Routing

 View Only
last person joined: 2 days ago 

Ask questions and share experiences about ACX Series, CTP Series, MX Series, PTX Series, SSR Series, JRR Series, and all things routing, including portfolios and protocols.
  • 1.  Juniper Srx 345 - Have i hit hardware limits?

    Posted 07-05-2022 12:03

    Hello

    Could use some help deciding if i hit hardware limit or i have bad config.

    Device: Juniper srx345-dual-ac, fw 21.2R1.10

    When reading datasheet it states the following:

    Routing with packet mode (IMIX packet size) 2,300 Mbps
    Stateful firewall (IMIX packet size) 1700 Mbps
    IPsec VPN (IMIX packet size) 300 Mbps

    In short i have one uplink to internet and one trunk port with 9 vlans. There is about 350/350 traffic on trunk port between vlans. And 30/15 on ipsec tunnel over internet. Currently i have security policies that allow all traffic between vlans. Not global but seperate one for each vlan.

    Security loging mode is set to event, changing to streaming didnt change much.

    With this simple setup the load is following:

    show chassis routing-engine
    Routing Engine status:
        Temperature                 37 degrees C / 98 degrees F
        CPU temperature             70 degrees C / 158 degrees F
        Total memory              4096 MB Max  1761 MB used ( 43 percent)
          Control plane memory    2320 MB Max   928 MB used ( 40 percent)
          Data plane memory       1776 MB Max   835 MB used ( 47 percent)
        5 sec CPU utilization:
          User                      12 percent
          Background                 0 percent
          Kernel                     8 percent
          Interrupt                  0 percent
          Idle                      80 percent
        Model                          RE-SRX345-DUAL-AC
        Serial ID                      
        Start time                     2022-07-05 09:10:16 EEST
        Uptime                         4 hours, 34 minutes, 40 seconds
        Last reboot reason             0x1:power cycle/failure
        Load averages:                 1 minute   5 minute  15 minute
                                           0.22       0.20       0.17
    
    show chassis forwarding
    FWDD status:
      State                                 Online
      Microkernel CPU utilization        13 percent
      Real-time threads CPU utilization  53 percent
      Heap utilization                   47 percent
      Buffer utilization                  3 percent
      Uptime:                               4 hours, 35 minutes, 52 seconds
    
    show security monitoring
                      Flow session   Flow session     CP session     CP session
    FPC PIC CPU Mem        current        maximum        current        maximum
      0   0  85  53           1948         384000            N/A            N/A


  • 2.  RE: Juniper Srx 345 - Have i hit hardware limits?

    Posted 09-28-2022 12:12
    Probably making myself look stupid but I don't see it or don't understand. Sorry, why do you think you have a problem?

    ------------------------------
    SIMON MOORCROFT
    ------------------------------



  • 3.  RE: Juniper Srx 345 - Have i hit hardware limits?

    Posted 09-29-2022 06:38
    Hello

    Problem comes from fact that 350/350mb traffic between different zones makes router use 85-99% of the cpu and traffic starts lagging. Datasheet suggests that so litle traffic should be easyle handled.

    Use case: zone 1 has about 100 cameras, zone 2 has recording servers that record zone 1 cameras, zone 3 has client pc-s that stream from recording servers. and so fort. There is one trunk port in router that carries all the different vlans (in different zones). Currently very basic firewall setup and no other advanced features running. Its enought to get router to 99% utilisation.


  • 4.  RE: Juniper Srx 345 - Have i hit hardware limits?

    Posted 09-29-2022 06:44
    During one of the periods of high cpu run these commands to see which process is responsible for the high cpu.  Once the process is identified it will be easier to see the cause.

    show chassis routing-engine

    show system processes extensive | except 0.0

    show system queues

    ------------------------------
    Steve Puluka BSEET - Juniper Ambassador
    IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP - Retired)
    http://puluka.com/home
    ------------------------------



  • 5.  RE: Juniper Srx 345 - Have i hit hardware limits?

