[j-nsp] EX4200 filter buggy?
Charlie Allom
charlie at playlouder.com
Wed Dec 15 11:24:43 EST 2010
Hi,
FYI splitting it up into _udp and _tcp only spiked the pfem for seconds,
rather than 2 hours like this time (below).
Thanks again for all the info.
C.
On Wed, Dec 15, 2010 at 02:16:11PM +0000, Charlie Allom <charlie at playlouder.com> wrote:
> Hello. Thanks for all the stories from everyone.
>
> I disabled some pretty nasty (lots of port matches) terms and the issue
> went away for a few weeks.
>
> I've just edited this term, by adding an IP to the destination-prefix-list:
>
> [edit firewall family ethernet-switching filter ci_infra]
> - term splunk {
> - from {
> - protocol [ tcp udp ];
> - destination-port [ 9997 http 9998 syslog ];
> - source-prefix-list {
> - trusted_nets;
> - }
> - destination-prefix-list {
> - ci_splunk;
> - }
> - }
> - then accept;
> - }
>
> And here we are again.. doh.
>
> last pid: 55690; load averages: 1.00, 1.00, 0.84 up 29+03:39:44 14:12:55
> 112 processes: 5 running, 88 sleeping, 19 waiting
>
> Mem: 203M Active, 21M Inact, 91M Wired, 61M Cache, 110M Buf, 606M Free
> Swap:
>
> PID USERNAME THR PRI NICE SIZE RES STATE TIME WCPU COMMAND
> 832 root 1 129 0 81544K 37152K RUN 36.8H 96.19% pfem
>
> I am waiting for it to calm down again, do you think splitting the term
> into a TCP and UDP version will help?
>
> Regards,
> C.
> --
> +442077294797
> http://mediaserviceprovider.com/
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
--
+442077294797
http://mediaserviceprovider.com/
More information about the juniper-nsp
mailing list