Screen OS

 View Only
last person joined: 6 months ago 

This is a legacy community with limited Juniper monitoring.
Expand all | Collapse all

SSG5-Serial high memory usage?

  • 1.  SSG5-Serial high memory usage?

    Posted 05-07-2013 06:59

    Hi Guys,

     

    We just recently noticed that our SSG 5-Serial firewall is using a lot of memory while the other resources are low. Isn’t it should just be the same with the CPU? Any explanation on why this is happening? By the way, firmware version was on 6.3.0r6.0.

    resouces

                           

    Thank You,

     

    Arnel


    #SSG5
    #resources
    #memory
    #ssg5-serial
    #high


  • 2.  RE: SSG5-Serial high memory usage?

     
    Posted 05-07-2013 07:11

    Hello.

     

    Do you have any historical data on the memory? 

     

    On ScreenOS, unless you're doing Anti-Virus or routing-protocols, the memory utilization will remain static.  It would be a point of concern if memory utilization continued to increase.

     

    I've seen ScreenOS firewalls run OK, even with 90+% memory used. since all the processes pre-allocates the memory -- session table, etc.

     

     

    I would check "get mem" and "get mem pool" and check if alloc memory does not continue to increase.  If it does, then the firewall could potentially be facing a memory leak.

     

    By the way, are you able to reboot the SSG5 and check memory used?  If the same amount of memory is used even after a reboot, then there would be no memory leak...

     

    Regards,

    Sam



  • 3.  RE: SSG5-Serial high memory usage?

    Posted 05-07-2013 08:32

    Hi Sam,

     

    Thanks for your quick response. When we perform a reboot it’s at 80+% and over time, it will turn red and will be at 100%. This will happen after a month or so since the memory gradually increases. Also, here’s the result after running these commands.

     

    get mem

     

    Thanks,

     

    Arnel



  • 4.  RE: SSG5-Serial high memory usage?

     
    Posted 05-07-2013 08:51

    The "sys" portion of "get mem pool" seems high.  There seems to be a number of bug fixes addressing sys pool memory leak.

     

    One is SSH causing this to occur. Another is DI or Anti-spam...

     

    I suggest upgrading to latest 6.3.x (I believe it is 6.3.0r14), and monitor the firewall.

     

     

     

    Regards,

    Sam

     

     



  • 5.  RE: SSG5-Serial high memory usage?

    Posted 05-07-2013 09:38

    Thanks Sam. We'll let you know what happens after the upgrade.

     

    Thank You,

     

    Arnel



  • 6.  RE: SSG5-Serial high memory usage?

    Posted 05-07-2013 14:56

    Hi Sam,

     

    The memory usage seem to have been reduced after the update but it is still high. Here's the "get mem" and "get mem pool" result after the update. Is this normal? Please advise.

     

    get mem_after update

     

    Thank You,

     

    Arnel



  • 7.  RE: SSG5-Serial high memory usage?

     
    Posted 05-07-2013 15:24

    The only thing I can think of is UTM.

     

    Are you running Anti-Virus or any other UTM features?

     

    What does "get license" look like?

     

    If you are not using any UTM features, but license still exists, I recommend "exec license delete xxxx" and reboot the firewall.

     

    Also, I assume you have the 256MB version... (get system | inc memory).

     

    Otherwise, the sys mem pool looks about right now (after the reboot).

     

    I suspect you'll no longer see the memory utilization keep rising...

     

    Regards,

    Sam



  • 8.  RE: SSG5-Serial high memory usage?

    Posted 05-08-2013 12:14
      |   view attached

    Hi Sam,

     

    I apologize for the late response. Yes, “get license” shows we have some UTM features enabled and yes it’s the 256mb version. I’ve been monitoring the memory resources since the firmware update and I’ve noticed that there is a slight rise in fall in the memory allocation (see attached) based from “get mem” and “get mem pool” command. Is it normal?

     

    get license

     

    Thank You,

     

    Arnel

    Attachment(s)

    zip
    screenshots.zip   52 KB 1 version


  • 9.  RE: SSG5-Serial high memory usage?
    Best Answer

     
    Posted 05-08-2013 12:20

    Hello.

     

    That's very slight change in the memory use.  If it's a slow memory leak, then it could take awhile to notice.  I suggest to monitor for a week and check the delta. 

     

    Looks as if the license keys are no longer in use.  I highly recommend removing them and rebooting the firewall.  This will free up a lot of the memory.  Even with an expired license key, seems as if the firewall pre-allocates a chunk for the UTM process.

     

     

    exec lic del di_db_key

    exec lic del av_v2_key

    ... etc...

     

     

    Best Regards,

    Sam

     

     

     



  • 10.  RE: SSG5-Serial high memory usage?

    Posted 05-08-2013 13:43

    Thanks Sam! I really appreciate your help. 🙂 We'll remove the license keys and we'll let you know what happens.

     

    Thank You,

     

    Arnel



  • 11.  RE: SSG5-Serial high memory usage?

    Posted 05-08-2013 14:22

    Wow! Deleting those keys indeed freed up a lot of memory. Thank you very much!!!

    get mem_after del lic

     

    One more question though. Is this where we safely remove the unsused policy (using the remove option)? We would just like to remove this policy as well.

    unused policy

     

    Thanks,

     

    Arnel



  • 12.  RE: SSG5-Serial high memory usage?

     
    Posted 05-08-2013 14:25

    nice.  now your memory pool usage looks almost exactly like mine (i have a ssg5 with no UTM license).

     

    yes, that's where you would remove unwanted policies.

     

    Regards,

    Sam



  • 13.  RE: SSG5-Serial high memory usage?

    Posted 05-08-2013 15:19

    Great! Thanks for all your help Sam. 🙂