date:20130427

Re: [j-nsp] SRX3600 weirdness

2013-04-27 Thread James S. Smith

I’ve been able to make some more sense of the problem.  After clarifying a few 
things with the database admins, the issue isn’t sending mail.  It’s some 
ticketing system that receives email approves, so it’s constantly checking an 
Exchange mailbox.  That’s where the IMAP traffic comes in.

After enabling the flow trace and waiting for it to have another problem, I was 
able to see some “SPU invalid session” messages.  These seem to be the only 
indication of a problem so far.    These seem to occur on and off throughout 
the day, but there were a lot of them right around the time the problem was 
reported.  Can’t seem to find much on the Net about these messages, at least in 
regards to regular TCP flows.  There seems to be a lot about SIP or SCCP, but 
we’re dealing with IMAP and there are no ALGs turned on for this.

Apr 27 03:39:20 03:39:20.637759:CID-01:FPC-07:PIC-00:THREAD_ID-30:RT:SPU 
invalid session id 000862cb
Apr 27 03:39:20 03:39:20.851451:CID-01:FPC-07:PIC-00:THREAD_ID-30:RT:SPU 
invalid session id 000abca5
Apr 27 03:43:06 03:43:06.450593:CID-01:FPC-07:PIC-00:THREAD_ID-30:RT:SPU 
invalid session id 
Apr 27 03:45:01 03:45:01.818440:CID-01:FPC-07:PIC-00:THREAD_ID-30:RT:SPU 
invalid session id 000c4901
Apr 27 03:46:39 03:46:39.882481:CID-01:FPC-07:PIC-00:THREAD_ID-30:RT:SPU 
invalid session id 
Apr 27 03:46:40 03:46:39.1220955:CID-02:FPC-08:PIC-00:THREAD_ID-09:RT:SPU 
invalid session id  
Apr 27 03:58:51 03:58:51.634500:CID-02:FPC-07:PIC-00:THREAD_ID-17:RT:SPU 
invalid session id 
Apr 27 03:58:52 03:58:51.1490052:CID-01:FPC-07:PIC-00:THREAD_ID-24:RT:SPU 
invalid session id 
Apr 27 04:00:01 04:00:00.1789529:CID-01:FPC-07:PIC-00:THREAD_ID-25:RT:SPU 
invalid session id 000eae37
Apr 27 04:00:01 04:00:01.919422:CID-01:FPC-08:PIC-00:THREAD_ID-08:RT:SPU 
invalid session id 
Apr 27 04:00:01 04:00:01.921294:CID-01:FPC-08:PIC-00:THREAD_ID-26:RT:SPU 
invalid session id 
Apr 27 04:00:02 04:00:01.951891:CID-01:FPC-07:PIC-00:THREAD_ID-30:RT:SPU 
invalid session id 
Apr 27 04:00:02 04:00:01.962888:CID-01:FPC-07:PIC-00:THREAD_ID-30:RT:SPU 
invalid session id 
Apr 27 04:00:02 04:00:01.1258835:CID-01:FPC-07:PIC-00:THREAD_ID-30:RT:SPU 
invalid session id 
Apr 27 04:00:02 04:00:01.1270033:CID-01:FPC-07:PIC-00:THREAD_ID-31:RT:SPU 
invalid session id 
Apr 27 04:00:02 04:00:01.1240584:CID-01:FPC-08:PIC-00:THREAD_ID-27:RT:SPU 
invalid session id 
Apr 27 04:00:02 04:00:01.1241914:CID-01:FPC-08:PIC-00:THREAD_ID-30:RT:SPU 
invalid session id 
Apr 27 04:00:02 04:00:02.738873:CID-02:FPC-08:PIC-00:THREAD_ID-08:RT:SPU 
invalid session id 
Apr 27 04:00:03 04:00:02.1101047:CID-01:FPC-08:PIC-00:THREAD_ID-26:RT:SPU 
invalid session id 
Apr 27 04:00:03 04:00:03.090182:CID-02:FPC-08:PIC-00:THREAD_ID-09:RT:SPU 
invalid session id 
Apr 27 04:00:03 04:00:02.1425147:CID-01:FPC-07:PIC-00:THREAD_ID-30:RT:SPU 
invalid session id 
Apr 27 04:00:03 04:00:02.1415919:CID-02:FPC-07:PIC-00:THREAD_ID-27:RT:SPU 
invalid session id 
Apr 27 04:00:04 04:00:04.382013:CID-02:FPC-08:PIC-00:THREAD_ID-09:RT:SPU 
invalid session id 
Apr 27 04:00:04 04:00:03.1467427:CID-02:FPC-07:PIC-00:THREAD_ID-21:RT:SPU 
invalid session id 
Apr 27 04:00:04 04:00:04.528723:CID-02:FPC-08:PIC-00:THREAD_ID-08:RT:SPU 
invalid session id 
Apr 27 04:00:04 04:00:04.624377:CID-02:FPC-08:PIC-00:THREAD_ID-09:RT:SPU 
invalid session id 
Apr 27 04:00:04 04:00:04.449077:CID-02:FPC-08:PIC-00:THREAD_ID-29:RT:SPU 
invalid session id 
Apr 27 04:00:04 04:00:04.646082:CID-02:FPC-07:PIC-00:THREAD_ID-31:RT:SPU 
invalid session id 
Apr 27 04:00:04 04:00:04.645183:CID-02:FPC-08:PIC-00:THREAD_ID-08:RT:SPU 
invalid session id 
Apr 27 04:00:04 04:00:04.794865:CID-02:FPC-07:PIC-00:THREAD_ID-26:RT:SPU 
invalid session id 
Apr 27 04:00:05 04:00:04.881259:CID-02:FPC-08:PIC-00:THREAD_ID-09:RT:SPU 
invalid session id 
Apr 27 04:00:05 04:00:04.1210223:CID-01:FPC-07:PIC-00:THREAD_ID-30:RT:SPU 
invalid session id 
Apr 27 04:00:05 04:00:04.1514824:CID-02:FPC-07:PIC-00:THREAD_ID-21:RT:SPU 
invalid session id 
Apr 27 04:00:05 04:00:04.1501037:CID-02:FPC-07:PIC-00:THREAD_ID-24:RT:SPU 
invalid session id 
Apr 27 04:00:05 04:00:04.1598687:CID-01:FPC-07:PIC-00:THREAD_ID-31:RT:SPU 
invalid session id 
Apr 27 04:00:05 04:00:05.738205:CID-02:FPC-08:PIC-00:THREAD_ID-29:RT:SPU 
invalid session id 
Apr 27 04:00:06 04:00:05.914206:CID-02:FPC-08:PIC-00:THREAD_ID-30:RT:SPU 
invalid session id 
Apr 27 04:00:06 04:00:05.1313025:CID-01:FPC-07:PIC-00:THREAD_ID-31:RT:SPU 
invalid session id 
Apr 27 04:00:06 04:00:06.818371:CID-02:FPC-08:PIC-00:THREAD_ID-23:RT:SPU 
invalid session id 
Apr 27 04:00:07 04:00:06.1080460:CID-01:FPC-07:PIC-00:THREAD_ID-31:RT:SPU 
invalid session id 
Apr 27 04:00:08 04:00:08.676086:CID-02:FPC-08:PIC-00:THREAD_ID-31:R

