[j-nsp] Debugging mysterious packet loss on J2350 under stress

叶雨飞 sunyucong at gmail.com
Sat Dec 29 15:59:51 EST 2012 

I'm not sure why that matters?  If it is ttl=1 on J2350 , then my
downstream will not receive it  , where in fact it received /processed
it fine.

My question is , other traffic from the same link , which is
destinated to another of my downstream router, appears to be suffering
from lots of packet loss even though. link is not full. If J2350 is
dropping it, how can I verify it?

Thanks.

On Sat, Dec 29, 2012 at 12:55 PM, Jared Mauch <jared at puck.nether.net> wrote:
> Can still be ttl=1 there...
>
> Jared Mauch
>
> On Dec 29, 2012, at 3:49 PM, 叶雨飞 <sunyucong at gmail.com> wrote:
>
> No, it is just valid syn packets. A lot of them.
>
> On Dec 29, 2012 12:23 PM, "Jared Mauch" <jared at puck.nether.net> wrote:
>>
>> Was it all ttl expired traffic?
>>
>> Jared Mauch
>>
>> On Dec 29, 2012, at 3:18 PM, 叶雨飞 <sunyucong at gmail.com> wrote:
>>
>> > Hi,
>> >
>> > I was woken up this morning to deal with a DDOS syn-flodd situation, pps
>> > ~15k/s.
>> >
>> > Here's monitor interface traffic:
>> >
>> > Interface    Link  Input packets        (pps)     Output packets
>> > (pps)
>> > ge-0/0/0      Up    11772104571      (24744)      11662868938
>> > (161012)
>> > ge-0/0/3      Up     3405764281     (148559)       6036903599
>> > (12097)
>> >
>> > traffic is routed from ge-0/0/3 to ge-0/0/0.   ge-0/0/3 is 100M link,
>> > which is not being used in full, ge-0/0/0 is 1G link:
>> >
>> > Interface    Link     Input bytes        (bps)      Output bytes
>> > (bps)
>> > ge-0/0/0      Up   5190252823607   (65535424)     5285424390651
>> > (94655872)
>> > ge-0/0/3      Up   1710426561796   (52511712)     2822734491891
>> > (30575112)
>> >
>> > However, other packet is being dropped almost 100% on ge-0/0/3 link,
>> > which I am trying to figure out why.  Link is not full, so it is not
>> > dropped by upstream.
>> >
>> > CPU is not full
>> >
>> >> show chassis routing-engine
>> >    CPU utilization:
>> >      User                       1 percent
>> >      Real-time threads         67 percent
>> >      Kernel                     0 percent
>> >      Idle                      32 percent
>> >
>> > Dropped counter is all 0 in
>> >> show interface queue ge-0/0/3
>> >
>> > I don't have any QOS configured, so it's all best-effort traffic.
>> >
>> > What else maybe the reason? I am currently blaming J2350 to dropping
>> > legitimate traffic under stress (due to observation of downstream all
>> > works fine) but I can't find any evidence of it.
>> >
>> > Your help is much appreciated.
>> >
>> > Thanks.
>> > _______________________________________________
>> > juniper-nsp mailing list juniper-nsp at puck.nether.net
>> > https://puck.nether.net/mailman/listinfo/juniper-nsp

More information about the juniper-nsp mailing list