SRX

SRX How to view Connections per second?????

What command to see the SRX  Connections per second???

what command to see the SRX new sessions/second?????

thanks~

show security policies policy-name <name> detail

http://www.juniper.net/techpubs/software/junos-security/junos-security10.0/junos-security-cli-reference/show-security-policies.html

-- gives you session rate/sessions-per-second stats.

Could you please clarify what is meant by "connections"? Is it TCP connections to the SRX itself? Or rather transit TCP connections? If the latter you can always split policy in two to match on TCP and everything else and then retrieve TCP policy stats which will give you TCP CPS number.

Rgds

Alex

Hi,

I don't know how you can see the number of sessions per seconds but you can see the number establised with the CLI command:

"show security monitoring fpc x"

or on the web interface: on the main page in the box security ressources

HTH

I need to check the equipment "new sessions/second"command.  <Is not the current session Understand????>

FYI Screen OS cli command:

SG2000-1-> get performance session detail
Last 60 seconds:
 0:      223  1:      193  2:      176  3:      183  4:      150  5:      141
 6:      188  7:      153  8:      235  9:      164 10:      204 11:      344
12:      163 13:      174 14:      193 15:      149 16:      214 17:      323
18:      186 19:      172 20:      212 21:      189 22:      179 23:      176
24:      185 25:      154 26:      190 27:      152 28:      179 29:      175
30:      231 31:      178 32:      192 33:      167 34:      190 35:      251
36:      198 37:      167 38:      218 39:      200 40:      213 41:      185
42:      191 43:      144 44:      155 45:      149 46:      163 47:      201
48:      242 49:      167 50:      191 51:      213 52:      189 53:      326
54:      184 55:      304 56:      160 57:      205 58:      182 59:      290

Last 60 minutes:
 0:    10401  1:    12483  2:    12517  3:    12301  4:    13738  5:    14718
 6:    13048  7:    13164  8:    13366  9:    13152 10:    14113 11:    14544
12:    14917 13:    13889 14:    13936 15:    14807 16:    14334 17:    14097
18:    15249 19:    14722 20:    14925 21:    15652 22:    16142 23:    14850
24:    16391 25:    16692 26:    15967 27:    15907 28:    17619 29:    17465
30:    16333 31:    17246 32:    18125 33:    19085 34:    19444 35:    19404
36:    20110 37:    20307 38:    21884 39:    29852 40:    25487 41:    71477
42:   109240 43:   110685 44:   110961 45:   112412 46:   111640 47:   109570
48:   111206 49:   109923 50:   111433 51:   110641 52:   108767 53:   108869
54:   108201 55:   106133 56:   104531 57:   108440 58:   108616 59:   105857

Last 24 hours:
 0:   953785  1:  6337125  2:  6068763  3:  5693833  4:  5179908  5:  5415210
 6:  5202839  7:  4994367  8:  4775697  9:  4732245 10:  5143160 11:  6504590
12:  4749607 13:  3995595 14:  2994311 15:  2033569 16:  1268961 17:   278353
18:   134584 19:   140970 20:   149324 21:   181279 22:   237538 23:   385778

Thanks

Unfortunately at this time there is no "get perf sess detail" equivalent command in JUNOS. You would need to either check per policy with counting enabled or run "show security flow session summary" command at regular intervals and calculate your session rate that way. This is not perfect either though since session count could go up and down as sessions close due to FIN/RST or age out.

-Richard

Please help me

Customers anxious to know the new sessions per second..

new sessions per second?

this feaure can be support next version.

This version  10.1 will be released in January

Hi all,

As many said, there is no direct way to know the NCPS on SRX yet, but there is a tricky one.

First of all, I didn't find a way to obtain the NCPS for the whole box. But it is possible to know the rate of new sessions coming to a given interface or translated with a given NAT pool.

Each interface as well as NAT pool have a connections hit counter. You can get it in constant intervals and so measure the NCPS rate.

You can see these counters in "show interfaces extensive" for ifaces and in "show security nat source pool all".

user@srx> show interfaces extensive ge-0/0/0.0 | match conne
      Connections established :          3199175013

user@srx> show security nat source pool all | match hit
Translation hits   : -975476222

Yeah, for NAT it can be negative. Fun, but doesn't matter in this case. Just substract the new value from the old one with no care to the sign.

I don't know what about NAT, but interface counters are available through SNMP. So you can get them in a manner of iface bytes counters to draw graphs using some MRGT-like tool.

The OID is 1.3.6.1.4.1.2636.3.39.1.1.1.1.1.1.6.xxx, where xxx is the interface's SNMP index, which can be gotten with "show interfaces extensive".

Here is an example.

time T:

user@srx> show snmp mib get 1.3.6.1.4.1.2636.3.39.1.1.1.1.1.1.6.xxx
jnxJsIfMonConn.xxx = A

time T+t

user@srx> show snmp mib get 1.3.6.1.4.1.2636.3.39.1.1.1.1.1.1.6.xxx
jnxJsIfMonConn.xxx = B

The NCPS rate is (B-A)/t.

Model: srx650
JUNOS Software Release [11.4R5.5]

{primary:node0}
admin@SRX650-LAB> show security monitoring fpc 0 node 0
node0:
--------------------------------------------------------------------------
FPC 0
  PIC 0
    CPU utilization      :   42 %
    Memory utilization   :   73 %
    Current flow session : 124354
    Max flow session     : 262144
Session Creation Per Second (for last 96 seconds on average):    0

{primary:node0}
admin@SRX650-LAB> show security monitoring fpc 0 node 0
node0:
--------------------------------------------------------------------------
FPC 0
  PIC 0
    CPU utilization      :   51 %
    Memory utilization   :   73 %
    Current flow session : 137428
    Max flow session     : 262144
Session Creation Per Second (for last 96 seconds on average):    0

can anyone explain why am i seeing 0 both the times..Is this the expected behaviour any any additional config is needed to gt this straight ??

Thanks in advance !!

show snmp mib walk jnxJsNodeSessionCreationPerSecond