Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

Monitoring Chassis Cluster Performance

This topic provides information about the options available for monitoring chassis components such as FPCs, PICs, and Routing Engines for data such as operating state, CPU, and memory.

Note:

The jnx-chassis MIB is not supported for SRX Series branch devices in cluster mode. However, it is supported for standalone SRX Series branch devices. Therefore, we recommend using options other than SNMP for chassis monitoring of SRX Series branch devices.

The instrumentation used for monitoring chassis components is provided in Table 1.

Table 1: Instrumentation for Chassis Component Monitoring

Junos OS XML RPC

SNMP MIB

  • For temperature of sensors, fan speed, and status of each component, use the get-environment-information remote procedure call (RPC).

  • For temperature thresholds for the hardware components for each element, use the get-temperature-threshold-information RPC.

  • For Routing Engine status, CPU, and memory, use the get-route-engine-information RPC. This RPC provides 1, 5, and 15 minute load averages.

  • For FPC status, temperature, CPU, and memory, use the get-fpc-information RPC.

  • Use the get-pic-detail RPC with the fpc-slot and pic-slot RPCs to get the PIC status.

  • Use the jnxOperatingTable MIB table for temperature, fan speed, and so on. The jnxOperatingState MIB should be used to get the status of the component. If the component is a FRU, then use the jnxFruState MIB also. Use the jnxOperatingTemp MIB for the temperature of sensors. Use the jnxFruState MIB to get the FRU status such as offline, online, empty, and so on.

  • Note the following about the objects available for monitoring in the jnxOperatingTable MIB table:

    • No MIB is available for temperature thresholds.

    • For the Routing Engine, use the jnxOperatingCPU, jnxOperatingTemp, jnxOperatingMemory, jnxOperatingISR, and jnxOperatingBuffer MIB objects under container Index 9.

    • Look at the jnxRedundancyTable for redundancy status monitoring. This only gives data for the last 5 seconds.

    • For the FPCs, look at the objects in the jnxOperatingTable and jnxFruTable MIB tables on container Index 7 for temperature, CPU, and memory utilization.

    • For the PICs (including SPU/SPC cards flows), look at the objects in the jnxOperatingTable and jnxFruTable MIB tables under container Index 8 in the following sample output for temperature, CPU, and memory utilization.

user@host> show snmp mib walk

jnxOperatingDescr.8
jnxOperatingDescr.8.5.1.0 = node0 PIC: SPU Cp-Flow @ 4/0/*
jnxOperatingDescr.8.5.2.0 = node0 PIC: SPU Flow @ 4/1/*
jnxOperatingDescr.8.6.1.0 = node0 PIC: 4x 10GE XFP @ 5/0/*
jnxOperatingDescr.8.6.2.0 = node0 PIC: 16x 1GE TX @ 5/1/*
jnxOperatingDescr.8.11.1.0 = node1 PIC: SPU Cp-Flow @ 4/0/*
jnxOperatingDescr.8.11.2.0 = node1 PIC: SPU Flow @ 4/1/*
jnxOperatingDescr.8.12.1.0 = node1 PIC: 4x 10GE XFP @ 5/0/*
jnxOperatingDescr.8.12.2.0 = node1 PIC: 16x 1GE TX @ 5/1/*

Accounting Profiles

  • Use a Routing Engine accounting profile to get the primary Routing Engine statistics in comma separated value (CSV) format. Configure the routing-engine-profile under the [edit accounting-options] hierarchy level. The collection interval fields and filename can be configured per your requirements. We recommend transferring the file directly to a management system using the Junos OS transfer options provided under the [edit accounting-options] hierarchy level. Note that only the primary node primary Routing Engine statistics are available.

    The Routing Engine accounting profile is stored in the /var/log directory by default. The following is a sample of an accounting profile:

    #FILE CREATED 1246267286 2010-4-29-09:21:26
#hostname SRX3400-1
#profile-layout reprf,epoch-timestamp,hostname,date-yyyymmdd,timeofday-hhmmss,uptime,cpu1min,
cpu5min,cpu15min,memory-usage,total-cpu-usage
reprf,1246267691,SRX3400-1,20090629,092811,3044505,0.033203,0.030762,0.000488,523,6.10
reprf,1246268591,SRX3400-1,20090629,094311,3045405,0.000000,0.014160,0.000000,523,5.00

  • Use a MIB accounting profile for any other MIBs listed in the SNMP MIB column to get results in a CSV format. You can select the MIB objects, collection interval, and so on.

