Hi,
JTAC point me to this PR :
https://prsearch.juniper.net/InfoCenter/index?page=prcontent&id=PR1061067
This ressembles a lot to our environment (cluster + LSYS) but we are not
affected as we are running 12.3X48-D20.
HTH.
2016-02-29 23:35 GMT+01:00 Michael Gehrmann :
> Invalidated sessions
Invalidated sessions are norma but it's not normal to have an increasing
number of invalidated sessions which then prevent the box from passing
traffic. This is our experience which has happened twice in 3 months. We
saw a ramp up of invalidated sessions which peaked and then stopped all
traffic un
On Mon, Feb 29, 2016 at 04:52:34PM +0100, Youssef Bengelloun-Zahr wrote:
> Here is JTAC feedback regarding this :
>
> "As I have understood it till now, the issue is with the invalidated
> sessions seen on the SRX.
>
> Seeing some number of invalidated sessions on the SRX is a normal behavior.
>
Here is JTAC feedback regarding this :
"As I have understood it till now, the issue is with the invalidated
sessions seen on the SRX.
Seeing some number of invalidated sessions on the SRX is a normal behavior.
Each valid session for which a FIN is received would be moved to the
invalidated sessio
No but I strongly suggest getting in touch with JTAC and running the debug
code. Only way forward at the moment.
Mike
> On 29 Feb 2016, at 21:32, Youssef Bengelloun-Zahr wrote:
>
> Hello Michael,
>
> Any other details you could share regarding affected platforms / junos
> versions ?
>
> BR
Hello Michael,
Any other details you could share regarding affected platforms / junos
versions ?
BR.
2016-02-29 7:21 GMT+01:00 Michael Gehrmann :
> Nothing public yet.
>
>
> On 29 Feb 2016, at 17:11, Youssef Bengelloun-Zahr wrote:
>
> Hi,
>
> So you Have a DEFECT or PR ID for this ?
>
> BR.
On Sun, Feb 28, 2016 at 11:35:33PM +0100, Youssef Bengelloun-Zahr wrote:
> Hello,
>
> Could you please both share model and running code versions ?
12.1X44-D35.5
SRX650
After rebooting the affected node the invalidated sessions went
and for 48h did not come back.
Flo
--
Florian Lohoff
Nothing public yet.
> On 29 Feb 2016, at 17:11, Youssef Bengelloun-Zahr wrote:
>
> Hi,
>
> So you Have a DEFECT or PR ID for this ?
>
> BR.
>
>
>
>> Le 28 févr. 2016 à 23:45, Michael Gehrmann a écrit
>> :
>>
>> SRX650 - 12.1X46-D36
>>
>> I'm told from JTAC the issue will be present in
Hi,
So you Have a DEFECT or PR ID for this ?
BR.
> Le 28 févr. 2016 à 23:45, Michael Gehrmann a écrit :
>
> SRX650 - 12.1X46-D36
>
> I'm told from JTAC the issue will be present in 12.3X48 as no fix has been
> identified yet.
>
> Cheers
> Mike
>
>> On 29 February 2016 at 09:35, Youssef B
SRX650 - 12.1X46-D36
I'm told from JTAC the issue will be present in 12.3X48 as no fix has been
identified yet.
Cheers
Mike
On 29 February 2016 at 09:35, Youssef Bengelloun-Zahr
wrote:
> Hello,
>
> Could you please both share model and running code versions ?
>
> Best regards.
>
>
>
> > Le 28
Hello,
Could you please both share model and running code versions ?
Best regards.
> Le 28 févr. 2016 à 23:27, Michael Gehrmann a écrit :
>
> We have had the same issue on branch series. Juniper is asking us to run a
> debug version of code. I suggest you contact JTAC.
>
> Cheers
> Mike
>
We have had the same issue on branch series. Juniper is asking us to run a
debug version of code. I suggest you contact JTAC.
Cheers
Mike
On 28 February 2016 at 23:04, Florian Lohoff wrote:
>
> Hi,
>
> We had an incident with one node of an SRX Cluster piling up
> invalidated sessions as seen f
Hi,
We had an incident with one node of an SRX Cluster piling up
invalidated sessions as seen from "show security session flow summary"
Now i was looking for the SNMP Mibs to monitor the number of
invalidated sessions per node but failed to find one.
