[j-nsp] Mpls down qfx 5100
Rodrigo Augusto
rodrigo at 1telecom.com.br
Mon Nov 12 10:17:59 EST 2018
Before I increased this parameter I saw this:
Protocol Group: L3MTU-fail
Packet type: aggregate (Aggregate for L3 MTU Check fail)
Aggregate policer configuration:
Bandwidth: 50 pps
Burst: 10 packets
Recover time: 300 seconds
Enabled: Yes
Flow detection configuration:
Detection mode: Automatic Detect time: 0 seconds
Log flows: Yes Recover time: 0 seconds
Timeout flows: No Timeout time: 0 seconds
Flow aggregation level configuration:
Aggregation level Detection mode Control mode Flow rate
Subscriber Automatic Drop 0 pps
Logical interface Automatic Drop 0 pps
Physical interface Automatic Drop 50 pps
System-wide information:
Aggregate bandwidth is being violated!
No. of FPCs currently receiving excess traffic: 1
No. of FPCs that have received excess traffic: 1
Violation first detected at: 2018-11-12 11:28:10 BRT
Violation last seen at: 2018-11-12 11:33:00 BRT
Duration of violation: 00:04:50 Number of violations: 219
Received: 64825768 Arrival rate: 2387 pps
Dropped: 51410693 Max arrival rate: 225833 pps
Routing Engine information:
After I put this parameter to 500 pps, so I have a question, does this
value is enough for this violation?
Rodrigo Augusto
Diretor BackBone IP Grupo Um
http://www.connectoway.com.br <http://www.connectoway.com.br/>
http://www.1telecom.com.br <http://www.1telecom.com.br/>
* rodrigo@ <mailto:rodrigo at connectoway.com.br>1telecom.com.br
( (81) 3497-6060
( INOC-DBA 52965*100
On 11/11/18 05:59, "Saku Ytti" <saku at ytti.fi> wrote:
>Hey,
>
>These are not related to your issue.,
>
>The first one is complaining that you got bunch of packets to your
>device with TTL==1, you need to punt these and generate TTL exceeded
>message. Because it's done in software, it's limited to certain amount
>of packets.
>This is operationally normal during convergence due to microloops and
>such.
>
>
>The second one is complaining that packet came in which wanted to go
>out via interface which has smaller MTU, these also need to be punted
>so we can generate fragmentation needed but DF set message. Doesn't
>indicate anything to help with your original problem, but you might
>want to know why do you have such an small egress MTU, ideally you
>wouldn't ever decrease MTU inside your network.
>
>What ever your problem is, no one can help you with these messages.
>
>On Sat, 10 Nov 2018 at 23:07, Rodrigo 1telecom <rodrigo at 1telecom.com.br>
>wrote:
>>
>>
>> Hi folks.... recently we have some trouble with some mpls tunnels....
>>sometime these tunnels goes down:
>> Follow out logfiles:
>>
>> Nov 9 20:03:42 PE-REC-A01-BKB-SW-001 jddosd[1769]:
>>DDOS_PROTOCOL_VIOLATION_SET: Warning: Host-bound traffic for
>>protocol/exception TTL:aggregate exceeded its allowed bandwidth at fpc
>>0 for 212 times, started at 2018-11-09 20:03:41 BRT
>> Nov 9 20:03:42 PE-REC-A01-BKB-SW-001 jddosd[1769]:
>>DDOS_PROTOCOL_VIOLATION_SET: Warning: Host-bound traffic for
>>protocol/exception L3MTU-fail:aggregate exceeded its allowed bandwidth
>>at fpc 0 for 212 times, started at 2018-11-09 20:03:41 BRT
>> Can someone help us?
>> Enviado via iPhone
>> Grupo Connectoway
>> _______________________________________________
>> juniper-nsp mailing list juniper-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
>
>
>--
> ++ytti
More information about the juniper-nsp
mailing list