Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

Poor firewall throughput when sending multiple data streams through the device

0

0

Article ID: KB7957 KB Last Updated: 09 May 2014Version: 4.0
Summary:
 
Symptoms:

When sending data from a Gigabit interface (ingress) to the Fast Ethernet interface (egress) at a high sustained rate, the firewall may experience lower throughput on other Fast Ethernet interfaces that share the same slot as the egress Fast Ethernet module.  This applies to the ISG1000, ISG2000, and the NS5200/5400 using the newer generation 8G2 and 10G interface cards.

This is a typical case of oversubscribing the Fast Ethernet interface when sending data from the Gigabit link at the rate close to or higher than the speed of Fast Ethernet interface.

All the ports on the same module share the same transmit buffer queue, this queue can become full when sustained traffic at a rate higher than 90Mbps occurs and the Fast Ethernet interface is the egress interface.

Solution:

This is the current implementation limitation.


To workaround the limitation:

1. Avoid over subscription on the egress port. If the ingress traffic is at the Gigabit rate, avoid using the Fast Ethernet interface as the egress port.

2. If you are using the Copper Gigabit Ethernet interface, consider setting to lower speed to match the speed on the egress interface.

3. Consider distributing the traffic loads across different modules within the system. 

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search