[j-nsp] SRX3600 Problem
Farrukh Haroon
farrukhharoon at gmail.com
Wed Apr 22 01:49:20 EDT 2015
hi cahit
have you enabled any screens on the interface under attack?
regards
farrukh
On Tue, Apr 21, 2015 at 7:22 PM, Cahit Eyigünlü <cahit.eyigunlu at spd.net.tr>
wrote:
> We are getting a spoofed ip syn attack. When attack starts and over 100K
> pps our SRX3600 was losting the connection. And we check the status of the
> device over the Serial connection. But we could not determine why it has
> been dropped the connection
>
>
>
> Should somebody help us to over come this issue ?
>
>
>
> root at srx3600.spd.net.tr> show security flow cp-session summary
> Valid sessions: 141
> Pending sessions: 621628
> Invalidated sessions: 517864
> Sessions in other states: 1
> Total sessions: 1139634
> Maximum sessions: 2359296
>
>
> root at srx3600.spd.net.tr> show security monitoring fpc 12
> FPC 12
> PIC 0
> CPU utilization : 44 %
> Memory utilization : 67 %
> Current flow session : 147286
> Current flow session IPv4: 147286
> Current flow session IPv6: 0
> Max flow session : 524288
> Current CP session : 1074031
> Current CP session IPv4: 1074031
> Current CP session IPv6: 0
> Max CP session : 2359296
> Total Session Creation Per Second (for last 96 seconds on average): 13
> IPv4 Session Creation Per Second (for last 96 seconds on average): 13
> IPv6 Session Creation Per Second (for last 96 seconds on average): 0
>
>
>
> root at srx3600.spd.net.tr> show chassis routing-engine
> Routing Engine status:
> Slot 0:
> Current state Master
> Election priority Master (default)
> DRAM 1023 MB
> Memory utilization 44 percent
> CPU utilization:
> User 0 percent
> Background 0 percent
> Kernel 5 percent
> Interrupt 0 percent
> Idle 95 percent
> Model RE-PPC-1200-A
> Start time 2015-04-15 02:06:10 UTC
> Uptime 4 days, 15 hours, 16 minutes, 29 seconds
> Last reboot reason Router rebooted after a normal shutdown.
> Load averages: 1 minute 5 minute 15 minute
> 0.14 0.07 0.11
>
> root at srx3600.spd.net.tr> show security monitoring performance spu
> fpc 12 pic 0
> Last 60 seconds:
> 0: 39 1: 45 2: 44 3: 40 4: 44 5: 40
> 6: 38 7: 46 8: 45 9: 39 10: 44 11: 39
> 12: 38 13: 45 14: 38 15: 45 16: 44 17: 39
> 18: 44 19: 39 20: 44 21: 40 22: 44 23: 39
> 24: 38 25: 45 26: 44 27: 40 28: 44 29: 40
> 30: 45 31: 40 32: 45 33: 41 34: 45 35: 39
> 36: 45 37: 39 38: 45 39: 39 40: 44 41: 39
> 42: 44 43: 39 44: 44 45: 39 46: 46 47: 39
> 48: 45 49: 39 50: 44 51: 39 52: 45 53: 39
> 54: 44 55: 39 56: 44 57: 39 58: 44 59: 39
>
> root at srx3600.spd.net.tr> show security monitoring performance session
> fpc 12 pic 0
> Last 60 seconds:
> 0: 127861 1: 146887 2: 130877 3: 147286 4: 134179 5:
> 145303
> 6: 133196 7: 144339 8: 132233 9: 143981 10: 130861 11:
> 143042
> 12: 131280 13: 142719 14: 130623 15: 142493 16: 132094 17:
> 143124
> 18: 132726 19: 143938 20: 133022 21: 143349 22: 133100 23:
> 143469
> 24: 134321 25: 143694 26: 137340 27: 145672 28: 141399 29:
> 145458
> 30: 145697 31: 146920 32: 144260 33: 145259 34: 141360 35:
> 142157
> 36: 137389 37: 140399 38: 136483 39: 139640 40: 136597 41:
> 139363
> 42: 139707 43: 143110 44: 140994 45: 143038 46: 139781 47:
> 141751
