SRX

last person joined: yesterday 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

  • 1.  CPU less FPC

     
    Posted 06-03-2019 21:34

    Hi all

    The following output is not usual that all time we are seeing -CPU less FPC as there was no high utilization on RE and device -SRX is functional. What is the reason JUNOS is not showing the utilization values on FPC each cards? Any ideas?

    >show chassis fpc
    Temp                    CPU Utilization (%)       CPU Utilization (%)         Memory                    Utilization (%)
    Slot State                    (C)                           Total Interrupt 1min 5min 15min DRAM (MB) Heap Buffer
    0 Online -------------------- CPU less FPC --------------------   
    1 Online -------------------- CPU less FPC --------------------
    2 Empty

     

    > show chassis fpc pic-status
    Slot 0 Online FPC
    PIC 0 Online 6xGE,2xGE SFP Base PIC
    Slot 1 Online FPC
    PIC 0 Online 1x VDSL2 mPIM (RoHS)

    ------------------------------------------------------------------------------

    Secondly I have the following log. What reason could be and how to troublehooting this?

    RT_IDS: RT_SCREEN_IP: Teardrop attack! source: 203.125.220.128, destination: 49.110.51.148, protocol-id: 50, zone name: untrust, interface name: at-1/0/0.0, action: drop

     

    Thx,

    Ar



  • 2.  RE: CPU less FPC

     
    Posted 06-03-2019 22:21
    Can you use “show security monitoring”


  • 3.  RE: CPU less FPC

     
    Posted 06-03-2019 22:28

    Hello Ar,

     

    The FPC here is an interface card and hence does not have any CPU. The output of the command "show chassis fpc" is designed to cover all sorts of FPCs including Services Processing Card (SPC) which have CPUs for which statistics can be reported.

     

    With regards to the tear drop attack log you are seeing, please refer to the below:

    https://kb.juniper.net/InfoCenter/index?page=content&id=KB5206&cat=FIREWAL&actp=LIST

     

    It seems you are getting this from a VPN peer (protocol esp).

     

    I hope this answers your query.

     

    Regards,

     

    Vikas



  • 4.  RE: CPU less FPC
    Best Answer

    Posted 06-03-2019 22:35

    Hi Ar,

     

    The log you reported on your second issue is related to a protection mechanism configured on the SRX against Tear Drop attacks. Based on the log the malicious packet was dropped because the SRX is configured with this action under [edit security screen].

    For more information about this attack check the following link:

     

    https://www.juniper.net/documentation/en_US/junos/topics/topic-map/security-os-specific-dos-attack.html#id-58014

     

    I dont think you need to troubleshoot this issue unless you recognize IP address 203.125.220.128 and you confirm that the SRX is dropping non-malicious traffic. Let us know if that is the case.

     

    Regarding the first issue, I will advise to use the following command:

     

    user@host> show security monitoring fpc 0
FPC 0
  PIC 0
    CPU utilization      :    0 %
    Memory utilization   :   82 %
    Current flow session :    0
    Max flow session     :    0
    Current CP session   :    0
    Max CP session       : 12000000
Session Creation Per Second (for last 96 seconds on average):    0
  PIC 1
    CPU utilization      :    0 %
    Memory utilization   :   54 %
    Current flow session :    0
    Max flow session     : 819200
    Current CP session   :    0
    Max CP session       :    0
Session Creation Per Second (for last 96 seconds on average):    0

    I hope this helps you.

     



  • 5.  RE: CPU less FPC

     
    Posted 06-04-2019 19:11

    Hi all,

    All your ideas are informative and workable particularly Stwardlp's point.

     

    Thanks again.

    Ar