Switching

 View Only
last person joined: yesterday 

Ask questions and share experiences about EX and QFX portfolios and all switching solutions across your data center, campus, and branch locations.

EX2300-MP firewall filter performance impact

  • 1.  EX2300-MP firewall filter performance impact

    Posted 05-05-2023 06:03

    I have a few 2300-MP switches that I've been running for some time with no real issues. I recently configured a firewall filter on a handful, which was then applied to some L2 switchports dynamically during 802.1x authentication.

    This all worked as expected, however over the next few days Junos Space started reporting that these switches kept failing to respond to polling until it was happening every few minutes.  I found that any traffic to and from the device itself was being severely impacted, icmp would be 30% loss and rtt would be around 5000ms, ssh would often fail, tacacs and radius would too. Traffic traversing the switch didn't seem to be impacted. There didn't seem to be much increase in CPU usage. As soon as I removed the firewall filter from the interfaces performance went back to normal.

    The switches were running a mix of  21.4R3-S2.4 and 20.4R3-S2.6 so doesn't seem version specific.  Has anyone experienced anything like this or any idea what the issue could be?