There is a PR 1692526 which probably has something to do with this. The PR is not public, because no customer has reported it yet. It increases SPU utilization, and crashes it eventually. The trigger of this is the firewall events that SPU has to process for a logical interface, i.e. tunnel, loopback etc. In other words, if you have high number of firewall filters applied to logical interfaces like tunnel, Loopback interfaces (I have reason to believe that it is applicable to firewall filters applied on IFLs as well), you will face high SPU utilization and it can lead to crash in some scenario. You mentioned that you have IPsec implementation, probably this is the one that is affecting you.
Note: I do not have the configuration, or details about the full setup, so this is just a guess. Please open a case with JTAC to verify.
------------------------------
Sougata Ray
**Please note upgrade guidance might not be complete for all implementation/configurations. Before proceeding with an update please ensure you have tested in a lab environment and/or a backup copy of the original configuration. If urgent assistance is needed, please open a JTAC ticket (Only an option until July 1, 2023 for upgrading Junos 10-11-13).**
------------------------------
Original Message:
Sent: 04-25-2024 02:22
From: Omar Dzag
Subject: SRX300 - Slow performance after update
Hi,
I have several hundred SRX300, some of them in cluster mode, they all worked on 15 version. A few weeks ago, I started updating them to the recommended version - 21.4R3-S4 and after the update I noticed that performance decreased. Decreased in part of IPsec. We received user complaints and alerts from monitoring systems about SPU utilization
------------------------------
Omar Dzag
------------------------------