> 48: 136746 49: 139456 50: 137395 51: 139898 52: 137503 53:
> 140300
> 54: 136762 55: 139315 56: 136245 57: 138951 58: 136685 59:
> 139288
>
> root at srx3600.spd.net.tr> show chassis hardware
> Hardware inventory:
> Item Version Part number Serial number Description
> Chassis xxxxxxxxxxxx SRX 3600
> Midplane REV 07 710-020310 xxxxxxxxxxxx SRX 3600
> Midplane
> PEM 0 rev 08 740-027644 xxxxxxxxxxxx AC Power Supply
> PEM 1 rev 08 740-027644 xxxxxxxxxxxx AC Power Supply
> CB 0 REV 14 750-021914 xxxxxxxxxxxx SRX3k RE-12-10
> Routing Engine BUILTIN BUILTIN Routing Engine
> CPP BUILTIN BUILTIN Central PFE
> Processor
> Mezz REV 08 710-021035 xxxxxxxxxxxx SRX HD
> Mezzanine Card
> FPC 0 REV 16 750-021882 xxxxxxxxxxxx SRX3k SFB 12GE
> PIC 0 BUILTIN BUILTIN 8x 1GE-TX 4x
> 1GE-SFP
> FPC 1 REV 20 750-020321 xxxxxxxxxxxx SRX3k 2x10GE
> XFP
> PIC 0 BUILTIN BUILTIN 2x 10GE-XFP
> Xcvr 0 NON-JNPR xxxxxxxxxxxx XFP-10G-SR
> Xcvr 1 NON-JNPR xxxxxxxxxxxx XFP-10G-SR
> FPC 4 REV 14 750-020321 xxxxxxxxxxxx SRX3k 2x10GE
> XFP
> PIC 0 BUILTIN BUILTIN 2x 10GE-XFP
> Xcvr 0 NON-JNPR xxxxxxxxxxxx XFP-10G-SR
> Xcvr 1 NON-JNPR xxxxxxxxxxxx XFP-10G-SR
> FPC 10 REV 19 750-017866 xxxxxxxxxxxx SRX3k NPC
> PIC 0 BUILTIN BUILTIN NPC PIC
> FPC 12 REV 13 750-016077 xxxxxxxxxxxx SRX3k SPC
> PIC 0 BUILTIN BUILTIN SPU Cp-Flow
> Fan Tray 0 REV 06 750-021599 xxxxxxxxxxxx SRX 3600 Fan
> Tray
>
>
>
> srx3600.spd.net.tr Seconds: 7 Time:
> 17:23:00
> Delay: 0/0/46
> Interface: ge-0/0/1, Enabled, Link is Up
> Encapsulation: Ethernet, Speed: 1000mbps
> Traffic statistics: Current delta
> Input bytes: 83679085589 (437323760 bps) [389746332]
> Output bytes: 101886713 (0 bps) [60]
> Input packets: 1359813079 (881694 pps) [6286191]
> Output packets: 594841 (0 pps) [1]
> Error statistics:
> Input errors: 0 [0]
> Input drops: 0 [0]
> Input framing errors: 0 [0]
> Policed discards: 0 [0]
> L3 incompletes: 0 [0]
> L2 channel errors: 0 [0]
> L2 mismatch timeouts: 0 Carrier transiti [0]
>
>
>
>
>
>
> Next='n', Quit='q' or ESC, Freeze='f', Thaw='t', Clear='c', Interface='i'
>
>
>
> root at srx3600.spd.net.tr> show chassis routing-engine
> Routing Engine status:
> Slot 0:
> Current state Master
> Election priority Master (default)
> DRAM 1023 MB
> Memory utilization 44 percent
> CPU utilization:
> User 0 percent
> Background 0 percent
> Kernel 4 percent
> Interrupt 0 percent
> Idle 95 percent
> Model RE-PPC-1200-A
> Start time 2015-04-15 02:06:10 UTC
> Uptime 4 days, 15 hours, 18 minutes, 19 seconds
> Last reboot reason Router rebooted after a normal shutdown.
> Load averages: 1 minute 5 minute 15 minute
> 0.04 0.06 0.10
>
>
>
> ?
>
>
> ________________________________
> Bu e-posta kişiye özel olup, gizli bilgiler içeriyor olabilir. Eğer bu
> e-posta size yanlışlıkla ulaşmışsa, içeriğini hiç bir şekilde kullanmayınız
> ve ekli dosyaları açmayınız. Bu e-posta virüslere karşı anti-virüs
> sistemleri tarafından taranmıştır. Ancak SPDNET, bu e-postanın - virüs
> koruma sistemleri ile kontrol ediliyor olsa bile - virüs içermediğini
> garanti etmez ve meydana gelebilecek zararlardan doğacak hiçbir sorumluluğu
> kabul etmez.
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
More information about the juniper-nsp
mailing list