SRX Services Gateway
SRX Services Gateway

HIGH SESSION UTILIZATION IN SRX 1400

‎05-30-2017 04:33 AM

Hi,

 

I have a SRX 1400 where I have 1 NPC+SPC. Version is 12.1R5.5 which is very old so I can't go on expanding SPC.

In cp session i can see below which points that max session are 1048576. However in flow session I can see only 50%.

show security flow cp-session summary

Valid sessions: 499207
Pending sessions: 4312
Invalidated sessions: 11596
Sessions in other states: 0
Total sessions: 515115
Maximum sessions: 1048576
Maximum inet6 sessions: 524288

node1:
--------------------------------------------------------------------------

Valid sessions: 0
Pending sessions: 0
Invalidated sessions: 0
Sessions in other states: 0
Total sessions: 0
Maximum sessions: 1048576
Maximum inet6 sessions: 524288

 

show security flow session summary
node0:
--------------------------------------------------------------------------

Flow Sessions on FPC1 PIC0:
Unicast-sessions: 497112
Multicast-sessions: 0
Services-offload-sessions: 0
Failed-sessions: 2897834221
Sessions-in-use: 506030
  Valid sessions: 496335
  Pending sessions: 1
  Invalidated sessions: 9694
  Sessions in other states: 0
Maximum-sessions: 524288

node1:
--------------------------------------------------------------------------

Flow Sessions on FPC1 PIC0:
Unicast-sessions: 0
Multicast-sessions: 0
Services-offload-sessions: 0
Failed-sessions: 0
Sessions-in-use: 0
  Valid sessions: 0
  Pending sessions: 0
  Invalidated sessions: 0
  Sessions in other states: 0
Maximum-sessions: 524288

 

What i feel that 50% is used by inet6. Can you confirm.

If it is used by inet6 then i see below which means inet6 is not configured:-

show security flow status
node0:
--------------------------------------------------------------------------
  Flow forwarding mode:
    Inet forwarding mode: flow based
    Inet6 forwarding mode: drop
    MPLS forwarding mode: drop
    ISO forwarding mode: drop
  Flow trace status
    Flow tracing status: off

node1:
--------------------------------------------------------------------------
  Flow forwarding mode:
    Inet forwarding mode: flow based
    Inet6 forwarding mode: drop
    MPLS forwarding mode: drop
    ISO forwarding mode: drop
  Flow trace status
    Flow tracing status: off

 

How to check how 50% of inet6 sessions are reserved? What can be done in order to use whole cp session in flow session ?

 

Thanks in advance

2 REPLIES 2
SRX Services Gateway

Re: HIGH SESSION UTILIZATION IN SRX 1400

‎05-30-2017 10:49 PM

Hi Swati,

 

 

Thanks for posting your query here.

 

First of all I would like to inform you that there are no sessions reserved for inet6. 

 

Actually the architecture of the SRX is such that if a SPC card is in a CP-FLOW mode (combo mode) then the session capacity for flow CPU is half the number of total sessions or the session capacity of the CP mode SPU.

 

Hence you see only 50% of the session number on the Flow SPU as compared to the session number seen on CP SPU.

 

However if you have another SPU which is in full Flow mode and not in combo mode then you will see the same session number as you see on the CP for the FLOW as well.

 

Hope this helps Smiley Happy

 

Thanks,
Pulkit Bhandari
Please mark my response as Solution Accepted if it Helps, Kudos are Appreciated too. Smiley Happy

SRX Services Gateway

Re: HIGH SESSION UTILIZATION IN SRX 1400

‎05-31-2017 12:31 AM

Hi,

 

How can I make this in flow mode instead of combo mode?

 

H/W description is below:-

Item             Version  Part number  Serial number     Description
Chassis                                BH3912AA0087      SRX 1400
Midplane         REV 03   711-031012   AAEZ0175          SRX1k Backplane
PEM 0            rev 03   740-032015   J027KS003L03P     AC Power Supply
CB 0             REV 07   750-032544   AAFB3330          SRX1K-RE-12-10
  Routing Engine          BUILTIN      BUILTIN           Routing Engine
  CPP                     BUILTIN      BUILTIN           Central PFE Processor
  Mezz           REV 09   710-021035   AAFB9845          SRX HD Mezzanine Card
FPC 0            REV 17   750-032536   AAFC6485          SRX1k 1GE SYSIO
  PIC 0                   BUILTIN      BUILTIN           6x 1GE RJ45 6x 1GE SFP
    Xcvr 6       REV 02   740-013111   C453882           SFP-T
FPC 1            REV 10   750-032543   AAFC5056          SRX1k Dual Wide NPC+SPC Support Card
  PIC 0                   BUILTIN      BUILTIN           SPU Cp-Flow
FPC 3            REV 18   710-017865   AAFC5589          BUILTIN NPC
  PIC 0                   BUILTIN      BUILTIN           NPC PIC
Fan Tray         -N/A-    -N/A-        -N/A-             SRX 1400 Fan Tray

 

where CP-FLOW IS THERE ON FPC1 PIC0.

 

 

Now if i compare with other h/w where I have total CP sessions as flow sessions in SRX 1400 H/W where we have only 1 SPC below are the details:-

Flow Sessions on FPC1 PIC0:
Unicast-sessions: 1037664
Multicast-sessions: 0
Services-offload-sessions: 0
Failed-sessions: 379057724
Sessions-in-use: 1043169
  Valid sessions: 1036454
  Pending sessions: 1
  Invalidated sessions: 6714
  Sessions in other states: 0
Maximum-sessions: 1048576

 

Hardware inventory:                     
Item             Version  Part number  Serial number     Description
Chassis                                BH4613AJ0133      SRX 1400
Midplane         REV 03   711-031012   ACDK5583          SRX1k Backplane
PEM 0            rev 03   740-032015   J027LD003803P     AC Power Supply
PEM 1            rev 03   740-032015   J027LM001N03P     AC Power Supply
CB 0             REV 08   750-032544   ACDN4655          SRX1K-RE-12-10
  Routing Engine          BUILTIN      BUILTIN           Routing Engine
  ad0    1006 MB  CF 1GB               2013A 0000167893  Compact Flash
  ad2   15392 MB  Wintec SSD 16GB      WT1027AA0164393   Hard Disk
  CPP                     BUILTIN      BUILTIN           Central PFE Processor
  Mezz           REV 09   710-021035   ACDN4559          SRX HD Mezzanine Card
FPC 0            REV 17   750-032536   ACDK5535          SRX1k 1GE SYSIO
  PIC 0                   BUILTIN      BUILTIN           6x 1GE RJ45 6x 1GE SFP
    Xcvr 8       REV 02   740-013111   D488751           SFP-T
FPC 1            REV 12   750-032543   ACDM3410          SRX1k Dual Wide NPC+SPC Support Card
  PIC 0                   BUILTIN      BUILTIN           SPU Cp-Flow
FPC 3            REV 19   710-017865   ACDM4099          BUILTIN NPC
  PIC 0                   BUILTIN      BUILTIN           NPC PIC
Fan Tray         -N/A-    -N/A-        -N/A-             SRX 1400 Fan Tray

 

Why I have equal no of flow sessions here as cp sessions in the second scenario?