[j-nsp] J series users bitten by the massive memory useincrease with flow mode add, please file jtac cases.
Pavel Lunin
plunin at senetsy.ru
Fri Jul 23 08:25:41 EDT 2010
Florian,
> We tried to enable MPLS (which is not really advertised as a way to
> disable flow-based processing, BTW),
You are not right. It is well documented:
http://www.juniper.net/techpubs/software/junos-security/junos-security10.0/junos-security-admin-guide/secure-routing-context-chapter.html#secure-routing-context-chapter
> but the device still couldn't
> forward our tiny amount of traffic we deal with.
>
IDK. We support several J in production, configured like this:
> plunin at router> show configuration security forwarding-options
> family {
> inet6 {
> mode packet-based;
> }
> mpls {
> mode packet-based;
> }
> iso {
> mode packet-based;
> }
> }
Here is what they do.
> plunin at router> show route summary
> Autonomous system number: xxx
> Router ID: xxx
>
> inet.0: 324700 destinations, 390767 routes (153306 active, 0 holddown,
> 171394 hidden)
> Direct: 4 routes, 4 active
> Local: 3 routes, 3 active
> OSPF: 4 routes, 4 active
> BGP: 390753 routes, 153292 active
> Aggregate: 3 routes, 3 active
> --- JUNOS 9.5R1.8 built 2009-04-13 19:11:52 UTC
> plunin at router> show chassis routing-engine
> Routing Engine status:
> Temperature 30 degrees C / 86 degrees F
> CPU temperature 30 degrees C / 86 degrees F
> DRAM 1024 MB
> Memory utilization 95 percent
> CPU utilization:
> User 0 percent
> Real-time threads 16 percent
> Kernel 2 percent
> Idle 82 percent
> Model RE-J2320-2000
> Serial ID xxx
> Start time 2010-05-04 15:08:29 MSD
> Uptime 80 days, 30 minutes, 28 seconds
> Last reboot reason 0x1:power cycle/failure
> Load averages: 1 minute 5 minute 15 minute
> 0.07 0.06 0.07
Forwards upto 200 Megs. Very similar story with other boxes running
10.0R2. Not a single fwdd crash for half a year (knock on wood). Though
9.6 don't remember which release had annoyed us and the customer quite
few times until we moved to 10.0R2.
We also have a few J in a lab. Never heard packet context didn't work as
expected.
IFAIR since 9.5R2 or 9.6R2 they reduced fwdd memory appetite for a few
tens of megabytes:
> plunin at router> show chassis routing-engine
> Routing Engine status:
> Temperature 50 degrees C / 122 degrees F
> CPU temperature 54 degrees C / 129 degrees F
> * Total memory 1024 MB Max 840 MB used ( 82 percent)*
> Control plane memory 594 MB Max 505 MB used ( 85 percent)
> Data plane memory 430 MB Max 340 MB used ( 79 percent)
> CPU utilization:
> User 3 percent
> Real-time threads 20 percent
> Kernel 9 percent
> Idle 68 percent
> Model RE-J2320-2000
> Serial ID yyy
> Start time 2010-06-28 15:10:49 MSD
> Uptime 25 days, 50 minutes, 3 seconds
> Last reboot reason 0x1:power cycle/failure
> Load averages: 1 minute 5 minute 15 minute
> 0.21 0.23 0.16
>
So the recent releases are a bit more efficient from this point of view.
I also recommend to turn off unwanted processes, which also consume some
memory.
> plunin at router> show configuration system processes
> idp-policy disable;
> jsrp-service disable;
The output of "show security flow sessions" I posted yesterday was also
taken from one of this boxes. It shows 0 sessions and I see no issues
with management traffic at all. Stateless FW filters work just as expected.
I am not saying all this is the most ideal solution available at the
market, but don't see much instability except customer's site power
problems.
--
Pavel
More information about the juniper-nsp
mailing list