Support Support Downloads Knowledge Base Apex Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[ScreenOS] How can I reduce High CPU (flow), due to high rate of Multicast traffic?



Article ID: KB11126 KB Last Updated: 29 Aug 2019Version: 4.0
In some cases, Multicast traffic can cause the flow CPU to go high on a Juniper security device.
When Multicast traffic hits the firewall at a very high rate, the flow CPU has been known to go high, i.e. 80-99 %.  In a specific case, this was due to a customer sending compressed HD video feed through an ISG2000 running ScreenOS 5.4.0r8a. 

Is Multicast traffic processed by hardware/ASIC for ASIC based firewalls?
In ScreenOS, there is a flow command that will allow Multicast sessions to be processed by hardware as opposed to software in the CPU.  The command is :

set flow multicast install-hw-session

It's been noticed that Flow CPU can be greatly reduced with this command when Multicast traffic is causing High CPU. 

Note:  This is also documented in the ScreenOS 6.1 Release Notes: ScreenOS 6.1 Technical Documentation.
Modification History:
2019-08-21: Content reviewed for accuracy.
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search