I can't really comment on any anomalies seen when using FBF as I haven't seen any, but performance shouldn't be an issue due to the Juniper packet forwarding architecture. The IPII processor was designed to make route lookups, forwarding decisions, and firewall filtering (amongst other features) at very high speeds and the technology has been proven for quite some time now. The notification cells are going to the IPII Processor regardless of whether you've got FBF enabled or not, therefore in theory, there really shouldn't be any performance impact at all. The reality is that under certain scenarios there might be a very slight performance impact on smaller packet sizes (< 128Byes), but that impact is mostly negligible.
There are numerous case-studies as well as independant lab tests which confirm it as such and if you do a google search you should be able to find ample information to confirm this. HTHs. Stefan Fouant Principal Network Engineer NeuStar, Inc. - http://www.neustar.biz GPG Key ID: 0xB5E3803D On Wed, Jun 25, 2008 at 9:02 AM, Boyd, Benjamin R <[EMAIL PROTECTED]> wrote: > All, > > I've been toying around in the lab with some implementations of > filter-based forwarding > (http://www.juniper.net/techpubs/software/junos/junos72/swconfig72-polic > y/html/firewall-config33.html) and before I deployed it in production I > would like to hear of the successes/failures the community has had with > this. Let me know if you've experienced any traffic slowdown, any > anomalies, etc. > > Thanks, > Ben > > > *************************************************************************************** > > The information contained in this message, including attachments, may contain > privileged or confidential information that is intended to be delivered only > to the > person identified above. If you are not the intended recipient, or the person > responsible for delivering this message to the intended recipient, Windstream > requests > that you immediately notify the sender and asks that you do not read the > message or its > attachments, and that you delete them without copying or sending them to > anyone else. > > _______________________________________________ > juniper-nsp mailing list [email protected] > https://puck.nether.net/mailman/listinfo/juniper-nsp > _______________________________________________ juniper-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/juniper-nsp
