[j-nsp] J series users bitten by the massive memory useincrease with flow mode add, please file jtac cases.
Florian Weimer
fweimer at bfk.de
Fri Jul 23 04:58:17 EDT 2010
* Pavel Lunin:
>> 3. The issues raised below (I didn't realize this myself ) about sessions
>> destined to the router still being processed as flow mode, which can tear
>> down TCP sessions under certain circumstances.
>>
>>
> Does anyone have a proof link for this?
This is based on:
> Make sure to configure host-bound TCP traffic to use flow-based
> forwarding—exclude this traffic when specifying match conditions for
> the firewall filter term containing the packet-mode action
> modifier. Any host-bound TCP traffic configured to bypass flow is
> dropped.
<http://www.juniper.net/techpubs/software/junos-security/junos-security10.0/junos-security-admin-guide/config-stateless-packet-option-section.html>
We tried to enable MPLS (which is not really advertised as a way to
disable flow-based processing, BTW), but the device still couldn't
forward our tiny amount of traffic we deal with.
--
Florian Weimer <fweimer at bfk.de>
BFK edv-consulting GmbH http://www.bfk.de/
Kriegsstraße 100 tel: +49-721-96201-1
D-76133 Karlsruhe fax: +49-721-96201-99
More information about the juniper-nsp
mailing list