Monitoring Chassis Cluster Performance
This topic provides information about the options available for monitoring chassis components such as FPCs, PICs, and Routing Engines for data such as operating state, CPU, and memory.
The jnx-chassis MIB is not supported for SRX Series branch devices in cluster mode. However, it is supported for standalone SRX Series branch devices. Therefore, we recommend using options other than SNMP for chassis monitoring of SRX Series branch devices.
The instrumentation used for monitoring chassis components is provided in Table 1.
Junos OS XML RPC |
SNMP MIB |
---|---|
|
user@host> |
Accounting Profiles |
|
|
Monitoring Chassis Cluster Performance
The information in Table 2 describes how to measure and monitor the cluster health, including the control plane and data plane statistics.
Junos OS XML RPC |
SNMP MIB |
---|---|
|
Not available. The utility MIB can be used to provide this data using Junos OS operation scripts. For more information about operation scripts. |
Redundant Group Monitoring
Ensure that the redundancy groups are discovered prior to monitoring the group status. Table 3 lists the methods used to obtain redundancy group monitoring information.
Junos OS XML RPC |
SNMP MIB |
---|---|
Use the RPC: <get-chassis-cluster-status> <rpc> <get-chassis-cluster-status> <redundancy-group>1</redundancy-group> </get-chassis-cluster-status> </rpc> |
Not available. The utility MIB can be used to provide this data using Junos OS operation scripts. For more information about operation scripts. |
Interface Statistics
You can use the methods listed in Table 4 to get interface statistics including the reth and fabric interfaces. Note that you can poll the reth interface statistics and then use the information to determine the redundancy group status because the non-active reth link shows 0 output packets per second (output-pps).
Junos OS XML RPC |
SNMP MIB |
---|---|
|
|
Accounting Profiles |
|
|
Services Processing Unit Monitoring
The SRX3000 line and SRX5000 line have one or more Services Processing Units (SPUs) that run on a Services Processing Card (SPC). All flow-based services run on the SPU. SPU monitoring tracks the health of the SPUs and of the central point. The central point (CP) in the architecture has two basic flow functionalities: load balancing and traffic identification (global session matching). The central point forwards a packet to its SPU upon session matching, or distributes traffic to an SPU for security processing if the packet does not match any existing session. The chassis manager on each SPC monitors the SPUs and the central point, and also maintains the heartbeat with the Routing Engine chassisd. In this hierarchical monitoring system, the chassis process (chassisd) is the center for hardware failure detection. SPU monitoring is enabled by default.
Use the methods listed in Junos OS XML RPC Instrumentation for SPU Monitoring and SNMP MIB Instrumentation for SPU Monitoring to get the SPU to monitor data.
We recommend that the management systems set an alarm when SPU CPU utilization goes above 85 percent as this adds latency to the processing. Packets are dropped if the CPU utilization exceeds 95 percent.
Junos OS XML RPC Instrumentation for SPU Monitoring
Use the
get-flow-session-information
remote procedure call (RPC) to get the SPU to monitor data such as total sessions, current sessions, and max sessions per node.<rpc> <get-flow-session-information> <summary/> </get-flow-session-information> </rpc> <rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" xmlns:junos="http://xml.juniper.net/junos/10.4D0/junos"> <multi-routing-engine-results> <multi-routing-engine-item> <re-name>node0</re-name> <flow-session-information xmlns="http://xml.juniper.net/ junos/10.4D0/junos-flow"> <flow-fpc-pic-id> on FPC4 PIC0:</flow-fpc-pic-id> </flow-session-information> <flow-session-summary-information xmlns="http:// xml.juniper.net/junos/10.4D0/junos-flow"> <active-unicast-sessions>0</active-unicast-sessions> <active-multicast-sessions>0</active-multicast-sessions> <failed-sessions>0</failed-sessions> <active-sessions>0</active-sessions> <active-session-valid>0</active-session-valid> <active-session-pending>0</active-session-pending> <active-session-invalidated>0</active-session-invalidated> <active-session-other>0</active-session-other> <max-sessions>524288</max-sessions> </flow-session-summary-information> <flow-session-information