SRX

in the datasheet , the default number of 3400 can spupport is 2.25 million , 3 million with expanded . 

but from the output of device , the maxium session is much less then 2.25 million . why,here is the output .

from the output ,we can see the maxium session the device in per node can only support about 1.5 millin session . 

show security flow session summary                           
node0:                                                                           
--------------------------------------------------------------------------       
Flow Sessions on FPC3 PIC0:                                                     
Unicast-sessions: 254051                                                         
Multicast-sessions: 0                                                           
Failed-sessions: 0                                                               
Sessions-in-use: 256993                                                         
  Valid sessions: 253844                                                         
  Pending sessions: 0                                                           
  Invalidated sessions: 2910                                                     
  Sessions in other states: 0                                                   
Maximum-sessions: 524288                                                         
Flow Sessions on FPC5 PIC0:                                                     
Unicast-sessions: 506737                                                         
Multicast-sessions: 0                                                           
Failed-sessions: 0                                                               
Sessions-in-use: 512778                                                         
  Valid sessions: 506030                                                         
  Pending sessions: 1                                                           
  Invalidated sessions: 5888                                                     
  Sessions in other states: 0                                                   
Maximum-sessions: 1048576                                                       
node1:                                                                           
--------------------------------------------------------------------------       
Flow Sessions on FPC3 PIC0:                                                     
Unicast-sessions: 256887                                                         
Multicast-sessions: 0                                                           
Failed-sessions: 0                                                               
Sessions-in-use: 258856                                                         
  Valid sessions: 256722                                                         
  Pending sessions: 0                                                           
  Invalidated sessions: 2490                                                     
  Sessions in other states: 0                                                   
Maximum-sessions: 524288                                                         
Flow Sessions on FPC5 PIC0:                                                     
Unicast-sessions: 508566                                                         
Multicast-sessions: 0                                                           
Failed-sessions: 0                                                               
Sessions-in-use: 512207                                                         
  Valid sessions: 508142                                                         
  Pending sessions: 0                                                           
  Invalidated sessions: 5949                                                     
  Sessions in other states: 0                                                   
Maximum-sessions: 1048576 

Hi Caulfiedd,

It is because you have configured the SRX as part of a chassis cluster and in order to support active/active clustering half the sessions have to be reserved for the potential failure of the opposing node. If you configure the cluster in active/standby mode ( I think if I remember correctly ) there is a hidden command that allows you to fully utilize all the sessions.

* that is of course assuming you've properly configured the SRX with the correct number of SPUs and NPCs.

thanks for you answer , but chassic cluster is confiugre in active/passive mode . not active/active a.

and  you said that 

* that is of course assuming you've properly configured the SRX with the correct number of SPUs and NPCs.

what do you mean correct number , we don't add or remove any SPU ,or NPCs ,all of them are default . does that mean  

correct number ?

Hi caulfiedd@live.cn,

With regards to the number of SPU/NPC there is no default number for them . The combination and number of SPUs/NPC determines the performance & capacity of the SRX as does the JunOS version used ( you'll notice in the datasheet you referenced they mention the JunOS version used to extract the data in the datasheet ). For maximum Sessions count on the SRX 3400 you will need the following combination  ( you should contact your Juniper SE for the specific model / Junos Version  you are using 😞

You would need at least 3 SPUs &  1 NPC/NP-IOC to reach the maximum session count ( with JunOS 12.1X44-D10 ).

The number indicated in the specs is based on a "Fully Loaded System" and SRX3400 supports a maximum of up to four SPCs and two NPCs per chassis. Also bear in mind that those specs are based on ideal lab conditions. Based on the output you show, it does not appear that your system is fully loaded. Can you verify that your system is Fully Loaded?

thanks for your answer  my system is not Fully Loaded