Author Topic: SRX100 system too slow AND ipsec VPN with errrors.  (Read 162 times)

monchito

  • Newbie
  • *
  • Posts: 1
  • Karma: +0/-0
    • View Profile
SRX100 system too slow AND ipsec VPN with errrors.
« on: April 04, 2017, 04:46:53 pm »

  Hi all, this srx100 get too slow, it see it in ssh connection and doing ping to internet.

The user complian when have to connect to vpn, i thinks that is fail because of the slow system.

VPN logs (kmd-logs)
Code: [Select]
64.64.226]
Apr  4 17:39:24  srx100 kmd[2207]: IKE Phase-1 Failure: ISAKMP negotiation retry limit reached [spi=^L^FM-^HW�*v�6�^OOfM-^QcM-^_, src_ip=<none>, dst_ip=x.x.x.x]
Apr  4 17:39:24  srx100 kmd[2207]: IKE Phase-2 Failure: IKE Phase-2 negotiation retry limit reached [spi=fcad3ff9, src_ip=y.y.y.y, dst_ip=x.x.x.x]
Apr  4 17:39:24  srx100 kmd[2207]: IKE Phase-2: Negotiations failed. Local gateway: x.x.x.x, Remote gateway: x.x.x.x

Code: [Select]
root@srx100% df -h[/b]
Filesystem      Size    Used   Avail Capacity  Mounted on
/dev/da0s2a     293M    138M    132M    51%    /
devfs           1.0K    1.0K      0B   100%    /dev
/dev/md0        368M    368M      0B   100%    /junos
/cf             293M    138M    132M    51%    /junos/cf
devfs           1.0K    1.0K      0B   100%    /junos/dev/
procfs          4.0K    4.0K      0B   100%    /proc
/dev/bo0s3e      24M     46K     22M     0%    /config
/dev/bo0s3f     342M     10M    305M     3%    /cf/var
/dev/md1         84M     15M     62M    20%    /mfs
/cf/var/jail    342M     10M    305M     3%    /jail/var
/cf/var/log     342M     10M    305M     3%    /jail/var/log
devfs           1.0K    1.0K      0B   100%    /jail/dev
/dev/md2        1.8M    116K    1.6M     7%    /jail/mfs

i see flowd_octeon too high
Code: [Select]
  PID USERNAME  THR PRI NICE   SIZE    RES STATE  C   TIME   WCPU COMMAND
 1265 root        4  76    0   199M 37108K select 0 276:57 118.75% flowd_octeon
 1251 root        1 139    0  3288K  2052K RUN    0 144:52 57.86% ntpd
 1002 root        1  76    0 12608K  4376K select 0   0:57  0.00% eventd
 1289 root        1  76    0 12296K  5396K select 0   0:53  0.00% license-check
 1301 nobody      6  81    0 28056K 15112K ucondt 0   0:48  0.00% httpd
 1254 root        1  76    0 27784K  9456K select 0   0:40  0.00% mib2d
 1256 root        1  76    0 20212K  7812K select 0   0:37  0.00% l2ald
 1275 root        1  76    0 15532K  3084K select 0   0:27  0.00% shm-rtsdbd

show chassis routing-engine
Code: [Select]
Routing Engine status:
    Temperature                 52 degrees C / 125 degrees F
    Total memory               512 MB Max   415 MB used ( 81 percent)
      Control plane memory     336 MB Max   316 MB used ( 94 percent)
      Data plane memory        176 MB Max   100 MB used ( 57 percent)
    CPU utilization:
      User                      23 percent
      Background                 0 percent
      Kernel                    76 percent
      Interrupt                  1 percent
      Idle                       0 percent
    Model                          RE-SRX100B
    Serial ID                      AT0610AF0162
    Start time                     2017-04-04 14:48:46 ART
    Uptime                         3 hours, 52 minutes, 1 second
    Last reboot reason             0x1:power cycle/failure
    Load averages:                 1 minute   5 minute  15 minute
                                       2.18       2.11       2.04


What you think? there is a resource problem? How can i solved it?
Thanks!
Monchito


joshua.tres

  • Newbie
  • *
  • Posts: 6
  • Karma: +0/-0
    • View Profile
Re: SRX100 system too slow AND ipsec VPN with errrors.
« Reply #1 on: April 15, 2017, 03:49:03 pm »
What kind of phase 2 encryption are you using?
Did you check the tcp-mss settings?
 https://kb.juniper.net/InfoCenter/index?page=content&id=KB30688&pmv=print&actp=LIST

BR Josh