SRX

node0:

--------------------------------------------------------------------------

                  Flow session   Flow session     CP session     CP session

FPC PIC CPU Mem        current        maximum        current        maximum

---------------------------------------------------------------------------

  1   0  53  68         1024407        1048576         1024412        1048576



node1:

--------------------------------------------------------------------------

                  Flow session   Flow session     CP session     CP session

FPC PIC CPU Mem        current        maximum        current        maximum

---------------------------------------------------------------------------

  1   0   2  68         1023207        1048576         1023290        1048576

Can you confirm if we can expand the h/w? If yes then how to check what can be expanded?

Do we need to expand SPU? in srx 1400 src+npc come together? If yes then will that expand both NPC+SPC?

please assist.

Hello ,

In SRX1400 , we have a fixed CP session limit and we cannot increase it using Licence or HW . By adding additional SPC , we can only increase "flow sessions " but CP session still remains the same . Also we have slot limitation in SRX1400 .

But in SRX 3K serier , we have an option to increase the CP sesssion by using a Extreme License and make the default CP session limit from 2.25 million to 6 million . :

https://kb.juniper.net/InfoCenter/index?page=content&id=KB23853

thanks for the Sam.

What is the differnce b/w flow session and CP session can the high session utilization solve by expanding the SPC in 1400?

If not then what should be do to decrease the session utilization?

Hi Swati,

In high end devises we can install more than one SPC cards and each SPC can have its own flow sessions. CP keeps track of these as to which SPC has anchored which flow session. CP sessions does not have any other information.

Flow sessions are the session which are formed on the deivse for the traffic flowing through the SRX and how much data has passed and which security policy is the flow hitting.

CP sessions are fixed for the devise and cannot  be increased, however the number of the flow sessions can be increased by adding extra SPC cards on the devise.

On 1400 we cannot increase the max CP sessions, however on SRX3k devises we can add a separate license and can increase the CP session capacity.

Hope this answers your last query.

Regards,

Guru Prasad

thanks a ton for the reply.

So on adding a spc to increase session capapcity can help me in reducing the session utilization then?

So if i add SPC then can i directly add in slot 2 as firewall version is >10? Or i need to follow any pre-requisite?

Hi Swati,

The SPC cards are not hot swappable and hence you need to halt the devise and then install the card into the desired slot.

once the card is install reboot the devise and its done.

By adding the SPC card you are not decreasing teh session utilization rather you are increasing the number of sessions the devise can have.

So it will ease out the load on the SPC which was there earlier and will start load-balancing the session between multiple SPCs in the devise..

regards,

Guru Prasad

Hello,

So if i need to install SPC in slot 2, then i need to do in low traffic hours.

I just need to put the card SPC in slot 2 and reboot the firewall?

Or are there any pre-requisite?

Hi Swati,

As updated earlier, SPC cards are not hot swapable and hence you need to shut down the devise and then install the card.

reboot the devise and thats done.

No other pre-requisite for the activity.

regards,

Guru Prasad