Juniper Networks



SNMP MONITORING GUIDE

APPLICABLE TO: SRX Platforms

SUMMARY:

This document describes guidelines on monitoring SRX Devices for health and stability via SNMP.

PROCEDURE:

Download Junos Enterprise MIBS from Junos Download site by selecting a Junos product and Junos version. Select the Software Tab and under Application & Tools you will locate the Enterprise Mibs. (Note the Junos MIB file is applicable to all Junos products and contains a TGZ of both Standard as well as Junos Enterprise MIBs)



1. The specific MIBS used by the below OIDs are: mib-jnx-chassis, mib-jnx-js-spu-monitoring, mib-jnx-js-nat, and mib-jnx-jsrpd.

2. Install MIBS to monitoring device

3. Setup Junos for SNMP Queries





NOTES:

Safe and critical values are essentially guides to assist in establishing some monitoring. Adjustments may be necessary depending on configurations to be done on the devices but most of the values are known best practice values and recommendations.

COMMON OBJECTS FOR SNMP MONITORING:

Below are objects that can be used for monitoring the health of an SRX device and capacity.

NOTE: A full list of objects that can be monitored for SRX devices is available at the following locations:

SRX Branch MIB Reference



SRX 1400 & SRX-3X00 MIB Reference



SRX 5X00 MIB Reference

http:/techpubs/en_US/junos11.4/information-products/topic-collections/srx5600-srx5800-snmp-mib-reference/index.html

JUNIPER MIB:

|COMPONENT |OID |DESCRIPTION |TRAP |POLL |MORE INFORMATION |

|SESSIONS |1.3.6.1.4.1.2636.3.39.1.12.1.1.1.9 |SRX-HE | |Y |Maximum Device Session |

| |(jnxJsSPUMonitoringMaxCPSession) |Maximum CP Session | | |capacity (Dependent upon # of|

| | |availability | | |SPCs installed in system) |

| | | | | | |

| | |CLI: | | | |

| | |show security flow | | | |

| | |cp-session summary | | | |

| |1.3.6.1.4.1.2636.3.39.1.12.1.1.1.8 |SRX-HE | |Y |Current CP Session usage. |

| |(jnxJsSPUMonitoringCurrentCPSession) |Current CP Session Count | | |< 80% of Max CP sessions |

| | | | | |80-90% of Max may be |

| | |CLI: | | |considered normal depending |

| | |show security flow | | |upon network traffic but |

| | |cp-session summary | | |requires investigation if |

| | | | | |increase is sudden |

| | | | | |>90% Reaching Device limits |

| | | | | | |

| | | | | |ACTION: |

| | | | | |Review traffic patterns |

| | | | | |Review sessions numbers on |

| | | | | |PFE |

| | | | | |Review SRX Device type for |

| | | | | |capacity needs |

| |1.3.6.1.4.1.2636.3.39.1.12.1.1.1.7 |SRX HE & Branch | |Y |SRX-HE has multiple SPU |

| |(jnxJsSPUMonitoringMaxFlowSession) |Maximum session | | |forwarding engines |

| | |availability per PFE | | |SRX-Branch has 1 PFE with |

| | | | | |maximum device capability |

| | |CLI: | | |based this value |

| | |show security flow | | | |

| | |session summary | | | |

| |1.3.6.1.4.1.2636.3.39.1.12.1.1.1.6 |SRX HE & Branch | |Y |< 80% of Max PFE Sessions |

| |(jnxJsSPUMonitoringCurrentFlowSession) | | | |Normal |

| | |Current PFE Session Count| | |80% -90 of Max PFE Sessions |

| | | | | |may be considered normal |

| | |CLI: | | |depending upon network |

| | |show security flow | | |traffic but requires |

| | |session summary | | |investigation if increase is |

| | | | | |sudden |

| | | | | |>90% Reaching Device limits |

| | | | | |ACTION: |

| | | | | |Review traffic patterns |

| | | | | |Look for sessions with high |

| | | | | |inactivity timeouts |

| | | | | |Review Device type |

| | | | | |For SRX HE- Review SPC needs |

|CPU USAGE |1.3.6.1.4.1.2636.3.1.13.1.8 |SRX HE & Branch | |Y |95% Device responsiveness |

