[j-nsp] Identifying pfe icmp throttled traffic

Ashok Patrick Jude M ajude at juniper.net
Sun Mar 8 19:30:54 EDT 2009 

<While I'm on the subject, is there any way to see and/or modify the
<throttle rate? I know the default changed for some FPC types in some
<recent version of JUNOS, but I don't remember the exact details.

What platform you are using? Could you please try policer matching ttl
expire packets? 

Firewall filter supports a hidden knob to catch ttl = 0|1 packets
  (i.e. ttl-expired packets):

root at ghb# show firewall 
filter f {
    term 0 {
        from {
            time-exceeded-bit;
        }
    }
}


-----Original Message-----
From: juniper-nsp-bounces at puck.nether.net
[mailto:juniper-nsp-bounces at puck.nether.net] On Behalf Of Richard A
Steenbergen
Sent: Sunday, March 08, 2009 3:23 PM
To: Nilesh Khambal
Cc: juniper-nsp at puck.nether.net
Subject: Re: [j-nsp] Identifying pfe icmp throttled traffic

On Sun, Mar 08, 2009 at 02:49:18PM -0700, Nilesh Khambal wrote:
> Richard,
> 
> You can try "debug icmp error" from pfe. However, depending on load  
> this might fill up the syslog buffer really fast. Messages are also  
> throttled at 10 pps. You can disable the message generation using  
> "undebug icmp error". Before enabling debug run command "show icmp  
> statistics" from each dpc/pfe to find out which fpc is generating  
> those error stats and then run debug on that fpc.

Nothing shows up under "debug icmp error", but "debug icmp all" works. 
Of course its extremely time consuming to try and figure out which fpc
has incrementing throttles (since there is no clear command, and no way
to do this from regular cli) then parse the output without benefit of | 
match, but its better than nothing. Thanks.

While I'm on the subject, is there any way to see and/or modify the
throttle rate? I know the default changed for some FPC types in some
recent version of JUNOS, but I don't remember the exact details.

-- 
Richard A Steenbergen <ras at e-gerbil.net>
http://www.e-gerbil.net/ras
GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1
2CBC)
_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

More information about the juniper-nsp mailing list