SRX: How to check the session ager status?

Session ager is a mechanism on SRX devices that takes care of continuous session age-out and cleanup process. This is done by running a timer on each SPU that uses ticks as a unit of time (provided by hardware).

The goal of this article is to describe a way to check if the session ager tick counter is increasing on each SPU.

In certain troubleshooting scenarios, where you suspect that sessions are not being cleaned up properly from the session table, one of the clues to check is if the session ager tick counter is increasing.

If the ager tick counter is not increasing on an SPU, it will cause sessions to pile up and never be removed from the session table, eventually filling it up and causing new sessions to fail to be established.

Perform the following steps:

1. Confirm you are running a JTAC Recommended Junos Software Version. If you still see the issue with sessions, proceed with following steps to confirm if ager tick counter is increasing as it should.

2. Login to the primary node of the HE SRX cluster that you wish to check, and save the request support information (RSI) output in the /var/tmp directory:

3. Start the Unix shell:

4. Run the following command to get the values of the tick counter on all SPUs:

5. The output should look like this on an SRX 5000 device with one SPC:

Interpretation of the data:
– Each line that starts with “===” will show the exact SPU position in the system. For example node0.fpc2.pic0 is the first SPU of the SPC in slot 2 on node0.

– Note that numbering starts from 0, not from 1.

– The line that follows contains the tick counter value at the moment when the data was captured.

– With a Chassis Cluster, as you have two nodes in the cluster, the data will be captured two times in one RSI file, at different times. This is what allows you to see if the tick counter is increasing by comparing the values in the first and second instance,

– In the example above, the tick counter for node0.fpc2.pic0 increased from 4485 to 4515, showing that it works properly. The counter for node1.fpc4.pic0 remained at the same value of 63745 which indicates an issue with the ager tick counter.

About the author

Prasanna

Leave a Comment