Re: [j-nsp] SRX3600 weirdness
I’ve been able to make some more sense of the problem. After clarifying a few things with the database admins, the issue isn’t sending mail. It’s some ticketing system that receives email approves, so it’s constantly checking an Exchange mailbox. That’s where the IMAP traffic comes in. After enabling the flow trace and waiting for it to have another problem, I was able to see some “SPU invalid session” messages. These seem to be the only indication of a problem so far. These seem to occur on and off throughout the day, but there were a lot of them right around the time the problem was reported. Can’t seem to find much on the Net about these messages, at least in regards to regular TCP flows. There seems to be a lot about SIP or SCCP, but we’re dealing with IMAP and there are no ALGs turned on for this. Apr 27 03:39:20 03:39:20.637759:CID-01:FPC-07:PIC-00:THREAD_ID-30:RT:SPU invalid session id 000862cb Apr 27 03:39:20 03:39:20.851451:CID-01:FPC-07:PIC-00:THREAD_ID-30:RT:SPU invalid session id 000abca5 Apr 27 03:43:06 03:43:06.450593:CID-01:FPC-07:PIC-00:THREAD_ID-30:RT:SPU invalid session id Apr 27 03:45:01 03:45:01.818440:CID-01:FPC-07:PIC-00:THREAD_ID-30:RT:SPU invalid session id 000c4901 Apr 27 03:46:39 03:46:39.882481:CID-01:FPC-07:PIC-00:THREAD_ID-30:RT:SPU invalid session id Apr 27 03:46:40 03:46:39.1220955:CID-02:FPC-08:PIC-00:THREAD_ID-09:RT:SPU invalid session id Apr 27 03:58:51 03:58:51.634500:CID-02:FPC-07:PIC-00:THREAD_ID-17:RT:SPU invalid session id Apr 27 03:58:52 03:58:51.1490052:CID-01:FPC-07:PIC-00:THREAD_ID-24:RT:SPU invalid session id Apr 27 04:00:01 04:00:00.1789529:CID-01:FPC-07:PIC-00:THREAD_ID-25:RT:SPU invalid session id 000eae37 Apr 27 04:00:01 04:00:01.919422:CID-01:FPC-08:PIC-00:THREAD_ID-08:RT:SPU invalid session id Apr 27 04:00:01 04:00:01.921294:CID-01:FPC-08:PIC-00:THREAD_ID-26:RT:SPU invalid session id Apr 27 04:00:02 04:00:01.951891:CID-01:FPC-07:PIC-00:THREAD_ID-30:RT:SPU invalid session id Apr 27 04:00:02 04:00:01.962888:CID-01:FPC-07:PIC-00:THREAD_ID-30:RT:SPU invalid session id Apr 27 04:00:02 04:00:01.1258835:CID-01:FPC-07:PIC-00:THREAD_ID-30:RT:SPU invalid session id Apr 27 04:00:02 04:00:01.1270033:CID-01:FPC-07:PIC-00:THREAD_ID-31:RT:SPU invalid session id Apr 27 04:00:02 04:00:01.1240584:CID-01:FPC-08:PIC-00:THREAD_ID-27:RT:SPU invalid session id Apr 27 04:00:02 04:00:01.1241914:CID-01:FPC-08:PIC-00:THREAD_ID-30:RT:SPU invalid session id Apr 27 04:00:02 04:00:02.738873:CID-02:FPC-08:PIC-00:THREAD_ID-08:RT:SPU invalid session id Apr 27 04:00:03 04:00:02.1101047:CID-01:FPC-08:PIC-00:THREAD_ID-26:RT:SPU invalid session id Apr 27 04:00:03 04:00:03.090182:CID-02:FPC-08:PIC-00:THREAD_ID-09:RT:SPU invalid session id Apr 27 04:00:03 04:00:02.1425147:CID-01:FPC-07:PIC-00:THREAD_ID-30:RT:SPU invalid session id Apr 27 04:00:03 04:00:02.1415919:CID-02:FPC-07:PIC-00:THREAD_ID-27:RT:SPU invalid session id Apr 27 04:00:04 04:00:04.382013:CID-02:FPC-08:PIC-00:THREAD_ID-09:RT:SPU invalid session id Apr 27 04:00:04 04:00:03.1467427:CID-02:FPC-07:PIC-00:THREAD_ID-21:RT:SPU invalid session id Apr 27 04:00:04 04:00:04.528723:CID-02:FPC-08:PIC-00:THREAD_ID-08:RT:SPU invalid session id Apr 27 04:00:04 04:00:04.624377:CID-02:FPC-08:PIC-00:THREAD_ID-09:RT:SPU invalid session id Apr 27 04:00:04 04:00:04.449077:CID-02:FPC-08:PIC-00:THREAD_ID-29:RT:SPU invalid session id Apr 27 04:00:04 04:00:04.646082:CID-02:FPC-07:PIC-00:THREAD_ID-31:RT:SPU invalid session id Apr 27 04:00:04 04:00:04.645183:CID-02:FPC-08:PIC-00:THREAD_ID-08:RT:SPU invalid session id Apr 27 04:00:04 04:00:04.794865:CID-02:FPC-07:PIC-00:THREAD_ID-26:RT:SPU invalid session id Apr 27 04:00:05 04:00:04.881259:CID-02:FPC-08:PIC-00:THREAD_ID-09:RT:SPU invalid session id Apr 27 04:00:05 04:00:04.1210223:CID-01:FPC-07:PIC-00:THREAD_ID-30:RT:SPU invalid session id Apr 27 04:00:05 04:00:04.1514824:CID-02:FPC-07:PIC-00:THREAD_ID-21:RT:SPU invalid session id Apr 27 04:00:05 