Re: [j-nsp] Resource Temporarily Unavailable - Juniper MX
of the microcode on the EZChip ASIC used for L2 framing (1.5KB vs 6KB instruction space). Almost no features require the larger microcode space, so you should be pretty safe... When the DPCs first came out, almost nothing used the EZChips at all, and even over the last couple years the only thing I've seen that doesn't like running on the Rev A's is PBB (Provider Backbone Bridging). Maybe you can get someone from Juniper to provide a more extensive list, but it's pretty safe to assume that nothing about the config you mentioned above will be impacted by DPC non-E's at all. -- Richard A Steenbergen r...@e-gerbil.net http://www.e-gerbil.net/ras GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC) -- Message: 5 Date: Wed, 14 Dec 2011 19:33:05 -0600 From: Richard A Steenbergen r...@e-gerbil.net To: Keegan Holley keegan.hol...@sungard.com Cc: juniper-nsp@puck.nether.net Subject: Re: [j-nsp] traffic drops to 8 Gb/s when a firewall filter is applied Message-ID: 20111215013305.gz35...@gerbil.cluepon.net Content-Type: text/plain; charset=us-ascii On Fri, Dec 09, 2011 at 01:19:54PM -0500, Keegan Holley wrote: Yea but it should have enough silicon to do simple policing in hardware unless you have every single other feature on the box enabled. If a policer with no queueing, and no marking etc, caused throughput to decrease by 20% across the board I'd inquire about their return policy. Hopefully, it's the policer config. Most of my 10G interfaces do not require policers, but I've got 1G interfaces with hundreds of logicals each with a unique policer. Unfortunately not... There are all kinds of ways to make I-chip cards not deliever line rate performance even with relatively simple firewall rules, and it's very poorly logged when this does happen. Admittedly I've never seen a simple then accept push it over the edge, but maybe it was RIGHT on the edge before... Try looking for some discards, such as WAN_DROP_CNTR, on the *INGRESS* interface (i.e. not the one where you added the egress filter). For xe-x/y/0 do: start shell pfe network fpcx show ichip y iif stat example: Traffic stats: Counter NameTotal Rate Peak Rate -- -- -- GFAB_BCNTR 4229125816477883 949530 1276098290 KA_PCNTR0 0 0 KA_BCNTR0 0 0 Discard counters: Counter NameTotal Rate Peak Rate -- -- -- WAN_DROP_CNTR 298 0 82 FAB_DROP_CNTR 1511 0419 KA_DROP_CNTR0 0 0 HOST_DROP_CNTR0 0 0 -- Richard A Steenbergen r...@e-gerbil.net http://www.e-gerbil.net/ras GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC) -- Message: 6 Date: Wed, 14 Dec 2011 19:38:59 -0600 From: Richard A Steenbergen r...@e-gerbil.net To: Paul Stewart p...@paulstewart.org Cc: juniper-nsp@puck.nether.net Subject: Re: [j-nsp] Resource Temporarily Unavailable - Juniper MX Message-ID: 20111215013859.ga35...@gerbil.cluepon.net Content-Type: text/plain; charset=us-ascii On Mon, Dec 05, 2011 at 07:48:22AM -0500, Paul Stewart wrote: Can anyone shed some light on these log messages? Nov 30 04:48:21 core2.toronto1 rpd[1359]: bgp_send: sending 19 bytes to xx.xxx.52.50 (External AS x) blocked (no spooling requested): Resource temporarily unavailable grep Resource temporar /usr/include/errno.h #define EAGAIN 35 /* Resource temporarily unavailable */ man 2 send ... [EAGAIN] The socket is marked non-blocking and the requested operation would block. It's just a socket message saying it can't write the data it wants to write into that particular TCP session... This COULD potentially indicate a problem, such as congestion or errors, but it can also just be a quick dump of data filling up the socket buffer before the other side can read it. 99% odds are this is cosmetic. :) -- Richard A Steenbergen r...@e-gerbil.net http://www.e-gerbil.net/ras GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC) -- Message: 7 Date: Wed, 14 Dec 2011 21:04:16 -0500 From: Keegan Holley keegan.hol...@sungard.com To: Richard A Steenbergen r...@e-gerbil.net Cc: juniper-nsp@puck.nether.net Subject: Re: [j-nsp] traffic drops to 8 Gb/s when a firewall filter is applied Message-ID: CABO8Q6S2oXd9ObD75FDF8unyJd
Re: [j-nsp] Resource Temporarily Unavailable - Juniper MX
On Mon, Dec 05, 2011 at 07:48:22AM -0500, Paul Stewart wrote: Can anyone shed some light on these log messages? Nov 30 04:48:21 core2.toronto1 rpd[1359]: bgp_send: sending 19 bytes to xx.xxx.52.50 (External AS x) blocked (no spooling requested): Resource temporarily unavailable grep Resource temporar /usr/include/errno.h #define EAGAIN 35 /* Resource temporarily unavailable */ man 2 send ... [EAGAIN] The socket is marked non-blocking and the requested operation would block. It's just a socket message saying it can't write the data it wants to write into that particular TCP session... This COULD potentially indicate a problem, such as congestion or errors, but it can also just be a quick dump of data filling up the socket buffer before the other side can read it. 99% odds are this is cosmetic. :) -- Richard A Steenbergen r...@e-gerbil.net http://www.e-gerbil.net/ras GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC) ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Resource Temporarily Unavailable - Juniper MX
