CPU utilization is extremely high on the Juniper firewall. What is triggering the high CPU situation?
Problem or Goal:
Packets passed to, through, or processed by the firewall could use the CPU. The firewall will start to experience problems if the CPU begins to reach 85%. The symptoms include:
High CPU utilization
Poor system or throughput performance
OSPF adjacencies or BGP peering is failing
Device management is slower than normal
Ping to the management interface times out
Firewall is not passing traffic
The 'in overrun' counter (get counter stat) could increment
To Troubleshoot a High CPU Situation
Check the CPU utilization.
The CPU utilization is calculated based on two entities: Flow and Task. CPU utilization is defined as the percentage of time the CPU spends on processing, instead of sitting idle. When CPU utilization is high, it means it is busy processing network traffic, but it does not mean that it cannot keep up and will start dropping packets. CPU utilization is only a measure of network load through the firewall, not the throughput of the box itself.
Note: On all firewall appliance devices (NetScreen-5, 25, 50, 204, 208, and SSG Series), one CPU is used for processing. On ASIC-based hardware firewalls (NS-5000, ISG devices) there are two CPUs: one dedicated for Flow and the other dedicated for Task.
The CLI command get perf cpu detail will show an overview of the CPU percentage, with the last 1 minute broken down into average CPU during single-second segments:
Average system utilization is the average CPU utilization for the last 24 hrs. For example, if the system up time is 48 hrs and 18 minutes, then the average system utilization is the average CPU utilization in the last 24 hours, excluding that 18 minutes.
If system up time is less than 24 hrs but greater than 1 hr, it will be average utilization up to the last hour. For example, if the system is up 10 hrs 40 minutes, the average system utilization is the CPU utilization in 10 hrs (excluding 40 minutes).
If system up time is less than 1 hr, (for example, 34 minutes 26 seconds), then average utilization is the CPU utilization in the last 34 minutes (excluding 26 seconds).
If system up time is less than 1 minute, for example, 48 seconds, then average utilization is computed over that 48 seconds.
Determine if the high CPU is caused by Flow or Task.
The command get perf cpu all detail lists the utilization history of the CPU by Flow and Task. The first number within the parentheses refers to the Flow CPU, and the second number represents the Task CPU.
A single asterisk * indicates that the CPU is nearing a warning threshold. It is marked when utilization is ≥ 50% and ≤ 70%.
Double asterisks ** indicate to the administrator that CPU is nearing a high level; the administrator should investigate the cause of why CPU is nearing this level. It is marked when utilization ≥ 70% and ≤ 85%.
Triple asterisks *** indicate that the CPU utilization is high; the administrator should investigate the cause of why CPU is high. It is marked when utilization is ≥ 85%.