SRX

 View Only

IMPORTANT MODERATION NOTICE

This community is currently under full moderation, meaning  all posts will be reviewed before appearing in the community. Please expect a brief delay—there is no need to post multiple times. If your post is rejected, you'll receive an email outlining the reason(s). We've implemented full moderation to control spam. Thank you for your patience and participation.



Expand all | Collapse all

SNMP OID for allocated sessions and CPU-load

Jump to Best Answer
  • 1.  SNMP OID for allocated sessions and CPU-load

    Posted 04-26-2010 03:26

    Hi,

     

    somehow I can't really find the right OIDs to query the ammount of allocated sessions on my SRX650 as well as the CPU-load. Anyone who could give me a hint?


    #SNMP


  • 2.  RE: SNMP OID for allocated sessions and CPU-load

    Posted 04-27-2010 04:06

    Hello there.

    jnxOperatingTable contains OIDs for components CPUs

    http://www.juniper.net/techpubs/en_US/junos10.1/information-products/topic-collections/config-guide-network-mgm/mib-jnx-chassis.txt

    And I seem to recall that the "SRX total session count" issue has been discussed before on this forum.

    In short, this can be done by a XSLT/SLAX script periodically iterating thru all policies, executing "show security policies <policy-name> detail" printouts and summing up all "active sessions" counters, then inserting the total into Utility MIB

    http://www.juniper.net/techpubs/software/junos-security/junos-security10.1/junos-security-cli-reference/show-security-policies.html#jd0e158120

    jnxUtil MIB

    http://www.juniper.net/techpubs/en_US/junos10.1/information-products/topic-collections/config-guide-network-mgm/mib-jnx-util.txt

    HTH

    Regards

    Alex



  • 3.  RE: SNMP OID for allocated sessions and CPU-load

    Posted 04-27-2010 07:42

    Did I understand right, that I have to build some custom XSLT/SLAX-Script, the hogs periodicaly my box and writes the total amount into a custom MIB just to get the number of active sessions? WTF, on my SSG550 this is a single OID that I just have to query... I can't really imagine, that this value is so hard to get, especialy as it is also displayed on the dashboard in the WebUI.

    Querying every single policy and maintaining this in a script is also out of scope, we have >150 policies and growing, as we use our box in a datacenter as shared firewall. So policies get deleted as well as new ones will be created all the time.

     

    Regarding CPU: somehow I'm blind... I can't really figure out where to find the OIDs...



  • 4.  RE: SNMP OID for allocated sessions and CPU-load

    Posted 04-28-2010 07:57

    Hello there,

    I think dashboard session count is the same as displayed by "show security flow statistics" CLI command. In that case You can write a script which executes only this command and populates Utility MIB, no need to iterate thru policies.

     

     


    @packermann wrote:

     

     

    Regarding CPU: somehow I'm blind... I can't really figure out where to find the OIDs...


     

    Just do "show snmp mib walk jnxoperatingTable | grep CPU"  to have the OIDs displayed for You and "show snmp mib walk jnxOperatingTable | grep descr" to output descriptions for these OIDs.

    HTH

    Regards

    Alex



  • 5.  RE: SNMP OID for allocated sessions and CPU-load

    Posted 04-29-2010 03:55

    With "show security flow session summary"  I get the summary:

     

    node0:
    --------------------------------------------------------------------------
    Session summary:
      Unicast-sessions: 283
      Multicast-sessions: 0
      Failed-sessions: 0
      Sessions-in-use: 283
      Maximum-sessions: 524288
    node1:
    --------------------------------------------------------------------------
    Session summary:
      Unicast-sessions: 286
      Multicast-sessions: 0
      Failed-sessions: 0
      Sessions-in-use: 286
      Maximum-sessions: 524288

     

     

    Now I have to find out, how to get this in this utility MIB.

     

    Regarding CPU, I just get nothing back, no error but also nothing else. Do I have to activate something in the configuration to get it running? I'm running 10.1R1 on a SRX650 Cluster.



  • 6.  RE: SNMP OID for allocated sessions and CPU-load

    Posted 04-29-2010 04:30

     


    @packermann wrote:

     

    Regarding CPU, I just get nothing back, no error but also nothing else. Do I have to activate something in the configuration to get it running? I'm running 10.1R1 on a SRX650 Cluster.


     

    Sorry, there is a typo in my previous post: jnxOperatingTable with capital O and capital T.

    Apologies for that

    Regards

    Alex

     



  • 7.  RE: SNMP OID for allocated sessions and CPU-load

    Posted 04-29-2010 05:14

    I did exactly that... what I get is this:

     

     

    root@tk-srx650-1> show snmp mib walk jnxOperatingTable 
     
    {primary:node0}

     

     



  • 8.  RE: SNMP OID for allocated sessions and CPU-load
    Best Answer

    Posted 04-29-2010 08:29

    OK, after some digging the SPU CPU and sessions-per-SPU can be found in JUNIPER-SRX5000-SPU-MONITORING-MIB. Despite the name saying SRX5000, it is also present on SRX650:

     