JUNIPER-LSYSSP-FLOWSESS-MIB has max/current
Which is
the best way to monitor IPSEC VPN liveness between MX960 with MS-DPC and sp-
interface ?
I
understood VPN MONITOR is not supported.
Any idea ?Tks
___
juniper-nsp mailing list juniper-nsp@puck.ne
Hi Tom, all,
solution: use "monitor start /var/log/messages" (i.e. specify the complete
path) instead of the command below, which does not work anymore with
12.1R3.5.
Regards,
Vincent
On 16 June 2013 01:11, Tom Storey wrote:
> Just a thought, but have you tried doing a "chmod 664 /var/log/me
Just a thought, but have you tried doing a "chmod 664 /var/log/messages"?
That should make it world readable, so should not matter what your user
level/permissions are.
I would also compare the user/group ownership against a working box to make
sure its all the same.
On 13 June 2013 16:06, Vinc
Hello,
I hope this is a simple one.
I have trouble with "monitor start messages":
dude@LON2-R96-01-re0> monitor start messages
{master}
dude@LON2-R96-01-re0>
*** error - couldn't open 'messages' (Permission denied) - removed ***
{master}
dude@LON2-R96-01-re0>
It is unclear to me whether this
That's normal. When RE sends ospf packet over GRE, it constructs the full
packet including the GRE header. So it directly put the packet on the physical
interface for transmission. Hence you don't see it in tcpdump output on GRE
interface since outgoing interface is set to the physical interfac
On Thursday 18 November 2010, Sergey wrote:
> > did you look at the real interface (tunnel source interface) to
> > see the outgoing OSPF stuff ?
>
> source interface is lo0... But yes, I see it on outgoing interface
> ge-1/3/0.912.
And I can't see "input" on it... "In" and "Out" on diffirent in
On Thursday 18 November 2010, Sean Clarke wrote:
> > I attempt to debug ospf on gre interface but I see incoming
> > traffic only. Is it normal behavour or is it a bug of JunOS ?
> >
> > hardware: M7i, JunOS 9.2R3.5.
>
> did you look at the real interface (tunnel source interface) to
> see the ou
On 11/18/10 12:27 PM, Sergey wrote:
Hello.
I attempt to debug ospf on gre interface but I see incoming
traffic only. Is it normal behavour or is it a bug of JunOS ?
hardware: M7i, JunOS 9.2R3.5.
did you look at the real interface (tunnel source interface) to see the
outgoing OSPF stuff ?
Hello.
I attempt to debug ospf on gre interface but I see incoming
traffic only. Is it normal behavour or is it a bug of JunOS ?
hardware: M7i, JunOS 9.2R3.5.
--
Regards,
Sergey
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.net
part de L Kennedy
Envoyé : lundi 30 août 2010 13:41
À : juniper-nsp@puck.nether.net
Objet : [j-nsp] monitor LACP load-balancing?
Hi,
Is there any way to monitor the functioning of LACP load-balancing within
Junos? I have a LACP group of 8 interfaces and I want to see which particular
interf
Hi,
Is there any way to monitor the functioning of LACP load-balancing within
Junos? I have a LACP group of 8 interfaces and I want to see which
particular interface a certain traffic flow is using. On a Cisco 6500 I can
run "test etherchannel load-balance..." from the switching module, but I
ca
On Thu, Aug 13, 2009 at 08:01:51AM -0600, Chris Kawchuk wrote:
>
> You can override the SNMP-reported "bandwidth" of an interface by the
> following:
...
> The "bandwidth" line is what will be reported as the SNMP interface
> bandwidth of say, a VLAN interface. Note the original interface is 1
his by writing an event-script that takes interface stats, does
> some trivial math and populates Utility MIB (jnxUtil).
> Rgds
> Alex
>
> - Original Message - From: "harbor235"
> To:
> Sent: Thursday, August 13, 2009 2:06 PM
> Subject: [j-nsp] monitor int
August 13, 2009 2:06 PM
Subject: [j-nsp] monitor interface rate
To all,
I would like to monitor a juniper router interface via snmp, simple
enough.