xmlns="http://xml.juniper.net/ junos/10.4D0/junos-flow"></flow-session-information> <flow-session-information xmlns="http://xml.juniper.net/ junos/10.4D0/junos-flow"> <flow-fpc-pic-id> on FPC4 PIC1:</flow-fpc-pic-id> </flow-session-information> <flow-session-summary-information xmlns="http:// xml.juniper.net/junos/10.4D0/junos-flow"> <active-unicast-sessions>0</active-unicast-sessions> <active-multicast-sessions>0</active-multicast-sessions> <failed-sessions>0</failed-sessions> <active-sessions>0</active-sessions> <active-session-valid>0</active-session-valid> <active-session-pending>0</active-session-pending> <active-session-invalidated>0</active-session-invalidated> <active-session-other>0</active-session-other> <max-sessions>1048576</max-sessions> </flow-session-summary-information> <flow-session-information xmlns="http:// xml.juniper.net/junos/10.4D0/junos-flow"> </flow-session-information> </multi-routing-engine-item> <multi-routing-engine-item> <re-name>node1</re-name> <flow-session-information xmlns="http://xml.juniper.net /junos/10.4D0/junos-flow"> <flow-fpc-pic-id> on FPC4 PIC0:</flow-fpc-pic-id> </flow-session-information> <flow-session-summary-information xmlns="http:// xml.juniper.net/junos/10.4D0/junos-flow"> <active-unicast-sessions>0</active-unicast-sessions> <active-multicast-sessions>0</active-multicast-sessions> <failed-sessions>0</failed-sessions> <active-sessions>0</active-sessions> <active-session-valid>0</active-session-valid> <active-session-pending>0</active-session-pending> <active-session-invalidated>0</active-session-invalidated> <active-session-other>0</active-session-other> <max-sessions>524288</max-sessions> </flow-session-summary-information> <flow-session-information xmlns="http:// xml.juniper.net/junos/10.4D0/junos-flow"> </flow-session-information> <flow-session-information xmlns="http:// xml.juniper.net/junos/10.4D0/junos-flow"> <flow-fpc-pic-id> on FPC4 PIC1:</flow-fpc-pic-id> </flow-session-information> <flow-session-summary-information xmlns="http:// xml.juniper.net/junos/10.4D0/junos-flow"> <active-unicast-sessions>0</active-unicast-sessions> <active-multicast-sessions>0</active-multicast-sessions> <failed-sessions>0</failed-sessions> <active-sessions>0</active-sessions> <active-session-valid>0</active-session-valid> <active-session-pending>0</active-session-pending> <active-session-invalidated>0</active-session-invalidated> <active-session-other>0</active-session-other> <max-sessions>1048576</max-sessions> </flow-session-summary-information> <flow-session-information xmlns="http://xml.juniper. net/junos/10.4D0/junos-flow"></flow-session-information> </multi-routing-engine-item> </multi-routing-engine-results> </rpc-reply>
Use the
get-performance-session-information
RPC to obtain SPU session performance.Use the
get-spu-monitoring-information
RPC to monitor SPU CPU utilization, memory utilization, max flow sessions, and so on.
SNMP MIB Instrumentation for SPU Monitoring
Use the jnxJsSPUMonitoring MIB to monitor the SPU data:
jnxJsSPUMonitoringCurrentTotalSession – Returns the system-level current total sessions.
jnxJsSPUMonitoringMaxTotalSession – Returns the system-level max sessions possible.
jnxJsSPUMonitoringObjectsTable – Returns the SPU utilization statistics per node.
Sample Walk
user@host>
show snmp mib walk
jnxJsSPUMonitoringMIB jnxJsSPUMonitoringFPCIndex.16 = 4 jnxJsSPUMonitoringFPCIndex.17 = 4 jnxJsSPUMonitoringFPCIndex.40 = 4 jnxJsSPUMonitoringFPCIndex.41 = 4 jnxJsSPUMonitoringSPUIndex.16 = 0 jnxJsSPUMonitoringSPUIndex.17 = 1 jnxJsSPUMonitoringSPUIndex.40 = 0 jnxJsSPUMonitoringSPUIndex.41 = 1 jnxJsSPUMonitoringCPUUsage.16 = 0 jnxJsSPUMonitoringCPUUsage.17 = 0 jnxJsSPUMonitoringCPUUsage.40 = 0 jnxJsSPUMonitoringCPUUsage.41 = 0 jnxJsSPUMonitoringMemoryUsage.16 = 70 jnxJsSPUMonitoringMemoryUsage.17 = 73 jnxJsSPUMonitoringMemoryUsage.40 = 70 jnxJsSPUMonitoringMemoryUsage.41 = 73 jnxJsSPUMonitoringCurrentFlowSession.16 = 0 jnxJsSPUMonitoringCurrentFlowSession.17 = 0 jnxJsSPUMonitoringCurrentFlowSession.40 = 0 jnxJsSPUMonitoringCurrentFlowSession.41 = 0 jnxJsSPUMonitoringMaxFlowSession.16 = 524288 jnxJsSPUMonitoringMaxFlowSession.17 = 1048576 jnxJsSPUMonitoringMaxFlowSession.40 = 524288 