SRX routing engine low memory

If your SRX device has 1GB memory and you are using IDP and/or Antivirus then you may play with the memory allocation a bit with a new feature introduced in 11.4. As I always do, I will show it by an example;

Here is my srx100 memory utilization;

root@srx100-1> show chassis routing-engine
Routing Engine status:
    Temperature                 53 degrees C / 127 degrees F
    Total memory              1024 MB Max   666 MB used ( 65 percent)
      Control plane memory     560 MB Max   414 MB used ( 74 percent)
      Data plane memory        464 MB Max   255 MB used ( 55 percent)
    CPU utilization:
      User                      20 percent
      Background                 0 percent
      Kernel                    17 percent
      Interrupt                  0 percent
      Idle                      63 percent
    Model                          RE-SRX100H
    Serial ID                      XXXXXXXXX
    Start time                     2013-04-19 16:31:30 CEST
    Uptime                         5 days, 6 hours, 48 minutes, 53 seconds
    Last reboot reason             0x200:normal shutdown
    Load averages:                 1 minute   5 minute  15 minute
                                       0.36       0.26       0.15

If your control memory utilization is above 95%, it may be better for you to do this adjustment. Let’s increase control plane memory by 64MB.

[edit]
root@srx100-1# set security advanced-services data-plane memory low

[edit]
root@srx100-1# commit and-quit
warning: You have changed the system's data plane memory size.
You must reboot the system for your change to take effect.
If you have deployed a cluster, be sure to reboot all nodes.
commit complete
Exiting configuration mode

As you can see this change requires a reboot. Now look at the control plane memory after this change;

root@srx100-1> show chassis routing-engine
Routing Engine status:
    Temperature                 54 degrees C / 129 degrees F
    Total memory              1024 MB Max   604 MB used ( 59 percent)
      Control plane memory     624 MB Max   381 MB used ( 61 percent)
      Data plane memory        400 MB Max   220 MB used ( 55 percent)
    CPU utilization:
      User                       4 percent
      Background                 0 percent
      Kernel                    14 percent
      Interrupt                  0 percent
      Idle                      81 percent
    Model                          RE-SRX100H
    Serial ID                     XXXXXXXXX
    Start time                     2013-04-24 23:22:20 CEST
    Uptime                         27 minutes, 50 seconds
    Last reboot reason             0x200:normal shutdown
    Load averages:                 1 minute   5 minute  15 minute
                                       0.13       0.19       0.54
WARNING:If you use this new feature make sure that your licenses (e.g IDP, Antivirus) 
are always valid as license is a requirement for this feature.

Enjoy your extra 64MB 🙂

root@srx100# commit and-quit

[edit security advanced-services data-plane memory]
  'low'
    This command is only available when IDP or UTM Anti Virus (Kaspersky/Sophos) license is installed

About: rtoodtoo

Worked for more than 10 years as a Network/Support Engineer and also interested in Python, Linux, Security and SD-WAN // JNCIE-SEC #223 / RHCE / PCNSE


2 thoughts on “SRX routing engine low memory”

  1. Very nice tweak I will need to remember. This is from my SRX240H @ idle:
    Total memory 1024 MB Max 696 MB used ( 68 percent)
    Control plane memory 560 MB Max 386 MB used ( 69 percent)
    Data plane memory 464 MB Max 311 MB used ( 67 percent)

    I am using IDP and AV on my SRX and wanted to know what sort of port density or traffic load was required to raise the RAM usage to 95%? Was it easy for you to overload the SRX once you had the RAM usage that high or did JunOS pretty much take it and stay stable?

    1. At around %90 percent control plane memory, I can say that it is working stable but both AV and IDP in an active network may cause extra utilization depending on the level of AV compression levels, IDP policies i.e options you enable.
      %95 figure as far as I can remember is a level that should be considered high according to Juniper KBs but don’t recall where I read it exactly. If you can share your experience from your active network, that would be very good as well:)

Leave a Reply to rtoodtooCancel reply

Discover more from RtoDto.net

Subscribe now to keep reading and get access to the full archive.

Continue reading