SRX Services Gateway
Highlighted
SRX Services Gateway

SRX220 Cluster - High latency on simple transfer

‎08-26-2015 08:56 AM

Hello,

 

I have 2 SRX220 in cluster mode and I see high latency on traffic passing through.

The test I made is very simple

- FTP/SCP server connected to SRX 220 interface 0 network 192.168.0.0/24

- SRX 220 cluster

- Client connected to SRX 220 interface 1 network 192.168.1.1/24

 

During a simple 100Mbit/s FTP trasfer the latency (ping) from client to server goes up to 50-60ms. If I replace the 2 SRX with an old SSG140 the latency is around 1ms during the same transfer.

 

My SRX220 setup:

- Junos 12.1X46-D35.1

- 5 redundant group (one for every ge) 

- No UTM policies

- No IDP policies

 

 

5 REPLIES 5
Highlighted
SRX Services Gateway

Re: SRX220 Cluster - High latency on simple transfer

‎08-31-2015 05:53 AM

Hello ,

 

As per the testing , you are trying to Ping the Server from Client during the FTP transfer which is happening at 100Mbps . And getting a latency of 50-60MS .  Correct me if I ma wrong .

As per the SRX 220 datasheet the firewall throughput is 300Mbps IMIX / Mixed packets .  Also you mentioned that there is no IDP or UTM so its a clean firewall .

Now to start with SRX treats ICMP as the lowest priority traffic in all the traffic category and the processing will be least prioratized , so as per Juniper recommendation ICMP teating is not the legitimate way for testing firewall performance .

 

If we do see latency or less bandwidth for any TCP/UDP traffic we can track down better .  The question here is that , is it only the time that goes to 50 MS or are we seeing any packet drops / timouts in your ICMP ?


Thanks,
Sam

Please Mark My Solution Accepted if it Helped, Kudos are Appreciated too .....
Highlighted
SRX Services Gateway

Re: SRX220 Cluster - High latency on simple transfer

‎08-31-2015 05:58 AM

Hello,

 

In addition to what 'Joses' said, are the ping tests & FTP transfer done through the interfaces (reths) that are part of same Redundancy Group?

 

If not, are the two groups Primary on different nodes of cluster?

 

Regards,

 

Rushi

Highlighted
SRX Services Gateway

Re: SRX220 Cluster - High latency on simple transfer

‎08-31-2015 06:17 AM

Hi, 

 

I am not sure if this has something to do with the below PR, although PR speaks about icmp-redirect 

 

https://prsearch.juniper.net/InfoCenter/index?page=prcontent&id=PR776388

 

Regards

Rakesh M

https://r2079.wordpress.com

Highlighted
SRX Services Gateway

Re: SRX220 Cluster - High latency on simple transfer

‎08-31-2015 10:16 PM

Hello Rakesh ,

 

The PR states that  when we have FTP ALg involved in a FTP session , The ICMP re-direct message from the device ( SRX ) is not generated  when the source and the destination points to same Next-hope  .

But I dont think that the case here since FTP and the ICMP are 2 diffrenet traffic originated from same Source to destination  ( echo request and reply ) .

I am afriad that the PR is relevent to this issue . Correct me if anyone think other wise .

 

Coming to our issue  , can you please update on the query raised by ""


Thanks,
Sam

Please Mark My Solution Accepted if it Helped, Kudos are Appreciated too .....
Highlighted
SRX Services Gateway

Re: SRX220 Cluster - High latency on simple transfer

[ Edited ]
‎08-31-2015 10:29 PM

agree ! Also PR states 240 as the starting platform while i guess the box in the question is 220. unless otherwise its a system limitation or bug of this sort, i dont see other way out though.

 

Regards

Rakesh M

https://r2079.wordpress.com

Feedback