jnxJsSPUMonitoringMaxFlowSession.41 = 1048576 jnxJsSPUMonitoringCurrentCPSession.16 = 0 jnxJsSPUMonitoringCurrentCPSession.17 = 0 jnxJsSPUMonitoringCurrentCPSession.40 = 0 jnxJsSPUMonitoringCurrentCPSession.41 = 0 jnxJsSPUMonitoringMaxCPSession.16 = 2359296 jnxJsSPUMonitoringMaxCPSession.17 = 0 jnxJsSPUMonitoringMaxCPSession.40 = 2359296 jnxJsSPUMonitoringMaxCPSession.41 = 0 jnxJsSPUMonitoringNodeIndex.16 = 0 jnxJsSPUMonitoringNodeIndex.17 = 0 jnxJsSPUMonitoringNodeIndex.40 = 1 jnxJsSPUMonitoringNodeIndex.41 = 1 jnxJsSPUMonitoringNodeDescr.16 = node0 jnxJsSPUMonitoringNodeDescr.17 = node0 jnxJsSPUMonitoringNodeDescr.40 = node1 jnxJsSPUMonitoringNodeDescr.41 = node1 jnxJsSPUMonitoringCurrentTotalSession.0 = jnxJsSPUMonitoringMaxTotalSession.0 = 1572864Note:Junos OS versions prior to Junos OS Release 9.6 only return local node data for this MIB. To support a chassis cluster, Junos OS Release 9.6 and later support a jnxJsSPUMonitoringNodeIndex index and a jnxJsSPUMonitoringNodeDescr field in the table. Therefore, in chassis cluster mode, Junos OS Release 9.6 and later return SPU monitoring data of both the primary and secondary nodes.
SRX Series branch devices have a virtualized dataplane across the cluster datacores. Therefore, they are reported as one SPU with an index of 0.
The jnxJsSPUMonitoringMaxFlowSession MIB object shows the maximum number of sessions per node.
Security Features
Following is a summary of Junos OS XML remote procedure calls (RPCs) and SNMP MIBs related to security features that are supported on SRX Series devices.
The RPCs and MIBs might not be directly comparable to each other. One might provide more or less information than the other. Use the following information to determine which instrumentation to use.
Feature and Functionality |
Junos OS XML RPC |
SNMP MIB |
---|---|---|
IPsec |
|
JNX-IPSEC-MONITOR-MIB JUNIPER-JS-IPSEC-VPN JUNIPER-IPSEC-FLOW-MONITOR |
NAT |
|
JNX-JS-NAT-MIB |
Screening |
|
JNX-JS-SCREENING-MIB |
Firewall |
|
JUNIPER-FIREWALL-MIB |
Security Policies |
|
JUNIPER-JS-POLICY-MIB |
AAA |
|
JUNIPER-USER-AAA-MIB |
IDP |
|
JUNIPER-JS-IDP-MIB |
Other Statistics and MIBS
There are other MIBs such as the OSPF MIB and IP Forwarding MIB that are supported on SRX Series devices. See the Network Management and Monitoring Guide, MIB Reference for SRX1400, SRX3400, and SRX3600 Services Gateways, and MIB Reference for SRX5600 and SRX5800 Services Gateways for details about other MIBs supported on SRX Series devices.
RMON
Junos OS supports the remote monitoring (RMON) MIB (RFC 2819). RMON can be used to send alerts for MIB variables when upper and lower thresholds are crossed. This can be used for various MIB variables. Some good examples are interface statistics monitoring and Routing Engine CPU monitoring.
The following configuration snippet shows RMON configuration for monitoring a Routing Engine on node 0 of a cluster and for monitoring octets out of interface index 2000:
rmon { alarm 100 { interval 5; variable jnxOperatingCPU.9.1.0.0; sample-type absolute-value; request-type get-request; rising-threshold 90; falling-threshold 80; rising-event-index 100; falling-event-index 100; } event 100 { type log-and-trap; community petblr; } alarm 10 { interval 60; variable ifHCInOctets.2000; sample-type delta-value; request-type get-request; startup-alarm rising-alarm; rising-threshold 100000; falling-threshold 0; rising-event-index 10; falling-event-index 10; } event 10 { type log-and-trap; community test; } }
Chassis Cluster Device Health Monitoring
On Juniper Networks routers, RMON alarms and events provide much of the infrastructure needed to reduce the polling overhead from the network management system (NMS). However, with this approach, you must set up the NMS to configure specific MIB objects into RMON alarms. This often requires device-specific expertise and customization of the monitoring application. In addition, some MIB object instances that need monitoring are set only at initialization or change at runtime and cannot be configured in advance. To address these issues, the health monitor extends the RMON alarm infrastructure to provide predefined monitoring for a selected set of object instances (for file system usage, CPU usage, and memory usage) and includes support for unknown or dynamic object instances (such as Junos OS processes).