ScreenOS Firewalls (NOT SRX)
Blogs
Discussion Forums
Programs & Events
turn on suggestions Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Reply
Topic Options
Foo
Visitor
Foo
Posts: 1
Registered: ‎07-01-2009
0

NS-208 high memory utilization

Options

‎07-01-2009 12:57 AM

I have 2 NS-208 running HA, but both memory usage are high. I tried to get the memory pool info and it shows that

 

FW1 -> get memory
Memory: allocated 78406960, left 13104736, frag 390

FW1 -> get memory pool
Global memory pools:
NAME          SYS_MEM  ALLOCMEM  NALLOC  NFREE  OVERSZ   QUOTA
==============================================================================
Routing           16436      488          41         1050      0            -1
JPS Context     8220       20             1           340      0            -1
idp              4875732  4376380  8406606  18076      0       26943488
net                  24572        0             0                 0      0             -1
Auth Id Table          0        0             0                 0      0             -1
NET-PAK     196048        0             0             565      0       11534336   
PKI-IKE        488824   414816    10679         728  38813          -1

FW1 -> get memory kernel
Memory: allocated 74297504, left 13019936, frag 174, heap block: 0

FW1 -> get memory ipc
Memory: allocated 4110464, left 83792, frag 217, heap blocks: 0

It show there are lot of memory allocated to idp, but idp is disable in this box.

 

FW1->get lic
NSRP:               ActiveActive
VPN tunnels:        1000 tunnels
Vsys:               None
Vrouters:           3 virtual routers
Zones:              15 zones
VLANs:              32 vlans
Drp:                Enable
Deep Inspection:    Enable
Deep Inspection Database Expire Date: Disable
Signature pack:     Signature update key is missing
IDP:                Disable
AV:                 Disable(0)
Anti-Spam:          Disable(0)
Url Filtering:      Disable

 

Would need some advice. Thanks

Message 1 of 4 (6,870 Views)
 
Reply
Super Contributor
Super Contributor
Cesar
Posts: 141
Registered: ‎11-18-2008
0

Re: NS-208 high memory utilization

Options

‎07-01-2009 03:02 PM

If memory utilization is not increasing, you shouldn't worry about this.

 

If you are still concern about high memory, you can decrease the maximum number of sessions via command "set envar max-session=100000" .to decrease the allocated memory allocation.

 

You need to reboot the box for this command to take effect.

Message 2 of 4 (6,858 Views)
 
Reply
JayJay
New User
JayJay
Posts: 1
Registered: ‎01-07-2010
0

Re: NS-208 high memory utilization

Options

‎01-07-2010 05:02 AM

I just upgraded two ns-208 in HA devices from 5.2 to 5.4 and noticed the same problem. It really makes me concerned as I don't know what could happen if a resource intensive processing happend, (Attack, Flooding, ...)

 

I was wondering if there are any software features in 5.4 that can be disabled in order to reduce the memory utilization.

 

In my case it was shy over 60% while using 5.2, it is now over 90%...

Message 3 of 4 (6,090 Views)
 
Reply
Ra
Contributor
Ra
Posts: 13
Registered: ‎04-14-2008
0

Re: NS-208 high memory utilization

Options

‎07-30-2010 05:26 AM

   We have the exact same problem with our NS208's. Memory utilization 85-90% with the IDP process using the majority, despite not have IDP activated. Was there ever a solution to this?

Message 4 of 4 (5,259 Views)
 
Reply
Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.