[j-nsp] Session utilization is 90% of the system capacity

TiM tim at muppetz.com
Mon Mar 17 07:28:21 EDT 2008 

On Fri, March 14, 2008 4:25 pm, Vincent De Keyzer wrote:
> Hello,
>
> we have a Netscreen 25 at our office (30 people), that we use for
> Internet access and VoIP.
>
>  From time to time the firewall goes bananas: traffic does not go
> through anymore, ping success rate to default gateway is very low, and
> if we succeed to login, we see very high CPU and messages in the log
> that say:
>
> 2008-03-13 15:08:31 system crit  00051 Session utilization has reached
> 28857,
>                                        which is 90% of the system
> capacity!
> 2008-03-13 15:08:29 system crit  00051 Session utilization has reached
> 28857,
>                                        which is 90% of the system
> capacity!
> 2008-03-13 15:08:28 system crit  00051 Session utilization has reached
> 28857,
>                                        which is 90% of the system
> capacity!
> 2008-03-13 15:08:27 system crit  00051 Session utilization has reached
> 28857,
>                                        which is 90% of the system
> capacity!
> 2008-03-13 15:08:26 system crit  00051 Session utilization has reached
> 28857,
>                                        which is 90% of the system
> capacity!
> 2008-03-13 15:08:24 system crit  00051 Session utilization has reached
> 28857,
>                                        which is 90% of the system
> capacity!
> 2008-03-13 15:08:19 system crit  00051 Session utilization has reached
> 28857,
>                                        which is 90% of the system
> capacity!
> 2008-03-13 15:08:18 system crit  00051 Session utilization has reached
> 28857,
>                                        which is 90% of the system
> capacity!
> 2008-03-13 15:08:16 system crit  00051 Session utilization has reached
> 28857,
>                                        which is 90% of the system
> capacity!
>
> How do I troubleshoot this? What are those sessions? How do I identify
> them? How do I limit them? Is it a good thing to limit them?
>
> I don't know where to start, so any idea will be appreciated.
>
> Thanks
>
> Vincent

You're running out of sessions.  It's key to find what is causing the
session use.  This tool might help you:
http://www.juniperforum.com/index.php/topic,3656.0.html
I use it myself and it's very handy, a big thanks for Tim Eberhard for
creating it and making it available free.

Depending on what you find, you might want to limit the number of sessions
a source (or destination) IP address is allowed, which can be done in the
"Screen" options of the firewall.

Probably you have a virus, or someone firing up bittorrent.  Both of those
can eat up a lot of sessions very quickly.  There could of course be any
number of other things creating sessions, what's important is to find out
what they are and then take steps to limit them.

Hope this helps.

Tim

More information about the juniper-nsp mailing list