Re: [j-nsp] prefix-limit effectiveness
Thanks for the information... I will let you know how it goes (though it seems
you already know hehehe, since this was your baby.)
Thanks,
Dan
-Original Message-
From: Richard A Steenbergen [mailto:r...@e-gerbil.net]
Sent: Thursday, February 05, 2009 7:04 PM
To: Dan Farrell
Cc: juniper-nsp@puck.nether.net
Subject: Re: [j-nsp] prefix-limit effectiveness
On Thu, Feb 05, 2009 at 02:05:14PM -0800, Dan Farrell wrote:
Then I limit the number of prefixes it will even look at to 5000 -
import default-route;
family inet {
unicast {
prefix-limit {
maximum 5000;
...
This is effective- I have only the default to use from my upstream.
But I keep generating tons of log messages because I keep getting (and
rejecting) tons of routes. Without asking the upstream to not
advertise the full route table, is there something I can do on my end
to limit the syslog messages I keep getting?
Feb 5 19:00:43 nap-r2-edge-2 rpd[82464]: RPD_RT_PREFIX_LIMIT_REACHED:
Number of prefixes (4000) in table inet.0 still exceeds or equals configured
maximum (4000)
Well technically speaking you can always filter by regexp anything that
you send to system, but what you really want is accepted-prefix-limit
instead of prefix-limit above.
Prefix-limit is applied to all routes received by the router, even if
they are rejected by your import policy. Basically this protects router
DRAM from something going wild and sending you a billion routes, but is
less useful as a policy protection, or in your case to limit the number
of routes being installed to FIB.
Accepted-prefix-limit is a relatively new feature added in 9.2 (and
pardon me while I do a little dance about it, but this is one of my
feature requests which I've been asking for for 6 years and it just
finally got implemented! :P) which limits the number of routes AFTER
your import policy has been applied. In the example above, even though
you are receiving a full table, you are rejecting all but 1 route in
policy, so the value that would be evaluated yb accepted-prefix-limit is
1.
--
Richard A Steenbergen r...@e-gerbil.net http://www.e-gerbil.net/ras
GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC)
__ Information from ESET NOD32 Antivirus, version of virus signature
database 3831 (20090205) __
The message was checked by ESET NOD32 Antivirus.
http://www.eset.com
__ Information from ESET NOD32 Antivirus, version of virus signature
database 3838 (20090209) __
The message was checked by ESET NOD32 Antivirus.
http://www.eset.com
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] Policed discards
Hi, I just installed my first juniper M7i in the production couple of
hour back and after resolving few routing issue so far it is running
smoothly. I noticed that my PE-1GE-SX-B interface is showing only
Policed discards, the counter which increases by 1 in every 1-2 secs
but the inbuilt GE is showing no errors. As I am not running any
qos/policing in the interface I was wondering what does it means..and
how to fix this error? the router's both interface is connected with a
Cisco 3400ME in different Vlan.
interfaces {
ge-0/0/0 {
description Cisco3400-ME Gi0/1 Vlan2;
unit 0 {
family inet {
address 192.168.0.1/28;
}
}
}
Delay: 1/0/1
Interface: ge-0/0/0, Enabled, Link is Up
Encapsulation: Ethernet, Speed: 1000mbps
Traffic statistics: Current delta
Input bytes:3589144576 (34951312 bps) [26149611]
Output bytes: 4117970233 (36219936 bps) [27659648]
Input packets:12654493 (15073 pps)[90668]
Output packets: 13058310 (15834 pps)[94510]
Error statistics:
Input errors:0[0]
Input drops: 0[0]
Input framing errors:0[0]
Policed discards: 558[4]
L3 incompletes: 0[0]
L2 channel errors: 0[0]
L2 mismatch timeouts:0[0]
Carrier transitions: 0 Output errors:[0]
Regards,
Samit
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Policed discards
Please disable cdp and keepalives on Cisco port connected to this M7i.
Also, disable spanning tree on this port by configuring it as an access
port.
Thanks,
Nilesh.
Samit wrote:
Hi, I just installed my first juniper M7i in the production couple of
hour back and after resolving few routing issue so far it is running
smoothly. I noticed that my PE-1GE-SX-B interface is showing only
Policed discards, the counter which increases by 1 in every 1-2 secs
but the inbuilt GE is showing no errors. As I am not running any
qos/policing in the interface I was wondering what does it means..and
how to fix this error? the router's both interface is connected with a
Cisco 3400ME in different Vlan.
interfaces {
ge-0/0/0 {
description Cisco3400-ME Gi0/1 Vlan2;
unit 0 {
family inet {
address 192.168.0.1/28;
}
}
}
Delay: 1/0/1
Interface: ge-0/0/0, Enabled, Link is Up
Encapsulation: Ethernet, Speed: 1000mbps
Traffic statistics: Current delta
Input bytes:3589144576 (34951312 bps) [26149611]
Output bytes: 4117970233 (36219936 bps) [27659648]
Input packets:12654493 (15073 pps)[90668]
Output packets: 13058310 (15834 pps)[94510]
Error statistics:
Input errors:0[0]
Input drops: 0[0]
Input framing errors:0[0]
Policed discards: 558[4]
L3 incompletes: 0[0]
L2 channel errors: 0[0]
L2 mismatch timeouts:0[0]
Carrier transitions: 0 Output errors:[0]
Regards,
Samit
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Policed discards
Yes. That is correct. It is harmless at this rate and with this
config. If you are still concerned, you can enable port mirroring on
cisco port to find out what L2 or L3 packets are being sent out on
that port.
