free (max contiguous = 693)
Jtree memory segment 1 (Context: 0x4438ec20)
-------------------------------------------
Memory Statistics:
16777216 bytes total
4611728 bytes used
12162792 bytes available (12161024 bytes from free pages)
2664 bytes wasted
32 bytes unusable
32768 pages total
9007 pages used (9005 pages used in page alloc)
9 pages partially used
23752 pages free (max contiguous = 23743)
Context: 0x42302f70
ADPC3(re1.xxx.xxxx vty)# sh jtree 0 summary
Protocol Routes Bytes Used
------------- ---------- ----------
IPv4 303043 4363344
IPv6 2533 46112
MPLS 1 16
Multi-service 1 16
Also bonus points if anyone can tell me how to accomplish the following
without having to do a virtual-router routing-instance, and protocol bgp
under that. I'm trying to take in ~150k of routes from a bgp neighbor,
install ~50k of them into inet.0 with one policy, and install ~100k of
them into another routing-instance with another policy. I can't just
import the ones I want out of a single routing-instance, since
instance-import only pulls the active routes. I also can't inject the
routes into a particular rib w/rib-groups, since the rib-group requires
inet.0, and won't let you do a per-rib policy only a per-rib-group
policy.
The best solution I could come up with was to make a routing-instance
type virtual-router solely for the neighbor in question, run the
protocols bgp under that routing-instance, and then instance-import the
50k routes I want from that rib into inet.0, and instance-import the
other 100k routes I want into another routing-instance. There are two
problems with this, #1 it burns memory to have a routing-instance that
exists solely so I can import routes from there into other
routing-instances, and #2 it is a major pain in the $%^& for my groups
and commit scripts to deal with the protocols bgp config under a
different hierarchy. I'm thinking I could at least block the
installation of the routes to fib with a forwarding-table export policy
term (from instance provider-vr, then reject), since I'm not forwarding
with that rib, but I'm hoping there is a cleaner solution out there that
I'm not aware of, like some way to inject the routes from one bgp
neighbor directly into the ribs I want without an extra "adj rib in"
holding rib.
--
Richard A Steenbergen <ras at e-gerbil.net> http://www.e-gerbil.net/ras
GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC)
More information about the juniper-nsp
mailing list