Routing

last person joined: 3 days ago 

Ask questions and share experiences about ACX Series, CTP Series, MX Series, PTX Series, SSR Series, JRR Series, and all things routing, including portfolios and protocols.

  • 1.  EX4500 SFID Process

    Posted 01-24-2017 12:28

    Hi Colleagues, 

     

    I am having problems for CPU at 100% every 10 minutes on my EX4500 (VC) (12.3R12.4). When I check the processes I see  the SFID consuming all the CPU.  Also when i do a ping rapid count the CPU goes to 100% also when I check the processes extensive I see the SFID also  consuming all CPU. 

     

    Someone has seen this same behavior on EX4500 VC? 

     

    Example System Process without Rapid Count Ping  

     

    PID USERNAME THR PRI NICE SIZE RES STATE TIME WCPU COMMAND
    11 root 1 171 52 0K 16K RUN 3532.7 53.81% idle
    1314 root 2 44 -52 72460K 18568K select 1656.4 27.44% sfid
    1316 root 1 105 0 70984K 17176K RUN 275.6H 4.69% pfem
    1313 root 1 -9 0 67488K 8436K i2c_wt 251.7H 1.95% chassism
    1341 root 1 98 0 28376K 7612K select 17.7H 0.98% mib2d
    1342 root 1 4 0 57656K 17492K kqread 145.5H 0.34% rpd
    16 root 1 -68 -187 0K 16K RUN 64.8H 0.00% mpfe_drv_taskq16: +
    1348 root 1 97 0 16812K 6376K select 46.2H 0.00% ppmd
    12 root 1 -20 -139 0K 16K WAIT 40.9H 0.00% swi7: clock
    41 root 1 76 0 0K 16K sleep 32.2H 0.00% netdaemon
    1340 root 1 96 0 23084K 12164K select 26.7H 0.00% snmpd

     

    Example System Process doing a rapid count.

     

    PID USERNAME THR PRI NICE SIZE RES STATE TIME WCPU COMMAND
    1314 root 2 44 -52 72460K 18568K ucond 1656.4 55.52% sfid
    11367 root 1 132 0 7844K 3184K select 0:16 6.98% sshd
    1316 root 1 8 0 70984K 17176K nanslp 275.6H 5.81% pfem
    11568 manager 1 128 0 5304K 1924K RUN 0:08 4.00% ping
    1313 root 1 4 0 67488K 8436K kqread 251.7H 3.71% chassism
    1346 root 1 124 0 13404K 3432K RUN 104:28 2.88% rmopd
    41 root 1 76 0 0K 16K sleep 32.2H 2.25% netdaemon
    1341 root 1 115 0 28376K 7612K select 17.7H 1.27% mib2d
    16 root 1 -68 -187 0K 16K WAIT 64.8H 1.12% mpfe_drv_taskq16: +

     



  • 2.  RE: EX4500 SFID Process
    Best Answer

    Posted 01-24-2017 19:48

    Hi,

     

    There was some discussion on SFID earlier, please refer to this link to see if it helps:

     

    https://forums.juniper.net/t5/Ethernet-Switching/What-is-the-process-sfid-used-for/td-p/275822

     

    Thanks

    ----------------------------------------------------------------------------------------------------
    If this post was helpful, please mark this post as an "Accepted Solution".
    Kudos are always appreciated!
    ----------------------------------------------------------------------------------------------------



  • 3.  RE: EX4500 SFID Process

    Posted 04-30-2020 23:57

    I solved the problem of mysterious spikes in sfid CPU utilization. Start shell, become root (su) and run tcpdump on the interface(s) where the outside traffic enters. In my case it was xe-0/1/0
    root@365main-c0326-swi-01:RE:0% tcpdump -n -c 10000 -i xe-0/1/0

    I saw a bunch of NTP port bound packets to a VLAN IP that was visible from outside. Adding a firewall rule to block NTP for management VLAN immediately stopped this attack and brought sfid to normal.

    The point is that until tcpdump i was guessing, but as soon as I looked at it I knew the cluprit exactly. tcpdump obviously shows only software-routed traffic, which is what sfid is for.