Monitoring Chassis Cluster Performance

The information in Table 2 describes how to measure and monitor the cluster health, including the control plane and data plane statistics.

Table 2: Instrumentation for Chassis Cluster Monitoring

Junos OS XML RPC

SNMP MIB

  • Use the get-chassis-cluster-statistics remote procedure call (RPC) to get the cluster statistics, including the control plane, fabric, and dataplane statistics.

  • If you want to monitor dataplane and control plane statistics separately, you can use the get-chassis-cluster-control-plane-statistics and get-chassis-cluster-data-plane-statistics RPCs, respectively.

Not available. The utility MIB can be used to provide this data using Junos OS operation scripts. For more information about operation scripts.

Redundant Group Monitoring

Ensure that the redundancy groups are discovered prior to monitoring the group status. Table 3 lists the methods used to obtain redundancy group monitoring information.

Table 3: Instrumentation for Redundancy Group Monitoring

Junos OS XML RPC

SNMP MIB

Use the get-chassis-cluster-status remote procedure call (RPC) to get chassis cluster information as shown.

RPC: <get-chassis-cluster-status>

<rpc>
				<get-chassis-cluster-status>
								<redundancy-group>1</redundancy-group>
				</get-chassis-cluster-status>
</rpc>

Not available. The utility MIB can be used to provide this data using Junos OS operation scripts. For more information about operation scripts.

Interface Statistics

You can use the methods listed in Table 4 to get interface statistics including the reth and fabric interfaces. Note that you can poll the reth interface statistics and then use the information to determine the redundancy group status because the non-active reth link shows 0 output packets per second (output-pps).

Table 4: Instrumentation for Interface Monitoring

Junos OS XML RPC

SNMP MIB

  • Use the get-interface-information remote procedure call (RPC) with the extensive tag to get information such as interface statistics, COS statistics, and traffic statistics. This works for all interfaces including reth interfaces and fabric interfaces on the primary node and the secondary node, except the fxp0 interface on the secondary node.

  • Use the relationship between reth and underlying interfaces to determine the statistics between the physical interfaces.

  • The fxp0 interface on the secondary node can be directly queried using the IP address of the fxp0 interface on the secondary node.

  • Use the following MIB tables for interface statistics:

    • ifTable – Standard MIB II interface stats

    • ifXTable – Standard MIB II high-capacity interface stats

    • JUNIPER-IF-MIB – A list of Juniper extensions to the interface entries

    • JUNIPER-JS-IF-EXT-MIB – Used to monitor the entries in the interfaces pertaining to the security management of the interface

  • For secondary node fxp0 interface details, directly query the secondary node (optional).

Accounting Profiles

  • Use Interface accounting profiles for interface statistics in CSV format collected at regular intervals.

  • Use MIB accounting profiles for any MIBs collected at regular intervals with output in CSV format.

  • Use Class usage profiles for source class and destination class usage.

Services Processing Unit Monitoring

The SRX3000 line and SRX5000 line have one or more Services Processing Units (SPUs) that run on a Services Processing Card (SPC). All flow-based services run on the SPU. SPU monitoring tracks the health of the SPUs and of the central point. The central point (CP) in the architecture has two basic flow functionalities: load balancing and traffic identification (global session matching). The central point forwards a packet to its SPU upon session matching, or distributes traffic to an SPU for security processing if the packet does not match any existing session. The chassis manager on each SPC monitors the SPUs and the central point, and also maintains the heartbeat with the Routing Engine chassisd. In this hierarchical monitoring system, the chassis process (chassisd) is the center for hardware failure detection. SPU monitoring is enabled by default.

Use the methods listed in Junos OS XML RPC Instrumentation for SPU Monitoring and SNMP MIB Instrumentation for SPU Monitoring to get the SPU to monitor data.

Note:

We recommend that the management systems set an alarm when SPU CPU utilization goes above 85 percent as this adds latency to the processing. Packets are dropped if the CPU utilization exceeds 95 percent.

Junos OS XML RPC Instrumentation for SPU Monitoring

  • Use the get-flow-session-information remote procedure call (RPC) to get the SPU to monitor data such as total sessions, current sessions, and max sessions per node.

  • Use the get-performance-session-information RPC to obtain SPU session performance.

  • Use the get-spu-monitoring-information RPC to monitor SPU CPU utilization, memory utilization, max flow sessions, and so on.

