[j-nsp] A low number of Firewall filters reducing the bandwidth capacity.
Gustavo Santos
gustkiller at gmail.com
Sat Aug 24 16:34:35 EDT 2024
Hi,
We have noticed that when a not so large number of firewall filters terms
are generated and pushed to edge routers via via NETCONF into a triplet of
MX10003 ,
we start receiving customer complaints. These issues seem to be related to
the router's FPC limiting overall network traffic. To resolve the problem,
we simply deactivate the ephemeral configuration database that contains the
rules, which removes all the rules,
and the traffic flow returns to normal. Is there any known limitation or
bug that could cause this type of issue?
We typically observe this problem with more than 100 rules; with a smaller
number of rules, we don't experience the same issue, even with much larger
attacks. Is there any known bug or limitation?
As it is a customer traffic issue I didn't have the time to check fpc
memory or fpc shell. I just checked the routing engine and fpc cpu and
they are all fine ( under 50% fpc and under 10% RE).
Any thoughts?
Regards.
More information about the juniper-nsp
mailing list