SRX

Hi Guys,

i need to configure a link aggregation in a SRX firewall 1500. However, i´m afraid with CPU/Memory utilization, because, nowadays we have IDP service enabled, and IPSEC VPN Site to Site enabled in this same device. Someone has some suggestion about the utilization of link agregation in SRX.

Tks,

João Victor

Hi João,

We can start by verifying the actual CPU/memory usage on your device. Please post the following commands:

show chassis routing-engine

show security monitoring fpc 0

show security monitoring performance spu

Hi tks for your repply.  Follow below:

show chassis routing-engine

node0:
--------------------------------------------------------------------------
Routing Engine status:
Temperature 35 degrees C / 95 degrees F
CPU temperature 35 degrees C / 95 degrees F
Total memory 1954 MB Max 703 MB used ( 36 percent)
Memory utilization 31 percent
5 sec CPU utilization:
User 2 percent
Background 0 percent
Kernel 3 percent
Interrupt 2 percent
Idle 93 percent
1 min CPU utilization:
User 2 percent
Background 0 percent
Kernel 3 percent
Interrupt 2 percent
Idle 93 percent
5 min CPU utilization:
User 2 percent
Background 0 percent
Kernel 3 percent
Interrupt 2 percent
Idle 93 percent
15 min CPU utilization:
User 2 percent
Background 0 percent
Kernel 3 percent
Interrupt 2 percent
Idle 93 percent
Model SRX Routing Engine
Serial ID BUILTIN
Start time 2018-04-16 17:38:26 UTC
Uptime 176 days, 1 hour, 42 minutes, 15 seconds
Last reboot reason 0x4000:VJUNOS reboot
Load averages: 1 minute 5 minute 15 minute
0.19 0.11 0.09

show security monitoring fpc 0 node 0
node0:
--------------------------------------------------------------------------
FPC 0
PIC 0
CPU utilization : 1 %
Memory utilization : 40 %
Current flow session : 15231
Current flow session IPv4: 15231
Current flow session IPv6: 0
Max flow session : 2097152
Total Session Creation Per Second (for last 96 seconds on average): 309
IPv4 Session Creation Per Second (for last 96 seconds on average): 309
IPv6 Session Creation Per Second (for last 96 seconds on average): 0

show security monitoring performance spu

node0:
--------------------------------------------------------------------------
fpc 0 pic 0
Last 60 seconds:
0: 1 1: 1 2: 1 3: 2 4: 1 5: 2
6: 1 7: 2 8: 1 9: 1 10: 2 11: 2
12: 1 13: 1 14: 1 15: 2 16: 1 17: 2
18: 1 19: 2 20: 1 21: 2 22: 2 23: 2
24: 1 25: 2 26: 2 27: 2 28: 1 29: 2
30: 2 31: 2 32: 1 33: 2 34: 1 35: 2
36: 2 37: 2 38: 2 39: 2 40: 1 41: 2
42: 1 43: 1 44: 1 45: 2 46: 1 47: 2
48: 1 49: 1 50: 1 51: 2 52: 1 53: 2
54: 2 55: 2 56: 1 57: 1 58: 1 59: 2

{primary:node0}

The SRX1500 is only loaded a few percent both on the control and data plane so I see no issue enabling link aggregation.

The control-plane and dataplane memory and the CPU utilization look fine, go ahead with the Link-aggregation implementation:

show chassis routing-engine

node0:
--------------------------------------------------------------------------
Routing Engine status:
Temperature 35 degrees C / 95 degrees F
CPU temperature 35 degrees C / 95 degrees F
Total memory 1954 MB Max 703 MB used ( 36 percent)
Memory utilization 31 percent
5 sec CPU utilization:
User 2 percent
Background 0 percent
Kernel 3 percent
Interrupt 2 percent
Idle 93 percent
1 min CPU utilization:
User 2 percent
Background 0 percent
Kernel 3 percent
Interrupt 2 percent
Idle 93 percent
5 min CPU utilization:
User 2 percent
Background 0 percent
Kernel 3 percent
Interrupt 2 percent
Idle 93 percent
15 min CPU utilization:
User 2 percent
Background 0 percent
Kernel 3 percent
Interrupt 2 percent
Idle 93 percent
Model SRX Routing Engine
Serial ID BUILTIN
Start time 2018-04-16 17:38:26 UTC
Uptime 176 days, 1 hour, 42 minutes, 15 seconds
Last reboot reason 0x4000:VJUNOS reboot
Load averages: 1 minute 5 minute 15 minute
0.19 0.11 0.09

 

show security monitoring fpc 0 node 0
node0:
--------------------------------------------------------------------------
FPC 0
PIC 0
CPU utilization : 1 %
Memory utilization : 40 %
Current flow session : 15231
Current flow session IPv4: 15231
Current flow session IPv6: 0
Max flow session : 2097152
Total Session Creation Per Second (for last 96 seconds on average): 309
IPv4 Session Creation Per Second (for last 96 seconds on average): 309
IPv6 Session Creation Per Second (for last 96 seconds on average): 0

I hope this information was helpful.

Ok Guys,

thanks a lot for quick response. I have a last question: 

I would be afraid if the CPU/Memory was about what percentage? 85%, 90%, 95%? 

I noted that sometimes in another SRX box (1400), i have a memory utilization about of 85%, however, this number IS STABLE. This number doesn´t decrease, and doesn´t increase considerably. 

Again, tks for a help.

Q. I would be afraid if the CPU/Memory was about what percentage? 85%, 90%, 95%?

A. If CPU utilization is more than 85%, then you are facing a high CPU utilization and yes you should try to fix it before giving more laod to the SRX. If the memory in your SRX1400 is 85% but it wont pass that threslhod I think you do not need to worry about it, I have seen those numbers on other firewalls.

Hi All,

thanks a lot for a big help in this topic. Really great!

You are welcome Joao.