Hello,
The log "
RT_FLOW: FLOW_REASSEMBLE_SUCCEED" indicates that the packet fragments have been reassembled at the SRX. I would suggest you to check whether PFE High CPU is seen due to which you are facing sluggish performance.
Also, I don't understand the part where you mentioned "
Packet merged source <here public ip of my ipsec endpoint> destination <public ip of srx240>" - Do you mean both the Source IP and the Destination IP are the SRX's interface IP? or the Source IP is the st0 IP?------------------------------
***π«π ππππ ππππ ππππππ ππ πΊπππππ
, ππ ππ ππ
π
ππππππ ππππ πππππ***
π½ππππππ,
ππππ ππππππ.
------------------------------
Original Message:
Sent: 03-22-2021 11:40
From: Unknown User
Subject: Performance degradation
Hi, everyone
I have srx240 in cluster mode with two ipsec tunnels, filter-based forwarding, some stateless firewall rules, three vlans, a few zones and policies. Nothing resource intensive i think.
Everything was fine, but today I was bombarded with messages like this
RT_FLOW: FLOW_REASSEMBLE_SUCCEED: Packet merged source <here public ip of my ipsec endpoint> destination <public ip of srx240> ipid 42988 succeed
The speed of the Internet and via ipsec tunnels dropped. Traceroute from local network shows 50-60% losses on SRX240.
Here is the output of the chassis metrics
{primary:node0}[edit]# run show chassis routing-engine node0:--------------------------------------------------------------------------Routing Engine status: Temperature 41 degrees C / 105 degrees F CPU temperature 39 degrees C / 102 degrees F Total memory 1024 MB Max 727 MB used ( 71 percent) Control plane memory 544 MB Max 403 MB used ( 74 percent) Data plane memory 480 MB Max 326 MB used ( 68 percent) CPU utilization: User 14 percent Background 0 percent Kernel 26 percent Interrupt 0 percent Idle 60 percent Model RE-SRX240H Serial ID AABP9504 Start time 2021-03-22 14:03:39 UTC Uptime 1 hour, 13 minutes, 13 seconds Last reboot reason 0x20:power-button soft power off Load averages: 1 minute 5 minute 15 minute 0.64 0.75 0.73{primary:node0}[edit]# run show chassis forwarding node0:--------------------------------------------------------------------------FWDD status: State Online Microkernel CPU utilization 13 percent Real-time threads CPU utilization 11 percent Heap utilization 68 percent Buffer utilization 1 percent Uptime: 1 hour, 10 minutes, 49 seconds
Security flow settings
# show security flow tcp-mss { ipsec-vpn { mss 1350; }}tcp-session { no-sequence-check;}
Can someone tell me where to dig in this situation?
Thanks.