What is a Netscreen session?

What is a Netscreen session?

am 22.01.2007 05:07:12 von DaveInPNG

We're going to be moving from an old Netscreen 10 to a nice new
Netscreen 5 extended edition. Our current Netscreen 10 is running out
of sessions and then dropping connections. It's session limit is listed
as 4096 though 3700 something appears to be it's real limit.

We have less than 200 folks on at a time, so I'm curious what the
Netscreen calls a "session". Even with a two minute session timeout,
we're still running out of sessions.

Are we going to be any better off with the Netscreen 5? It supposedly
tops out at 4096 sessions also.

Yes, I've looked for computers opening too many sessions like it is
spamming but didn't find anything. It just seems like a client doesn't
reuse the same session but instead is given a new one.

Thanks.

Dave

Re: What is a Netscreen session?

am 22.01.2007 12:35:02 von Wolfgang Kueter

DaveInPNG wrote:

> We're going to be moving from an old Netscreen 10 to a nice new
> Netscreen 5 extended edition. Our current Netscreen 10 is running out
> of sessions and then dropping connections. It's session limit is listed
> as 4096 though 3700 something appears to be it's real limit.
>
> We have less than 200 folks on at a time,

200 machines/users is far too much for any SOHO box and a Netscreen 5 is a
SOHO box.

> so I'm curious what the
> Netscreen calls a "session".

Probably simply an entry in the state table.

> Even with a two minute session timeout,
> we're still running out of sessions.

Which is absolutely normal if one takes into consideration that surfing can
create 50 or more tcp connections per page.

> Are we going to be any better off with the Netscreen 5? It supposedly
> tops out at 4096 sessions also.

No, for 200 machines/users you need a serious box, not a SOHO model.

Wolfgang

> Yes, I've looked for computers opening too many sessions like it is
> spamming but didn't find anything.

Just looi at the HTML source of any web page and count the number of tcp
connections a single page request will generate and then think again.

> It just seems like a client doesn't
> reuse the same session but instead is given a new one.

which is just normal for tcp ...

Wolfgang