Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Monitoring Chassis Cluster Performance

    This topic provides information about the options available for monitoring chassis components such as FPCs, PICs, and Routing Engines for data such as operating state, CPU, and memory.

    Note: The jnx-chassis MIB is not supported for SRX Series branch devices in cluster mode. However, it is supported for standalone SRX Series branch devices. Therefore, we recommend using options other than SNMP for chassis monitoring of SRX Series branch devices.

    The instrumentation used for monitoring chassis components is provided in Table 1.

    Table 1: Instrumentation for Chassis Component Monitoring

    Junos OS XML RPC

    SNMP MIB

    • For temperature of sensors, fan speed, and status of each component, use the get-environment-information remote procedure call (RPC).
    • For temperature thresholds for the hardware components for each element, use the get-temperature-threshold-information RPC.
    • For Routing Engine status, CPU, and memory, use the get-route-engine-information RPC. This RPC provides 1, 5, and 15 minute load averages.
    • For FPC status, temperature, CPU, and memory, use the get-fpc-information RPC.
    • Use the get-pic-detail RPC with the fpc-slot and pic-slot RPCs to get the PIC status.
    • Use the jnxOperatingTable MIB table for temperature, fan speed, and so on. The jnxOperatingState MIB should be used to get the status of the component. If the component is a FRU, then use the jnxFruState MIB also. Use the jnxOperatingTemp MIB for the temperature of sensors. Use the jnxFruState MIB to get the FRU status such as offline, online, empty, and so on.
    • Note the following about the objects available for monitoring in the jnxOperatingTable MIB table:
      • No MIB is available for temperature thresholds.
      • For the Routing Engine, use the jnxOperatingCPU, jnxOperatingTemp, jnxOperatingMemory, jnxOperatingISR, and jnxOperatingBuffer MIB objects under container Index 9.
      • Look at the jnxRedundancyTable for redundancy status monitoring. This only gives data for the last 5 seconds.
      • For the FPCs, look at the objects in the jnxOperatingTable and jnxFruTable MIB tables on container Index 7 for temperature, CPU, and memory utilization.
      • For the PICs (including SPU/SPC cards flows), look at the objects in the jnxOperatingTable and jnxFruTable MIB tables under container Index 8 in the following sample output for temperature, CPU, and memory utilization.
    user@host> show snmp mib walk
    jnxOperatingDescr.8
    jnxOperatingDescr.8.5.1.0 = node0 PIC: SPU Cp-Flow @ 4/0/*
    jnxOperatingDescr.8.5.2.0 = node0 PIC: SPU Flow @ 4/1/*
    jnxOperatingDescr.8.6.1.0 = node0 PIC: 4x 10GE XFP @ 5/0/*
    jnxOperatingDescr.8.6.2.0 = node0 PIC: 16x 1GE TX @ 5/1/*
    jnxOperatingDescr.8.11.1.0 = node1 PIC: SPU Cp-Flow @ 4/0/*
    jnxOperatingDescr.8.11.2.0 = node1 PIC: SPU Flow @ 4/1/*
    jnxOperatingDescr.8.12.1.0 = node1 PIC: 4x 10GE XFP @ 5/0/*
    jnxOperatingDescr.8.12.2.0 = node1 PIC: 16x 1GE TX @ 5/1/*

    Accounting Profiles

    • Use a Routing Engine accounting profile to get the master Routing Engine statistics in comma separated value (CSV) format. Configure the routing-engine-profile under the [edit accounting-options] hierarchy level. The collection interval fields and filename can be configured per your requirements. We recommend transferring the file directly to a management system using the Junos OS transfer options provided under the [edit accounting-options] hierarchy level. Note that only the primary node master Routing Engine statistics are available.

      The Routing Engine accounting profile is stored in the /var/log directory by default. The following is a sample of an accounting profile:

      #FILE CREATED 1246267286 2010-4-29-09:21:26
      #hostname SRX3400-1
      #profile-layout reprf,epoch-timestamp,hostname,date-yyyymmdd,timeofday-hhmmss,uptime,cpu1min,
      cpu5min,cpu15min,memory-usage,total-cpu-usage
      reprf,1246267691,SRX3400-1,20090629,092811,3044505,0.033203,0.030762,0.000488,523,6.10
      reprf,1246268591,SRX3400-1,20090629,094311,3045405,0.000000,0.014160,0.000000,523,5.00
    • Use a MIB accounting profile for any other MIBs listed in the SNMP MIB column to get results in a CSV format. You can select the MIB objects, collection interval, and so on.

