[j-nsp] Debugging mysterious packet loss on J2350 under stress
叶雨飞
sunyucong at gmail.com
Sat Dec 29 15:49:52 EST 2012
No, it is just valid syn packets. A lot of them.
On Dec 29, 2012 12:23 PM, "Jared Mauch" <jared at puck.nether.net> wrote:
> Was it all ttl expired traffic?
>
> Jared Mauch
>
> On Dec 29, 2012, at 3:18 PM, 叶雨飞 <sunyucong at gmail.com> wrote:
>
> > Hi,
> >
> > I was woken up this morning to deal with a DDOS syn-flodd situation, pps
> ~15k/s.
> >
> > Here's monitor interface traffic:
> >
> > Interface Link Input packets (pps) Output packets
> (pps)
> > ge-0/0/0 Up 11772104571 (24744) 11662868938
> (161012)
> > ge-0/0/3 Up 3405764281 (148559) 6036903599
> (12097)
> >
> > traffic is routed from ge-0/0/3 to ge-0/0/0. ge-0/0/3 is 100M link,
> > which is not being used in full, ge-0/0/0 is 1G link:
> >
> > Interface Link Input bytes (bps) Output bytes
> (bps)
> > ge-0/0/0 Up 5190252823607 (65535424) 5285424390651
> (94655872)
> > ge-0/0/3 Up 1710426561796 (52511712) 2822734491891
> (30575112)
> >
> > However, other packet is being dropped almost 100% on ge-0/0/3 link,
> > which I am trying to figure out why. Link is not full, so it is not
> > dropped by upstream.
> >
> > CPU is not full
> >
> >> show chassis routing-engine
> > CPU utilization:
> > User 1 percent
> > Real-time threads 67 percent
> > Kernel 0 percent
> > Idle 32 percent
> >
> > Dropped counter is all 0 in
> >> show interface queue ge-0/0/3
> >
> > I don't have any QOS configured, so it's all best-effort traffic.
> >
> > What else maybe the reason? I am currently blaming J2350 to dropping
> > legitimate traffic under stress (due to observation of downstream all
> > works fine) but I can't find any evidence of it.
> >
> > Your help is much appreciated.
> >
> > Thanks.
> > _______________________________________________
> > juniper-nsp mailing list juniper-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/juniper-nsp
>
More information about the juniper-nsp
mailing list