[j-nsp] MX204 Maximum Packet Rates

Leon Kramer leonkramer at gmail.com
Thu May 20 05:49:41 EDT 2021


Hello,

during an approximate 240 Mpps / 80 Gbps UDP DDOS attack to one target IP
we have experienced a massive and immediate packet loss at an MX204 router.

The attack was coming in through MX10003 and MX204. The MX204 was not able
to forward more than 120 Mpps during the attack. The MX10003 forwarded 180
Mpps without any issue.

Both routers are running Juniper 18.4R2-S3. The MX204 has all 4 x 100 Gbps
interfaces active in use.

Any idea if 120 Mpps for Juniper MX204 is already the hardware limitation?
This would equal to only roughly 41 Gbps of the attacks packet size of 43
bytes. We are certain that no policer or firewall filter lead to the packet
drops.

Anyone has a recommendation what could be done to increase performance?


Kind Regards
Leon Kramer


More information about the juniper-nsp mailing list