[j-nsp] What is an acceptable amount of latency for traffic routed through an SRX cluster?
Mark Kamichoff
prox at prolixium.com
Wed Jan 11 00:05:08 EST 2012
Hi Morgan -
On Mon, Jan 09, 2012 at 03:23:57PM -0800, Morgan McLean wrote:
> Its an SRX3600 cluster, with no traffic traversing the fabric
> connection, so its all being contained on one chassis. These are just
> standard ICMP packets between two linux hosts on different subnets.
By ICMP packets I assume you mean ICMP echo request/responses?
If so, this may not be the best test to obtain latency numbers as each
ICMP echo request will generate a new session and then tear it down when
the response is delivered. This is the "slow path" and your ICMP echo
request is always the "first packet" that requires session setup through
the CP. This adds additional latency that normally wouldn't be incurred
for packets in an established TCP flow, for example.
I'd suggest using a higher-level type of PING that uses something like
UDP or TCP to send packets across an already established session.
Another somewhat hacky option I've found useful for testing firewall
latency, if you can manage it, is to create a GRE or IPIP tunnel between
two hosts through the firewall. This way the firewall only sees one
session and all packets for that session are forwarded using the "fast
path."
- Mark
--
Mark Kamichoff
prox at prolixium.com
http://www.prolixium.com/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <https://puck.nether.net/pipermail/juniper-nsp/attachments/20120111/d48e9970/attachment.sig>
More information about the juniper-nsp
mailing list