[j-nsp] estimating affects on firewall filter configuration on MPC throughput?

Michael Hare michael.hare at wisc.edu
Thu Nov 5 11:01:29 EST 2015


I'm looking for knowledge on how a given Juniper firewall filter config affects forwarding performance, specifically on an MPC4.  I don't have 100G+ traffic generation at my disposal for direct testing.

The specific concern is that we have a dozen or two 'then next-term' counting terms on internet ingress for purposes of crude thresholding [things like UDP 53 > 1400 byte, etc].  I know that minimizing 'then next-term' is recommended, and there is a hard cap of roughly 2^10 on next-term use [of which I am nowhere near].

I've tried to Google for this and didn't find anything.  If I did, I suspect I'd be stuck with biased, worst case scenario third party testing reports.  Thought I'd start here before trying to engage Juniper; I suspect they may be evasive with this information.


More information about the juniper-nsp mailing list