SRX Services Gateway
Highlighted
SRX Services Gateway

High CPU Utilization on TCP vs UDP !!!

‎03-01-2015 07:53 PM

Hi All,

 

We have tested our SRX firewall with iperf the strage behaviour we observed. That is when we initiate a traffic with frame sizes 64 till 512. We recieved extensive CPU on UDP based traffic but with same frames sizes when we compared it with TCP we didn't find SRX extensive CPU.

 

We are just trying to understand what can be the possible reasons that UDP is more CPU extensive rather than TCP.

 

Logs are mentioned below for reference.

 

We have different things in mind,

 

1. Either its device scalability issue. We have SRX240 right now.

2. Do we need to introduce any kind of QoS/Rate-limit.

 

Please check and suggest.

 

Requested Requested base % 8-9% Returned
Mb/s bytes /pkt FPC 0 PIC 0 CPU % Mb/s
600 64 99% 57.5
600 128 99% 113.0
600 256 99% 201.0
600 512 98-99% 386.0
TCP 64 24-26% 135.0
TCP 128 40-44% 227.0
TCP 256 60-64% 434.0
TCP 512 70-86% 535.0
3 REPLIES 3
Highlighted
SRX Services Gateway

Re: High CPU Utilization on TCP vs UDP !!!

‎03-02-2015 01:41 AM

Hi Experts,

 

One more thing to add,

 

SRX-240 datasheet states for "Firewall + routing PPS (64 Byte)"  200 Kpps can entertain.

 

But we found max throughput with iperf2 UDP @64B approx 115Kpps and CPU got extensive with 99%.

 

Somehow SRX optimized for TCP Traffic,

 

It passes, TCP 276480pps @ 64B pkts.

 

Please suggest. Thanks

Highlighted
SRX Services Gateway

Re: High CPU Utilization on TCP vs UDP !!!

‎05-08-2015 04:02 AM

We observed exactly same behaviour with SRX210HE cluster when ISP advised us to test internet speed with iperf -u enabled while they were trying to investigate one issue with internet upload speed.

 

Can somebody comment this 100% CPU utilization issue?

Highlighted
SRX Services Gateway

Re: High CPU Utilization on TCP vs UDP !!!

‎05-11-2015 11:08 AM
Do you have same number of cps for tcp nd udp? Can you share below output taken during both tests.

show security monitoring performance session
Thanks,
Suraj
Please Mark My Solution Accepted if it Helped, Kudos are Appreciated too