Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

How to calculate CPS (Connections per second) / Session creation per Second / Session ramp up rate in SRX Branch devices

0

0

Article ID: KB30447 KB Last Updated: 17 Jun 2015Version: 1.0
Summary:

This article explains how to calculate the  CPS (Connections per second) / Session Creation per Second / Session ramp up rate in SRX Branch devices.

Symptoms:

You need to calculate the CPS, Session Creation per Second, and Session ramp up rate for SRX Branch devices.

Solution:

For SRX Branch devices running as standalone (version 11.1 or later):

Run the command show security monitoring fpc 0.

Example:

user@host> show security monitoring fpc 0 | match "Session Creation Per Second"

Total Session Creation Per Second (for last 96 seconds on average): 4   
IPv4 Session Creation Per Second (for last 96 seconds on average): 4    
IPv6 Session Creation Per Second (for last 96 seconds on average): 0    

The show security monitoring fpc 0  command is generated by the RSI (request support information).

For SRX Branch devices running as Chassis Cluster/HA (version 11.1 or later):

For Clusters running as Active/Passive:

Use the command show chassis cluster status to find the node that is primary for Redundancy Group 1.
On the primary node for Redundancy Group 1, run the command show security monitoring fpc 0.

Example:

{primary:node0}
user@host> show chassis cluster status

Cluster ID: 1
Node Priority Status Preempt Manual Monitor-failures

Redundancy group: 0 , Failover count: 0
node0 100 primary no no None
node1 50 secondary no no None

Redundancy group: 1 , Failover count: o
node0 100 primary yes no None
node1 50 secondary yes no None

In the example, Node0 is the primary for Redundancy Group 1, hence you would need to look for Session Creation per Second on this node.

For Clusters running as Active/Active:

Use the show chassis cluster status command to find out the node that is primary for Redundancy Group X (where X >0).

If the same node is primary for all of Redundancy Group X, then execute the command show security monitoring fpc 0 and check the Total Session Creations per second on that node.

If the primary for a different Redundancy Group X lies on both Node0 and Node1, then follow the steps below:

  1. Enable the timestamp.

    user@host> set cli timestamp
  2. Execute the following command to find First path success.

    user@host> request pfe execute command "show usp flow counters all" target fwdd | match "First path success"

    Repeat this command twice with a small time interval.
  3. Calculate the time delta. 

    Let t1 be the timestamp when the command was executed the first time, and t2 be the timestamp when the command was executed the second time. The delta time T = t2-t1.

  4. Calculate the delta in the First path success.

    Let s1 be the first path success counter when the command was executed the first time, and s2 be the first path success counter when the command was executed the second time. The delta in the first path success counter S = s2-s1.

  5. Calculate the Session Creation per second  for one node.

    Session creation per second for one node CS = S/T (S and T are computed from Steps 3 and 4.)

  6. Repeat Step 5 for the other node and add the CS of both nodes to get the total session creation per second across the cluster.

  7. Example:

    {primary:node0}
    user@host> show chassis cluster status

    Cluster ID: 1
    Node Priority Status Preempt Manual Monitor-failures

    Redundancy group: 0 , Failover count: 0
    node0 100 primary no no None
    node1 50 secondary no no None

    Redundancy group: 1 , Failover count: o
    node0 100 primary yes no None
    node1 50 secondary yes no None

    Redundancy group: 2 , Failover count: o
    node0 50 secondary yes no None
    node1 100 primary yes no None

    Here Node0 is primary for RG-1 and Node1 is primary for RG-2.

    {primary:node0}
    user@host> set cli timestamp
    Jun 11 12:31:37
    CLI timestamp set to: %b %d %T

    {primary:node0}
    root@SRX240-HM3> request pfe execute command "show usp flow counters all" target fwdd | match "First path success"
    Jun 11 12:35:06
    GOT: First path success 102

    {primary:node0}
    root@SRX240-HM3> request pfe execute command "show usp flow counters all" target fwdd | match "First path success"
    Jun 11 12:35:22
    GOT: First path success 156

    The time difference is: 12:35:22 - 12:35:06 = 16 seconds
    The first path sucess is equal: 156 -102 = 54
    The total session creation per second for this node: 54/16 = ~4
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search