On Sat, Feb 17, 2007 at 12:10:11AM +0100, Rafa? Szarecki wrote: > Hi all, > > FEB/CFEB CPU is responsible for delivery information between PFE (asics) and > RE. > > If your m7i is doing packet sampling (netflow/jflow, or to file)? This is > one of very often reasons of hi CPU usage. > > This CPU is also responsible for generate ICMP reports like e.g. "TTL > exceeded" or "No route to host". This can be another reason - too many > packets. > > This CPU is also responsible to handle options in IPv4, e.g. if source > routing is set. The best prectice is to disable forwarding of such packets. > You not need this for any resonable application - this is used by black hat > guys. > > Is this Hi CPU load periodical? If this period is inline with some statistic > gathering (from outside via SNMP, or internaly to file. e.g. LDP stats > period) >
Hi, on the M7i we do not have Sampling running. Also there are no link-flaps, bgp flaps etc. The router is just doing 400-600Mbit/s with about 80-120kpps. Is it possible to turn off the "ip unreachables" (cisco-speak)? The M7i is in front of a lot of subnets so this unreachables *might* cause it when someone is doing scans on several subnets. source-route is already disabled. I dont have a graphical view of the cfeb cpu usage yet (is it possible via snmp?) Regards, Joerg _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp