show security ipsec tunnel-distribution
Syntax
show security ipsec tunnel-distribution <brief | summary | summary-cpuload> <srg-id number>
Description
Display the number of IPsec VPN tunnels that are anchored in each thread. An IPsec tunnel session is assigned an anchor thread, based on the load during the tunnel session installation. When a new tunnel session is created, the least loaded thread is chosen to anchor the new tunnel. When the tunnel is deleted, the anchor mapping is removed from the control plane.
Tunnel distribution across different Services Processing Unit (SPU) or equivalent is based on the number of tunnels and not on throughput in each tunnel. Tunnels anchored in a SPU are not transferred to a different SPU or equivalent during SPU failure.
The distribution profile shows any assigned IPSec distribution
profile without any distribution profiles assigned to a vpn object.
This tab shows default_profiile, else the associated profile
is displayed.
Options
| none | Display thread information about all active tunnels. |
brief |
(Optional) Display thread information about all active tunnels. (Default) |
fpc |
FPC slot number (0..5). |
pic |
PIC slot number (0..3). |
summary |
(Optional) Display the number of tunnels anchored to each thread. |
summary-cpuload |
(Optional) Displays the load on each FPC and PIC. You can use this option to check the load on each FPC and PIC before or after redistributing the tunnel. See show security ipsec tunnel-distribution summary-cpuload. |
srg-id |
(Optional) Display information related to a specific services redundancy group (SRG) in a Multinode High Availability setup. |
Required Privilege Level
view
Output Fields
Table 1 lists the output fields for the show security ipsec tunnel-distribution command. Output fields are listed in the approximate order in which
they appear.
Field Name |
Field Description |
Level of Output |
|---|---|---|
Tunnel-ID |
VPN tunnel identifier. |
|
Thread-ID |
Thread identifier. |
All levels |
Number of Tunnels |
The number of tunnels anchored to the thread. |
|
CPU:1m |
CPU load average for last 1 minute for FPC or PIC. |
|
CPU:1h |
CPU load average for last 1 hour for FPC or PIC. |
|
CPU:1d |
CPU load average for last 1 day for FPC or PIC. |
|
Sample Output
- show security ipsec tunnel-distribution
- show security ipsec tunnel-distribution summary
- show security ipsec tunnel-distribution fpc 0 pic 0
- show security ipsec tunnel-distribution fpc 0 pic 1
- show security ipsec tunnel-distribution summary fpc 0 pic 0
- show security ipsec tunnel-distribution summary fpc 0 pic 1
- show security ipsec tunnel-distribution summary-cpuload
- show security ipsec tunnel-distribution srg-id
show security ipsec tunnel-distribution
user@host> show security ipsec tunnel-distribution Tunnel-ID FPC PIC Thread-ID ------------------------------------------------------------------ 500006 0 1 4 500012 0 1 8 500009 0 1 6 500002 0 1 1 500005 0 1 3 500001 0 0 15 500008 0 1 5 500010 0 0 18 500004 0 0 16 500003 0 1 2 500011 0 1 7 500007 0 0 17 Tunnel-ID FPC PIC Thread-ID Distribution-profile ------------------------------------------------------------------ 500755 0 1 1 spc-3 500756 2 0 0 spc-2 500758 0 1 1 default_profile
show security ipsec tunnel-distribution summary
user@host> show security ipsec tunnel-distribution summary Number of Tunnels FPC PIC Thread-ID ------------------------------------------------------------------ 1 0 0 15 1 0 0 16 1 0 0 17 1 0 0 18 1 0 1 1 1 0 1 2 1 0 1 3 1 0 1 4 1 0 1 5 1 0 1 6 1 0 1 7 1 0 1 8
show security ipsec tunnel-distribution fpc 0 pic 0
user@host> show security ipsec tunnel-distribution fpc 0 pic 0 Tunnel-ID FPC PIC Thread-ID ------------------------------------------------------------------ 500001 0 0 15 500010 0 0 18 500004 0 0 16 500007 0 0 17
show security ipsec tunnel-distribution fpc 0 pic 1
user@host> show security ipsec tunnel-distribution fpc 0 pic 1 Tunnel-ID FPC PIC Thread-ID ------------------------------------------------------------------ 500006 0 1 4 500012 0 1 8 500009 0 1 6 500002 0 1 1 500005 0 1 3 500008 0 1 5 500003 0 1 2 500011 0 1 7
show security ipsec tunnel-distribution summary fpc 0 pic 0
user@host> show security ipsec tunnel-distribution summary fpc 0 pic 0 Number of Tunnels FPC PIC Thread-ID ------------------------------------------------------------------ 1 0 0 15 1 0 0 16 1 0 0 17 1 0 0 18 0 0 0 19 0 0 0 20 0 0 0 21 0 0 0 22 0 0 0 23 0 0 0 24 0 0 0 25 0 0 0 26 0 0 0 27
show security ipsec tunnel-distribution summary fpc 0 pic 1
user@host> show security ipsec tunnel-distribution summary fpc 0 pic 1 Number of Tunnels FPC PIC Thread-ID ------------------------------------------------------------------ 1 0 1 1 1 0 1 2 1 0 1 3 1 0 1 4 1 0 1 5 1 0 1 6 1 0 1 7 1 0 1 8 0 0 1 9 0 0 1 10 0 0 1 11 0 0 1 12 0 0 1 13 0 0 1 15 0 0 1 16 0 0 1 17 0 0 1 18 0 0 1 19 0 0 1 20 0 0 1 21 0 0 1 22 0 0 1 23 0 0 1 24 0 0 1 25 0 0 1 26 0 0 1 27
show security ipsec tunnel-distribution summary-cpuload
This command displays the same output as show security
ipsec tunnel-distribution summary, but includes load averages
(last 1 minute, 1 hour, and 1 day) of all threads for each FPC and
PIC.
user@host> show security ipsec tunnel-distribution summary-cpuload
node0:
-----------------------------------------------------------------------------------------------------------
Number of Tunnels FPC PIC Thread-ID CPU:1m CPU:1h CPU:1d
-----------------------------------------------------------------------------------------------------------
1 0 0 15 0 0 0
1 0 0 16 0 0 0
show security ipsec tunnel-distribution srg-id
user@host> show security ipsec tunnel-distribution srg-id 1 Tunnel-ID FPC PIC Thread-ID Distribution Profile ------------------------------------------------------------------ 17277221 0 0 1 default-profile
Release Information
Command introduced in Junos OS Release 17.4R1.
summary-cpuload option introduced in Junos OS Release 20.4R1.
srg-id option introduced in Junos OS Release 22.4R1.