What is normal CPU utilization for NS-204?

  • Hello,

    We have a NS-204 appliance, now using it to NAT ~ 60 Mbits of traffic.
    CPU utilization is around 70%, and sometimes we see drops of, say, 10% of pings. Is that normal? We do not use any screen features except those that are present in config by default.

    Please advise.


  • Engineer

    yep got one in my lab for a month now.

    i only hope they include the junos routing engine soon 🙂


  • administrators

    Definitely look at the SSG platforms.  The 520 is only a few hundred more than an NS-50, and has roughly 3-4 times the performance.  I finally got to play with one last week, and it’s one of the best pieces of equipment I’ve ever used.

  • Engineer


    maybe look at the SSG platforms.


  • Thanks for the advice, it looks like we had ~30kpps. Obviously we need a more powerful device.
    Is ISG-1000 much more productive than 204 if to speak about pps?

  • Check your packets/second. Often this is what caused high CPU, not bandwidth. The reason for this is if you have alot of packets per second incoming the Netscreen has to process each and every one of them whether the packets are large or small. The 204 bandwidth benchmarks from what I have been told were done using ideal packet sizes thus the bandwidth in the real world would never be able to meet the stated figures.

    To calculate the packets per second is not an easy task. You have to run ‘get counter stat’ at regular intervals (I usually use 10 second intervals with a script). Then you need to look at the in packet hardware counter for each interface. I usually put the values in a spreadsheet. Then calculate the difference between each get command and divide by the time difference. Add the total for ALL interfaces and this will give you a rough estimate of your PPS. I usually get concerned when I see greater than 15K pps for a 204. If I see that then I start looking at ways to either off-load some of that traffic or start looking at more robust hardware like a 500 or ISG.

  • Session and traffic utilization is rather low for this device:
    not more than 40k sessions, not more then 70Mbit of traffic.

    I tried to unset screening features that were enabled (teardrop, land, synflood, ping-of-death, ip-filter-src) - this did not change anything.

    Please advice do you still think it could be a worm. Any help would be appreciated!

    – Peter

  • how’s your session utilization? if there’s still screen features, you might as well try unchecking them one at a time and check if your cpu would normalize. try to remove screening features that are most likely would do with ping. check your network if there’s a worm spreading in it. this might have causing your cpu climb up to 70%.