04:00:04.1501037:CID-02:FPC-07:PIC-00:THREAD_ID-24:RT:SPU invalid session id Apr 27 04:00:05 04:00:04.1598687:CID-01:FPC-07:PIC-00:THREAD_ID-31:RT:SPU invalid session id Apr 27 04:00:05 04:00:05.738205:CID-02:FPC-08:PIC-00:THREAD_ID-29:RT:SPU invalid session id Apr 27 04:00:06 04:00:05.914206:CID-02:FPC-08:PIC-00:THREAD_ID-30:RT:SPU invalid session id Apr 27 04:00:06 04:00:05.1313025:CID-01:FPC-07:PIC-00:THREAD_ID-31:RT:SPU invalid session id Apr 27 04:00:06 04:00:06.818371:CID-02:FPC-08:PIC-00:THREAD_ID-23:RT:SPU invalid session id Apr 27 04:00:07 04:00:06.1080460:CID-01:FPC-07:PIC-00:THREAD_ID-31:RT:SPU invalid session id Apr 27 04:00:08 04:00:08.676086:CID-02:FPC-08:PIC-00:THREAD_ID-31:R
Re: [j-nsp] SRX1400 opinions
Good, you cannot run UTM on the data center SRX at the moment, branch only. On Apr 27, 2013, at 12:55 PM, James Howlett wrote: Hello, Thank you for the heads-up > Srx's have replication issues with large routing environments. Duplicating > two full feeds to the redundant peer will take a long time. In some > testing many hours. > > With that said the 1400 can do it. Just keep that one major caveat in mind > when you want clustered fail over. > I have a budget only for one 1400 at the moment. I don't plan to run UTM on it as well. Just few bgp sessions, firewall and some DDoS screening. Regards, jim > Hope this helps, > -Tim Eberhard > > > On Apr 27, 2013, at 10:14 AM, James Howlett wrote: > >> Hello, >> >> I have a network build on J4350 and SRX240 and i need to upgrade. I was >> thinking about switching two devices for SRX1400. >> My network has 2 full bgp feeds and some peerings. We use about 150-200Mbps >> average. Will SRX1400 be a good choice then? >> >> Best regards, >> jim >> >> ___ >> juniper-nsp mailing list juniper-nsp@puck.nether.net >> https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] SRX1400 opinions
Hello, Thank you for the heads-up > Srx's have replication issues with large routing environments. Duplicating > two full feeds to the redundant peer will take a long time. In some > testing many hours. > > With that said the 1400 can do it. Just keep that one major caveat in mind > when you want clustered fail over. > I have a budget only for one 1400 at the moment. I don't plan to run UTM on it as well. Just few bgp sessions, firewall and some DDoS screening. Regards, jim > Hope this helps, > -Tim Eberhard > > > On Apr 27, 2013, at 10:14 AM, James Howlett wrote: > > > Hello, > > > > I have a network build on J4350 and SRX240 and i need to upgrade. I was > > thinking about switching two devices for SRX1400. > > My network has 2 full bgp feeds and some peerings. We use about 150-200Mbps > > average. Will SRX1400 be a good choice then? > > > > Best regards, > > jim > > > > ___ > > juniper-nsp mailing list juniper-nsp@puck.nether.net > > https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] SRX1400 opinions
Srx's have replication issues with large routing environments. Duplicating two full feeds to the redundant peer will take a long time. In some testing many hours. With that said the 1400 can do it. Just keep that one major caveat in mind when you want clustered fail over. Hope this helps, -Tim Eberhard On Apr 27, 2013, at 10:14 AM, James Howlett wrote: > Hello, > > I have a network build on J4350 and SRX240 and i need to upgrade. I was > thinking about switching two devices for SRX1400. > My network has 2 full bgp feeds and some peerings. We use about 150-200Mbps > average. Will SRX1400 be a good choice then? > > Best regards, > jim > > ___ > juniper-nsp mailing list juniper-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] SRX1400 opinions
Hello, I have a network build on J4350 and SRX240 and i need to upgrade. I was thinking about switching two devices for SRX1400. My network has 2 full bgp feeds and some peerings. We use about 150-200Mbps average. Will SRX1400 be a good choice then? Best regards, jim ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp