[j-nsp] routing to Inet from a VRF

Saku Ytti saku at ytti.fi
Sun Sep 27 16:54:07 EDT 2015


On 23 September 2015 at 03:33, Adam Vitkovsky
<Adam.Vitkovsky at gamma.co.uk> wrote:

Hey Adam,

> I’d like to ask what is the Juniper community preferred method to route traffic to Internet from a VRF.
> Methods I’m aware of are default route pointing to Internet VRF or FBF directing the lookup to an appropriate VRF based on a destination address.
> Please let me know your thoughts.

If Internet is in VRF, importing default from there is in my opinion
the desirable way to do it. virtual-router type instance can import
routes from global instance, unfortunately vrf type instance cannot.
I've become in recent years proponent of INET-in-VRF for
access/eyeball networks.

For your Trio questions, apologies for laggy reply. LUchip is 16*PPE
which are sharing the load, and do not perform work in constant-time
(FIFO not guaranteed for LU complex, only for given PPE). When I
tested MX with random payload ages ago, I noticed it started to
reorder packets much before hitting 10Gbps, if I stopped changing L4
keys, reordering was gone. So we can conclude

a) it'll push packets to first non-busy PPE
b) single PPE can do few gigs
c) if stream exceeds PPE's capacity, order will be restored later, but
only if order really matters (i.e. inside single flow), between flows
ordering is not guaranteed by trio

on PFE you can see:

# show luchip 0 counter
     recirc_chunks                       0
      rord_packets                25461560


I've never seen 'recirc_chunks' non-zero, but I understood that some
multicast scenarios may need it. If that is not increasing, I don't
think your lookup performance is going to be very significantly below
55Mpps.


-- 
  ++ytti


More information about the juniper-nsp mailing list