| | |show chassis | | |for self traffic is likely to|

| | |routing-engine | | |be impacted |

| | | | | |ACTION: |

| | | | | |Disable traceoptions |

| | | | | |Clean up storage, |

| | | | | |Verify system processes |

| |1.3.6.1.4.1.2636.3.39.1.12.1.1.1.4 |SRX HE & Branch | |Y |< 80% No Action |

| |(jnxJsSPUMonitoringCPUUsage) | | | |85-95% Active Investigation |

| | |CPU Usage of Packet | | |recommended if increase is |

| | |Forwarding Engine | | |sudden or sustained on upper |

| | | | | |range |

| | |CLI: | | |>95% Device responsiveness |

| | |show security monitoring | | |for transit traffic is likely|

| | |fpc X | | |to be impacted including |

| | | | | |session buildup |

| | | | | |ACTION: |

| | | | | |Review Traffic pattern |

| | | | | |Review PPS |

| | | | | |Review Session counts |

|MEMORY |1.3.6.1.4.1.2636.3.1.13.1.11 |SRX-HE | |Y | < 80% No Action |

| |(jnxOperatingBuffer) |Used memory % for Routing| | |80-95% Memory usage high and |

| | |Engine | | |may impact system updates |

| | | | | |such as IDP route table |

| | |CLI: | | |additions |

| | |show chassis | | |>95% Device will begin active|

| | |routing-engine | | |memory clean up attempts |

| | | | | |ACTION: |

| | | | | |Verify routing table size |

| | | | | |Verify System Processes in |

| | | | | |use |

| | | | | |Review system logs |

| |1.3.6.1.4.1.2636.3.1.13.1.11 |SRX-Branch | |Y |Output is Total Device Memory|

| |(jnxOperatingBuffer) |Used memory % for Routing| | |usage including PFE Usage. |

| | |Engine | | |To Calculate RE Usage |

| | | | | |For 1GB Systems |

| | |CLI: | | |RE Usage=(( |

| | |show chassis | | |jnxOperatingBuffer*1024)-( |

| | |routing-engine | | |jnxJsSPUMonitoringMemoryUsage|

| | | | | |*464))/560 |

| | | | | |For 2GB Systems |

| | | | | |RE Usage=(( |

| | | | | |jnxOperatingBuffer*2048)-( |

| | | | | |jnxJsSPUMonitoringMemoryUsage|

| | | | | |*944))/1104 |

| | | | | | |

| | | | | |< 80% No Action |

| | | | | |80-95% Memory usage high and |

| | | | | |may impact system updates |

| | | | | |such as IDP route table |

| | | | | |additions |

| | | | | |>95% Device will begin active|

| | | | | |memory clean up attempts |

| | | | | |ACTION: |

| | | | | |Verify routing table size |

| | | | | |Verify System Processes in |

| | | | | |use |

| | | | | |Review system logs |

| |1.3.6.1.4.1.2636.3.39.1.12.1.1.1.5 |SRX HE & Branch | |Y |< 80% No Action |

| |(jnxJsSPUMonitoringMemoryUsage) | | | |80-95% Investigation and |

| | |Packet Forwarding Memory | | |monitoring needed as may |

| | |Usage | | |indicate memory leak if usage|

| | | | | |is constant |

| | |CLI: | | |>95% Transit traffic may be |

| | | | | |impacted due to inability for|

| | |show security monitoring | | |forwarding operations |

| | |fpc X | | |ACTION: |

| | | | | |Review system logs |

| | | | | |Verify configuration for |

| | | | | |unused features that be |

| | | | | |removed |

| | | | | |Disable non needed ALGs |

|NAT-SOURCE | 1.3.6.1.4.1.2636.3.39.1.7.1.0 |SRX HE & Branch |Y | |Recommendation to set trap |

