Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[ScreenOS] How to use the Session Cache for HTTP Traffic via the WebUI to minimize the CPU utilization and enhance performance

0

0

Article ID: KB24640 KB Last Updated: 18 Jul 2012Version: 1.0
Summary:
This article provides information on how to use the Session Cache for HTTP Traffic, via the WebUI, to minimize the CPU utilization and enhance performance.

Symptoms:
How to use the Session Cache for HTTP Traffic, via the WebUI, to minimize the CPU utilization and enhance performance.
Cause:

Solution:
In ScreenOS, especially in high-end platforms, creating a session and aging out a session are both time-consuming. As HTTP connections are short-lived, the CPU
utilization for HTTP traffic is higher than other TCP traffic, under the same traffic load. To accelerate HTTP traffic, you have to either speed up creating a session or
make session aging-out faster. You can optimize the session-creation stage, as most of the elements for creating a session cache, source IP, destination IP and port,
policy, and protocol, are fixed or semi-fixed.


Beginning with ScreenOS 6.3.0, you can create a session cache for HTTP-based protocols to minimize CPU utilization and to enhance performance. A session cache
is a special structure that caches (stores) all the reusable information of both software and hardware sessions, which are created by the first connection of an HTTP session bundle.

When an HTTP SYN packet arrives, it looks for a session cache in the session cache table. If it exists, a duplicate software or hardware session is created
from the session cache. If a session cache does not exist, ScreenOS creates it for the first connection and then duplicates it for all subsequent connections.

Beginning with ScreenOS 6.3.0, you can create a session cache for HTTP-based protocols to minimize CPU utilization and enhance performance. A session cache is a special structure that caches all the reusable information of both software and hardware sessions, which are created by the first connection of an HTTP session bundle.

You can create a session cache for both pre-defined and custom services via the WebUI or CLI. In this example, a session cache is created for the pre-defined AOL service.

WebUI:
  1. Go to Policy > Policy Elements > Service > Predefined > Edit, provide the following information, and then click OK:

    • Service Name : AOL

    • Enable Session Cache (enable this option).

  2. Go to Policy > Policy Elements > Service > Session Cache, provide the following information, and then click Apply:

    • Enable Session Cache (select this option).

    • Session Cache Count: 18

CLI:
set session-cache enable
set service AOL session-cache
set session-cache count 18
Note: A session cache supports other traffic; but does not ensure performance enhancement.
You cannot create a session cache in the following scenarios:

  • When the session is synched from another security device.

  • When the session is created by an Application Layer Gateway (ALG).
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search