Switching

Hi all,

Today  our switch EX4500 had an outage, the CPU process rise to 100 and the whole switch restart.

And from the "show system process extensive" command , it shows the process sfid consume most of the CPU resource, even after restart, I am afraid of it being crash again.

What is this process used for, how to reduce the CPU usage,and where can I check the information about system processes.

Thanks.

Frank

Hi,

The sfid is the software forwarding infrastructure (sfid)..  I haven't been able to find much on the sfid process, just a few references to it as the "software forwarding process"

maybe @parau@juniper.net can explain a bit more about the sfid

What Junos version are your running ? their was a bug in the 12.3R8 junos version it has been resolved in the 12.3R9 version.

On EX4500 or EX4550 switches, the software forwarding infrastructure daemon (sfid) might continuously create core files, causing interruptions in traffic, because packets are erroneously freed twice. A possible trigger is the handling of Layer 2 protocol tunneling packets. [PR/941482: This issue has been resolved.]

Hi,

The system version "13.2X50-D15.3"

And I check the log found lots of record like "inetd[1090]: /usr/libexec/telnetd[5270]", frequency is about 50 times a second.

Did this mean it is under a DDoS/DoS.

Frank

Someone or something is trying to access the device by telnet (it smells like that). Have you telnet enabled ? are you using it ? if not I suggest setting it to delete it from the config.

A firewall filter inplace to allow only specific access towards the device it self will also help you to protect the device a bit more.

delete system services telnet

Hi,

I checked ,it is not an attack, that's the TCP ping I configured on my cacti.

But the CPU is still high ,and sfid still consume about half of the CPU.

Frank

then you have a strange cacti setup if your are doing 50 times a second an connection towards the telnet port of the ex device. I don't believe that an tcp ping can achieve that from within cacti

Hi,

I disable the tcp ping, and the log never showed again.

Frank

Hi,

It is interesting that I found if I deactive a family inet6 of one port, the CPU consume of sfid drops, is there relationships between sfid and IPv6 forwading ?

Frank

Hi,

I solved the problem, it's not because IPv6, but IPv6 over GRE tunnel, the question is during that time the traffic over GRE tunnel is only at maximum of 100 M , and it caused the CPU consume of sfid very high.

So what's the GRE handling capacity on EX4500?

Frank

HI,

gre traffic is traffic that is handled in "software"so th the sfid picksup the traffic and starts processing it. What kind of traffic is running over your gre tunnel ?

Hi,

It's IPv6 traffic over my GRE tunnel.

Frank