SRX

last person joined: 2 days ago 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

  • 1.  SRX1500 Capactiy

    Posted 08-10-2018 04:12

    Hi,

    I have a SRX1500, how can I determinie what capacty % I am using of the firewall when at my peak traffic time for the day? Around 10am is when the firewall is being used most, but aside from looking at CPU all looks as if its not doing much. I want to know from my current traffic how much more I can increase it by. So ideally I can say I'm using X % of the SRX 1500. 

     

    Routing Engine status:
    Temperature                 40 degrees C / 104 degrees F
    CPU temperature             40 degrees C / 104 degrees F
    Total memory              1954 MB Max   586 MB used ( 30 percent)
    Memory utilization          30 percent
    5 sec CPU utilization:
      User                       0 percent
      Background                 0 percent
      Kernel                     1 percent
      Interrupt                  1 percent
      Idle                      98 percent
    1 min CPU utilization:
      User                       0 percent
      Background                 0 percent
      Kernel                     1 percent
      Interrupt                  1 percent
      Idle                      98 percent
    5 min CPU utilization:
      User                       0 percent
      Background                 0 percent
      Kernel                     1 percent
      Interrupt                  1 percent
      Idle                      98 percent
    15 min CPU utilization:
      User                       0 percent
      Background                 0 percent
      Kernel                     1 percent
      Interrupt                  1 percent
      Idle                      98 percent
    Model                          SRX Routing Engine
    Serial ID                      BUILTIN
    Start time                     2017-11-01 15:00:37 GMT
    Uptime                         281 days, 18 hours, 2 minutes, 2 seconds
    Last reboot reason             0x10:misc hardware reason
    Load averages:                 1 minute   5 minute  15 minute
                                       0.05       0.07       0.02

    FWDD status:
  State                                 Online
  Microkernel CPU utilization         0 percent
  Real-time threads CPU utilization   5 percent
  Heap utilization                   18 percent
  Buffer utilization                 50 percent
  Uptime:                               281 days, 17 hours, 56 minutes, 48 seconds

    FPC 0
  PIC 0
    CPU utilization          :    1 %
    Memory utilization       :   18 %
    Current flow session     : 2438
    Current flow session IPv4: 2438
    Current flow session IPv6:    0
    Max flow session         : 2097152
Total Session Creation Per Second (for last 96 seconds on average):  109
IPv4  Session Creation Per Second (for last 96 seconds on average):  109
IPv6  Session Creation Per Second (for last 96 seconds on average):    0


  • 2.  RE: SRX1500 Capactiy

    Posted 08-10-2018 10:44

    Hi, VOIPBunny

     

    Based on your explanation I believe you are looking to monitor throughput rather than CPU utilization. For checking this you could sum up all the incoming bits per second and packets per second the SRX is receiving on all its interfaces and then compare the resulting value with the SRX datasheet values.

     

    Command: > monitor interface traffic

     

    	SRX1500-R002                      Seconds: 17                  Time: 10:16:28

	Interface    Link  Input packets        (pps)     Output packets        (pps)
	 ge-0/0/0      Up              0          (0)                0          (0)
	 gr-0/0/0      Up              0          (0)                0          (0)
	 ip-0/0/0      Up              0          (0)                0          (0)
	 lt-0/0/0      Up              0          (0)                0          (0)
	 ge-0/0/1      Up        1152091          (0)          1151378          (0)
	 ge-0/0/2    Down              0          (0)                0          (0)
	 ge-0/0/3    Down              0          (0)                0          (0)
	 ge-0/0/4      Up        1521538          (1)          1521593          (1)
	 ge-0/0/5    Down              0          (0)                0          (0)
	 ge-0/0/6    Down              0          (0)                0          (0)
	 ge-0/0/7    Down              0          (0)                0          (0)
	 ge-0/0/8    Down              0          (0)                0          (0)
	 ge-0/0/9    Down              0          (0)                0          (0)
	 ge-0/0/10   Down              0          (0)                0          (0)
	 ge-0/0/11   Down              0          (0)                0          (0)
	 ge-0/0/12   Down              0          (0)                0          (0)
	 ge-0/0/13   Down              0          (0)                0          (0)
	 ge-0/0/14   Down              0          (0)                0          (0)
	 ge-0/0/15   Down              0          (0)                0          (0)

	Bytes=b, Clear=c, Delta=d, Packets=p, Quit=q or ESC, Rate=r, Up=^U, Down=^D

    Total input packets per second in below output: 1

     

     

    Pressing letter B, when the output is running, will change the results displayed to bits per second:

     