| |(jnxJsNatAddrPoolThresholdStatus) |Configurable trap for | | |for rising threshold of 80%. |

| | |Source NAT when using | | |ACTION”: |

| | |pools without PAT. | | |Verify traffic patterns |

| | |(setup using | | |Check for sessions with high |

| | |“pool-utilization-alarm” | | |timeout values |

| | |) | | |Increase NAT IPs |

| | | | | |Implement Active/Passive PFE |

| | | | | |(for Chassis Clusters) |

| | | | | |Implement overflow-pool usage|

| | 1.3.6.1.4.1.2636.3.39.1.7.1.1.3.1.2 |SRX HE & Branch | |Y |Amount of available pools |

| |(jnxJsNatIfSrcPoolTotalSinglePorts) |Maximum Ports per | | |dependent upon device type |

| | |Overload Pool when using | | | |

| | |Interface Nat translation| | | |

| | | | | | |

| | |CLI: | | | |

| | |show security nat | | | |

| | |interface-nat-ports | | | |

| |1.3.6.1.4.1.2636.3.39.1.7.1.1.3.1.3 |SRX HE & Branch | |Y |80% of ports in use |

| | |Overload Pool in use when| | |Monitor if usage is always in|

| | |using Interface Nat | | |this range, active |

| | |translation | | |investigation needed if |

| | |CLI: | | |sudden spike |

| | |show security nat | | |100% of ports in use |

| | |interface-nat-ports | | |Session creation failure will|

| | | | | |be seen |

| | | | | |ACTION: |

| | | | | |Verify Traffic Pattern |

| | | | | |Check for sessions with high |

| | | | | |timeout values |

| | | | | |Implement Active/Passive PFE |

| | | | | |(for Chassis Clusters) |

| | | | | |Move to Source Nat with Pool |

| | | | | |Usage including Overflow Pool|

| | | | | |usage |

| | 1.3.6.1.4.1.2636.3.39.1.7.1.1.4.1.1 |SRX HE & Branch | |Y |Used to match Pool usage to |

| |(jnxJsNatSrcPoolName) |Source Nat Pool Name. | | |Source Pool Name |

| | |CLI: | | | |

| | |show security nat pool | | | |

| | |all | | | |

| |1.3.6.1.4.1.2636.3.39.1.7.1.1.4.1.5 |SRX HE & Branch | |Y |80% of ports in use |

| | |Source-Nat Pool with PAT | | |Monitor if usage is always in|

| | | | | |this range, active |

| | |CLI: | | |investigation needed if |

| | |show security nat pool | | |sudden spike |

| | |all | | |100% of ports in use |

| | | | | |Session creation failure will|

| | | | | |be seen |

| | | | | |ACTION: |

| | | | | |Verify Traffic Pattern |

| | | | | |Check for sessions with high |

| | | | | |timeout values |

| | | | | |Implement Active/Passive PFE |

| | | | | |(for Chassis Clusters) |

| | | | | |Increase IPs in pool |

| | | | | |Implement source pool |

| | | | | |port-overloading-factor |

| | | | | |Implement Pool Overflow |

|TEMPERATURE |1.3.6.1.4.1.2636.4.1.3 |SRX HE & Branch |Y | |ACTION: |

| |(jnxOverTemperature) |Trap raised when a device| | |Review ambient temperature |

| | |is reading high | | |Verify fan status |

| | |temperatures | | |Verify if all components |

| | |CLI: | | |reporting high temperatures |

| | |show chassis environment | | | |

| |1.3.6.1.4.1.2636.4.2.3 |SRX HE & Branch |Y | |ACTION: |

| |(jnxTemperatureOK) |Recovery of Temperature | | |Monitor for repeat occurrence|

| | |CLI: | | |of high temperature reporting|

| | |show chassis environment | | | |

| |1.3.6.1.4.1.2636.3.1.13.1.7 |SRX HE & Branch | |Y |Spikes in temperature are |

| |(jnxOperatingTemp) | | | |expected as device will vary |

| | |Temperature of device and| | |fan speeds based on |

| | |modules | | |temperature and length of |

| | | | | |temperature |

| | |CLI: | | |There are many temperature |

| | |show chassis environment | | |thresholds values depending |

| | | | | |upon device and module |

| | | | | |Important items to watch for |

| | | | | |are: |

| | | | | |SRX5k- RE, FPC (SPC/IOC) |

| | | | | |SRX3k – CB, SFB( FPC0), |

| | | | | |NPC/IOC/SPC (FPC 1-7(12)) |

| | | | | |SRX1k- CB, SYSIO |

| | | | | |SRXBranch-RE |

| | | | | | |

| | | | | |Use cli '>show chassis |

| | | | | |temperature-thresholds' to |

| | | | | |view thresholds for |

| | | | | |recommended thresholds |

| | | | | | |

| | | | | |ACTION: |

| | | | | |Check status of Fans |

| | | | | |Check ambient temperature and|

| | | | | |device spacing requirements |

| | | | | |For SRX3k - Re-arrange card |

| | | | | |placement (Avoid SPC next to |

| | | | | |SPC in left to right fashion |

| | | | | |, or place SPC next to fan |

| | | | | |input edge if possible) |

|POWER SUPPLY |1.3.6.1.4.1.2636.4.1.1 |SRX-HE and SRX-650-550 |Y | |Investigation is needed. |

| |(jnxPowerSupplyFailure) | | | |ACTION: |

| | |The status of a power | | |Verify power input |

| | |supply has changed | | |Re-seat power supply, RMA may|

| | |CLI: | | |be needed |

| | |show chassis environment | | | |

| | |pem | | | |

|FAN |1.3.6.1.4.1.2636.4.1.2 |SRX HE & Branch |Y | |Investigation is needed |

| |(jnxFanFailure) |The status of the fans | | | |

| | |has changed | | |ACTION: |

| | |CLI: | | |Re-seat fan tray |

| | |show chassis fan | | |Verify if trap is |

| | | | | |intermittent, RMA may be |

| | | | | |needed |

|CHASSIS CLUSTER FAILOVER | 1.3.6.1.4.1.2636.3.39.1.14.1 |SRX HE & Branch | |Y |ACTION: |

| |(jnxJsChassisClusterMIB) |Indicates chassis cluster| | |Investigation of JSRPD and |

| | |RG group has failed over | | |Messages log files |

| | | | | | |

| | |CLI: | | | |

| | |show chassis cluster | | | |

| | |status | | | |

SYSTEM LOGGING

Monitoring system log events augments the polling and trapping values obtained from the available OIDs supported in the system. Recommendation for system level logging is to maintain system log messages to Any Facility and Severity at a minimum of Critical. If possible we recommend external syslog server with Any Facility and Any Severity setting.

root@SRX# show system syslog

file messages {

any critical;

authorization info;

}

host 192.168.1.10 {

any any;

}

NOTES:

1) When opening up Juniper SRX technical cases it is recommended to collect the following information from the SRX.

a. Request Support Information

request support information | save /var/tmp/rsi.txt

b. System Logs

>start shell

% su (enter in root password)

% tar -cvzf /root/log.tgz /var/log/*

%exit

A log.tgz file will be created in the /cf/root/ folder that you can upload to the support case.

2) Some MIBs require Lsys Name when being polled in Junos 11.2 and higher versions and will not show output on CLI outputs while using >show snmp mib walk Refer to KB23155 (Recommendation is to use default@ for community entry on MIB Manager unless polling for specific Lsys outputs.

-----------------------

© Juniper Networks, Inc. 2

© Juniper Networks, Inc. 1

................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download