5.2.2.1. Notes on using vSRXΒΆ

It has been confirmed that the CPU load of the following functions controlled by the control plane (*1) tends to increase. When using the following functions, we recommend that you perform a design and verification that pays close attention to the control plane CPU usage rate and communication effects.

Functions

Conditions

Points to note

COMMIT

From command execution to processing completion

Please avoid continuous execution.

REST API

From command execution to acknowledge return

Please avoid continuous execution.

SYSLOG

When having written a great deal of traffic logs (several hundreds per second)

When using the [event] mode, suppress the amount of traffic logs to be written. Also, consider logging when in the [stream] mode.

Inter-site IPSec tunnel

Until connection completion when connection requests are simultaneously made by multiple sites

Take the following measures for example: performing operations so as to increase the number of sites gradually; decreasing the number of sites; making IPsec connections through multiple vSRXs.

File forwarding using SCP

File upload/download in progress

Please avoid continuous execution.

Log acquisition by RSI (request support information) command

From command execution to completion

Please avoid continuous execution.

FQDN filtering

When having cleared DNS information possessed by an apparatus in status where more than several hundreds of FQDN filters have been set

Take the following measures, for example: decreasing the number of FQDN rules; not sequentially executing the command which clears the cache of DNS files.

SNMP trap

Status where one or more SNMP traps are transmitted per second

Decrease the number of the target SNMP traps.

SNMP polling

When a large number of values are executed at once by external SNMP polling (snmpwalk command)

Please specify the OID to some extent and execute the snmpwalk command / Please use the snmpget command.