[j-nsp] Broadcast storm on M7i fxp0 kills the CFEB?
Clarke Morledge
chmorl at wm.edu
Fri Jun 22 11:04:49 EDT 2012
Phil,
Actually, I am not surprised that this happened to you. The fxp0
interface is a funny animal. It isn't really as isolated from the rest
of the box as you would think.
Since all IP broadcast/multicast on layer3 interfaces get sent to the RE
by default, if you get a loop that starts to pump out tons of broadcasts,
then all of that traffic will start to crush the RE and/or the forwading
path to the RE. It does not matter if the storm happens on "regular"
interfaces or fxp0.
The only way you can mitigate against this is with RE protection filters.
For example, you can implement a policer on fxp0 that handles packet
bursts on ingress. But I found it just as easy to enumerate which
protocols and/or source ips need access to fxp0 and discard the rest using
a firewall filter.
I learned the hard way :-)
You can follow this thread to find out what I went through:
http://www.gossamer-threads.com/lists/nsp/juniper/31311
My experience has been with the MX, but I am pretty sure the same applies
to the M7i.
Clarke Morledge
College of William and Mary
Information Technology - Network Engineering
Jones Hall (Room 18)
Williamsburg VA 23187
More information about the juniper-nsp
mailing list