Flow-Based Performance
This topics explains about the performance of the session capacity. Expanding the session capacity and reverting back to the default session capacity.
Expanding Session Capacity by Device
To take advantage of the processing potential of a fully loaded SRX5600, SRX5800 device, or vSRX Virtual Firewall, you can expand the maximum number of concurrent sessions for these devices.
Table 1 shows the maximum number of concurrent sessions allowed on these devices by default and with expanded capacity. Platform support depends on the Junos OS release in your installation.
SRX Series Devices |
Maximum Concurrent Sessions on a Fully Loaded System |
|
|---|---|---|
Default |
With Expanded Capacity |
|
SRX3400 |
2.25 million |
3 million |
SRX3600 |
2.25 million |
6 million |
SRX5400 |
42 million |
Expansion not available |
SRX5600 |
114 million |
Expansion not available |
SRX5800 |
258 million |
Expansion not available |
|
SPC2 |
6 million |
Expansion not available |
|
SPC3 |
25 million |
Expansion not available |
The method used for expanding session capacity depends on the device:
Central point session license installation and validation on an SRX3400 or SRX3600 device
CLI optimization option on an SRX5800 device
- Expanding Session Capacity on an SRX3400 or SRX3600 Device
- Reverting to Default Session Capacity on an SRX5800 Device
Expanding Session Capacity on an SRX3400 or SRX3600 Device
Expanding session capacity on an SRX3400 or SRX3600 device requires validation of a central point session license on the device.
Obtain the central point session license key and install the license on the device..
Reboot the device to implement the expanded session capacity.
Reverting to Default Session Capacity on an SRX5800 Device
Reverting to the default session capacity on an SRX5800 device requires a CLI configuration change.
Enter the following command at the CLI configuration prompt to reestablish the default session capacity value:
user@host# set security gprs gtp enable
Commit the configuration.
user@host# commit
Reboot the device to implement the new value.
Verifying the Current Session Capacity
Purpose
The central point session summary includes the maximum sessions setting for the device. From this value you can determine if the session capacity has been modified as you expected.
Action
To verify the current setting of the central point session capacity, enter the following CLI command.
user@host> show security flow cp-session summary
DCP Flow Sessions on FPC10 PIC0: Valid sessions: 0 Pending sessions: 0 Invalidated sessions: 0 Sessions in other states: 0 Total sessions: 0 DCP Flow Sessions on FPC10 PIC1: Valid sessions: 2 Pending sessions: 0 Invalidated sessions: 0 Sessions in other states: 0 Total sessions: 2 Maximum sessions: 7549747 Maximum inet6 sessions: 7549747 DCP Flow Sessions on FPC10 PIC2: Valid sessions: 2 Pending sessions: 0 Invalidated sessions: 0 Sessions in other states: 0 Total sessions: 2 Maximum sessions: 7549747 Maximum inet6 sessions: 7549747 DCP Flow Sessions on FPC10 PIC3: Valid sessions: 1 Pending sessions: 0 Invalidated sessions: 0 Sessions in other states: 0 Total sessions: 1 Maximum sessions: 7549747 Maximum inet6 sessions: 7549747
Meaning
The Maximum sessions value reflects the
current session capacity on your device. A value of 14000000 means
that the SRX5800 device is configured for the expanded number of central
point sessions.