[j-nsp] estimating affects on firewall filter configuration on MPC throughput?
michael.hare at wisc.edu
Thu Nov 5 11:01:29 EST 2015
I'm looking for knowledge on how a given Juniper firewall filter config affects forwarding performance, specifically on an MPC4. I don't have 100G+ traffic generation at my disposal for direct testing.
The specific concern is that we have a dozen or two 'then next-term' counting terms on internet ingress for purposes of crude thresholding [things like UDP 53 > 1400 byte, etc]. I know that minimizing 'then next-term' is recommended, and there is a hard cap of roughly 2^10 on next-term use [of which I am nowhere near].
I've tried to Google for this and didn't find anything. If I did, I suspect I'd be stuck with biased, worst case scenario third party testing reports. Thought I'd start here before trying to engage Juniper; I suspect they may be evasive with this information.
More information about the juniper-nsp