[j-nsp] Origin Validation on MX80

Wed, 17 Aug 2016 07:47:56 -0700 

Hello all,

We’ve been playing around a bit with BGP origin validation on a lab MX80.
While everything seems to work CPU load is pretty high. We’ve observed this
elevated CPU with both 14.3R<something> and 16.1R1.7. Just wondering if
anyone else experienced similar or whether we’ve configured something
sideways and caused a problem.

lab-mx80> show version
Junos: 16.1R1.7


lab-mx80> show validation session
Session                                  State   Flaps     Uptime
#IPv4/IPv6 records
<cache ip>                               Up          0   00:31:03 24360/3555


lab-mx80> show bgp summary
<bgp peer ip>        <peer asn>      97906         66       0       0
29:44 615844/615844/615844/0 0/0/0/0


lab-mx80> show chassis routing-engine
    Load averages:                 1 minute   5 minute  15 minute
                                       0.94       1.00       0.92

lab-mx80> show system processes summary
  PID USERNAME   THR PRI NICE   SIZE    RES STATE    TIME   WCPU COMMAND
 2016 root         3  76    0   476M   385M RUN     29:23 93.99% rpd


set policy-options policy-statement rpki-validation term valid from
protocol bgp
set policy-options policy-statement rpki-validation term valid from
validation-database valid
set policy-options policy-statement rpki-validation term valid then
validation-state valid
set policy-options policy-statement rpki-validation term valid then
community set valid
set policy-options policy-statement rpki-validation term valid then accept
set policy-options policy-statement rpki-validation term invalid from
protocol bgp
set policy-options policy-statement rpki-validation term invalid from
validation-database invalid
set policy-options policy-statement rpki-validation term invalid then
validation-state invalid
set policy-options policy-statement rpki-validation term invalid then
community set invalid
set policy-options policy-statement rpki-validation term invalid then accept
set policy-options policy-statement rpki-validation term else then
community set unknown
set policy-options policy-statement rpki-validation term else then accept


We don’t have a bigger MX chassis spare so MX240-480-960 boxes might have
enough horsepower to get through this. Anyone else tried playing with
origin validation on Juniper gear yet? If so, did you get similar results?
_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Reply via email to