    SRX1500-R002                      Seconds: 36                  Time: 10:16:47

Interface    Link     Input bytes        (bps)      Output bytes        (bps)
 ge-0/0/0      Up               0          (0)                 0          (0)
 gr-0/0/0      Up               0          (0)                 0          (0)
 ip-0/0/0      Up               0          (0)                 0          (0)
 lt-0/0/0      Up               0          (0)                 0          (0)
 ge-0/0/1      Up        96782875          (0)          96747665          (0)
 ge-0/0/2    Down               0          (0)                 0          (0)
 ge-0/0/3    Down               0          (0)                 0          (0)
 ge-0/0/4      Up       216081068       (2264)         216069947       (2264)
 ge-0/0/5    Down               0          (0)                 0          (0)
 ge-0/0/6    Down               0          (0)                 0          (0)
 ge-0/0/7    Down               0          (0)                 0          (0)
 ge-0/0/8    Down               0          (0)                 0          (0)
 ge-0/0/9    Down               0          (0)                 0          (0)
 ge-0/0/10   Down               0          (0)                 0          (0)
 ge-0/0/11   Down               0          (0)                 0          (0)
 ge-0/0/12   Down               0          (0)                 0          (0)
 ge-0/0/13   Down               0          (0)                 0          (0)
 ge-0/0/14   Down               0          (0)                 0          (0)
 ge-0/0/15   Down               0          (0)                 0          (0)

Bytes=b, Clear=c, Delta=d, Packets=p, Quit=q or ESC, Rate=r, Up=^U, Down=^D

    Total input bits per second in the below output: 2264

     

    On SRX1500 datasheet you can find the supported pps and bps for this platform:

     https://www.juniper.net/assets/us/en/local/pdf/datasheets/1000551-en.pdf

     

    For instance the capacity for "Routing/firewall (IMIX packet size)" is 5Gbps

     

    Note that the numbers showing in the datasheet are just for reference. For your SRX to handle those numbers you need to make sure that the traffic passing your SRX is UDP and that it is sent like the tests mentioned in RFC2544. Still these numbers gives you a good idea of the amount of bps and pps they SRX can process.

     

    Another commands you can use to monitor CPU and session utilization at a given time are the following.

     

    CPU utilization in last 60 seconds:

     

    {primary:node0}
root@SRX1500-R002> show security monitoring performance spu
node0:
--------------------------------------------------------------------------
fpc  0  pic  0
Last 60 seconds:
 0:   0   1:   0   2:   0   3:   0   4:   0   5:   0
 6:   0   7:   0   8:   0   9:   0  10:   0  11:   0
12:   0  13:   0  14:   0  15:   0  16:   0  17:   0
18:   0  19:   0  20:   0  21:   0  22:   0  23:   0
24:   0  25:   0  26:   0  27:   0  28:   0  29:   0
30:   0  31:   0  32:   0  33:   0  34:   0  35:   0
36:   0  37:   0  38:   0  39:   0  40:   0  41:   0
42:   0  43:   0  44:   0  45:   0  46:   0  47:   0
48:   0  49:   0  50:   0  51:   0  52:   0  53:   0
54:   0  55:   0  56:   0  57:   0  58:   0  59:   0

    Session utilization in last 60 seconds:

     

     

    {primary:node0}
root@SRX1500-R002> show security monitoring performance session
node0:
--------------------------------------------------------------------------
fpc  0  pic  0
Last 60 seconds:
 0:       0   1:       0   2:       0   3:       0   4:       0   5:       0
 6:       0   7:       0   8:       0   9:       0  10:       0  11:       0
12:       0  13:       0  14:       0  15:       0  16:       0  17:       0
18:       0  19:       0  20:       0  21:       0  22:       0  23:       0
24:       0  25:       0  26:       0  27:       0  28:       0  29:       0
30:       0  31:       0  32:       0  33:       0  34:       0  35:       0
36:       0  37:       0  38:       0  39:       0  40:       0  41:       0
42:       0  43:       0  44:       0  45:       0  46:       0  47:       0
48:       0  49:       0  50:       0  51:       0  52:       0  53:       0
54:       0  55:       0  56:       0  57:       0  58:       0  59:       0

     

    I hope this information helps you!

     

     



  • 3.  RE: SRX1500 Capactiy

    Posted 08-13-2018 03:57

    Thank for this info, its very helpful. One last question in regards to IPVPN which specs on the datasheet should I be looking at Routing/firewall or IPsec VPN.



  • 4.  RE: SRX1500 Capactiy

    Posted 08-13-2018 08:14

    Hi,

     

    I ran what you suggested, pps I'm at around 15,000, bps is below. I'm mainly carrying UDP media which is 214 bytes a packet. So I still really have no idea what my utilisation is of my SRX?