    {primary:node0}
    root@srx650> show snmp mib walk jnxJsSPUMonitoringObjectsTable 
    jnxJsSPUMonitoringFPCIndex.0 = 0
    jnxJsSPUMonitoringFPCIndex.18 = 0
    jnxJsSPUMonitoringSPUIndex.0 = 0
    jnxJsSPUMonitoringSPUIndex.18 = 0
    jnxJsSPUMonitoringCPUUsage.0 = 0
    jnxJsSPUMonitoringCPUUsage.18 = 0
    jnxJsSPUMonitoringMemoryUsage.0 = 54
    jnxJsSPUMonitoringMemoryUsage.18 = 54
    jnxJsSPUMonitoringCurrentFlowSession.0 = 0
    jnxJsSPUMonitoringCurrentFlowSession.18 = 0
    jnxJsSPUMonitoringMaxFlowSession.0 = 262144
    jnxJsSPUMonitoringMaxFlowSession.18 = 262144
    jnxJsSPUMonitoringCurrentCPSession.0 = 0
    jnxJsSPUMonitoringCurrentCPSession.18 = 0
    jnxJsSPUMonitoringMaxCPSession.0 = 0
    jnxJsSPUMonitoringMaxCPSession.18 = 0
    jnxJsSPUMonitoringNodeIndex.0 = 0
    jnxJsSPUMonitoringNodeIndex.18 = 1
    jnxJsSPUMonitoringNodeDescr.0 = node0
    jnxJsSPUMonitoringNodeDescr.18 = node1

     

     

    So in addition to SLAX script approach You can poll jnxJsSPUMonitoringCurrentFlowSession and jnxJsSPUMonitoringCurrentCPSession OIDs and sum up all of them to make a total, but this will require some intelligence on Your NMS platform.

    Weirdly enough, my SRX650 also does not have jnxOperatingTable populated 😞

    HTH

    Regards

    Alex



  • 9.  RE: SNMP OID for allocated sessions and CPU-load

    Posted 04-29-2010 14:04

    Thanks a lot for your effort. This is exactly what I was looking for...



  • 10.  RE: SNMP OID for allocated sessions and CPU-load

    Posted 05-14-2010 20:54

    It appears that it's not just jnxOperatingTable that's not being populated on the 650; it appears to be the entire jnxBoxAnatomy from mib-jnx-chassis that is missing - this means jnxRedundancyTable is also missing, which I would also find very useful to monitor.


    Can anyone verify whether this is missing only on 650 clusters, or if it's also affecting standalone 650's?  Both jnxBoxAnatomy and jnxOperatingTable below it are populated on the 2 SRX100's I have in production, but both are empty on my 650 cluster.  I unfortunately don't currently have any other hardware to compare.

     

    All of my hardware is on 10.0R3.10.

     

    FWIW I've taken this to JTAC with nothing useful as of yet - case 2040-0513-0679 if anyone else wants to reference.

     

    Thanks,



  • 11.  RE: SNMP OID for allocated sessions and CPU-load

    Posted 06-17-2010 10:47

    Quick FYI for anyone still trying to monitor a cluster via SNMP.

     

    PR 448885 assigned for the missing jnxBoxAnatomy MIB's when running a cluster.  Verified present in all current 10.0 and 10.1 releases, not commitment yet for a fix.



  • 12.  RE: SNMP OID for allocated sessions and CPU-load

    Posted 11-09-2010 07:49

    Bump to the top. Any update on this? 

     

    I'm looking for a definitive guide on monitoring SRX devices via SNMP when they are clustered.



  • 13.  RE: SNMP OID for allocated sessions and CPU-load

    Posted 11-09-2010 09:20

    No update as of yet.  I've shot an email off to my account team to see if they can get an update on the PR and see if it's at least on the roadmap for a fix, or has a targeted release.

     

    This particular issue is terribly frustrating since it essentially breaks all monitoring functionality for the boxes, aside from interface throughput.  All the goodies you might want to watch are under that jnxBoxAnatomy mib, including the chassis cluster status, and all the other good utilization stuff.  I can't understand how something this (seemingly) simple and basic has gone unfixed through so many releases.

     

    As far as a definitive guide, without those MIBS, I don't think one exists.  We use nagios for monitoring and from time to time I've written some pretty nasty scripts to log in to the box, issue a show command, and parse out specific values I wanted to watch - terribly inefficient and inelegant, and not something I would use for any extended period of time.

     

    I'll reply back to this thread when I get an update from my account team, hopefully we'll find something useful (fingers crossed for a target of 10.4.....)

     

    -Chris

     



  • 14.  RE: SNMP OID for allocated sessions and CPU-load

    Posted 11-09-2010 09:54

    HI Guys , do you know if PR 448885 wil laffect 10.2 & 10.3 as well ?

     

    Thanks

    Ian



  • 15.  RE: SNMP OID for allocated sessions and CPU-load

    Posted 11-09-2010 09:57

    As far as I was told when I last spoke w/ ATAC, this PR affects all current releases (at the time up to 10.3r1) and had no target release for resolution.

     

    I have my account team following up to get an update and see if anything has changed.  I'll report back here when I receive any further information.



  • 16.  RE: SNMP OID for allocated sessions and CPU-load

    Posted 01-18-2011 02:46

    Has anyone managed to get any updates at all on this issue from Juniper ?

     

     



  • 17.  RE: SNMP OID for allocated sessions and CPU-load

    Posted 02-08-2011 13:43

    We are still having this issue with CPU, Memory, Disk, and Temperature on our SRX 650 clusters.

     

    I can monitor these just fine on a SRX 3600 cluster we have though.

     

    Anyone hear anything?



  • 18.  RE: SNMP OID for allocated sessions and CPU-load

    Posted 04-08-2011 07:46

    Bump to the top.

     

    Any update on this? I would love to monitor my cpu and memory

     

    Ev



  • 19.  RE: SNMP OID for allocated sessions and CPU-load

    Posted 08-09-2011 09:09

    Hi all,

     

    Just to give you an update about this: the above mentioned PR448885 has been fixed in 10.2R3 10.3R2 , 10.4R1 and higher releases.

     

    Basically it fixed an SNMP issue in HA cluster mode on SRX650.

     

    Now these commands work in cluster as well:

     

    show snmp mib walk jnxOperatingCPU

     

    show snmp mib walk jnxBoxAnatomy

     

    Thanks,

    Casper

     


    #IneedOIDforfailedsession.Cananyonehelpme.