Security

 View Only
last person joined: yesterday 

Ask questions and share experiences with Juniper Connected Security. Discuss Advanced Threat Protection, SecIntel, Secure Analytics, Secure Connect, Security Director, and all things related to Juniper security technologies.
  • 1.  SRX345 long ping times

    Posted 12-24-2022 08:02

    Hello, there is a srx345 with the following config:

    set class-of-service forwarding-classes queue 2 icmp_prio
    set class-of-service forwarding-classes queue 2 priority low
    set class-of-service scheduler-maps CoS forwarding-class icmp_prio scheduler icmp
    set class-of-service schedulers icmp transmit-rate percent 25
    set class-of-service schedulers icmp buffer-size percent 25
    set class-of-service schedulers icmp priority low


    set firewall filter ICMP_PRIO term 1 from protocol icmp
    set firewall filter ICMP_PRIO term 1 then forwarding-class icmp_prio
    set firewall filter ICMP_PRIO term 1 then accept
    set firewall filter ICMP_PRIO term 2 then accept

    the ping works horrible, thats why CoS was implemented in the first place, slight improvement after COS:

    Laptop@192-168-0-82 ~ % ping 65.199.16.62
    PING 65.199.16.62 (65.199.16.62): 56 data bytes
    64 bytes from 65.199.16.62: icmp_seq=0 ttl=53 time=146.049 ms
    64 bytes from 65.199.16.62: icmp_seq=1 ttl=53 time=152.943 ms
    64 bytes from 65.199.16.62: icmp_seq=2 ttl=53 time=153.102 ms
    64 bytes from 65.199.16.62: icmp_seq=3 ttl=53 time=523.322 ms
    Request timeout for icmp_seq 4
    64 bytes from 65.199.16.62: icmp_seq=4 ttl=53 time=1569.506 ms
    64 bytes from 65.199.16.62: icmp_seq=6 ttl=53 time=149.105 ms
    64 bytes from 65.199.16.62: icmp_seq=7 ttl=53 time=149.096 ms
    64 bytes from 65.199.16.62: icmp_seq=8 ttl=53 time=148.216 ms
    64 bytes from 65.199.16.62: icmp_seq=9 ttl=53 time=147.571 ms
    Request timeout for icmp_seq 10
    64 bytes from 65.199.16.62: icmp_seq=10 ttl=53 time=1481.599 ms
    64 bytes from 65.199.16.62: icmp_seq=12 ttl=53 time=148.516 ms
    ^C
    --- 65.199.16.62 ping statistics ---
    13 packets transmitted, 11 packets received, 15.4% packet loss

    I am out of ideas, can you help?



    ------------------------------
    ALEXANDRU MINZAT
    ------------------------------