     

     

    Interface    Link     Input bytes        (bps)      Output bytes        (bps)
 ge-0/0/0      Up      7607315898       (2264)      546397537152     (317488)
 gr-0/0/0      Up               0          (0)                 0          (0)
 ip-0/0/0      Up               0          (0)                 0          (0)
 ge-0/0/1      Up      6991681564       (2264)        6991637102       (2272)
 ge-0/0/2    Down               0          (0)                 0          (0)
 ge-0/0/3    Down               0          (0)                 0          (0)
 ge-0/0/4    Down               0          (0)                 0          (0)
 ge-0/0/5    Down               0          (0)                 0          (0)
 ge-0/0/6      Up  36339881876309   (24525616)    40668727964979   (26557152)
 ge-0/0/7      Up  40978854914931   (26754872)    36499164273037   (24678272)
 ge-0/0/8    Down               0          (0)                 0          (0)
 ge-0/0/9      Up      2241058802          (0)        1835445101          (0)
 ge-0/0/10     Up      2919049206          (0)             48552          (0)
 ge-0/0/11     Up       793993234       (2272)         731767762       (1968)
 ge-0/0/12   Down               0          (0)                 0          (0)
 ge-0/0/13   Down               0          (0)                 0          (0)
 ge-0/0/14   Down               0          (0)                 0          (0)
 ge-0/0/15   Down               0          (0)                 0          (0)
 xe-0/0/16   Down               0          (0)                 0          (0)
 xe-0/0/17   Down               0          (0)                 0          (0)
 xe-0/0/18   Down               0          (0)                 0          (0)
 xe-0/0/19   Down               0          (0)                 0          (0)
 ge-7/0/0      Up    557697572526     (332496)      214999856430       (2264)
 ge-7/0/1      Up     11034968575       (2264)       10788652772       (2264)
 ge-7/0/2    Down               0          (0)                 0          (0)
 ge-7/0/3    Down               0          (0)                 0          (0)
 ge-7/0/4    Down               0          (0)                 0          (0)
 ge-7/0/5    Down               0          (0)                 0          (0)
 ge-7/0/6      Up  21500008741887        (760)    20050839574313          (0)
 ge-7/0/7      Up  20306073186158      (39512)    21587112737778          (0)
 ge-7/0/8    Down               0          (0)                 0          (0)
 ge-7/0/9    Down      1985952423          (0)              5838          (0)
 ge-7/0/10     Up      2919030381          (0)                 0          (0)
 ge-7/0/11   Down               0          (0)                 0          (0)
 ge-7/0/12   Down               0          (0)                 0          (0)
 ge-7/0/13   Down               0          (0)                 0          (0)
 ge-7/0/14   Down               0          (0)                 0          (0)
 ge-7/0/15   Down               0          (0)                 0          (0)
 xe-7/0/16   Down               0          (0)                 0          (0)
 xe-7/0/17   Down               0          (0)                 0          (0)
 xe-7/0/18   Down               0          (0)                 0          (0)
 xe-7/0/19   Down               0          (0)                 0          (0)
 dsc           Up               0                              0
 em0           Up               0                              0
 em1           Up               0                              0
 em2           Up               0                              0
 fab0          Up     14598997462       (4528)      553389174254     (319760)
 fab1          Up    568732541101     (334760)      225788509202       (4528)
 fxp0          Up               0                              0
 gre           Up               0                              0
 ipip          Up               0                              0


  • 5.  RE: SRX1500 Capactiy

    Posted 08-13-2018 13:00

    VOIPBunny,

     

    The output is showing bps and not pps. The sum of all the incoming traffic in bps is: 52001608 bps (0.052 Gbps)

     

    2264+ 2264+ 24525616+ 26754872+ 2272+ 332496+ 2264+ 760+ 39512+ 4528+ 334760= 52001608 bps

     

    As we saw, you SRX supports 5 Gbps (100% of utilization) but currently it is handling 0.052 Gbps (1.04% of utilization).

     

     (0.052/5)*100= 1.04% of utilzation

     

    Perform the same test with pps and you can tell the utilization on that aspect too.

     

     



  • 6.  RE: SRX1500 Capactiy

    Posted 08-15-2018 03:18

    Hi,

     

    I think you have done you calculation based on bits and not Bytes?

     

    Thanks



  • 7.  RE: SRX1500 Capactiy

    Posted 08-16-2018 13:29

    Hi,

     

    Yes I did the calculations in bits per second becuase speed/processing capacity (throughput) is always measure in bits per second (could be converted to Mbps or Gbps). You can see that the datasheet displays these values in Gbps.

     

    Packets per second (pps) is just another way to measure the same.

     

    Bytes are mostly used for measuring size not speed of processing. For instance, a hard drive can store up to 1000MB (mega bytes)..... an IP packet has a 1500 Bytes size.

     

     



  • 8.  RE: SRX1500 Capactiy

    Posted 08-13-2018 10:02

    Hi,

    You should be looking at "IPsec VPN (IMIX packet size) Gbps". This is the performance/throughput that the firewall would provide when sending traffic over a VPN tunnel. Still remember these are numbers just for reference and that the only way to achieve these will be to perform the tests as stated in RFC2544. VOIPBunny please mark as Resolved if the information provided helped you Smiley Wink