Both MX204 und MX10003/LC2103 use eagle forwarding ASIC, LC2103 Linecard has 3xASIC, MX204 has 1xASIC, WAN Output Rate for eagle pfe is for 100G Interface ~110 MPPS.

Assumption is, that you got the traffic on the MX10003 over more than one PFE/ASIC incoming.

During an approximate 240 Mpps / 80 Gbps UDP DDOS attack to one target IP we have experienced a massive and immediate packet loss at an MX204 router.

The attack was coming in through MX10003 and MX204. The MX204 was not able to forward more than 120 Mpps during the attack. The MX10003 forwarded 180 Mpps without any issue.

Both routers are running Juniper 18.4R2-S3. The MX204 has all 4 x 100 Gbps interfaces active in use.

Any idea if 120 Mpps for Juniper MX204 is already the hardware limitation?

This would equal to only roughly 41 Gbps of the attacks packet size of 43 bytes. We are certain that no policer or firewall filter lead to the packet drops.

Anyone has a recommendation what could be done to increase performance?


“From Junos 19.1R1, we support “High-performance mode” to enable WAN Output block resource allocation. In this mode, better throughput is achieved at line-rate traffic for small sized packets.”

Maybe this will help others and OP achiever higher rates

Добавить комментарий

Ваш адрес email не будет опубликован. Обязательные поля помечены *

Этот сайт использует Akismet для борьбы со спамом. Узнайте, как обрабатываются ваши данные комментариев.