Junos OS

 View Only
last person joined: yesterday 

Ask questions and share experiences about Junos OS.
  • 1.  Session limit for MX960 MS-MPC card

    Posted 06-24-2016 01:43

    Hi,

     

    I need to know what is the session limit of MX960 MS-MPC card, in network there are two MX960 running as active-active we need to know if we change it to active-passive then if one device will be able to take load of both.

     

    Regards,



  • 2.  RE: Session limit for MX960 MS-MPC card

     
    Posted 06-24-2016 02:33

    Hi,

     

    I believe that will depend on the specific MPC card. The datasheet could answer this:

    http://www.juniper.net/us/en/local/pdf/datasheets/1000208-en.pdf

     

    Cheers,

    Ashvin

     



  • 3.  RE: Session limit for MX960 MS-MPC card

    Posted 06-25-2016 08:06

    If you are looking to see how many sessions each current MX is handling so you can determine if they can be handled by one device. 

     

    show services sessions count



  • 4.  RE: Session limit for MX960 MS-MPC card

    Posted 06-25-2016 08:36

    Hello,

    I guess Your question is about CGNAT or SFW limits of the MS-MPC.

    Each MS-MPC has 4 independendly working parts commonly known as NPUs, and each NPU can hold 15M sessions max.

    Therefore, for the whole MS-MPC card the session limit is 60M.

    HTH

    Thx

    Alex



  • 5.  RE: Session limit for MX960 MS-MPC card

    Posted 06-26-2016 09:26

    Hello Alex/All,

     

    Thanks for your responses, yes it is about CGNAT and is there any document that refer to this figure? Or is it possible to check available sessions and utilized sessions via any command?

     

    Regards,



  • 6.  RE: Session limit for MX960 MS-MPC card

    Posted 06-26-2016 09:47

    For CGNAT probably the best overall count commands would be 

     

    show services stateful-firewall flows count
    
    show services nat pool detail 

     



  • 7.  RE: Session limit for MX960 MS-MPC card

    Posted 06-26-2016 21:49

    Hi Steve,

     

    Thanks for the commands, I will check these.

     

    Hi Alex,

     

    Can you please share the doc or share link where I can check the session limit figure for this card.

     

    Regards,



  • 8.  RE: Session limit for MX960 MS-MPC card

    Posted 03-01-2018 09:09

    I think the original question asked by "Vvk" was regarding module capabilities. Seems that "spuluka" is showing how to see *current/live* sessions in an active network. But regarding how to see current sessions in a live network, I see the following on my MX104 in my lab. Granted, this is on an MX104 w/MS-MIC-16G and not an MX960, which is what "Vvk" is asking about, but this is CGNAT config regardless, so i wonder if this "show services stateful-firewall flows count" command is not a good way to see existing sessions... it isn't working in my case, however this command does work "show services flows count"

    . I will be turning up a CGNAT test soon with an MX240 w/MS-MPC-128G and also an MX960 w/MS-MPC-128G in my lab, so I'll have more info on that later.


    ... does not work...

    agould@lab-104> show services stateful-firewall flows count
    Interface Service set Flow count
    ms-0/0/0 cgn-sset 0

     

    ...does work...

    agould@lab-104> show services flows count
    Interface Service set Flow count
    ms-0/0/0 cgn-sset 183

     

    ...more info about the question "Vvk" asked about MS-MPC capabilities...(I mention translation/session capabilities below, but throughput (gbps) is a whole other topic)

     

    https://www.juniper.net/documentation/en_US/junos/topics/concept/nat-best-practices.html

     

    The maximum NAT pool size for each slot on an MS-MPC is 256 IP addresses because each slot supports a maximum of 30 million sessions, or 15 million conversations, which require 15 million ports. A total of 15 million ports are available with 256 IP addresses, with each IP address having a port range of 1024-65535.

     

    https://www.omnilink.com.ua/files/juniper-networks-o.prokofiev.pdf
    ...page 28 mentions 30 million flows per NPU on MS-MPC

     

    one link mentions "slot" for 30 million sessions, and the other link so "NPU" 30 million flows...
    like with a lot of things, we have to scale the language barrier...

     

    session - ?
    conversation - ?
    flow - ?
    slot - ?
    npu ?

     

    it seems confusing or contradictory. I mean, i understand a flow to be a one-way thing... and a session to be flow*2 pretty much... like if i have an active tcp session with a remote host, i have 1 session, but 2 flows, the session being the overall bidirectional communication tcp channel/session that i have, but that is made up of 2 flows, the flow from inside--->out, and the flow from outside--->in. see my lab mx104 and how the count of flows is 2x the amount of sessions

     

    agould@lab-104> show services sessions count
    Interface Service set Sessions count
    ms-0/0/0 cgn-sset 20

     

    agould@lab-104> show services flows count
    Interface Service set Flow count
    ms-0/0/0 cgn-sset 40

     



  • 9.  RE: Session limit for MX960 MS-MPC card

    Posted 03-03-2018 06:06

    As I understood the question, he was running two MX in active / active mode with sessions on both.

     

    The desire was to change to active / passive so that all sessions are on a single box.

     

    Thus the current counts on both devices needed to be determined to see if the total is more than the rated capacity of the single device, which I assume he already knew for  his cards as he was not noting the card models or asking for the capacity