[j-nsp] Stealing from MX firewall jtree space

Derick Winkworth dwinkworth at att.net
Wed Dec 16 14:54:33 EST 2009 

##########
To allocate more memory for routing tables, include the route-memory-enhanced
statement at the [edit chassis] hierarchy level:
[edit chassis]
route-memory-enhanced;
##########

You have to restart the FPC once you do this...




________________________________
From: Richard A Steenbergen <ras at e-gerbil.net>
To: juniper-nsp at puck.nether.net
Sent: Wed, December 16, 2009 1:26:55 PM
Subject: [j-nsp] Stealing from MX firewall jtree space

Anybody know the command on MX to steal unused memory from the firewall
rldram segment to use it for routing data? I remember reading about
this, I just can't remember the actual command. Last night I was trying
to fire up a routing-instance and it ran out of fib memory much sooner
than I expected, at around 750k routes total:

Dec 16 07:42:14.831  re1.xxx.xxxx fpc3 RSMON: %PFE-4: Resource 
Category:jtree  Instance:jtree2-seg0 Type:free-dwords Available:104576 
is less than LWM limit:104857, rsmon_syslog_limit()

With a main and logical-system each holding full v4/v6 routing tables it
seems to have less than 4MB free on segment 0, but plenty left available
in segment 1. 

ADPC3(re1.xxx.xxxx vty)# sh jtree 0 memory
Jtree memory segment 0 (Context: 0x4430cfe0)
-------------------------------------------
Memory Statistics:
   16777216 bytes total
   10233192 bytes used
    6539472 bytes available (3949056 bytes from free pages)
       4032 bytes wasted
        520 bytes unusable
      32768 pages total
      17138 pages used (2574 pages used in page alloc)
       7917 pages partially used
       7713 pages free (max contiguous = 693)

Jtree memory segment 1 (Context: 0x4438ec20)
-------------------------------------------
Memory Statistics:
   16777216 bytes total
    4611728 bytes used
   12162792 bytes available (12161024 bytes from free pages)
       2664 bytes wasted
         32 bytes unusable
      32768 pages total
       9007 pages used (9005 pages used in page alloc)
          9 pages partially used
      23752 pages free (max contiguous = 23743)


Context: 0x42302f70

ADPC3(re1.xxx.xxxx vty)# sh jtree 0 summary
     Protocol      Routes  Bytes Used
-------------  ----------  ----------
         IPv4      303043     4363344
         IPv6        2533       46112
         MPLS           1          16
Multi-service           1          16

Also bonus points if anyone can tell me how to accomplish the following
without having to do a virtual-router routing-instance, and protocol bgp
under that. I'm trying to take in ~150k of routes from a bgp neighbor,
install ~50k of them into inet.0 with one policy, and install ~100k of
them into another routing-instance with another policy. I can't just 
import the ones I want out of a single routing-instance, since 
instance-import only pulls the active routes. I also can't inject the 
routes into a particular rib w/rib-groups, since the rib-group requires 
inet.0, and won't let you do a per-rib policy only a per-rib-group 
policy.

The best solution I could come up with was to make a routing-instance
type virtual-router solely for the neighbor in question, run the
protocols bgp under that routing-instance, and then instance-import the
50k routes I want from that rib into inet.0, and instance-import the
other 100k routes I want into another routing-instance. There are two
problems with this, #1 it burns memory to have a routing-instance that
exists solely so I can import routes from there into other
routing-instances, and #2 it is a major pain in the $%^& for my groups
and commit scripts to deal with the protocols bgp config under a
different hierarchy. I'm thinking I could at least block the
installation of the routes to fib with a forwarding-table export policy
term (from instance provider-vr, then reject), since I'm not forwarding
with that rib, but I'm hoping there is a cleaner solution out there that
I'm not aware of, like some way to inject the routes from one bgp
neighbor directly into the ribs I want without an extra "adj rib in"
holding rib.

-- 
Richard A Steenbergen <ras at e-gerbil.net>      http://www.e-gerbil.net/ras
GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC)
_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

More information about the juniper-nsp mailing list