SRX

 View Only
last person joined: 12 hours ago 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.
  • 1.  What does "CP NACK" mean?

    Posted 06-08-2020 04:40

    Hello,

     

    I have a log entry stating "session closed CP NACK" with these packet counters "0(0) 0(0) 1".

    All I found was an explanation for the log entries, and that only contains a table:

    CP NACK response received

     

    But more details are missing.

    Can you tell me in which documentation I can find details about this "CP NACK"?


    Thanks in advance!

     



  • 2.  RE: What does "CP NACK" mean?
    Best Answer

    Posted 06-08-2020 04:58

    Hi Hermod,

     

    The central point (CP) architecture has two basic flow functionalities: load balancing and traffic identification (global session matching). As described in this topic, the central point architecture is implemented either in centric mode, in which all session distribution and session matching is performed by the central point, or in mixed-mode, in which a percentage of Services Processing Unit (SPU) is dedicated to performing the central point functionality.

     

    More below:

    https://www.juniper.net/documentation/en_US/junos/information-products/pathway-pages/security/security-processing-overview.pdf

     

    CP NACK is a response received on a "Session Close" action. CP NACK means there’s a conflict on the CP and the session cannot be installed. 

    CP sends a delete session message to SPU to delete the SPU session, usually, it is used when CP finds conflict session/invalid session request on cp, it would delete one and keep the other."

    For example  when multiple icmp packets using same source IP/port & destination IP/port (in the icmp session the source port means the ICMP sequence number and the destination port means the ICMP identifier) comes into the SRX, the CP sends the NACK to SPU to delete the conflict session and the log would be generated.

     

    As per my understanding, it is a negative acknowledgment received as a response for CP Session. It could be due to a CP Session leak. When valid CP session has no corresponding SPU session; it means there is a CP session leak, because valid CP session depends on SPU session to delete it. If there is no SPU session, the valid CP session cannot age out and cannot delete manually.

     

    This will not lead to traffic drop, it will delete the conflict session and allow the traffic through the existing session and generates this error. There is no impact due to this message.

     

    Hope this helps 🙂

     

    Please mark "Accepted Solution" if this helps you solve your query.

    Kudos are always appreciated!



  • 3.  RE: What does "CP NACK" mean?

    Posted 06-08-2020 05:43

    Hi Hermod,

     

    Thank you for accepting my solution. Glad to help 🙂

     

    Regards,

    Manvita Balachandra