SRX routing engine low memory
If your SRX device has 1GB memory and you are using IDP and/or Antivirus then you may play with the memory allocation a bit with a new feature introduced in 11.4. As I always do, I will show it by an example;
Here is my srx100 memory utilization;
root@srx100-1> show chassis routing-engine
Routing Engine status:
Temperature 53 degrees C / 127 degrees F
Total memory 1024 MB Max 666 MB used ( 65 percent)
Control plane memory 560 MB Max 414 MB used ( 74 percent)
Data plane memory 464 MB Max 255 MB used ( 55 percent)
CPU utilization:
User 20 percent
Background 0 percent
Kernel 17 percent
Interrupt 0 percent
Idle 63 percent
Model RE-SRX100H
Serial ID XXXXXXXXX
Start time 2013-04-19 16:31:30 CEST
Uptime 5 days, 6 hours, 48 minutes, 53 seconds
Last reboot reason 0x200:normal shutdown
Load averages: 1 minute 5 minute 15 minute
0.36 0.26 0.15
If your control memory utilization is above 95%, it may be better for you to do this adjustment. Let’s increase control plane memory by 64MB.
[edit] root@srx100-1# set security advanced-services data-plane memory low [edit] root@srx100-1# commit and-quit warning: You have changed the system's data plane memory size. You must reboot the system for your change to take effect. If you have deployed a cluster, be sure to reboot all nodes. commit complete Exiting configuration mode
As you can see this change requires a reboot. Now look at the control plane memory after this change;
root@srx100-1> show chassis routing-engine
Routing Engine status:
Temperature 54 degrees C / 129 degrees F
Total memory 1024 MB Max 604 MB used ( 59 percent)
Control plane memory 624 MB Max 381 MB used ( 61 percent)
Data plane memory 400 MB Max 220 MB used ( 55 percent)
CPU utilization:
User 4 percent
Background 0 percent
Kernel 14 percent
Interrupt 0 percent
Idle 81 percent
Model RE-SRX100H
Serial ID XXXXXXXXX
Start time 2013-04-24 23:22:20 CEST
Uptime 27 minutes, 50 seconds
Last reboot reason 0x200:normal shutdown
Load averages: 1 minute 5 minute 15 minute
0.13 0.19 0.54
WARNING:If you use this new feature make sure that your licenses (e.g IDP, Antivirus) are always valid as license is a requirement for this feature.
Enjoy your extra 64MB 🙂
root@srx100# commit and-quit
[edit security advanced-services data-plane memory]
'low'
This command is only available when IDP or UTM Anti Virus (Kaspersky/Sophos) license is installed
Very nice tweak I will need to remember. This is from my SRX240H @ idle:
Total memory 1024 MB Max 696 MB used ( 68 percent)
Control plane memory 560 MB Max 386 MB used ( 69 percent)
Data plane memory 464 MB Max 311 MB used ( 67 percent)
I am using IDP and AV on my SRX and wanted to know what sort of port density or traffic load was required to raise the RAM usage to 95%? Was it easy for you to overload the SRX once you had the RAM usage that high or did JunOS pretty much take it and stay stable?
At around %90 percent control plane memory, I can say that it is working stable but both AV and IDP in an active network may cause extra utilization depending on the level of AV compression levels, IDP policies i.e options you enable.
%95 figure as far as I can remember is a level that should be considered high according to Juniper KBs but don’t recall where I read it exactly. If you can share your experience from your active network, that would be very good as well:)