Log in to ask questions, share your expertise, or stay connected to content you value. Don’t have a login? Learn how to become a member.
To fix the immediate problem, we gave the 'set chassis memory-enhanced route' command, then rebooted each fpc card.
According to the Juniper documentation, the jtree memory on all MX Series Packet Forwarding Engines has 2 segments: One segment primarily stores routing tables and related information, and the other mainly stores firewall-filter-related information. The 'set chassis memory-enhanced route' command allows you to support larger routing tables over firewall filters. Giving this command fixed the routing issues we had been having on the MX960.
Within the last few months we have started seeing messages like the following for all our PFE's:
Nov 1 16:45:00 BSTN_Juniper_MX960_1 smid: FPC Resource Monitor: FPC 5 PFE 1 FW / Filter
Memory has crossed free memory watermark of 15
It appears that we are now running low on firewall filter memory. I guess the question is whether there's anything we can do about this short of upgrading to a newer router with more memory. This router is using Junos 15.1F2.8. Not sure if that is related to this problem.Any help greatly appreciated.Ben
I don't know if this was counted in the "display set" format or the hierarchical format, but 557 shouldnt be a hugely excessive amount, even on an older MX960 in my experience. For comparison, while it's a much newer platform, we have approximately 1700 lines of firewall config on our MX10003 (4500 if you count it in hierarchical formatting). Of course this is not comparable due to being a significantly newer hardware platform, and while I don't know the model of MPC you are running, I suspect it should still easily be capable of handling that scale.Is there a specific reason you are running the Junos version you're running? It is a rather old one, and not even the latest release in that main version.My personal recommendation would be to upgrade the router to the recommended Junos release in the link above and seeing if the issue persists, and if not potentially engaging JTAC for support (given your Junos version their first recommendation will also be upgrading, since the Junos version you are running is no longer under support for a few years already).