Scratch that, it was bigger tx/rx buffers for sockets... internal sockets. Derick Winkworth CCIE #15672 (RS, SP), JNCIE-M #721 http://packetpushers.net/author/dwinkworth/ From: Derick Winkworth dwinkwo...@att.net To: juniper-nsp@puck.nether.net juniper-nsp@puck.nether.net Sent: Tuesday, December 6, 2011 7:45 AM Subject: Re: [j-nsp] Resource Temporarily Unavailable - Juniper MX FWIW, some socket related changes were made in 10.4 (I believe)... Bigger windows by default. I haven't verified with Wireshark, but this is what I've heard. Derick Winkworth CCIE #15672 (RS, SP), JNCIE-M #721 http://packetpushers.net/author/dwinkworth/ From: Paul Stewart p...@paulstewart.org To: 'Alexandre Snarskii' s...@snar.spb.ru Cc: juniper-nsp@puck.nether.net Sent: Monday, December 5, 2011 9:23 AM Subject: Re: [j-nsp] Resource Temporarily Unavailable - Juniper MX Thanks - that actually makes a lot of sense ;) We don't see any load to speak of on our side but it does typically occur when a BGP session is reset and we're sending out a full table to a customer... Appreciate it, Paul -Original Message- From: Alexandre Snarskii [mailto:s...@snar.spb.ru] Sent: Monday, December 05, 2011 10:09 AM To: Paul Stewart Cc: juniper-nsp@puck.nether.net Subject: Re: [j-nsp] Resource Temporarily Unavailable - Juniper MX On Mon, Dec 05, 2011 at 07:48:22AM -0500, Paul Stewart wrote: Can anyone shed some light on these log messages? Nov 30 04:48:21 core2.toronto1 rpd[1359]: bgp_send: sending 19 bytes to xx.xxx.52.50 (External AS x) blocked (no spooling requested): Resource temporarily unavailable We get these every so often .. Presuming it has to due with load on the system for a short period of time? More possibly it's caused by remote system load (or link congestion or whatever other reason for remote system not able to receive updates fast enough). Then, when socket buffer is full with unacknowledged data, your system tries to send another update/keepalive message and it results in write(2) syscall returning EAGAIN error (actually, not an error, just and indication of 'no data sent, try again later'), which translates to Resource temporarily unavailable message. Platform is Juniper MX boxes running 10.0R3.10 Thanks, Paul ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp -- In theory, there is no difference between theory and practice. But, in practice, there is. ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] Resource Temporarily Unavailable - Juniper MX
Can anyone shed some light on these log messages? Nov 30 04:48:21 core2.toronto1 rpd[1359]: bgp_send: sending 19 bytes to xx.xxx.52.50 (External AS x) blocked (no spooling requested): Resource temporarily unavailable We get these every so often .. Presuming it has to due with load on the system for a short period of time? Platform is Juniper MX boxes running 10.0R3.10 Thanks, Paul ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Resource Temporarily Unavailable - Juniper MX
I would be appreciate any on list replies as well. We also see this, running 10.4r on MX gear. Given other outstanding cases I haven't burnt a JTAC resource on this one. -Michael On 12/5/2011 6:48 AM, Paul Stewart wrote: Can anyone shed some light on these log messages? Nov 30 04:48:21 core2.toronto1 rpd[1359]: bgp_send: sending 19 bytes to xx.xxx.52.50 (External AS x) blocked (no spooling requested): Resource temporarily unavailable We get these every so often .. Presuming it has to due with load on the system for a short period of time? Platform is Juniper MX boxes running 10.0R3.10 Thanks, Paul ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Resource Temporarily Unavailable - Juniper MX
On Mon, Dec 05, 2011 at 07:48:22AM -0500, Paul Stewart wrote: Can anyone shed some light on these log messages? Nov 30 04:48:21 core2.toronto1 rpd[1359]: bgp_send: sending 19 bytes to xx.xxx.52.50 (External AS x) blocked (no spooling requested): Resource temporarily unavailable We get these every so often .. Presuming it has to due with load on the system for a short period of time? More possibly it's caused by remote system load (or link congestion or whatever other reason for remote system not able to receive updates fast enough). Then, when socket buffer is full with unacknowledged data, your system tries to send another update/keepalive message and it results in write(2) syscall returning EAGAIN error (actually, not an error, just and indication of 'no data sent, try again later'), which translates to Resource temporarily unavailable message. Platform is Juniper MX boxes running 10.0R3.10 Thanks, Paul ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp -- In theory, there is no difference between theory and practice. But, in practice, there is. ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Resource Temporarily Unavailable - Juniper MX
Thanks - that actually makes a lot of sense ;) We don't see any load to speak of on our side but it does typically occur when a BGP session is reset and we're sending out a full table to a customer... Appreciate it, Paul -Original Message- From: Alexandre Snarskii [mailto:s...@snar.spb.ru] Sent: Monday, December 05, 2011 10:09 AM To: Paul Stewart Cc: juniper-nsp@puck.nether.net Subject: Re: [j-nsp] Resource Temporarily Unavailable - Juniper MX On Mon, Dec 05, 2011 at 07:48:22AM -0500, Paul Stewart wrote: Can anyone shed some light on these log messages? Nov 30 04:48:21 core2.toronto1 rpd[1359]: bgp_send: sending 19 bytes to xx.xxx.52.50 (External AS x) blocked (no spooling requested): Resource temporarily unavailable We get these every so often .. Presuming it has to due with load on the system for a short period of time? More possibly it's caused by remote system load (or link congestion or whatever other reason for remote system not able to receive updates fast enough). Then, when socket buffer is full with unacknowledged data, your system tries to send another update/keepalive message and it results in write(2) syscall returning EAGAIN error (actually, not an error, just and indication of 'no data sent, try again later'), which translates to Resource temporarily unavailable message. Platform is Juniper MX boxes running 10.0R3.10 Thanks, Paul ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp -- In theory, there is no difference between theory and practice. But, in practice, there is. ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp