Hello,
@Asoltanian wrote:
Consider I want to do Firewall based PBR on 800Gbps when I am using MX960. Can this device do this without any performance side effect?
Yes it can if You use best practices:
1/ avoid using "next term" in Your FW filter
2/ concentrate all Your PBR actions in a single filter and apply it on ingress interface as input, or forwarding table input.
@Asoltanian wrote:
What will happen If I do this twice on one Device?
Worst case is that Your PBR-ed traffic crosses the MX960 switch fabric twice.
@Asoltanian wrote:
Is there any consideration regarding Cards and RE and SCBE?
RE - don't use old RE-1300 or RE-2000 with long (hundreds/thousands of terms) FW filters, the commit times will be long.
SCBE - if You do PBR multiple times in different filters applied in different places (say, ingress interface input FBF filter + egress interface output FBF filter) then as I said above, the traffic can cross the MX960 switch fabric twice/multiple times. Make sure Your SCBE and linecards have enough bandwidth to do that.
HTH
Thx
Alex