SRX 3600 NPC vs SPC

Is there any possible way to detect which one is getting full under attack ? we could not decide which one do we need to upgrade
FireBallITAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

dpk_walCommented:
NPC and SPC have different functionality.

NPC is for session wing anchoring; SPC is responsible to create session table and do further inspection if configured.

Which version of junos are you running ,after 11.4 junos per NPC supports 6M session wings.

I would say if the traffic is huge, add another SPC which should help.

You can also open a ticket with JTAC to know whether NPC or SPC is getting full.

Thank you.
0
FireBallITAuthor Commented:
I have checked them but depending on other question that you answer we could not decide which one we need to buy.
When we get 300-400k pps srx is locking down with 300-400mbps of traffic.
That should not be an npc issue because session is not getting full
that should not be an spc issue because traffic is not bigger then the limits


so what is the problem ? which one required ?
0
dpk_walCommented:
First thing is you should filter the unwanted traffic at the ISP level.
If the traffic hits SRX and you block it there then it makes no difference as your internet pipe is already choked, also depending on the amount of traffic the SRX might have unexpected behavior too.

I am also looking at the other question and could see one of the logs you posted where a lot of attack traffic was coming from IP 209.x.y.145; even if you put a stateless filter at EX4500 or even at SRX, say something like:

set firewall term1 from source 209.x.y.145 then drop term2 then accept

This would ensure the traffic is not processed by SRX and this might give SRX the breathing space.

Here you can put a filter on IP or subnet as applicable.

As far as the question what is required, as the PPS is killing the box, you would need SPC to process more load.

Thank you.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
FireBallITAuthor Commented:
but our aim is blocking attacks not blocking traffics :)
But thank you for answers
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Hardware Firewalls

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.