Hi there,
We have 2 SRX240 firewalls which work together as a VC. We've found recently (within the last year) when logging in and perfoming commands (such as show, commit, etc) the firewall is slow and commits take about 2 minutes to complete. It was much faster in the past.
Running some commands I can see the first firewall (master) is pretty much maxed out and the second one isnt as busy:
show chassis routing-engine
node0:
--------------------------------------------------------------------------
Routing Engine status:
Temperature 42 degrees C / 107 degrees F
CPU temperature 40 degrees C / 104 degrees F
Total memory 2048 MB Max 1208 MB used ( 59 percent)
Control plane memory 1104 MB Max 552 MB used ( 50 percent)
Data plane memory 944 MB Max 651 MB used ( 69 percent)
CPU utilization:
User 45 percent
Background 0 percent
Kernel 52 percent
Interrupt 2 percent
Idle 1 percent
Model RE-SRX240H2
Serial ID ACLY9411
Start time 2017-10-01 13:55:47 UTC
Uptime 170 days, 1 hour, 38 minutes, 47 seconds
Last reboot reason Router rebooted after a normal shutdown.
Load averages: 1 minute 5 minute 15 minute
2.85 2.57 2.47
node1:
--------------------------------------------------------------------------
Routing Engine status:
Temperature 40 degrees C / 104 degrees F
CPU temperature 40 degrees C / 104 degrees F
Total memory 2048 MB Max 1024 MB used ( 50 percent)
Control plane memory 1104 MB Max 375 MB used ( 34 percent)
Data plane memory 944 MB Max 651 MB used ( 69 percent)
CPU utilization:
User 10 percent
Background 0 percent
Kernel 9 percent
Interrupt 0 percent
Idle 80 percent
Model RE-SRX240H2
Serial ID ACLY9169
Start time 2017-10-01 13:34:41 UTC
Uptime 170 days, 1 hour, 38 minutes, 30 seconds
Last reboot reason Router rebooted after a normal shutdown.
Load averages: 1 minute 5 minute 15 minute
0.18 0.24 0.28
Looking at what processes are taking up resources, I've found:
show system processes extensive node 0
PID USERNAME THR PRI NICE SIZE RES STATE C TIME WCPU COMMAND
1402 root 1 77 0 13720K 6532K select 0 140.9H 7518.75% rtlogd
1396 root 7 76 0 994M 58280K RUN 0 ??? 292.38% flowd_octeon_hm
1060 root 1 120 0 19336K 11336K RUN 0 759.4H 35.30% eventd
1450 root 1 83 0 28540K 13416K RUN 0 221.6H 12.01% mib2d
1451 root 1 77 0 24960K 17696K select 0 119.3H 2.25% snmpd
22 root 1 171 52 0K 16K RUN 0 1493.1 0.00% idle: cpu0
And some more tests:
show security monitoring performance spu
node0:
--------------------------------------------------------------------------
fpc 0 pic 0
Last 60 seconds:
0: 93 1: 94 2: 90 3: 90 4: 71 5: 74
6: 70 7: 71 8: 85 9: 79 10: 75 11: 72
12: 71 13: 70 14: 74 15: 73 16: 80 17: 73
18: 79 19: 76 20: 65 21: 70 22: 73 23: 63
24: 83 25: 63 26: 67 27: 76 28: 78 29: 67
30: 72 31: 58 32: 66 33: 75 34: 63 35: 70
36: 74 37: 75 38: 72 39: 74 40: 72 41: 70
42: 72 43: 81 44: 70 45: 73 46: 68 47: 67
48: 79 49: 77 50: 72 51: 65 52: 63 53: 63
54: 71 55: 75 56: 66 57: 67 58: 72 59: 72
node1:
--------------------------------------------------------------------------
fpc 0 pic 0
Last 60 seconds:
0: 9 1: 10 2: 13 3: 6 4: 10 5: 9
6: 11 7: 10 8: 13 9: 13 10: 11 11: 12
12: 13 13: 12 14: 11 15: 10 16: 8 17: 11
18: 7 19: 13 20: 17 21: 9 22: 6 23: 8
24: 9 25: 8 26: 6 27: 11 28: 8 29: 11
30: 9 31: 10 32: 6 33: 6 34: 7 35: 6
36: 6 37: 6 38: 9 39: 8 40: 7 41: 6
42: 7 43: 5 44: 6 45: 5 46: 7 47: 6
48: 13 49: 15 50: 8 51: 8 52: 7 53: 5
54: 7 55: 6 56: 6 57: 6 58: 9 59: 5
Can anyone recommend what we can do to help performance? Or to have the 2nd firewall do more work.
Thank you,
Vishal