Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

show security ipsec tunnel-distribution

Syntax

Description

Display the number of IPsec VPN tunnels that are anchored in each thread. An IPsec tunnel session is assigned an anchor thread, based on the load during the tunnel session installation. When a new tunnel session is created, the least loaded thread is chosen to anchor the new tunnel. When the tunnel is deleted, the anchor mapping is removed from the control plane.

Tunnel distribution across different Services Processing Unit (SPU) or equivalent is based on the number of tunnels and not on throughput in each tunnel. Tunnels anchored in a SPU are not transferred to a different SPU or equivalent during SPU failure.

The distribution profile shows any assigned IPSec distribution profile without any distribution profiles assigned to a vpn object. This tab shows default_profiile, else the associated profile is displayed.

Options

none

Display thread information about all active tunnels.

brief

(Optional) Display thread information about all active tunnels. (Default)

fpc

FPC slot number (0..5).

pic

PIC slot number (0..3).

summary

(Optional) Display the number of tunnels anchored to each thread.

summary-cpuload

(Optional) Displays the load on each FPC and PIC. You can use this option to check the load on each FPC and PIC before or after redistributing the tunnel. See show security ipsec tunnel-distribution summary-cpuload.

srg-id

(Optional) Display information related to a specific services redundancy group (SRG) in a Multinode High Availability setup.

Required Privilege Level

view

Output Fields

Table 1 lists the output fields for the show security ipsec tunnel-distribution command. Output fields are listed in the approximate order in which they appear.

Table 1: show security ipsec tunnel-distribution Output Fields

Field Name

Field Description

Level of Output

Tunnel-ID

VPN tunnel identifier.

brief

Thread-ID

Thread identifier.

All levels

Number of Tunnels

The number of tunnels anchored to the thread.

summary

CPU:1m

CPU load average for last 1 minute for FPC or PIC.

summary-cpuload

CPU:1h

CPU load average for last 1 hour for FPC or PIC.

summary-cpuload

CPU:1d

CPU load average for last 1 day for FPC or PIC.

summary-cpuload

Sample Output

show security ipsec tunnel-distribution

show security ipsec tunnel-distribution summary

show security ipsec tunnel-distribution fpc 0 pic 0

show security ipsec tunnel-distribution fpc 0 pic 1

show security ipsec tunnel-distribution summary fpc 0 pic 0

show security ipsec tunnel-distribution summary fpc 0 pic 1

show security ipsec tunnel-distribution summary-cpuload

This command displays the same output as show security ipsec tunnel-distribution summary, but includes load averages (last 1 minute, 1 hour, and 1 day) of all threads for each FPC and PIC.

show security ipsec tunnel-distribution srg-id

Release Information

Command introduced in Junos OS Release 17.4R1.

summary-cpuload option introduced in Junos OS Release 20.4R1.

srg-id option introduced in Junos OS Release 22.4R1.