[j-nsp] estimating affects on firewall filter configuration on MPC throughput?

[Michael Hare]

Hello-

I'm looking for knowledge on how a given Juniper firewall filter config affects forwarding performance, specifically on an MPC4.  I don't have 100G+ traffic generation at my disposal for direct testing.

The specific concern is that we have a dozen or two 'then next-term' counting terms on internet ingress for purposes of crude thresholding [things like UDP 53 > 1400 byte, etc].  I know that minimizing 'then next-term' is recommended, and there is a hard cap of roughly 2^10 on next-term use [of which I am nowhere near].

I've tried to Google for this and didn't find anything.  If I did, I suspect I'd be stuck with biased, worst case scenario third party testing reports.  Thought I'd start here before trying to engage Juniper; I suspect they may be evasive with this information.

-Michael