After reading my previous post, I realize it was targeted towards M/T Series architectures... the J-Series don't have the IPII but do have the 'fwdd' daemon which is essentially a virtualize PFE (emulating the ASICs and forwarding hardware which is normally found on the M/T Series). This process has been tuned to provide deterministic performance comparable to that which you would see on the M/T Series as well... so rest assured if you're planning to run FBF on a J-Series there should be little performance impact.
Good luck, Stefan Fouant Principal Network Engineer NeuStar, Inc. - http://www.neustar.biz GPG Key ID: 0xB5E3803D On Wed, Jun 25, 2008 at 10:22 AM, Stefan Fouant <[EMAIL PROTECTED]> wrote: > I can't really comment on any anomalies seen when using FBF as I > haven't seen any, but performance shouldn't be an issue due to the > Juniper packet forwarding architecture. The IPII processor was > designed to make route lookups, forwarding decisions, and firewall > filtering (amongst other features) at very high speeds and the > technology has been proven for quite some time now. The notification > cells are going to the IPII Processor regardless of whether you've got > FBF enabled or not, therefore in theory, there really shouldn't be any > performance impact at all. The reality is that under certain > scenarios there might be a very slight performance impact on smaller > packet sizes (< 128Byes), but that impact is mostly negligible. > > There are numerous case-studies as well as independant lab tests which > confirm it as such and if you do a google search you should be able to > find ample information to confirm this. > > HTHs. > > Stefan Fouant > Principal Network Engineer > NeuStar, Inc. - http://www.neustar.biz > GPG Key ID: 0xB5E3803D > > On Wed, Jun 25, 2008 at 9:02 AM, Boyd, Benjamin R > <[EMAIL PROTECTED]> wrote: >> All, >> >> I've been toying around in the lab with some implementations of >> filter-based forwarding >> (http://www.juniper.net/techpubs/software/junos/junos72/swconfig72-polic >> y/html/firewall-config33.html) and before I deployed it in production I >> would like to hear of the successes/failures the community has had with >> this. Let me know if you've experienced any traffic slowdown, any >> anomalies, etc. >> >> Thanks, >> Ben >> >> >> *************************************************************************************** >> >> The information contained in this message, including attachments, may contain >> privileged or confidential information that is intended to be delivered only >> to the >> person identified above. If you are not the intended recipient, or the person >> responsible for delivering this message to the intended recipient, >> Windstream requests >> that you immediately notify the sender and asks that you do not read the >> message or its >> attachments, and that you delete them without copying or sending them to >> anyone else. >> >> _______________________________________________ >> juniper-nsp mailing list [email protected] >> https://puck.nether.net/mailman/listinfo/juniper-nsp >> > _______________________________________________ juniper-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/juniper-nsp
