[j-nsp] Debugging mysterious packet loss on J2350 under stress
Jared Mauch
jared at puck.nether.net
Sat Dec 29 15:23:55 EST 2012
Was it all ttl expired traffic?
Jared Mauch
On Dec 29, 2012, at 3:18 PM, 叶雨飞 <sunyucong at gmail.com> wrote:
> Hi,
>
> I was woken up this morning to deal with a DDOS syn-flodd situation, pps ~15k/s.
>
> Here's monitor interface traffic:
>
> Interface Link Input packets (pps) Output packets (pps)
> ge-0/0/0 Up 11772104571 (24744) 11662868938 (161012)
> ge-0/0/3 Up 3405764281 (148559) 6036903599 (12097)
>
> traffic is routed from ge-0/0/3 to ge-0/0/0. ge-0/0/3 is 100M link,
> which is not being used in full, ge-0/0/0 is 1G link:
>
> Interface Link Input bytes (bps) Output bytes (bps)
> ge-0/0/0 Up 5190252823607 (65535424) 5285424390651 (94655872)
> ge-0/0/3 Up 1710426561796 (52511712) 2822734491891 (30575112)
>
> However, other packet is being dropped almost 100% on ge-0/0/3 link,
> which I am trying to figure out why. Link is not full, so it is not
> dropped by upstream.
>
> CPU is not full
>
>> show chassis routing-engine
> CPU utilization:
> User 1 percent
> Real-time threads 67 percent
> Kernel 0 percent
> Idle 32 percent
>
> Dropped counter is all 0 in
>> show interface queue ge-0/0/3
>
> I don't have any QOS configured, so it's all best-effort traffic.
>
> What else maybe the reason? I am currently blaming J2350 to dropping
> legitimate traffic under stress (due to observation of downstream all
> works fine) but I can't find any evidence of it.
>
> Your help is much appreciated.
>
> Thanks.
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
More information about the juniper-nsp
mailing list