Re: [j-nsp] SRX1400 opinions

2013-04-27 Thread Jerry Jones

Good, you cannot run UTM on the data center SRX at the moment, branch only.

On Apr 27, 2013, at 12:55 PM, James Howlett  wrote:

Hello,

Thank you for the heads-up

> Srx's have replication issues with large routing environments. Duplicating 
> two full feeds to the redundant peer will take a long time. In some 
> testing many hours.
> 
> With that said the 1400 can do it. Just keep that one major caveat in mind 
> when you want clustered fail over. 
> 


I have a budget only for one 1400 at the moment. 
I don't plan to run UTM on it as well.

Just few bgp sessions, firewall and some DDoS screening.

Regards,
jim

> Hope this helps,
> -Tim Eberhard 
> 
> 
> On Apr 27, 2013, at 10:14 AM, James Howlett  wrote:
> 
>> Hello,
>> 
>> I have a network build on J4350 and SRX240 and i need to upgrade. I was 
>> thinking about switching two devices for SRX1400. 
>> My network has 2 full bgp feeds and some peerings. We use about 150-200Mbps 
>> average. Will SRX1400 be a good choice then?
>> 
>> Best regards,
>> jim
>> 
>> ___
>> juniper-nsp mailing list juniper-nsp@puck.nether.net
>> https://puck.nether.net/mailman/listinfo/juniper-nsp
  
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp


___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] SRX1400 opinions

2013-04-27 Thread James Howlett

Hello,

Thank you for the heads-up

> Srx's have replication issues with large routing environments. Duplicating 
> two full feeds to the redundant peer will take a long time. In some 
> testing many hours.
> 
> With that said the 1400 can do it. Just keep that one major caveat in mind 
> when you want clustered fail over. 
>


I have a budget only for one 1400 at the moment. 
I don't plan to run UTM on it as well.

Just few bgp sessions, firewall and some DDoS screening.

Regards,
jim

> Hope this helps,
> -Tim Eberhard 
> 
> 
> On Apr 27, 2013, at 10:14 AM, James Howlett  wrote:
> 
> > Hello,
> > 
> > I have a network build on J4350 and SRX240 and i need to upgrade. I was 
> > thinking about switching two devices for SRX1400. 
> > My network has 2 full bgp feeds and some peerings. We use about 150-200Mbps 
> > average. Will SRX1400 be a good choice then?
> > 
> > Best regards,
> > jim
> > 
> > ___
> > juniper-nsp mailing list juniper-nsp@puck.nether.net
> > https://puck.nether.net/mailman/listinfo/juniper-nsp
  
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] SRX1400 opinions

2013-04-27 Thread Tim Eberhard

Srx's have replication issues with large routing environments. Duplicating two 
full feeds to the redundant peer will take a long time. In some testing 
many hours.

With that said the 1400 can do it. Just keep that one major caveat in mind when 
you want clustered fail over. 

Hope this helps,
-Tim Eberhard 

On Apr 27, 2013, at 10:14 AM, James Howlett  wrote:

> Hello,
> 
> I have a network build on J4350 and SRX240 and i need to upgrade. I was 
> thinking about switching two devices for SRX1400. 
> My network has 2 full bgp feeds and some peerings. We use about 150-200Mbps 
> average. Will SRX1400 be a good choice then?
> 
> Best regards,
> jim
> 
> ___
> juniper-nsp mailing list juniper-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp

___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

[j-nsp] SRX1400 opinions

2013-04-27 Thread James Howlett

Hello,

I have a network build on J4350 and SRX240 and i need to upgrade. I was 
thinking about switching two devices for SRX1400. 
My network has 2 full bgp feeds and some peerings. We use about 150-200Mbps 
average. Will SRX1400 be a good choice then?

Best regards,
jim
  
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] SRX3600 weirdness

Re: [j-nsp] SRX1400 opinions

Re: [j-nsp] SRX1400 opinions

Re: [j-nsp] SRX1400 opinions

[j-nsp] SRX1400 opinions

5 matches

Site Navigation

Mail list logo

Footer information