[j-nsp] Debugging mysterious packet loss on J2350 under stress
叶雨飞
sunyucong at gmail.com
Sat Dec 29 15:18:54 EST 2012
Hi,
I was woken up this morning to deal with a DDOS syn-flodd situation, pps ~15k/s.
Here's monitor interface traffic:
Interface Link Input packets (pps) Output packets (pps)
ge-0/0/0 Up 11772104571 (24744) 11662868938 (161012)
ge-0/0/3 Up 3405764281 (148559) 6036903599 (12097)
traffic is routed from ge-0/0/3 to ge-0/0/0. ge-0/0/3 is 100M link,
which is not being used in full, ge-0/0/0 is 1G link:
Interface Link Input bytes (bps) Output bytes (bps)
ge-0/0/0 Up 5190252823607 (65535424) 5285424390651 (94655872)
ge-0/0/3 Up 1710426561796 (52511712) 2822734491891 (30575112)
However, other packet is being dropped almost 100% on ge-0/0/3 link,
which I am trying to figure out why. Link is not full, so it is not
dropped by upstream.
CPU is not full
> show chassis routing-engine
CPU utilization:
User 1 percent
Real-time threads 67 percent
Kernel 0 percent
Idle 32 percent
Dropped counter is all 0 in
> show interface queue ge-0/0/3
I don't have any QOS configured, so it's all best-effort traffic.
What else maybe the reason? I am currently blaming J2350 to dropping
legitimate traffic under stress (due to observation of downstream all
works fine) but I can't find any evidence of it.
Your help is much appreciated.
Thanks.
More information about the juniper-nsp
mailing list