[j-nsp] MX5 BNG CPU Problems

Alexander Filipenko filipenkoalexanderforums at gmail.com
Mon Feb 22 11:53:21 EST 2016


I'm currently having a strange behavior on my MX5 when I have a massive
disconnection/reconnection of users. I have 8k of PPPoE users authenticated
in the box. There is a problem in eletrical company  generating a outage of
5 to 10 seconds of power to customers. This problem generates a reload on
the equipment that is generating the PPPoE connection. When the equipment
try to reconnect again the CPU of MX5 goes to 100% and goes back to normal
after 1 hour. I think the problem is the "flooding" of PADIs that are
arriving at MX at the same time.

I configured some protections to PPPoE using the DDOS protection as below:

set system ddos-protection protocols pppoe aggregate bandwidth 500
set system ddos-protection protocols pppoe aggregate burst 100
set system ddos-protection protocols pppoe aggregate recover-time 10
set system ddos-protection protocols pppoe aggregate disable-logging
set system ddos-protection protocols pppoe padi bandwidth 100
set system ddos-protection protocols pppoe padi burst 20
set system ddos-protection protocols pppoe padi recover-time 30
set system ddos-protection protocols pppoe padi priority low
set system ddos-protection protocols pppoe padr bandwidth 100
set system ddos-protection protocols pppoe padr burst 20
set system ddos-protection protocols pppoe padr recover-time 30
set system ddos-protection protocols pppoe padr priority low
set system ddos-protection protocols pppoe pads bandwidth 100
set system ddos-protection protocols pppoe pads burst 20
set system ddos-protection protocols pppoe pads priority low
set system ddos-protection protocols pppoe padt bandwidth 100
set system ddos-protection protocols pppoe padt burst 20
set system ddos-protection protocols pppoe padt recover-time 30
set system ddos-protection protocols pppoe padt priority low
set system ddos-protection protocols pppoe padm bandwidth 100
set system ddos-protection protocols pppoe padm burst 20
set system ddos-protection protocols pppoe padn bandwidth 100
set system ddos-protection protocols pppoe padn burst 20
set system ddos-protection protocols pppoe padn priority low

This configuration solved my problem, if I have a disconnection of a 2k of
users, but not fix the problem at all.




Anyone has seen the same behavior? There is a fix to this situation, or
this is a limitation of the chassis?




Alexander


More information about the juniper-nsp mailing list