    Monitoring Chassis Cluster Performance

    The information in Table 2 describes how to measure and monitor the cluster health, including the control plane and data plane statistics.

    Table 2: Instrumentation for Chassis Cluster Monitoring

    Junos OS XML RPC

    SNMP MIB

    • Use the get-chassis-cluster-statistics remote procedure call (RPC) to get the cluster statistics, including the control plane, fabric, and dataplane statistics.
    • If you want to monitor dataplane and control plane statistics separately, you can use the get-chassis-cluster-control-plane-statistics and get-chassis-cluster-data-plane-statistics RPCs, respectively.

    Not available. The utility MIB can be used to provide this data using Junos OS operation scripts. For more information about operation scripts.

    Redundant Group Monitoring

    Ensure that the redundancy groups are discovered prior to monitoring the group status. Table 3 lists the methods used to obtain redundancy group monitoring information.

    Table 3: Instrumentation for Redundancy Group Monitoring

    Junos OS XML RPC

    SNMP MIB

    Use the get-chassis-cluster-status remote procedure call (RPC) to get chassis cluster information as shown.

    RPC: <get-chassis-cluster-status>

    <rpc>
    				<get-chassis-cluster-status>
    								<redundancy-group>1</redundancy-group>
    				</get-chassis-cluster-status>
    </rpc>

    Not available. The utility MIB can be used to provide this data using Junos OS operation scripts. For more information about operation scripts.

    Interface Statistics

    You can use the methods listed in Table 4 to get interface statistics including the reth and fabric interfaces. Note that you can poll the reth interface statistics and then use the information to determine the redundancy group status because the non-active reth link shows 0 output packets per second (output-pps).

    Table 4: Instrumentation for Interface Monitoring

    Junos OS XML RPC

    SNMP MIB

    • Use the get-interface-information remote procedure call (RPC) with the extensive tag to get information such as interface statistics, COS statistics, and traffic statistics. This works for all interfaces including reth interfaces and fabric interfaces on the primary node and the secondary node, except the fxp0 interface on the secondary node.
    • Use the relationship between reth and underlying interfaces to determine the statistics between the physical interfaces.
    • The fxp0 interface on the secondary node can be directly queried using the IP address of the fxp0 interface on the secondary node.
    • Use the following MIB tables for interface statistics:
      • ifTable – Standard MIB II interface stats
      • ifXTable – Standard MIB II high-capacity interface stats
      • JUNIPER-IF-MIB – A list of Juniper extensions to the interface entries
      • JUNIPER-JS-IF-EXT-MIB – Used to monitor the entries in the interfaces pertaining to the security management of the interface
    • For secondary node fxp0 interface details, directly query the secondary node (optional).

    Accounting Profiles

    • Use Interface accounting profiles for interface statistics in CSV format collected at regular intervals.
    • Use MIB accounting profiles for any MIBs collected at regular intervals with output in CSV format.
    • Use Class usage profiles for source class and destination class usage.

    Services Processing Unit Monitoring

    The SRX3000 line and SRX5000 line have one or more Services Processing Units (SPUs) that run on a Services Processing Card (SPC). All flow-based services run on the SPU. SPU monitoring tracks the health of the SPUs and of the central point. The central point (CP) in the architecture has two basic flow functionalities: load balancing and traffic identification (global session matching). The central point forwards a packet to its SPU upon session matching, or distributes traffic to an SPU for security processing if the packet does not match any existing session. The chassis manager on each SPC monitors the SPUs and the central point, and also maintains the heartbeat with the Routing Engine chassisd. In this hierarchical monitoring system, the chassis process (chassisd) is the center for hardware failure detection. SPU monitoring is enabled by default.

    Use the methods listed in Junos OS XML RPC Instrumentation for SPU Monitoring and SNMP MIB Instrumentation for SPU Monitoring to get the SPU to monitor data.

    Note: We recommend that the management systems set an alarm when SPU CPU utilization goes above 85 percent as this adds latency to the processing. Packets are dropped if the CPU utilization exceeds 95 percent.

