SRX Services Gateway
Highlighted
SRX Services Gateway

CPU less FPC

[ Edited ]
‎06-03-2019 09:33 PM

Hi all

The following output is not usual that all time we are seeing -CPU less FPC as there was no high utilization on RE and device -SRX is functional. What is the reason JUNOS is not showing the utilization values on FPC each cards? Any ideas?

>show chassis fpc
Temp                    CPU Utilization (%)       CPU Utilization (%)         Memory                    Utilization (%)
Slot State                    (C)                           Total Interrupt 1min 5min 15min DRAM (MB) Heap Buffer
0 Online -------------------- CPU less FPC --------------------   
1 Online -------------------- CPU less FPC --------------------
2 Empty

 

> show chassis fpc pic-status
Slot 0 Online FPC
PIC 0 Online 6xGE,2xGE SFP Base PIC
Slot 1 Online FPC
PIC 0 Online 1x VDSL2 mPIM (RoHS)

------------------------------------------------------------------------------

Secondly I have the following log. What reason could be and how to troublehooting this?

RT_IDS: RT_SCREEN_IP: Teardrop attack! source: 203.125.220.128, destination: 49.110.51.148, protocol-id: 50, zone name: untrust, interface name: at-1/0/0.0, action: drop

 

Thx,

Ar

4 REPLIES 4
SRX Services Gateway

Re: CPU less FPC

‎06-03-2019 10:20 PM
Can you use “show security monitoring”
Thanks,
Suraj
Please Mark My Solution Accepted if it Helped, Kudos are Appreciated too
SRX Services Gateway

Re: CPU less FPC

‎06-03-2019 10:27 PM

Hello Ar,

 

The FPC here is an interface card and hence does not have any CPU. The output of the command "show chassis fpc" is designed to cover all sorts of FPCs including Services Processing Card (SPC) which have CPUs for which statistics can be reported.

 

With regards to the tear drop attack log you are seeing, please refer to the below:

https://kb.juniper.net/InfoCenter/index?page=content&id=KB5206&cat=FIREWAL&actp=LIST

 

It seems you are getting this from a VPN peer (protocol esp).

 

I hope this answers your query.

 

Regards,

 

Vikas

SRX Services Gateway
Solution
Accepted by topic author Arix
‎06-04-2019 07:21 PM

Re: CPU less FPC

‎06-03-2019 10:35 PM

Hi Ar,

 

The log you reported on your second issue is related to a protection mechanism configured on the SRX against Tear Drop attacks. Based on the log the malicious packet was dropped because the SRX is configured with this action under [edit security screen].

For more information about this attack check the following link:

 

https://www.juniper.net/documentation/en_US/junos/topics/topic-map/security-os-specific-dos-attack.h...

 

I dont think you need to troubleshoot this issue unless you recognize IP address 203.125.220.128 and you confirm that the SRX is dropping non-malicious traffic. Let us know if that is the case.

 

Regarding the first issue, I will advise to use the following command:

 

user@host> show security monitoring fpc 0
FPC 0
  PIC 0
    CPU utilization      :    0 %
    Memory utilization   :   82 %
    Current flow session :    0
    Max flow session     :    0
    Current CP session   :    0
    Max CP session       : 12000000
Session Creation Per Second (for last 96 seconds on average):    0
  PIC 1
    CPU utilization      :    0 %
    Memory utilization   :   54 %
    Current flow session :    0
    Max flow session     : 819200
    Current CP session   :    0
    Max CP session       :    0
Session Creation Per Second (for last 96 seconds on average):    0

I hope this helps you.

 

Please mark this comment as the Solution if applicable
SRX Services Gateway

Re: CPU less FPC

‎06-04-2019 07:11 PM

Hi all,

All your ideas are informative and workable particularly Stwardlp's point.

 

Thanks again.

Ar