Florian,
We tried to enable MPLS (which is not really advertised as a way to
disable flow-based processing, BTW),
You are not right. It is well documented:
http://www.juniper.net/techpubs/software/junos-security/junos-security10.0/junos-security-admin-guide/secure-routing-context-chapter.html#secure-routing-context-chapter
but the device still couldn't
forward our tiny amount of traffic we deal with.
IDK. We support several J in production, configured like this:
plu...@router> show configuration security forwarding-options
family {
inet6 {
mode packet-based;
}
mpls {
mode packet-based;
}
iso {
mode packet-based;
}
}
Here is what they do.
plu...@router> show route summary
Autonomous system number: xxx
Router ID: xxx
inet.0: 324700 destinations, 390767 routes (153306 active, 0 holddown,
171394 hidden)
Direct: 4 routes, 4 active
Local: 3 routes, 3 active
OSPF: 4 routes, 4 active
BGP: 390753 routes, 153292 active
Aggregate: 3 routes, 3 active
--- JUNOS 9.5R1.8 built 2009-04-13 19:11:52 UTC
plu...@router> show chassis routing-engine
Routing Engine status:
Temperature 30 degrees C / 86 degrees F
CPU temperature 30 degrees C / 86 degrees F
DRAM 1024 MB
Memory utilization 95 percent
CPU utilization:
User 0 percent
Real-time threads 16 percent
Kernel 2 percent
Idle 82 percent
Model RE-J2320-2000
Serial ID xxx
Start time 2010-05-04 15:08:29 MSD
Uptime 80 days, 30 minutes, 28 seconds
Last reboot reason 0x1:power cycle/failure
Load averages: 1 minute 5 minute 15 minute
0.07 0.06 0.07
Forwards upto 200 Megs. Very similar story with other boxes running
10.0R2. Not a single fwdd crash for half a year (knock on wood). Though
9.6 don't remember which release had annoyed us and the customer quite
few times until we moved to 10.0R2.
We also have a few J in a lab. Never heard packet context didn't work as
expected.
IFAIR since 9.5R2 or 9.6R2 they reduced fwdd memory appetite for a few
tens of megabytes:
plu...@router> show chassis routing-engine
Routing Engine status:
Temperature 50 degrees C / 122 degrees F
CPU temperature 54 degrees C / 129 degrees F
* Total memory 1024 MB Max 840 MB used ( 82 percent)*
Control plane memory 594 MB Max 505 MB used ( 85 percent)
Data plane memory 430 MB Max 340 MB used ( 79 percent)
CPU utilization:
User 3 percent
Real-time threads 20 percent
Kernel 9 percent
Idle 68 percent
Model RE-J2320-2000
Serial ID yyy
Start time 2010-06-28 15:10:49 MSD
Uptime 25 days, 50 minutes, 3 seconds
Last reboot reason 0x1:power cycle/failure
Load averages: 1 minute 5 minute 15 minute
0.21 0.23 0.16
So the recent releases are a bit more efficient from this point of view.
I also recommend to turn off unwanted processes, which also consume some
memory.
plu...@router> show configuration system processes
idp-policy disable;
jsrp-service disable;
The output of "show security flow sessions" I posted yesterday was also
taken from one of this boxes. It shows 0 sessions and I see no issues
with management traffic at all. Stateless FW filters work just as expected.
I am not saying all this is the most ideal solution available at the
market, but don't see much instability except customer's site power
problems.
--
Pavel
_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
