Junos OS

Expand all | Collapse all

Performance Of MX960 when using PBR

Jump to Best Answer
  • 1.  Performance Of MX960 when using PBR

    Posted 10-20-2020 21:50

    Hi

    Consider I want to do Firewall based PBR on 800Gbps when I am using MX960. Can this device do this without any performance side effect?

    What will happen If I do this twice on one Device?

    Is there any consideration regarding Cards and RE and SCBE?

    Thank you

     



  • 2.  Re: Performance Of MX960 when using PBR

    Posted 10-20-2020 23:36

    Hi Asoltanian,

     

    I believe you are looking for details on PBR and its limitations w.r.t Juniper devices.

     

    You can use PBR to:

    • Prioritize applications by selecting high-bandwidth, low-latency links for important applications, when more than one link is available. For example, prioritize corporate data over a fast link and Internet browsing traffic over a slow link. (QoS)
    • Load share by creating a fallback link for important traffic if the main link carrying the important application traffic suffers an outage.
    • Segregate the traffic for deep inspection or analysis. The network administrator classifies application traffic that must go through a deep inspection and audit. Optionally, the network administrator can route this traffic to a different device.
    • Control the flow of subscriber traffic in service provider networks through traffic management policies and rules based on subscribers’ profiles. For example, PBR can prioritize and route certain types of application traffic to a specific routing path as per SLA or by placing certain user requests higher than others (for example, gold, silver, bronze).
    • Provide a guaranteed service-level agreement (SLA) for the delivery of certain traffic (such as video traffic) by ensuring that the approved traffic receives the appropriate priority, routing, and bandwidth required to ensure the maximum user quality of experience.
    • Send specific applications for WAN optimization. For instance, certain applications are optimized for transfer over WAN links. With PBR, the network administrator can classify the traffic based on applications, and send traffic to the WAN optimizer to speed up access to important applications and data.

    The below link should help.

    https://www.juniper.net/documentation/en_US/junos/topics/topic-map/filter-based-forwarding-policy-based-routing.html

     

    HTH

     

    Mark "Accept As Solution" if this answers your concern.

     



  • 3.  Re: Performance Of MX960 when using PBR

    Posted 10-21-2020 00:02

    Hi , there is no any performance impact while using FBF. 



  • 4.  Re: Performance Of MX960 when using PBR
    Best Answer

    Posted 10-21-2020 21:35

    Hello,

     


    @Asoltanian wrote:

     

    Consider I want to do Firewall based PBR on 800Gbps when I am using MX960. Can this device do this without any performance side effect?

     


     

    Yes it can if You use best practices:

    1/ avoid using "next term" in Your FW filter

    2/ concentrate all Your PBR actions in a single filter and apply it on ingress interface as input, or forwarding table input.

     


    @Asoltanian wrote:

     

    What will happen If I do this twice on one Device?

     


     

    Worst case is that Your PBR-ed traffic crosses the MX960 switch fabric twice.

     


    @Asoltanian wrote:

     

    Is there any consideration regarding Cards and RE and SCBE?

     

     


     

    RE - don't use old RE-1300 or RE-2000 with long (hundreds/thousands of terms) FW filters, the commit times will be long.

    SCBE - if You do PBR multiple times in different filters applied in different places (say, ingress interface input FBF filter + egress interface output FBF filter) then as I said above, the traffic can cross the MX960 switch fabric twice/multiple times. Make sure Your SCBE and linecards have enough bandwidth to do that.

     

    HTH

    Thx

    Alex