    Posted 09-29-2022 11:48
    Hello

    il post the outputs:

    show chassis routing-engine:
    Routing Engine status:
    Temperature 35 degrees C / 95 degrees F
    CPU temperature 67 degrees C / 152 degrees F
    Total memory 4096 MB Max 1720 MB used ( 42 percent)
    Control plane memory 2320 MB Max 882 MB used ( 38 percent)
    Data plane memory 1776 MB Max 835 MB used ( 47 percent)
    5 sec CPU utilization:
    User 16 percent
    Background 0 percent
    Kernel 12 percent
    Interrupt 0 percent
    Idle 71 percent
    Model RE-SRX345-DUAL-AC
    Serial ID [removed]
    Start time 2022-07-05 09:10:16 EEST
    Uptime 86 days, 4 hours, 40 minutes, 19 seconds
    Last reboot reason 0x1:power cycle/failure
    Load averages: 1 minute 5 minute 15 minute
    0.69 0.46 0.35

    show system processes extensive | except 0.0

    last pid: 84621; load averages: 0.21, 0.36, 0.32 up 86+04:42:11 13:51:36
    207 processes: 22 running, 170 sleeping, 15 waiting

    Mem: 637M Active, 317M Inact, 1884M Wired, 772M Cache, 112M Buf, 354M Free
    Swap: 792M Total, 792M Free


    PID USERNAME PRI NICE SIZE RES STATE C TIME WCPU COMMAND
    1974 root 123 0 1944M 1214M CPU1 1 6527.2 93.95% flowd_octeon_hm
    1974 root 123 0 1944M 1214M CPU2 2 6527.2 92.48% flowd_octeon_hm
    1974 root 123 0 1944M 1214M CPU3 3 6527.2 92.48% flowd_octeon_hm
    25 root 155 52 0K 16K RUN 0 1563.0 73.68% idle: cpu0
    1974 root 26 0 1944M 1214M RUN 0 6527.2 8.25% flowd_octeon_hm

    show system queues

    output interface bytes max packets max drops
    fxp0 0 0 0 0 0
    fxp2 0 0 0 0 0
    lsi 0 12500 0 41 0
    lo0 0 0 0 0 0
    gre 0 12500 0 41 0
    ipip 0 12500 0 41 0
    tap 0 0 0 0 0
    pime 0 12500 0 41 0
    pimd 0 12500 0 41 0
    mtun 0 12500 0 41 0
    jsrv 0 12500000 0 22048 0
    pp0 0 125000 0 416 0
    irb 0 12500000 0 22048 0
    vtep 0 12500000 0 22048 0
    esi 0 12500000 0 22048 0
    rbeb 0 12500000 0 22048 0
    st0 0 125000 0 416 0
    ppd0 0 12500 0 41 0
    ppe0 0 12500 0 41 0
    fti0 0 0 0 0 0
    ge-0/0/0 0 1250000 0 4166 6
    ge-0/0/1 0 1250000 0 4166 1
    ge-0/0/2 0 1250000 0 4166 9
    ge-0/0/3 0 1250000 0 4166 11
    ge-0/0/4 0 1250000 0 4166 0
    ge-0/0/5 0 1250000 0 4166 0
    ge-0/0/6 0 1250000 0 4166 0
    ge-0/0/7 0 1250000 0 4166 0
    ge-0/0/8 0 1250000 0 4166 0
    ge-0/0/9 0 1250000 0 4166 0
    ge-0/0/10 0 1250000 0 4166 0
    ge-0/0/11 0 1250000 0 4166 0
    ge-0/0/12 0 1250000 0 4166 0
    ge-0/0/13 0 1250000 0 4166 0
    ge-0/0/14 0 1250000 0 4166 0
    ge-0/0/15 0 1250000 0 4166 0
    sp-0/0/0 0 1250000 0 4166 0
    gr-0/0/0 0 12500 0 41 0
    ip-0/0/0 0 12500 0 41 0
    lsq-0/0/0 0 125000 0 416 0
    mt-0/0/0 0 12500 0 41 0
    lt-0/0/0 0 12500 0 41 0
    input protocol bytes max packets max drops
    splfwdq 0 1000000 0 1000 0
    splnetq 0 1000000 0 1000 0
    optionq 0 200000 0 200 0
    icmpq 0 50000 0 50 0
    spppintrq 0 25000 0 1000 0
    atmoamq 0 0 0 0 0
    tnpintrq 0 1250000 0 4166 0
    tagintrq 0 200000 0 200 0
    tagfragq 0 200000 0 200 0
    vpls_intrq 0 200000 0 200 0
    tnpintrallq 0 750000 0 500 0