how-to block ads
|
koitsu
Premium
join:2002-07-16
Mountain View, CA
| reply to Carl F
Re: Packet Loss/Latency Reports
Junipers are essentially FreeBSD-based routers, to put it lightly. Their interface cards do some CPU offloading (duh), but not as much as the Cisco cards do. For example, at the time of my experiences with Junipers (2001 or so), their top-of-the-line advertised "backbone router" (model number I forget, sorry) was running off a Pentium II 450MHz CPU. This was what they felt was suiting for a backbone router -- and not a border router, mind you.
Story time!
We experienced "Juniper stupidity" the instant a host on our network (just for documentation purposes, an EFnet-based IRC hub) got DDoS'd (the uplink was an OC48, the pps count was essentially that of an OC3). That top-of-the-line Juniper turned into hunk of junk in a matter of seconds -- dropping packets, and doing weird things like packet forwards not getting executed (?!) and things of that nature. It affected the ENTIRE facility -- which sported over 70 racks of co-location customers as well as technical support and sales departments. Our Cisco would get slow and start to chunk a little bit, but it wouldn't die/malfunction.
Some of us SAs started poking fun at the Juniper with some tools we had, just to see what could effectively kill it. We found that a simple 10mbit half-duplex Ethernet connection, running smurf (an extremely ancient DoS method), could literally bring that Juniper to a stand-still. Yes, you read that right; 8-9mbit/s of broadcast traffic could totally bring down Juniper's top-of-the-line badboy.
We discussed this our immediate networking department (since Verio's NOC refused to discuss any networking details with us for reasons unknown to my manager as well as my manager's manager), who basically said "the Ciscos held up because they do hardware-level routing. Most of the packet switching and filters are done via dedicated ICs; the Junipers offload most of this onto the CPU. They can't handle heavy loads as well."
The advantages to the Juniper were that the interface for administrators was a lot more streamlined (the command-line interface is essentially UNIX), and navigation is easier. Things are lot more dynamic (which I realise sounds pretty "buzzword-ish" coming from me, but it's hard to explain); sure, IOS is that way as well, but IOS relies extensively on the applicable hardware working how it should (i.e. any sort-of fault and IOS says "GAH!" and reloads the entire config). The Junipers permitted the NOC folk to deploy filters and access lists a lot more quickly and reliably, plus be able to get more detailed information from the unit as to what was going on during packet storms and things of that nature.
Each company has their reasons for going to Juniper. I think the three big ones are the following
1) Lower cost of ownership / maintenance
2) Easier to maintain / administrate
3) Tired of dealing with Cisco hardware and/or IOS bugs
Most of the time, these are the reasons I see people moving to Junipers. You'd have to point out all of this over in the Advanced Networking forum -- although, I think the guys there would probably jump all over me for some of my statements (I'm not a network administrator! Go easy on me, guys!).
I have absolutely *NO* problem with SE using Juniper equipment (other than the fact that I hate Junipers  ). If they want to go down that path, all power to them. However, when it comes to deploying something like that, I URGE them to do what's called TESTING. Send out an Email to some customers in each region deployment is planned for, and ask them if they'd like to be guinea pigs for new routing equipment/new network topologies. Don't deploy it and then be like "BUT IT'S GREAT!". TEST things first. Users who would become guinea pigs could provide feedback.
IMPORTANT: The problem at hand with SE might not have ANYTHING to do with Juniper equipment! It might be something else; I have no idea. But when Kat says the equipment is oversaturated in regards to how many pps (packets per second) the equipment can push out, the first thing I think of is their Junipers. Software routing, ugh.
--
Making life hard for others since 1977. | |
scooby
Premium
join:2001-05-01
Schaumburg, IL
| said by koitsu  :
IMPORTANT: The problem at hand with SE might not have ANYTHING to do with Juniper equipment! It might be something else; I have no idea. But when Kat says the equipment is oversaturated in regards to how many pps (packets per second) the equipment can push out, the first thing I think of is their Junipers. Software routing, ugh.
Either you were using a beta product or one of their 'lollypops'. Juniper used to let you have the OS to install on a pc to play with so you could teach people how they work without using a router that was in production.
Junipers are complete hardware routers. Whoever told you they were software routers was incorrect. There is no way you could push the following amount of data through a software router.
M5 - 3.2-Gbps full duplex (6.4 Gbps total)
M10 - 6.4-Gbps full duplex (12.8 Gbps total)
M20 - 12.8-Gbps full duplex (25.6 Gbps total)
M40 - 25.6-Gbps full duplex (51.2 Gbps total)
and the processor in each can handle 40 million packets per second.
Oh and btw, a very common router used at ISPs the Cisco 7513 spec'd to the max only handles .5 million packets per second.
[text was edited by author 2003-09-27 23:47:56] | |
koitsu
Premium
join:2002-07-16
Mountain View, CA
| Interesting post, scooby. I've taken up the details with you in private, but the Juniper in question was an M40 (I provided pictures so you can see that I'm not talking out my rear ).
It's likely that the unit was misconfigured, and it's highly likely that they're _still_ misconfigured. I no longer work there (thanks for laying off 85% of your work force, Verio!), but I still occasionally see "Verio networking madness," especially since InterNAP has a peering link with Verio.
Thanks for clearing up the software vs. hardware issue as well. The individuals who told me they were software-based was one of the Verio network administrators I knew, which may explain how and why the units were misconfigured.
Either way, thanks for stepping in and saying something. *thumbs up*
--
Making life hard for others since 1977. | |
|