    Junos OS XML RPC Instrumentation for SPU Monitoring

    • Use the get-flow-session-information remote procedure call (RPC) to get the SPU to monitor data such as total sessions, current sessions, and max sessions per node.
      <rpc>
      <get-flow-session-information>
      <summary/>
      </get-flow-session-information>
      </rpc>
      <rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" 
      xmlns:junos="http://xml.juniper.net/junos/10.4D0/junos">
      <multi-routing-engine-results>
      <multi-routing-engine-item>
      <re-name>node0</re-name>
      <flow-session-information xmlns="http://xml.juniper.net/
      junos/10.4D0/junos-flow">
      <flow-fpc-pic-id> on FPC4 PIC0:</flow-fpc-pic-id>
      </flow-session-information>
      <flow-session-summary-information xmlns="http://
      xml.juniper.net/junos/10.4D0/junos-flow">
      <active-unicast-sessions>0</active-unicast-sessions>
      <active-multicast-sessions>0</active-multicast-sessions>
      <failed-sessions>0</failed-sessions>
      <active-sessions>0</active-sessions>
      <active-session-valid>0</active-session-valid>
      <active-session-pending>0</active-session-pending>
      <active-session-invalidated>0</active-session-invalidated>
      <active-session-other>0</active-session-other>
      <max-sessions>524288</max-sessions>
      </flow-session-summary-information>
      <flow-session-information xmlns="http://xml.juniper.net/
      junos/10.4D0/junos-flow"></flow-session-information>
      <flow-session-information xmlns="http://xml.juniper.net/
      junos/10.4D0/junos-flow">
      <flow-fpc-pic-id> on FPC4 PIC1:</flow-fpc-pic-id>
      </flow-session-information>
      <flow-session-summary-information xmlns="http://
      xml.juniper.net/junos/10.4D0/junos-flow">
      <active-unicast-sessions>0</active-unicast-sessions>
      <active-multicast-sessions>0</active-multicast-sessions>
      <failed-sessions>0</failed-sessions>
      <active-sessions>0</active-sessions>
      <active-session-valid>0</active-session-valid>
      <active-session-pending>0</active-session-pending>
      <active-session-invalidated>0</active-session-invalidated>
      <active-session-other>0</active-session-other>
      <max-sessions>1048576</max-sessions>
      </flow-session-summary-information>
      <flow-session-information xmlns="http://
      xml.juniper.net/junos/10.4D0/junos-flow">
      </flow-session-information>
      </multi-routing-engine-item>
      <multi-routing-engine-item>
      <re-name>node1</re-name>
      <flow-session-information xmlns="http://xml.juniper.net
      /junos/10.4D0/junos-flow">
      <flow-fpc-pic-id> on FPC4 PIC0:</flow-fpc-pic-id>
      </flow-session-information>
      <flow-session-summary-information xmlns="http://
      xml.juniper.net/junos/10.4D0/junos-flow">
      <active-unicast-sessions>0</active-unicast-sessions>
      <active-multicast-sessions>0</active-multicast-sessions>
      <failed-sessions>0</failed-sessions>
      <active-sessions>0</active-sessions>
      <active-session-valid>0</active-session-valid>
      <active-session-pending>0</active-session-pending>
      <active-session-invalidated>0</active-session-invalidated>
      <active-session-other>0</active-session-other>
      <max-sessions>524288</max-sessions>
      </flow-session-summary-information>
      <flow-session-information xmlns="http://
      xml.juniper.net/junos/10.4D0/junos-flow">
      </flow-session-information>
      <flow-session-information xmlns="http://
      xml.juniper.net/junos/10.4D0/junos-flow">
      <flow-fpc-pic-id> on FPC4 PIC1:</flow-fpc-pic-id>
      </flow-session-information>
      <flow-session-summary-information xmlns="http://
      xml.juniper.net/junos/10.4D0/junos-flow">
      <active-unicast-sessions>0</active-unicast-sessions>
      <active-multicast-sessions>0</active-multicast-sessions>
      <failed-sessions>0</failed-sessions>
      <active-sessions>0</active-sessions>
      <active-session-valid>0</active-session-valid>
      <active-session-pending>0</active-session-pending>
      <active-session-invalidated>0</active-session-invalidated>
      <active-session-other>0</active-session-other>
      <max-sessions>1048576</max-sessions>
      </flow-session-summary-information>
      <flow-session-information xmlns="http://xml.juniper.
      net/junos/10.4D0/junos-flow"></flow-session-information>
      </multi-routing-engine-item>
      </multi-routing-engine-results>
      </rpc-reply>
    • Use the get-performance-session-information RPC to obtain SPU session performance.
    • Use the get-spu-monitoring-information RPC to monitor SPU CPU utilization, memory utilization, max flow sessions, and so on.