Thanks,
Nilesh
On Feb 9, 2009, at 10:08 PM, Samit janasa...@wlink.com.np wrote:
Hi Nilesh/Jeff
My Cisco config
spanning-tree portfast bpdufilter default
interface GigabitEthernet0/1
description To Juniper ge-0/0/0 PE-1GE-SX-B
port-type nni
switchport access vlan 2
no keepalive
media-type sfp
speed nonegotiate
no cdp enable
spanning-tree portfast
end
interface GigabitEthernet0/5
description To Juniper ge-1/3/0 inbuilt
port-type nni
switchport access vlan 3
media-type sfp
speed nonegotiate
no cdp enable
no keepalive
spanning-tree portfast
end
The Police discards counter now increases by 1 in every 30-40secs
interval in ge-0/0/0 but I still see it. But I don't think i really
need
to worry much, do I? because I don't see any packet loss.
Regards,
Samit
Nilesh Khambal wrote:
Please disable cdp and keepalives on Cisco port connected to this
M7i.
Also, disable spanning tree on this port by configuring it as an
access
port.
Thanks,
Nilesh.
Samit wrote:
Hi, I just installed my first juniper M7i in the production
couple of
hour back and after resolving few routing issue so far it is
running
smoothly. I noticed that my PE-1GE-SX-B interface is showing only
Policed discards, the counter which increases by 1 in every 1-2
secs
but the inbuilt GE is showing no errors. As I am not running any
qos/policing in the interface I was wondering what does it
means..and
how to fix this error? the router's both interface is connected
with a
Cisco 3400ME in different Vlan.
interfaces {
ge-0/0/0 {
description Cisco3400-ME Gi0/1 Vlan2;
unit 0 {
family inet {
address 192.168.0.1/28;
}
}
}
Delay:
1/0/1
Interface: ge-0/0/0, Enabled, Link is Up
Encapsulation: Ethernet, Speed: 1000mbps
Traffic statistics:
Current
delta
Input bytes:3589144576 (34951312 bps)
[26149611]
Output bytes: 4117970233 (36219936 bps)
[27659648]
Input packets:12654493 (15073 pps)
[90668]
Output packets: 13058310 (15834 pps)
[94510]
Error statistics:
Input errors:
0[0]
Input drops:
0[0]
Input framing errors:
0[0]
Policed discards:
558[4]
L3 incompletes:
0[0]
L2 channel errors:
0[0]
L2 mismatch timeouts:
0[0]
Carrier transitions: 0 Output
errors:[0]
Regards,
Samit
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Policed discards
Policed discards will be dropped in the pfe in the input ASIC. Monitor
traffic or tap won't work.
Thanks,
Nilesh.
On Feb 9, 2009, at 10:28 PM, Sean Clarke s...@clarke-3.demon.nl
wrote:
Hi Samit
Still sounds like a Layer 2 protocol thing, generally CDP or Spanning
Tree BPDU's .. probably nothing to worry about, if you can get a
sniffer
on the cisco port it could tell you what it's sending out.
Not sure a monitor traffic interface ge-x/y/z will help as the
Juniper
probably discards it before it hits the RE (if it's supposed to)
There are ways to possibly see it on the Juniper but it takes a bit of
work, as you need to reset the interface into ccc or something similar
and use tap interfaces.
Not good on a production and disruptive to the customer, so maybe you
don't want to go down that path
cheers
Sean
On 2/10/09 7:05 AM, Samit wrote:
Hi Nilesh/Jeff
My Cisco config
spanning-tree portfast bpdufilter default
interface GigabitEthernet0/1
description To Juniper ge-0/0/0 PE-1GE-SX-B
port-type nni
switchport access vlan 2
no keepalive
media-type sfp
speed nonegotiate
no cdp enable
spanning-tree portfast
end
interface GigabitEthernet0/5
description To Juniper ge-1/3/0 inbuilt
port-type nni
switchport access vlan 3
media-type sfp
speed nonegotiate
no cdp enable
no keepalive
spanning-tree portfast
end
The Police discards counter now increases by 1 in every 30-40secs
interval in ge-0/0/0 but I still see it. But I don't think i
really need
to worry much, do I? because I don't see any packet loss.
Regards,
Samit
Nilesh Khambal wrote:
Please disable cdp and keepalives on Cisco port connected to this
M7i.
Also, disable spanning tree on this port by configuring it as an
access
port.
Thanks,
Nilesh.
Samit wrote:
Hi, I just installed my first juniper M7i in the production
couple of
hour back and after resolving few routing issue so far it is
running
smoothly. I noticed that my PE-1GE-SX-B interface is showing only
Policed discards, the counter which increases by 1 in every
1-2 secs
but the inbuilt GE is showing no errors. As I am not running any
qos/policing in the interface I was wondering what does it
means..and
how to fix this error? the router's both interface is connected
with a
Cisco 3400ME in different Vlan.
interfaces {
ge-0/0/0 {
description Cisco3400-ME Gi0/1 Vlan2;
unit 0 {
family inet {
address 192.168.0.1/28;
}
}
}
Delay: 1/0/1
Interface: ge-0/0/0, Enabled, Link is Up
Encapsulation: Ethernet, Speed: 1000mbps
Traffic statistics:
Current
delta
Input bytes:3589144576 (34951312 bps)
[26149611]
Output bytes: 4117970233 (36219936 bps)
[27659648]
Input packets:12654493 (15073 pps)
[90668]
Output packets: 13058310 (15834 pps)
[94510]
Error statistics:
Input errors:
0[0]
Input drops:
0[0]
Input framing errors:
0[0]
Policed discards:
558[4]
L3 incompletes:
0[0]
L2 channel errors:
0[0]
L2 mismatch timeouts:
0[0]
Carrier transitions: 0 Output
errors:[0]
Regards,
Samit
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
