Chris,
Thanks for your feedback.
However I think it does not address the following points:
1. Memory consumption increased by flow mode even if the router
reverts to packet mode the pre allocation is not released.
2. Upgrade from packet mode version to flow mode version locks you out
of the router unless you have out of band access (as the router comes
up with some default stateful configuration)
3. The issues raised below (I didn't realize this myself ) about
sessions destined to the router still being processed as flow mode,
which can tear down TCP sessions under certain circumstances.
Regards
Amos
On Jul 22, 2010, at 9:37 PM, Chris Whyte wrote:
* Leigh Porter:
I thought that as soon as you turn MPLS on the flow mode was diabled
and you were back to good old packet mode?
No, packets targeted at the device itself are still processed in flow
mode. According to the documentation, there is no way around that.
It means that all existing TCP sessions involving the device are
severed when rerouting event occurs because their flow implementation
is interface-sensitive.
MPLS is not supported in flow mode today. To enable MPLS in packet
mode, do
the following:
set security forwarding-options family mpls mode packet-based
As I'm sure many of you know (but apparently not everyone), flow
mode was
created because Juniper felt it was the best architectural approach to
implementing security functionality (eg stateful FW, IDP, etc). Any
J-Series
router running 9.4+ code can run as a packet-based router, which also
disables any of these stateful features, by doing the above command.
You
also have the ability to run or chain flow-mode and packet-mode
routing
instances.
I realize that it's probably irritating to some people that all
post-9.3
releases have flow mode enabled by default but it is fairly simple
to change
the router to packet-based only.
Thanks, Chris
_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
