Are there any recommendations for a J-series? I am not too clear on the performance or how to monitor it when sampling from the sp-interface.
Thanks, /b On Mon, Sep 1, 2008 at 2:55 AM, Alexander Tarkhov <[EMAIL PROTECTED]>wrote: > Hi Justin, > > In this case the AS2 PIC hardware limitation is the key. > I think the value you report here - 150 kpps is inline with the 250 > kpps marketed for this variant of the service PIC. Your best practice > would be either to turn off sampling on some interfaces or to change > sampling rate to something lower than 1:1 so that you keep it at > reasonable pps. > > Also be aware that you absolutely have to keep the number of flows in > the AS2 PIC memory below 1M. If you get unusual lot of concurent flows > in your transit traffic suddenly (you know, DDoS happens), then you > might need to lower sampling rate further compared to the rate which > gives your normal 150 kpps of samples. > Just to keep the number of flows in AS2 PIC memory below the 1M limit. > Or you can choose to lower it in advance thus loosing accuracy. > > You can monitor the health of the AS2 PIC using "per interface" > counters from SNMP Services PIC MIB: > > http://www.juniper.net/techpubs/software/junos/junos92/swconfig-net-mgmt/mib-jnx-sp.txt > > Speaking about run-length option, I'm not sure if the actual rate is > 4:100 or 5:100 in your new config. As per documentation the default > value of run-lenght is 0: > > http://www.juniper.net/techpubs/software/junos/junos92/swconfig-policy/run-length.html > > If rate 100 and run-length 0 gives 1:100. > Then rate 100 and run-length 4 gives 5:100 I would think. > That could be a documentation typo however. > > -Alex > > P.S. Another important fact - even when you get in trouble with > sampling or statistics accuracy, it does not affect the forwarding of > production traffic at all. Samples are just the copies of packet > headers (notification cells). > > > > > My border routers are a pair of M120s with Adaptive Service PIC-IIs. > > My investivation started when I began getting high CPU alerts in the > message > > log on the ASPIC-II. At peak times, the traffic rate was 550-600 Mb/s > out > > the sp-X/X/X interface and packet rates around 150 kpps. That's when I > > checked the config and saw that someone had set both routers up for 1:1 > > sampling :( > > > > jms > > > _______________________________________________ > juniper-nsp mailing list juniper-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/juniper-nsp > _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp