[j-nsp] J series users bitten by the massive memory useincrease with flow mode add, please file jtac cases.
Chris Whyte
cwhyte at juniper.net
Thu Jul 22 14:37:23 EDT 2010
> * Leigh Porter:
>
>> I thought that as soon as you turn MPLS on the flow mode was diabled
>> and you were back to good old packet mode?
>
> No, packets targeted at the device itself are still processed in flow
> mode. According to the documentation, there is no way around that.
> It means that all existing TCP sessions involving the device are
> severed when rerouting event occurs because their flow implementation
> is interface-sensitive.
MPLS is not supported in flow mode today. To enable MPLS in packet mode, do
the following:
set security forwarding-options family mpls mode packet-based
As I'm sure many of you know (but apparently not everyone), flow mode was
created because Juniper felt it was the best architectural approach to
implementing security functionality (eg stateful FW, IDP, etc). Any J-Series
router running 9.4+ code can run as a packet-based router, which also
disables any of these stateful features, by doing the above command. You
also have the ability to run or chain flow-mode and packet-mode routing
instances.
I realize that it's probably irritating to some people that all post-9.3
releases have flow mode enabled by default but it is fairly simple to change
the router to packet-based only.
Thanks, Chris
More information about the juniper-nsp
mailing list