SRX

last person joined: yesterday 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

  • 1.  SRX 100 High CPU with small traffic

    Posted 11-10-2016 01:38

    Hello,

     

    our client have srx100b
    JUNOS Software Release [11.4R4.4]

     

    Every day, some time somebody try to download or do something , and traffic has increases to 10Mbps. Then traffic has increased, cpu spikes to 80%-100%. When i tryed to disable security-log (set system processes security-log disable) cpu comes down to normal, but our snmp (PRTG) dont show CPU loud, tempreture and other sensors. I think this traffic is not so big for srx100 to spike cpu to 100%. That can be wrong? Maybe some special packet or defragmentation leads to high cpu?

    This is my config and some pictures.

     

    Thank you.

    Attachment(s)

    txt
    config11.txt   9 KB 1 version


  • 2.  RE: SRX 100 High CPU with small traffic
    Best Answer

     
    Posted 11-10-2016 08:21

    Hi Arturka,

     

    From the information provided I can only think that fragmentation could be causing the CPU to go high.

    Try disabling force-ip-reassembly and see if that helps bring down the CPU.

     

    Also the code version is quite old, an upgrade should be considered as well.



  • 3.  RE: SRX 100 High CPU with small traffic

    Posted 11-10-2016 23:08

    I have more info.

    At the moment then CPU was increased, one guy was downloading 3GB ISO file from on site to another throuth VPN IPsec.

     

    P.S Thank for the answer, i try this commands.



  • 4.  RE: SRX 100 High CPU with small traffic

    Posted 11-17-2016 06:11

    I have decrease ipsec mss to 1350 and tcp mss to 1410 and cpu now normal. I havent tryed disabling force-ip-reassembly. Maybe some time then cpu increases again. i try this command. Thank for answer.