SRX

Hi all,

I got a new SRX 210 with 1 GB memory and i am working on it. i find that with default factory configuration  on the box, the memory usage is already about 89% at J-WEB web ui which i feel is high....

root# run show chassis routing-engine
Routing Engine status:
    Temperature                 46 degrees C / 114 degrees F
    DRAM                      1024 MB
    Memory utilization          90 percent
    CPU utilization:
      User                       1 percent
      Background                 0 percent
      Kernel                     2 percent
      Interrupt                  0 percent
      Idle                      97 percent
    Model                          RE-SRX210-HIGHMEM
    Serial ID                      AAAH4707
    Start time                     2009-10-02 14:04:13 UTC
    Uptime                         1 hour, 22 minutes, 32 seconds
    Last reboot reason             0x200:chassis control reset
    Load averages:                 1 minute   5 minute  15 minute
                                       1.25       1.31       1.28
 

i am curious it that normal ? Cant imagine if i turn on other service like anti-virus what willl happen to the box..

thank you

Meng Kiat

Yes I believe this is normal; I think there have been other postings about it.

I believe the SRX pre-allocates memory to all running processes, whether its needed at that time or not, and thus it looks like the Memory utilization is high, even if the box is just sitting there not handling any traffic.

hi,

can anyone shared the memory usage of the SRX when first open up ? I still very worry about the high memory usage with factory default setting config .

thank you

I have the same "problem" but they told me it's normal. It was 85% and when I enabled IDP and UTM went to 92-95%

Nice...

Hi,

same to me also, turn on IDP,antivirus web filter 92%..

my network users is about 50 users. 

do you experience slow or any abnormal operation for the box ? hang , reboot by it self or any other strange symptom ?

can i know how many user in your network ?

thank you

hello,

try to upgrade to JUNOS 9.6.

regards! 

Hi,

My current JUNOS is 9.5. Is it this due to JUNOS Operation ? After upgrade what is the different ?

Thank you

Meng Kiat

Hello, 

when i have JUNOS 9.5 on my device, the CPU charge was very high, with JUNOS 9.6 the things are different, try it! 😉

these are my cpu charge on both nodes:

root> show chassis routing-engine

node0:

--------------------------------------------------------------------------

Routing Engine status:

    Temperature                 34 degrees C / 93 degrees F

    CPU temperature             33 degrees C / 91 degrees F

    DRAM                      1024 MB

    Memory utilization          81 percent

    CPU utilization:

      User                       7 percent

      Background                 0 percent

      Kernel                     4 percent

      Interrupt                  0 percent

      Idle                      89 percent

    Model                          RE-SRX240-HIGHMEM

    Serial ID                      AAAJ9166

    Start time                     2009-10-07 08:12:32 CEST

    Uptime                         10 hours, 6 minutes, 47 seconds

    Last reboot reason             0x20:power-button soft power off

    Load averages:                 1 minute   5 minute  15 minute

                                       0.07       0.05       0.01

node1:

--------------------------------------------------------------------------

Routing Engine status:

    Temperature                 35 degrees C / 95 degrees F

    CPU temperature             32 degrees C / 89 degrees F

    DRAM                      1024 MB

    Memory utilization          71 percent

    CPU utilization:

      User                       4 percent

      Background                 0 percent

      Kernel                     1 percent

      Interrupt                  0 percent

      Idle                      96 percent

    Model                          RE-SRX240-HIGHMEM

    Serial ID                      AAAJ9122

    Start time                     2009-10-07 08:55:18 CEST

    Uptime                         9 hours, 23 minutes, 59 seconds

    Last reboot reason             0x20:power-button soft power off

    Load averages:                 1 minute   5 minute  15 minute

                                       0.07       0.02       0.00

regards 

Hi,

will give it a try to upgrade to junos 9.6 for my SRX  

will see how it goes

thank you

Hi Lim,

Don't worry about this, really.

SRX as any other stateful firewall preallocates memory for all the thousands of sessions it can support. It is really important to improve new sessions per seconds capabilities and also to insure that nothing can block new sessions occuping too much memory.

If you look at any ScreenOS firewall, you'll se almost the same. It is really OK.

Look at this snippet.

pash@J2350> show system processes extensive
last pid: 10878;  load averages:  0.06,  0.04,  0.01  up 0+23:07:39    13:46:45
109 processes: 3 running, 88 sleeping, 18 waiting

Mem: 90M Active, 165M Inact, 519M Wired, 140M Cache, 69M Buf, 79M Free
Swap: 85M Total, 85M Free


  PID USERNAME  THR PRI NICE   SIZE    RES STATE    TIME   WCPU COMMAND
   11 root        1 171   52     0K    12K RUN     21.3H 95.95% idle
 1032 root        1  96    0   481M   481M RUN     98:28  1.71% fwdd
   12 root        1 -20 -139     0K    12K WAIT     4:39  0.00% swi7: clock sio
 1071 root        1  96    0  6920K  6132K select   0:41  0.00% utmd
 1070 root        1  96    0  6552K  5328K select   0:38  0.00% jdiameterd
  926 root        1  20    0     0K    12K rtl_gp   0:31  0.00% rtl_alloc
 1047 root        1  96    0  9020K  7660K select   0:31  0.00% l2ald
 1019 root        1  96    0 18768K 13228K select   0:26  0.00% chassisd
 1082 root        1  96    0 14276K 13032K select   0:22  0.00% snmpd
[...] 

Most allocated memory is eaten by fwdd (J-series) of flowd_octeon (SRX). This is the demon which performs traffic forwarding. You'd rather let it do so. Memory load will not rise with more traffic, you can test.

If you really need additional memory, you can try to turn off some processes you don't need. First be sure you know what you are doing!

pash@J2350# run show system processes extensive | match free
Mem: 99M Active, 165M Inact, 520M Wired, 140M Cache, 69M Buf, 69M Free
Swap: 85M Total, 85M Free

[edit]
pash@J2350# run show system processes extensive | match idp
13353 root        1  96    0 78928K  8864K select   0:00  0.00% idpd

[edit]
pash@J2350# run show system processes extensive | match utm
13354 root        1  96    0  6912K  6188K select   0:00  0.00% utmd

[edit]
pash@J2350# run show system processes extensive | match snmp
13352 root        1  96    0 14284K 13040K select   0:03  1.78% snmpd

[edit]
pash@J2350# show | compare rollback 1
[edit system]
-   processes {
-       idp-policy disable;
-       snmp disable;
-       utmd disable;
-   }

[edit]
pash@J2350# rollback 1
load complete

[edit]
pash@J2350# commit
commit complete

[edit]
pash@J2350# run show system processes extensive | match snmp

[edit]
pash@J2350# run show system processes extensive | match utm

[edit]
pash@J2350# run show system processes extensive | match idp

[edit]
pash@J2350# run show system processes extensive | match free
Mem: 89M Active, 165M Inact, 520M Wired, 140M Cache, 69M Buf, 79M Free
Swap: 85M Total, 85M Free

Hovewer I think it can only be useful on J-series, when you want to have a few hundred thousand routes. Not on SRX100/200, which, I think, is not capable to perform such a task anyway, and not on SRX650, which has 2 Gigs of RAM.

P. S.

If you ever notice SRX consumes to much CPU resources, check this link:

http://forums.juniper.net/jnet/board/message?board.id=srx&message.id=147&query.id=1634779&searchid=1252416322735

--

Kind regards,

Pavel