Junos OS

 View Only
last person joined: 23 hours ago 

Ask questions and share experiences about Junos OS.
  • 1.  Performance degradation

    Posted 03-22-2021 11:40

    Hi, everyone

    I have srx240 in cluster mode with two ipsec tunnels, filter-based forwarding, some stateless firewall rules, three vlans, a few zones and policies. Nothing resource intensive i think.

    Everything was fine, but today I was bombarded with messages like this

    RT_FLOW: FLOW_REASSEMBLE_SUCCEED: Packet merged source <here public ip of my ipsec endpoint> destination <public ip of srx240>  ipid 42988 succeed

    The speed of the Internet and via ipsec tunnels dropped. Traceroute from local network shows 50-60% losses on SRX240.

    Here is the output of the chassis metrics

    {primary:node0}[edit]
    # run show chassis routing-engine    
    node0:
    --------------------------------------------------------------------------
    Routing Engine status:
        Temperature                 41 degrees C / 105 degrees F
        CPU temperature             39 degrees C / 102 degrees F
        Total memory              1024 MB Max   727 MB used ( 71 percent)
          Control plane memory     544 MB Max   403 MB used ( 74 percent)
          Data plane memory        480 MB Max   326 MB used ( 68 percent)
        CPU utilization:
          User                      14 percent
          Background                 0 percent
          Kernel                    26 percent
          Interrupt                  0 percent
          Idle                      60 percent
        Model                          RE-SRX240H
        Serial ID                      AABP9504
        Start time                     2021-03-22 14:03:39 UTC
        Uptime                         1 hour, 13 minutes, 13 seconds
        Last reboot reason             0x20:power-button soft power off
        Load averages:                 1 minute   5 minute  15 minute
                                           0.64       0.75       0.73
    
    {primary:node0}[edit]
    # run show chassis forwarding        
    node0:
    --------------------------------------------------------------------------
    FWDD status:
      State                                 Online    
      Microkernel CPU utilization        13 percent
      Real-time threads CPU utilization  11 percent
      Heap utilization                   68 percent
      Buffer utilization                  1 percent
      Uptime:                               1 hour, 10 minutes, 49 seconds
    


    Security flow settings

    # show security flow                              
    tcp-mss {
        ipsec-vpn {
            mss 1350;
        }
    }
    tcp-session {
        no-sequence-check;
    }
    


    Can someone tell me where to dig in this situation?

    Thanks.



  • 2.  RE: Performance degradation

    Posted 03-23-2021 01:58
    Hi,
      There are lots of logs to consider in investigating this scenario.

    For one, we need to know;
       what were the configuration changes before this issue happened?
      check running background services on your srx;
          show system processes extensive
     
    check if there are known descriptive logs ;
         show log messages |last 200

    Leangf

    ------------------------------
    ANGFE LANDAGAN
    ------------------------------