[j-nsp] MX204 Maximum Packet Rates
Olivier Benghozi
olivier.benghozi at wifirst.fr
Thu May 20 08:36:02 EDT 2021
By the way this one is public (not sure if relevant or not though):
https://kb.juniper.net/InfoCenter/index?page=content&id=KB33477
> Le 20 mai 2021 à 14:00, Tobias Heister <lists at tobias-heister.de> a écrit :
>
> Hi,
>
> MX204 has some limitations in terms of pps rates for smaller packet sizes if inline-flow is configured compared to e.g. MX10003 not only but also related to the pfe/fabric layout (no fabric in 204). So even if they are the same pfe they might behave differently.
>
> The details are not public, so you might want to reach out to your partner/SE.
>
> regards
> Tobias
>
> On 20.05.2021 12:39, Peter Sievers wrote:
>> Hi Leon,
>> both MX204 und MX10003/LC2103 use
>> eagle forwarding ASIC, LC2103 Linecard has 3xASIC,
>> MX204 has 1xASIC, WAN Output Rate for eagle
>> pfe is for 100G Interface ~110 MPPS.
>> Assumption is, that you got the traffic on the
>> MX10003 over more than one PFE/ASIC incoming.
>> BR,
>> .peter
>> On 20.05.21 11:49, Leon Kramer wrote:
>>> Hello,
>>>
>>> during an approximate 240 Mpps / 80 Gbps UDP DDOS attack to one target IP
>>> we have experienced a massive and immediate packet loss at an MX204 router.
>>>
>>> The attack was coming in through MX10003 and MX204. The MX204 was not able
>>> to forward more than 120 Mpps during the attack. The MX10003 forwarded 180
>>> Mpps without any issue.
>>>
>>> Both routers are running Juniper 18.4R2-S3. The MX204 has all 4 x 100 Gbps
>>> interfaces active in use.
>>>
>>> Any idea if 120 Mpps for Juniper MX204 is already the hardware limitation?
>>> This would equal to only roughly 41 Gbps of the attacks packet size of 43
>>> bytes. We are certain that no policer or firewall filter lead to the packet
>>> drops.
>>>
>>> Anyone has a recommendation what could be done to increase performance?
More information about the juniper-nsp
mailing list