[j-nsp] MX204 Maximum Packet Rates
Peter Sievers
sievers at psicurity.de
Thu May 20 06:39:07 EDT 2021
Hi Leon,
both MX204 und MX10003/LC2103 use
eagle forwarding ASIC, LC2103 Linecard has 3xASIC,
MX204 has 1xASIC, WAN Output Rate for eagle
pfe is for 100G Interface ~110 MPPS.
Assumption is, that you got the traffic on the
MX10003 over more than one PFE/ASIC incoming.
BR,
.peter
On 20.05.21 11:49, Leon Kramer wrote:
> Hello,
>
> during an approximate 240 Mpps / 80 Gbps UDP DDOS attack to one target IP
> we have experienced a massive and immediate packet loss at an MX204 router.
>
> The attack was coming in through MX10003 and MX204. The MX204 was not able
> to forward more than 120 Mpps during the attack. The MX10003 forwarded 180
> Mpps without any issue.
>
> Both routers are running Juniper 18.4R2-S3. The MX204 has all 4 x 100 Gbps
> interfaces active in use.
>
> Any idea if 120 Mpps for Juniper MX204 is already the hardware limitation?
> This would equal to only roughly 41 Gbps of the attacks packet size of 43
> bytes. We are certain that no policer or firewall filter lead to the packet
> drops.
>
> Anyone has a recommendation what could be done to increase performance?
>
>
> Kind Regards
> Leon Kramer
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
More information about the juniper-nsp
mailing list