During one of the periods of high cpu run these commands to see which process is responsible for the high cpu. Once the process is identified it will be easier to see the cause.
show chassis routing-engine
show system processes extensive | except 0.0
show system queues
------------------------------
Steve Puluka BSEET - Juniper Ambassador
IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP - Retired)
http://puluka.com/home------------------------------
Original Message:
Sent: 09-29-2022 01:02
From: Unknown User
Subject: Juniper Srx 345 - Have i hit hardware limits?
Hello
Problem comes from fact that 350/350mb traffic between different zones makes router use 85-99% of the cpu and traffic starts lagging. Datasheet suggests that so litle traffic should be easyle handled.
Use case: zone 1 has about 100 cameras, zone 2 has recording servers that record zone 1 cameras, zone 3 has client pc-s that stream from recording servers. and so fort. There is one trunk port in router that carries all the different vlans (in different zones). Currently very basic firewall setup and no other advanced features running. Its enought to get router to 99% utilisation.
Original Message:
Sent: 09-28-2022 07:53
From: SIMON MOORCROFT
Subject: Juniper Srx 345 - Have i hit hardware limits?
Probably making myself look stupid but I don't see it or don't understand. Sorry, why do you think you have a problem?
------------------------------
SIMON MOORCROFT
Original Message:
Sent: 07-05-2022 08:30
From: Unknown User
Subject: Juniper Srx 345 - Have i hit hardware limits?
Hello
Could use some help deciding if i hit hardware limit or i have bad config.
Device: Juniper srx345-dual-ac, fw 21.2R1.10
When reading datasheet it states the following:
Routing with packet mode (IMIX packet size) 2,300 Mbps
Stateful firewall (IMIX packet size) 1700 Mbps
IPsec VPN (IMIX packet size) 300 Mbps
In short i have one uplink to internet and one trunk port with 9 vlans. There is about 350/350 traffic on trunk port between vlans. And 30/15 on ipsec tunnel over internet. Currently i have security policies that allow all traffic between vlans. Not global but seperate one for each vlan.
Security loging mode is set to event, changing to streaming didnt change much.
With this simple setup the load is following:
show chassis routing-engineRouting Engine status: Temperature 37 degrees C / 98 degrees F CPU temperature 70 degrees C / 158 degrees F Total memory 4096 MB Max 1761 MB used ( 43 percent) Control plane memory 2320 MB Max 928 MB used ( 40 percent) Data plane memory 1776 MB Max 835 MB used ( 47 percent) 5 sec CPU utilization: User 12 percent Background 0 percent Kernel 8 percent Interrupt 0 percent Idle 80 percent Model RE-SRX345-DUAL-AC Serial ID Start time 2022-07-05 09:10:16 EEST Uptime 4 hours, 34 minutes, 40 seconds Last reboot reason 0x1:power cycle/failure Load averages: 1 minute 5 minute 15 minute 0.22 0.20 0.17show chassis forwardingFWDD status: State Online Microkernel CPU utilization 13 percent Real-time threads CPU utilization 53 percent Heap utilization 47 percent Buffer utilization 3 percent Uptime: 4 hours, 35 minutes, 52 secondsshow security monitoring Flow session Flow session CP session CP sessionFPC PIC CPU Mem current maximum current maximum 0 0 85 53 1948 384000 N/A N/A