To be fair, that Junos version is a significantly old one and well out of JTAC support these days (it is typically recommended to remain within 4 versions of the current year, so 18.4 is moving to the end of it's lifecycle, if it hasn't ended already). While the software version is not necessarily directly related, there could certainly be a memory leak of some sort in this version, but it's hard to tell with a vintage release such as that.
While I also hate to recommend upgrading without a concrete thing to point to, it is probably best to upgrade to the Junos recommended version for your platform here (
Article Detail (juniper.net)) unless you have a very specific reason why you are running this specific Junos version.
As for the firewall memory, do you utilize a large number of firewall filters in your router configuration? While not entirely indicative, how many lines of config is your "firewall" section of the configuration? (or alternatively, if you have the number, how many terms are defined in all your filters combined?)
I am aware it's not a 1:1 relation to firewall memory, but just to have a rough indication of how extensive of a firewall configuration we are talking about here.
Original Message:
Sent: 11-01-2022 13:47
From: BEN FELDMAN
Subject: MX960 Memory Issue
Hi.
I work for a small ISP and we currently use an MX960 as our primary gateway. Around a year ago, we had an issue with the router running out of memory.To fix the immediate problem, we gave the 'set chassis memory-enhanced route' command, then rebooted each fpc card.
According to the Juniper documentation, the jtree memory on all MX Series Packet Forwarding Engines has 2 segments: One segment primarily stores routing tables and related information, and the other mainly stores firewall-filter-related information. The 'set chassis memory-enhanced route' command allows you to support larger routing tables over firewall filters. Giving this command fixed the routing issues we had been having on the MX960.
Within the last few months we have started seeing messages like the following for all our PFE's:
Nov 1 16:45:00 BSTN_Juniper_MX960_1 smid: FPC Resource Monitor: FPC 5 PFE 1 FW / Filter
Memory has crossed free memory watermark of 15
It appears that we are now running low on firewall filter memory. I guess the question is whether there's anything we can do about this short of upgrading to a newer router with more memory. This router is using Junos 15.1F2.8. Not sure if that is related to this problem.
Any help greatly appreciated.
Ben
------------------------------
BEN FELDMAN
------------------------------