Re: [j-nsp] strange packet loss without impact
In regard to #2 are you routing same-interface by chance? ICMP redirect disabled or is something not paying attention to them? I know some of your show command output might rule out some of these questions but there are two things I've learned never to have absolute faith in: (1) Marketing numbers and (2) show command output. --- On Mon, 7/4/11, Derick Winkworth dwinkwo...@att.net wrote: From: Derick Winkworth dwinkwo...@att.net Subject: Re: [j-nsp] strange packet loss without impact To: Matthias Brumm matth...@brumm.net, Christian cdebalo...@neotelecoms.com Cc: juniper-nsp@puck.nether.net Date: Monday, July 4, 2011, 8:58 PM 1. Have you thought of running your ping tests *thru* the box rather than *at* it? 2. I see you have pretty symmetrical in/out here, could you be experiencing something like a DDOS (router pushing out too many ICMPs)? 3. Packet capture at all? 4. 19k pps... is this high/normal/low for this interface? Do you have services enabled on it? J-Series is software router... From: Matthias Brumm matth...@brumm.net To: Christian cdebalo...@neotelecoms.com Cc: juniper-nsp@puck.nether.net Sent: Mon, July 4, 2011 10:25:38 AM Subject: Re: [j-nsp] strange packet loss without impact no, that is not the problem. I have looked into the Juniper definition and we have one discard routing entry, which should be responsible for this entry. the complete output: show pfe statistics traffic Packet Forwarding Engine traffic statistics: Input packets: 586522987655 19925 pps Output packets: 585165208482 19866 pps Packet Forwarding Engine local traffic statistics: Local packets input : 1228194454 Local packets output : 713668140 Software input control plane drops : 0 Software input high drops : 0 Software input medium drops : 13059 Software input low drops : 0 Software output drops : 0 Hardware input drops : 0 Packet Forwarding Engine local protocol statistics: HDLC keepalives : 0 ATM OAM : 0 Frame Relay LMI : 0 PPP LCP/NCP : 0 OSPF hello : 0 OSPF3 hello : 0 RSVP hello : 0 LDP hello : 0 BFD : 0 IS-IS IIH : 0 LACP : 0 ARP : 513852055 ETHER OAM : 0 Unknown : 0 Packet Forwarding Engine hardware discard statistics: Timeout : 0 Truncated key : 0 Bits to test : 0 Data error : 0 Stack underflow : 0 Stack overflow : 0 Normal discard : 557514914 Extended discard : 0 Invalid interface : 0 Info cell drops : 0 Fabric drops : 0 Packet Forwarding Engine Input IPv4 Header Checksum Error and Output MTU Error : Input Checksum : 132684 Output MTU : 34 2011/7/4 Matthias Brumm matth...@brumm.net Hello! show pfe statistics traffic is the first command, showing some errors: Packet Forwarding Engine hardware discard statistics: Timeout : 0 Truncated key : 0 Bits to test : 0 Data error : 0 Stack underflow : 0 Stack overflow : 0 Normal discard : 557491798 Extended discard : 0 Invalid interface : 0 Info cell drops : 0 Fabric drops : 0 Is Normal discard an error or something Normal, as the name would say. Matthias 2011/7/4 Christian cdebalo...@neotelecoms.com ** If in doubt run show system processes summary to check for busy process during your peak time. Also you can have some interesting stats with a show pfe statistics traffic Christian Le 04/07/2011 15:33, Matthias Brumm
[j-nsp] SRX210 IPv6 on ADSL2+ PIM
Hi Everyone, I'm trying to get IPv6 up and running on an ADSL2+ pim in an SRX210 without much luck. Hopefully someone has run across this (good or bad). I'm also living life on the edge and am running 11.1R3.5. I was running 10.4R4.5 and can go back to it if anyone thinks that will help. I keep getting family INET6 not allowed with this encapsulation on a commit check. I've tried two different encapsulations and the configs look like this: This one has the encapsulation in the unit: show interfaces at-1/0/0 atm-options { vpi 0; } dsl-options { operating-mode adsl2plus; } unit 0 { encapsulation ether-over-atm-llc; vci 0.37; family inet { filter { output bruce-qos; } address xxx.xxx.xxx.xxx/29; } family inet6 { address 2607::x::x/126; } } This one has the encapsulation right at the at-1/0/0 level: show interfaces at-1/0/0 encapsulation ethernet-over-atm; atm-options { vpi 0; } dsl-options { operating-mode adsl2plus; } unit 0 { vci 0.37; family inet { filter { output bruce-qos; } address xxx.xxx.xxx.xxx/29; } family inet6 { address 2607::x::x/126; } } Has anyone experienced similar behavior? I'd hate to have to go to an external modem to get this to work, or have to use PPPoE. Thanks! Bruce Bruce Buchanan Senior Network Technician Nexicom 5 King St. E., Millbrook, ON, LOA 1GO Phone: 705-932-4147 FAX: 705-932-3027 Cell: 705-750-7705 Web: http://www.nexicom.net Nexicom - Connected. Naturally. ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] Juniper BRAS E120
