Monitoring Service Sets

A service set is a group of rules from a stateful firewall filter, Network Address Translation (NAT), intrusion detection service (IDS), or IP Security (IPSec) that you apply to a services interface. You can configure IDS, NAT, and stateful firewall filter service rules within the same service set. You must configure IPSec services in a separate service set.

Service set information includes the services interfaces on the routing platform, the number of services sets configured on the interfaces, and the total CPU used by the service sets. To view these service set properties, select Monitor>Service Sets in the J-Web interface, or show the following CLI show commands:

Note: After you make changes to the configuration in this window, you must commit the changes immediately for them to take effect. To commit all changes to the active configuration, select Commit Options > Commit. See Using the Commit Options to Commit Configuration Changes (J-Web Procedure) for details about all commit options.

Table 65 summarizes key output fields in service sets displays.

Table 65: Summary of Key NAT Output Fields

Field

Values

Additional Information

Service Set Summary

Interface

Name of the adaptive services interface on the routing platform.

 

Service sets configured

Total number of service sets configured on the routing platform.

 

Bytes used

Total number of general-purpose memory bytes being used by the service set configuration.

A portion of the general-purpose memory on a routing platform is allocated for storing traffic flows, NAT pools, and so on.

Policy bytes used

Total number of configuration-object memory bytes being used by routing policies associated with the service set configuration.

A portion of the general-purpose memory on a routing platform is allocated for storing configuration objects like firewall rules, routing policies, and so on.

CPU utilization

Percentage of the CPU resources being used.

A high CPU utilization indicates that the router is under heavy load. High CPU utilization might cause performance degradation in forwarding or the application of other services.

Memory Usage

Interface

Name of the adaptive services interface on the routing platform.

 

Service set

Name of a service set.

 

Memory Utilization %

Percentage of the memory resources being used by the service set.

A high CPU utilization indicates that the router is under heavy load. High CPU utilization might cause performance degradation in forwarding or the application of other services.

Memory zone

Memory zone in which the services interface is currently operating. Following are valid zones:

  • Green—All new flows are allowed.
  • Yellow—Unused memory is reclaimed. All new flows are allowed.
  • Orange—New flows are only allowed for service sets that are using less than their equal share of memory.
  • Red—No new flows are allowed