[POC] Use Juniper Firefly Perimeter to support RTBH BGP scale with 120 BGP Peers
As Juniper FIREFLY-PERIMETER is an ideal candidate of virtual router solution for RTBH router, because its just need control plane and memory(it will not be limited by hardware) for BGP exchange route with community. No much data forwarding plane packet process was needed.
So I rebuild the lab with Juniper firefly to see the difference with physical routers as below topology.
In my vmware workstation lab, I assigned two interface to each firefly, ge-0/0/0 was used for BGP connections and ge-0/0/1 was used for SSH purpose only(to be more easier for config copy/paste.
The most obviously advantage of firefly is the response time of commit action, it was almost done immediately after you press Enter key when I initialized the configuration clean-up, its great!
...But after I copy & paste all my configurations to it then the response time still became longer.
I think Firefly is a great candidate for this kind of role(BGP Route Reflector), without much forwarding traffic pass-through, so you don't need to concern the forwarding performance.
It works just for BGP signaling and routing sustain so it can always keep low CPU loading.
Cool!
[edit]
lab@FIREFLY-PERIMETER-1# run show system license
License usage: none
Licenses installed: none
Maybe its the Juniper's gift without expiry date ?
Try it and you will know!
POC Lab configurations:
Juniper RTBH Reference:
So I rebuild the lab with Juniper firefly to see the difference with physical routers as below topology.
In my vmware workstation lab, I assigned two interface to each firefly, ge-0/0/0 was used for BGP connections and ge-0/0/1 was used for SSH purpose only(to be more easier for config copy/paste.
The most obviously advantage of firefly is the response time of commit action, it was almost done immediately after you press Enter key when I initialized the configuration clean-up, its great!
...But after I copy & paste all my configurations to it then the response time still became longer.
[edit] lab@FIREFLY-PERIMETER-1# run show chassis hardware Hardware inventory: Item Version Part number Serial number Description Chassis 22cbfad3dcef FIREFLY-PERIMETER Midplane System IO Routing Engine FIREFLY-PERIMETER RE FPC 0 Virtual FPC PIC 0 Virtual GE Power Supply 0
[edit]
lab@FIREFLY-PERIMETER-1# run show chassis forwarding
FWDD status:
State Online
Microkernel CPU utilization 28 percent
Real-time threads CPU utilization 0 percent
Heap utilization 21 percent
Buffer utilization 3 percent
Uptime: 15 hours, 10 minutes, 32 seconds
I think Firefly is a great candidate for this kind of role(BGP Route Reflector), without much forwarding traffic pass-through, so you don't need to concern the forwarding performance.
It works just for BGP signaling and routing sustain so it can always keep low CPU loading.
lab@FIREFLY-PERIMETER-2# run show bgp summary | match 0/0/0/0 | count Count: 120 lines
So I tried to enable additional BGP features - BFD(Bidirectional Forwarding Detection) over 120 BGP sessions to test the CPU loading impact:lab@FIREFLY-PERIMETER-1# run show chassis routing-engine
Routing Engine status:
Total memory 2048 MB Max 655 MB used ( 32 percent)
Control plane memory 1150 MB Max 460 MB used ( 40 percent)
Data plane memory 898 MB Max 189 MB used ( 21 percent)
CPU utilization:
User 0 percent
Background 0 percent
Kernel 1 percent
Interrupt 0 percent
Idle 99 percent
Model FIREFLY-PERIMETER RE
Start time 2014-03-05 18:49:02 UTC
Uptime 15 hours, 11 minutes, 42 seconds
Last reboot reason Router rebooted after a normal shutdown.
Load averages: 1 minute 5 minute 15 minute
0.00 0.00 0.00
Then the result surprise me...the CPU loading(0%) became less than before ???[edit]
lab@FIREFLY-PERIMETER-1# run show bfd session
Detect Transmit
Address State Interface Time Interval Multiplier
1.1.1.2 Up ge-0/0/0.1 3.000 1.000 3
2.2.2.2 Up ge-0/0/0.2 3.000 1.000 3
3.3.3.2 Up ge-0/0/0.3 3.000 1.000 3
...
119.119.119.2 Up ge-0/0/0.119 3.000 1.000 3
120.120.120.2 Up ge-0/0/0.120 3.000 1.000 3
120 sessions, 120 clients
Cumulative transmit rate 120.0 pps, cumulative receive rate 120.0 pps
Cool!
Compared with previously Firefly version, I found the difference is that I cannot see the expiry license anymore when I show system license:[edit] lab@FIREFLY-PERIMETER-1# run show chassis routing-engine Routing Engine status: Total memory 2048 MB Max 655 MB used ( 32 percent) Control plane memory 1150 MB Max 460 MB used ( 40 percent) Data plane memory 898 MB Max 198 MB used ( 22 percent) CPU utilization: User 0 percent Background 0 percent Kernel 0 percent Interrupt 0 percent Idle 100 percent Model FIREFLY-PERIMETER RE Start time 2014-03-05 18:49:02 UTC Uptime 15 hours, 31 minutes, 33 seconds Last reboot reason Router rebooted after a normal shutdown. Load averages: 1 minute 5 minute 15 minute 0.00 0.00 0.00
lab@FIREFLY-PERIMETER-1# run show system license
License usage: none
Licenses installed: none
Maybe its the Juniper's gift without expiry date ?
Try it and you will know!
POC Lab configurations:
Juniper RTBH Reference:
- BGP remote-triggered blackhole (RTBH) filter for Juniper
- Remote Triggered Black Hole Filtering (RTBH)
- Remote Triggered Black Hole Filtering and Flowspec
Another related POC:
Comments