SNMP MIB Instrumentation for SPU Monitoring

  • Use the jnxJsSPUMonitoring MIB to monitor the SPU data:

    • jnxJsSPUMonitoringCurrentTotalSession – Returns the system-level current total sessions.

    • jnxJsSPUMonitoringMaxTotalSession – Returns the system-level max sessions possible.

    • jnxJsSPUMonitoringObjectsTable – Returns the SPU utilization statistics per node.

    Sample Walk

    Note:

    • Junos OS versions prior to Junos OS Release 9.6 only return local node data for this MIB. To support a chassis cluster, Junos OS Release 9.6 and later support a jnxJsSPUMonitoringNodeIndex index and a jnxJsSPUMonitoringNodeDescr field in the table. Therefore, in chassis cluster mode, Junos OS Release 9.6 and later return SPU monitoring data of both the primary and secondary nodes.

    • SRX Series branch devices have a virtualized dataplane across the cluster datacores. Therefore, they are reported as one SPU with an index of 0.

    The jnxJsSPUMonitoringMaxFlowSession MIB object shows the maximum number of sessions per node.

Security Features

Following is a summary of Junos OS XML remote procedure calls (RPCs) and SNMP MIBs related to security features that are supported on SRX Series devices.

The RPCs and MIBs might not be directly comparable to each other. One might provide more or less information than the other. Use the following information to determine which instrumentation to use.

Table 5: Instrumentation for Security Monitoring

Feature and Functionality

Junos OS XML RPC

SNMP MIB

IPsec

<get-ipsec-tunnel-redundancy-information>

<get-services-ipsec-statistics-information>

<get-ike-security-associations>

JNX-IPSEC-MONITOR-MIB

JUNIPER-JS-IPSEC-VPN

JUNIPER-IPSEC-FLOW-MONITOR

NAT

<get-service-nat-mapping-information>

<get-service-nat-pool-information>

JNX-JS-NAT-MIB

Screening

<get-ids-statistics>

JNX-JS-SCREENING-MIB

Firewall

<get-firewall-counter-information>

<get-firewall-filter-information>

<get-firewall-information>

<get-firewall-log-information>

<get-firewall-prefix-action-information>

<get-flow-table-statistics-information>

JUNIPER-FIREWALL-MIB

Security Policies

<get-firewall-policies>

JUNIPER-JS-POLICY-MIB

AAA

<get-aaa-module-statistics>

<get-aaa-subscriber-statistics>

<get-aaa-subscriber-table>

JUNIPER-USER-AAA-MIB

IDP

<get-idp-addos-application-information>

<get-idp-application-system-cache>

<get-idp-counter-information>

<get-idp-detail-status-information>

<get-idp-memory-information>

<get-idp-policy-template-information>

<get-idp-predefined-attack-filters>

<get-idp-predefined-attack-groups>

<get-idp-predefined-attacks>

<get-idp-recent-security-package-information>

<get-idp-security-package-information>

<get-idp-ssl-key-information>

<get-idp-ssl-session-cache-information>

<get-idp-status-information>

<get-idp-subscriber-policy-list>

JUNIPER-JS-IDP-MIB

Other Statistics and MIBS

There are other MIBs such as the OSPF MIB and IP Forwarding MIB that are supported on SRX Series devices. See the Network Management and Monitoring Guide, MIB Reference for SRX1400, SRX3400, and SRX3600 Services Gateways, and MIB Reference for SRX5600 and SRX5800 Services Gateways for details about other MIBs supported on SRX Series devices.

RMON

Junos OS supports the remote monitoring (RMON) MIB (RFC 2819). RMON can be used to send alerts for MIB variables when upper and lower thresholds are crossed. This can be used for various MIB variables. Some good examples are interface statistics monitoring and Routing Engine CPU monitoring.

The following configuration snippet shows RMON configuration for monitoring a Routing Engine on node 0 of a cluster and for monitoring octets out of interface index 2000:

Chassis Cluster Device Health Monitoring

On Juniper Networks routers, RMON alarms and events provide much of the infrastructure needed to reduce the polling overhead from the network management system (NMS). However, with this approach, you must set up the NMS to configure specific MIB objects into RMON alarms. This often requires device-specific expertise and customization of the monitoring application. In addition, some MIB object instances that need monitoring are set only at initialization or change at runtime and cannot be configured in advance. To address these issues, the health monitor extends the RMON alarm infrastructure to provide predefined monitoring for a selected set of object instances (for file system usage, CPU usage, and memory usage) and includes support for unknown or dynamic object instances (such as Junos OS processes).

Related Documentation