Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[Junos] File copy from remote server using SCP is very slow

0

0

Article ID: KB36677 KB Last Updated: 27 May 2021Version: 1.0
Summary:

Users may find that copying files from remote servers to devices that run Junos OS by using secure copying (SCP) is taking a long time. As indicated in this article, this may be due to a protect-RE filter and policer that may be configured in the device to rate-limit SSH traffic.

Symptoms:

Copying files from remote servers to devices that run Junos OS takes a long time.

Cause:

The delay in secure copying files may be due to a protect-RE filter that may be in place. In some customer templates, a policer may be defined for rate-limiting SSH traffic. Since SCP uses an SSH connection for file transfer, SCP is also rate-limited, resulting in slow copy of files.

A sample template is given as follows:

filter protect-re {
...
term SSH_accept {
from {
source-prefix-list {
ssh-list;
}
protocol tcp;
port [ ssh 830 ];
}
then {
policer ssh-policer;
accept;
}
}
policer ssh-policer {
if-exceeding {
bandwidth-limit 1m;
burst-size-limit 15k;
}
then discard;
}
}
Solution:

To improve copying speed, modify the SCP policer rate based on requirements:

policer ssh-policer {
if-exceeding {
bandwidth-limit 1m;     <<< Modify the rate as per requirement. 
burst-size-limit 15k;
}
then discard;
}

Caution: Modifying the protect-RE filters or using non-standard protect-RE templates can cause unauthorized access and resource depletion. Hence ensure that these filters/policers meet all security compliance requirements even after modification.

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search