[j-nsp] ms-mic cpu pinned, then reset conns?

ryanL ryan.landry at gmail.com
Tue Oct 21 18:29:39 EDT 2014 

i've determined that the 'reset' of the cpu back to normal levels is when i
have committed a change to the NAT config, whereby i permitted new hosts.
it seems that this must tickle the ms-mic somehow. i just confirmed this by
committing a benign change it resets the cpu back down to 1%.

On Tue, Oct 21, 2014 at 2:04 PM, ryanL <ryan.landry at gmail.com> wrote:

> we've had the ms-mic working pretty well for NAT on the mx80, until i
> discovered this.
>
> http://ryry.foursquare.com/image/3a3o1J1M1o27
>
> graph shows two different mx80's with their respective RE and ms-mic cpu
> usage. seems like the maybe the connections build up, hammering the ms-mic
> cpu and my guess is dumping all active NAT connections. the card itself
> doesn't appear to be reloading.
>
> i don't believe we're doing anything overly crazy. just letting some
> machines call out to the world if the destination isn't our private network.
>
> this is current state. what i find particularly interesting is the in/out
> rate. that's a crazy amount of traffic seen on the ms-mic interface. we
> don't even have that much traffic flowing thru the mx80's combined. the
> jtac engineer suspects it's cosmetic, but now i'm guessing it relates to
> the elevated cpu. i'm going to start graphing that interface as well.
>
> ry at iad1-er2> show services sessions utilization extensive
>            Session  %Count  Setup   %Rate   Drop     Teardown   %CPU
> Interface  Count            Rate            Rate     Rate
> ms-0/2/0   661      0.00    20                       13         34.20 Green
>
> ry at iad1-er2> show interfaces ms-0/2/0
> Physical interface: ms-0/2/0, Enabled, Physical link is Up
>   Interface index: 151, SNMP ifIndex: 539
>   Type: Adaptive-Services, Link-level type: Adaptive-Services, MTU: 9192,
> Speed: 20000mbps
>   Device flags   : Present Running
>   Interface flags: Point-To-Point SNMP-Traps
>   Link type      : Full-Duplex
>   Link flags     : None
>   Last flapped   : 2014-10-07 23:11:09 UTC (1w6d 21:50 ago)
>   Input rate     : 731899664 bps (1313864 pps)
>   Output rate    : 900069112 bps (1313850 pps)
>
>
>

More information about the juniper-nsp mailing list