[j-nsp] Analyser output interfaces - drops, CoS, loss-priority etc.

Wayne Tucker wayne at tuckerlabs.com
Tue Jul 24 07:10:27 EDT 2012


On Tue, Jul 24, 2012 at 1:05 AM, Dale Shaw <dale.shaw+j-nsp at gmail.com> wrote:
> - Is there a 'best practice' for CoS config (scheduler-map, mainly)
> for analyser output interfaces? I don't really want any fancy queueing
> on these ports.

I'd say it depends on what else you're doing with CoS on that switch,
though I think I remember reading somewhere that all analyzer frames
were handled as best effort.


> - In the context of an analyser session, is loss-priority low (the
> default) the best bet? Or high? I can't find any good references on
> this - any KB articles either talk about VLANs as outputs (not
> physical interfaces) or loss-priority is set to high in the example
> without any explanation.

If your objective is to keep the mirrored frames from being dropped
then low would be better - though if it's going out a physical
interface then I don't know that it would matter.  On a shared
interface (like what would be used when mirroring to a VLAN), frames
with loss priority set to high should be dropped first (so that
they're less likely to interfere with critical traffic).


> More generally, has anyone gone to the trouble of tuning NICs in
> probes/analyser targets? I would be grateful for any advice there,
> too. Flow control seems to be an obvious one to disable in the 'send'
> direction (from the probe's perspective).

If you're doing any TCP analysis then you'll probably want to disable
most of the offload features on the NIC.  The way they reassemble the
segments plays hell with most tools - you end up seeing large
segments, weird ACKs, etc.  On Linux boxes with Intel 82576 NICs I
use: ethtool -K $IFACE rx off tx off sg off tso off gso off gro off.

:w


More information about the juniper-nsp mailing list