    SNMP MIB Instrumentation for SPU Monitoring

    • Use the jnxJsSPUMonitoring MIB to monitor the SPU data:
      • jnxJsSPUMonitoringCurrentTotalSession – Returns the system-level current total sessions.
      • jnxJsSPUMonitoringMaxTotalSession – Returns the system-level max sessions possible.
      • jnxJsSPUMonitoringObjectsTable – Returns the SPU utilization statistics per node.

      Sample Walk

      user@host> show snmp mib walk
      jnxJsSPUMonitoringMIB
      jnxJsSPUMonitoringFPCIndex.16 = 4
      jnxJsSPUMonitoringFPCIndex.17 = 4
      jnxJsSPUMonitoringFPCIndex.40 = 4
      jnxJsSPUMonitoringFPCIndex.41 = 4
      jnxJsSPUMonitoringSPUIndex.16 = 0
      jnxJsSPUMonitoringSPUIndex.17 = 1
      jnxJsSPUMonitoringSPUIndex.40 = 0
      jnxJsSPUMonitoringSPUIndex.41 = 1
      jnxJsSPUMonitoringCPUUsage.16 = 0
      jnxJsSPUMonitoringCPUUsage.17 = 0
      jnxJsSPUMonitoringCPUUsage.40 = 0
      jnxJsSPUMonitoringCPUUsage.41 = 0
      jnxJsSPUMonitoringMemoryUsage.16 = 70
      jnxJsSPUMonitoringMemoryUsage.17 = 73
      jnxJsSPUMonitoringMemoryUsage.40 = 70
      jnxJsSPUMonitoringMemoryUsage.41 = 73
      jnxJsSPUMonitoringCurrentFlowSession.16 = 0
      jnxJsSPUMonitoringCurrentFlowSession.17 = 0
      jnxJsSPUMonitoringCurrentFlowSession.40 = 0
      jnxJsSPUMonitoringCurrentFlowSession.41 = 0
      jnxJsSPUMonitoringMaxFlowSession.16 = 524288
      jnxJsSPUMonitoringMaxFlowSession.17 = 1048576
      jnxJsSPUMonitoringMaxFlowSession.40 = 524288
      jnxJsSPUMonitoringMaxFlowSession.41 = 1048576
      jnxJsSPUMonitoringCurrentCPSession.16 = 0
      jnxJsSPUMonitoringCurrentCPSession.17 = 0
      jnxJsSPUMonitoringCurrentCPSession.40 = 0
      jnxJsSPUMonitoringCurrentCPSession.41 = 0
      jnxJsSPUMonitoringMaxCPSession.16 = 2359296
      jnxJsSPUMonitoringMaxCPSession.17 = 0
      jnxJsSPUMonitoringMaxCPSession.40 = 2359296
      jnxJsSPUMonitoringMaxCPSession.41 = 0
      jnxJsSPUMonitoringNodeIndex.16 = 0
      jnxJsSPUMonitoringNodeIndex.17 = 0
      jnxJsSPUMonitoringNodeIndex.40 = 1
      jnxJsSPUMonitoringNodeIndex.41 = 1
      jnxJsSPUMonitoringNodeDescr.16 = node0
      jnxJsSPUMonitoringNodeDescr.17 = node0
      jnxJsSPUMonitoringNodeDescr.40 = node1
      jnxJsSPUMonitoringNodeDescr.41 = node1
      jnxJsSPUMonitoringCurrentTotalSession.0 = 
      jnxJsSPUMonitoringMaxTotalSession.0 = 1572864

      Note:

      • Junos OS versions prior to Junos OS Release 9.6 only return local node data for this MIB. To support a chassis cluster, Junos OS Release 9.6 and later support a jnxJsSPUMonitoringNodeIndex index and a jnxJsSPUMonitoringNodeDescr field in the table. Therefore, in chassis cluster mode, Junos OS Release 9.6 and later return SPU monitoring data of both the primary and secondary nodes.
      • SRX Series branch devices have a virtualized dataplane across the cluster datacores. Therefore, they are reported as one SPU with an index of 0.

