SRX

last person joined: yesterday 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

  • 1.  What is the "Invalidated sessions" ?

    Posted 12-25-2012 23:26

    Hi, Experts

     

    I found the invalidated session have a high rate among the total sessions:

     

    Flow Sessions on FPC5 PIC0:
    Unicast-sessions: 2787
    Multicast-sessions: 0
    Failed-sessions: 0
    Sessions-in-use: 3415
      Valid sessions: 2754
      Pending sessions: 0
      Invalidated sessions: 624
      Sessions in other states: 0
    Maximum-sessions: 524288

     

    So what is the meaning of "invalidated sessions" and what kind of flow can trigger this number increasing?


  • 2.  RE: What is the "Invalidated sessions" ?
    Best Answer

    Posted 12-26-2012 11:03

    Hi,

     

    I am assuming you are seeing a high number in your branch device for that counter. 

     

    Invalidated sessions are formed in multiple conditions. When a valid session tears down after receiving a FIN, it moves to "Invalidated sessions" for a very short time and then disappears. This counter also increments when a psuedo session is formed while waiting for a TCP handshake that never happened i.e. only one wing of the flow and then disappears. Either case this counter should be close to zero most of the times because valid sessions will keep timing out and will keep moving into invalidated sessions and shouldvery quickly disappear. But there seems to be a bug in the code in the earlier releases where this counter doesn't reset itself. The bug is already fixed in later releases.

     

    Checkout the following KB.

     

    http://kb.juniper.net/InfoCenter/index?page=content&id=KB23462&actp=RSS&smlogin=true

     

    If you have already upgraded and you are still seeing this counter increment and not reset then open a JTAC case and have it check out.

     

    Thanks