Dear Team, I need some configuration help,On my Juniper BRAS E120 interface ,DSL users of diferent bandwidth profile come (say 1Mb , 2Mb etc , i have to configure 4 5 different bandwidth profiles .Can any one please forward me a sample config. how to configure different profiles and apply on interface, as user request is forworded to radius and profiles with attributes are defined on radius. Regards MR ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Juniper BRAS E120
Hi Muhammad, First of all you need to create rate limits(2Mb, 4Mb, etc). After, you need to create policies for each bandwidth profile. Inside each policy-list configuration you will put the rate limit that was created. Follow a sample config, ip rate-limit-profile 1M-one-rate one-rate committed-rate 1024000 committed-burst 128000 excess-burst 256000 ! ip rate-limit-profile 2M-one-rate one-rate committed-rate 2048000 committed-burst 256000 excess-burst 512000 ! ip policy-list i1024 classifier-group * precedence 1 rate-limit-profile 1M-one-rate forward ! ip policy-list i2048 classifier-group * precedence 1 rate-limit-profile 2M-one-rate forward Regards, Thiago Lizardo de Moraes Em 05/07/2011, às 13:11, Muhammad Rehan rehanrehma...@gmail.com escreveu: Dear Team, I need some configuration help,On my Juniper BRAS E120 interface ,DSL users of diferent bandwidth profile come (say 1Mb , 2Mb etc , i have to configure 4 5 different bandwidth profiles .Can any one please forward me a sample config. how to configure different profiles and apply on interface, as user request is forworded to radius and profiles with attributes are defined on radius. Regards MR ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] SRX210 IPv6 on ADSL2+ PIM
On Wed, Jul 6, 2011 at 1:58 AM, Bruce Buchanan bbuch...@nexicom.net wrote: I'm trying to get IPv6 up and running on an ADSL2+ pim in an SRX210 without much luck. Hopefully someone has run across this (good or bad). I'm also living life on the edge and am running 11.1R3.5. I was running 10.4R4.5 and can go back to it if anyone thinks that will help. I keep getting family INET6 not allowed with this encapsulation on a commit check. I've tried two different encapsulations and the configs look like this: [...] Has anyone experienced similar behavior? I'd hate to have to go to an external modem to get this to work, or have to use PPPoE. Disclaimer: I don't think IPv6 actually works over PPP on SRX - certainly no DHCPv6-PD I'm running 10.4R5 on srx210h-poe w/ADSL2+ PIM Here's my interface config -- admin@router show configuration interfaces at-1/0/0 per-unit-scheduler; encapsulation atm-pvc; atm-options { vpi 8; } dsl-options { operating-mode auto; } unit 0 { description ISP; encapsulation atm-ppp-llc; vci 8.35; ppp-options { chap { default-chap-secret removed; ## SECRET-DATA local-name usern...@isp.net; passive; } } family inet { negotiate-address; } family inet6; } Once PPP has done its thing, I can ping the remote interface ID (link local) -- admin@router ping fe80::0221:a0ff:febb:3200 interface at-1/0/0.0 count 5 PING6(56=40+8+8 bytes) fe80::b2c6:9a10:7d:5dc0 -- fe80::221:a0ff:febb:3200 16 bytes from fe80::221:a0ff:febb:3200, icmp_seq=0 hlim=64 time=107.031 ms 16 bytes from fe80::221:a0ff:febb:3200, icmp_seq=1 hlim=64 time=108.289 ms 16 bytes from fe80::221:a0ff:febb:3200, icmp_seq=2 hlim=64 time=131.740 ms 16 bytes from fe80::221:a0ff:febb:3200, icmp_seq=3 hlim=64 time=123.717 ms 16 bytes from fe80::221:a0ff:febb:3200, icmp_seq=4 hlim=64 time=119.417 ms --- fe80::0221:a0ff:febb:3200 ping6 statistics --- 5 packets transmitted, 5 packets received, 0% packet loss round-trip min/avg/max/std-dev = 107.031/118.039/131.740/9.360 ms ..but that's about it. cheers, Dale ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] SRX210 IPv6 on ADSL2+ PIM
I think there are just a lot of places in the SRX codebase that don't support IPv6. It's sad, but true. I too have been having problems using IPv6 on VLAN and NHTB IPSec interfaces on SRX 210s and 240s. It feels like Juniper took gobs of Netscreen code, crammed it into JunOS and didn't bother to fix up existing missing features. I keep wanting to like the SRX, and stuff just like this keeps biting me. /two cents --j ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp