By the way this one is public (not sure if relevant or not though): https://kb.juniper.net/InfoCenter/index?page=content&id=KB33477
> Le 20 mai 2021 à 14:00, Tobias Heister <li...@tobias-heister.de> a écrit : > > Hi, > > MX204 has some limitations in terms of pps rates for smaller packet sizes if > inline-flow is configured compared to e.g. MX10003 not only but also related > to the pfe/fabric layout (no fabric in 204). So even if they are the same pfe > they might behave differently. > > The details are not public, so you might want to reach out to your partner/SE. > > regards > Tobias > > On 20.05.2021 12:39, Peter Sievers wrote: >> Hi Leon, >> both MX204 und MX10003/LC2103 use >> eagle forwarding ASIC, LC2103 Linecard has 3xASIC, >> MX204 has 1xASIC, WAN Output Rate for eagle >> pfe is for 100G Interface ~110 MPPS. >> Assumption is, that you got the traffic on the >> MX10003 over more than one PFE/ASIC incoming. >> BR, >> .peter >> On 20.05.21 11:49, Leon Kramer wrote: >>> Hello, >>> >>> during an approximate 240 Mpps / 80 Gbps UDP DDOS attack to one target IP >>> we have experienced a massive and immediate packet loss at an MX204 router. >>> >>> The attack was coming in through MX10003 and MX204. The MX204 was not able >>> to forward more than 120 Mpps during the attack. The MX10003 forwarded 180 >>> Mpps without any issue. >>> >>> Both routers are running Juniper 18.4R2-S3. The MX204 has all 4 x 100 Gbps >>> interfaces active in use. >>> >>> Any idea if 120 Mpps for Juniper MX204 is already the hardware limitation? >>> This would equal to only roughly 41 Gbps of the attacks packet size of 43 >>> bytes. We are certain that no policer or firewall filter lead to the packet >>> drops. >>> >>> Anyone has a recommendation what could be done to increase performance? _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp