Hi, We have noticed that when a not so large number of firewall filters terms are generated and pushed to edge routers via via NETCONF into a triplet of MX10003 , we start receiving customer complaints. These issues seem to be related to the router's FPC limiting overall network traffic. To resolve the problem, we simply deactivate the ephemeral configuration database that contains the rules, which removes all the rules, and the traffic flow returns to normal. Is there any known limitation or bug that could cause this type of issue? We typically observe this problem with more than 100 rules; with a smaller number of rules, we don't experience the same issue, even with much larger attacks. Is there any known bug or limitation?
As it is a customer traffic issue I didn't have the time to check fpc memory or fpc shell. I just checked the routing engine and fpc cpu and they are all fine ( under 50% fpc and under 10% RE). Any thoughts? Regards. _______________________________________________ juniper-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/juniper-nsp
