I need to know what is the session limit of MX960 MS-MPC card, in network there are two MX960 running as active-active we need to know if we change it to active-passive then if one device will be able to take load of both.
I believe that will depend on the specific MPC card. The datasheet could answer this:
If you are looking to see how many sessions each current MX is handling so you can determine if they can be handled by one device.
show services sessions count
I guess Your question is about CGNAT or SFW limits of the MS-MPC.
Each MS-MPC has 4 independendly working parts commonly known as NPUs, and each NPU can hold 15M sessions max.
Therefore, for the whole MS-MPC card the session limit is 60M.
Thanks for your responses, yes it is about CGNAT and is there any document that refer to this figure? Or is it possible to check available sessions and utilized sessions via any command?
For CGNAT probably the best overall count commands would be
show services stateful-firewall flows count
show services nat pool detail
Thanks for the commands, I will check these.
Can you please share the doc or share link where I can check the session limit figure for this card.
I think the original question asked by "Vvk" was regarding module capabilities. Seems that "spuluka" is showing how to see *current/live* sessions in an active network. But regarding how to see current sessions in a live network, I see the following on my MX104 in my lab. Granted, this is on an MX104 w/MS-MIC-16G and not an MX960, which is what "Vvk" is asking about, but this is CGNAT config regardless, so i wonder if this "show services stateful-firewall flows count" command is not a good way to see existing sessions... it isn't working in my case, however this command does work "show services flows count"
. I will be turning up a CGNAT test soon with an MX240 w/MS-MPC-128G and also an MX960 w/MS-MPC-128G in my lab, so I'll have more info on that later.
... does not work...
agould@lab-104> show services stateful-firewall flows countInterface Service set Flow countms-0/0/0 cgn-sset 0
agould@lab-104> show services flows countInterface Service set Flow countms-0/0/0 cgn-sset 183
...more info about the question "Vvk" asked about MS-MPC capabilities...(I mention translation/session capabilities below, but throughput (gbps) is a whole other topic)
The maximum NAT pool size for each slot on an MS-MPC is 256 IP addresses because each slot supports a maximum of 30 million sessions, or 15 million conversations, which require 15 million ports. A total of 15 million ports are available with 256 IP addresses, with each IP address having a port range of 1024-65535.
https://www.omnilink.com.ua/files/juniper-networks-o.prokofiev.pdf...page 28 mentions 30 million flows per NPU on MS-MPC
one link mentions "slot" for 30 million sessions, and the other link so "NPU" 30 million flows...like with a lot of things, we have to scale the language barrier...
session - ?conversation - ?flow - ?slot - ?npu ?
it seems confusing or contradictory. I mean, i understand a flow to be a one-way thing... and a session to be flow*2 pretty much... like if i have an active tcp session with a remote host, i have 1 session, but 2 flows, the session being the overall bidirectional communication tcp channel/session that i have, but that is made up of 2 flows, the flow from inside--->out, and the flow from outside--->in. see my lab mx104 and how the count of flows is 2x the amount of sessions
agould@lab-104> show services sessions countInterface Service set Sessions countms-0/0/0 cgn-sset 20
agould@lab-104> show services flows countInterface Service set Flow countms-0/0/0 cgn-sset 40
As I understood the question, he was running two MX in active / active mode with sessions on both.
The desire was to change to active / passive so that all sessions are on a single box.
Thus the current counts on both devices needed to be determined to see if the total is more than the rated capacity of the single device, which I assume he already knew for his cards as he was not noting the card models or asking for the capacity