      The jnxJsSPUMonitoringMaxFlowSession MIB object shows the maximum number of sessions per node.

    Security Features

    Following is a summary of Junos OS XML remote procedure calls (RPCs) and SNMP MIBs related to security features that are supported on SRX Series devices.

    The RPCs and MIBs might not be directly comparable to each other. One might provide more or less information than the other. Use the following information to determine which instrumentation to use.

    Table 5: Instrumentation for Security Monitoring

    Feature and Functionality

    Junos OS XML RPC

    SNMP MIB

    IPsec

    <get-ipsec-tunnel-redundancy-information>

    <get-services-ipsec-statistics-information>

    <get-ike-security-associations>

    JNX-IPSEC-MONITOR-MIB

    JUNIPER-JS-IPSEC-VPN

    JUNIPER-IPSEC-FLOW-MONITOR

    NAT

    <get-service-nat-mapping-information>

    <get-service-nat-pool-information>

    JNX-JS-NAT-MIB

    Screening

    <get-ids-statistics>

    JNX-JS-SCREENING-MIB

    Firewall

    <get-firewall-counter-information>

    <get-firewall-filter-information>

    <get-firewall-information>

    <get-firewall-log-information>

    <get-firewall-prefix-action-information>

    <get-flow-table-statistics-information>

    JUNIPER-FIREWALL-MIB

    Security Policies

    <get-firewall-policies>

    JUNIPER-JS-POLICY-MIB

    AAA

    <get-aaa-module-statistics>

    <get-aaa-subscriber-statistics>

    <get-aaa-subscriber-table>

    JUNIPER-USER-AAA-MIB

    IDP

    <get-idp-addos-application-information>

    <get-idp-application-system-cache>

    <get-idp-counter-information>

    <get-idp-detail-status-information>

    <get-idp-memory-information>

    <get-idp-policy-template-information>

    <get-idp-predefined-attack-filters>

    <get-idp-predefined-attack-groups>

    <get-idp-predefined-attacks>

    <get-idp-recent-security-package-information>

    <get-idp-security-package-information>

    <get-idp-ssl-key-information>

    <get-idp-ssl-session-cache-information>

    <get-idp-status-information>

    <get-idp-subscriber-policy-list>

    JUNIPER-JS-IDP-MIB

    Other Statistics and MIBS

    There are other MIBs such as the OSPF MIB and IP Forwarding MIB that are supported on SRX Series devices. See the Network Management Administration Guide, MIB Reference for SRX1400, SRX3400, and SRX3600 Services Gateways, and MIB Reference for SRX5600 and SRX5800 Services Gateways for details about other MIBs supported on SRX Series devices.

    RMON

    Junos OS supports the remote monitoring (RMON) MIB (RFC 2819). RMON can be used to send alerts for MIB variables when upper and lower thresholds are crossed. This can be used for various MIB variables. Some good examples are interface statistics monitoring and Routing Engine CPU monitoring.

    The following configuration snippet shows RMON configuration for monitoring a Routing Engine on node 0 of a cluster and for monitoring octets out of interface index 2000:

    rmon {alarm 100 {interval 5;variable jnxOperatingCPU.9.1.0.0;sample-type absolute-value;request-type get-request;rising-threshold 90;falling-threshold 80;rising-event-index 100;falling-event-index 100;}event 100 {type log-and-trap;community petblr;}alarm 10 {interval 60;variable ifHCInOctets.2000;sample-type delta-value;request-type get-request;startup-alarm rising-alarm;rising-threshold 100000;falling-threshold 0;rising-event-index 10;falling-event-index 10;}event 10 {type log-and-trap;community test;}}

    Chassis Cluster Device Health Monitoring

    On Juniper Networks routers, RMON alarms and events provide much of the infrastructure needed to reduce the polling overhead from the network management system (NMS). However, with this approach, you must set up the NMS to configure specific MIB objects into RMON alarms. This often requires device-specific expertise and customization of the monitoring application. In addition, some MIB object instances that need monitoring are set only at initialization or change at runtime and cannot be configured in advance. To address these issues, the health monitor extends the RMON alarm infrastructure to provide predefined monitoring for a selected set of object instances (for file system usage, CPU usage, and memory usage) and includes support for unknown or dynamic object instances (such as Junos OS processes).

    Modified: 2015-11-30