[j-nsp] SRX - CPU utilization exceeds
Benoit Plessis
b.plessis at doyousoft.com
Tue Sep 19 03:34:36 EDT 2017
Le 19/09/2017 à 06:26, sameer mughal a écrit :
> Hi,
>
> Thanks!
>
> This is SRX Model: srx220h2 - JUNOS Software Release [12.1X46-D35.1]
> and traffic is IP not IPSEC. Traffic is IP BGP and route map also
> configured.
BGP ? With how many routes ? how many peers ?
> Traffic is pushing around 70 to 80 Mbps.
And in pps ?
Is it regular or do you have peaks around the high cpu alerts ?
> Please advice.
Well ... it depend !
* Are you ok with the current performances of your setup ?
* Is there an increase in traffic in the foreseable futur ?
* Have you got some $$$ to replace the firewall ?
I for one would replace it, mostly because doing BGP on such a small SRX
doesn't seem like a great idea, expect if you have only one peer and
exchange a limited number of routes.
> On Tue, Sep 19, 2017 at 12:20 AM, Hugo Slabbert <hugo at slabnet.com
> <mailto:hugo at slabnet.com>> wrote:
>
> On Mon 2017-Sep-18 10:07:36 +0200, Benoit Plessis
> <b.plessis at doyousoft.com <mailto:b.plessis at doyousoft.com>> wrote:
>
> [..] to external conditions ("attacks" / scan / ..)
> [..] it kindof look inadequat to your need.
>
> Do you have some external monitoring in place with a graphing
> system to
> look after you firewall ?
>
>
> This can even just be throughput based, especially for flow
> services as opposed to just packet-mode forwarding. I've had
> instances of this from e.g. pushing >50-60 Mbps of IPSEC on SRX100
> boxes.
>
Yes that's one of the "external conditions" i had in mind ! :)
More information about the juniper-nsp
mailing list