However, I do not want bps, I want to monitor the interface as a
percentage
of it's total capacity. In the end I want to be notified if my in
31 AM
To: Bit Gossip
Cc: juniper-nsp@puck.nether.net
Subject: Re: [j-nsp] monitor interface rate
Do you know ho wit does it? I am using HP OpenView, cannot change that. ;{
mike
On Thu, Aug 13, 2009 at 9:26 AM, Bit Gossip wrote:
> cacti (http://cacti.net/) does it out-of-the box...
>
>
You can override the SNMP-reported "bandwidth" of an interface by the
following:
interfaces {
ge-1/3/0 {
vlan-tagging;
unit 101 {
bandwidth 100m;
vlan-id 101;
family inet {
address x.x.x.x/x;
}
}
The
I'm fairly certain HPOV has native support for it as well, as our OV
implementation does it for some of our older Nortel 8600sI've seen
NNM notifications to the effect of 'interface blah has exceeded 75% of
capacity' or similar.
David
2009/8/13 harbor235 :
> Do you know ho wit does it? I a
Do you know ho wit does it? I am using HP OpenView, cannot change that. ;{
mike
On Thu, Aug 13, 2009 at 9:26 AM, Bit Gossip wrote:
> cacti (http://cacti.net/) does it out-of-the box...
>
>
> On Thu, 2009-08-13 at 09:06 -0400, harbor235 wrote:
> > To all,
> >
> > I would like to monitor a junipe
cacti (http://cacti.net/) does it out-of-the box...
On Thu, 2009-08-13 at 09:06 -0400, harbor235 wrote:
> To all,
>
> I would like to monitor a juniper router interface via snmp, simple enough.
> However, I do not want bps, I want to monitor the interface as a percentage
> of it's total capacity
To all,
I would like to monitor a juniper router interface via snmp, simple enough.
However, I do not want bps, I want to monitor the interface as a percentage
of it's total capacity. In the end I want to be notified if my interface
exceeds 70%
of capacity so I can initiate capacity management pla
"sunnyday" <[EMAIL PROTECTED]> writes:
> Is there any way find the ppp interface from this output from a specific
> subscriber?
> i want for example to see what policies are attached to subscriber test1
> i have done the show ppp int gig 2/6 and could identify the ppp interface but
> when i have
Is there any way find the ppp interface from this output from a specific
subscriber?
i want for example to see what policies are attached to subscriber test1
i have done the show ppp int gig 2/6 and could identify the ppp interface but
when i have thousands of subscribers what to do to find the p
less you sniff on a device connected to the
> router (like a switch)
>
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:
> [EMAIL PROTECTED] On Behalf Of M.Mihailidis
> Sent: Wednesday, 5 September 2007 8:26 PM
> To: Rafal Szarecki
> Cc: juniper-nsp@puck.nether.n
Subject: Re: [j-nsp] monitor
and how can i see traffic transit the router???
- Original Message -
From: Rafał Szarecki
To: M.Mihailidis
Cc: juniper-nsp@puck.nether.net
Sent: Wednesday, September 05, 2007 1:22 PM
Subject: Re: [j-nsp] monitor
This command monitor only traffic
Hi,
You can not see the traffic transiting the router using the monitor command.
IMHO, the workaround is implement some sort of port mirroring, etc.
Thanks,
~Erwin
On 9/5/07, M.Mihailidis <[EMAIL PROTECTED]> wrote:
>
> and how can i see traffic transit the router???
>
>
For monitoring the traffic originated from local routing engine, use:
"monitor traffic interface ge-0/0/1 extensive matching icmp"
Thanks,
~Erwin
On 9/5/07, Erwin D <[EMAIL PROTECTED]> wrote:
>
> Hi,
>
> You can not see the traffic transiting the router using the monitor
> command. IMHO, the wo
e -
> *From:* Rafał Szarecki <[EMAIL PROTECTED]>
> *To:* M.Mihailidis <[EMAIL PROTECTED]>
> *Cc:* juniper-nsp@puck.nether.net
> *Sent:* Wednesday, September 05, 2007 1:22 PM
> *Subject:* Re: [j-nsp] monitor
>
> This command monitor only traffic originated or terminate
and how can i see traffic transit the router???
- Original Message -
From: Rafał Szarecki
To: M.Mihailidis
Cc: juniper-nsp@puck.nether.net
Sent: Wednesday, September 05, 2007 1:22 PM
Subject: Re: [j-nsp] monitor
This command monitor only traffic originated or terminated
This command monitor only traffic originated or terminated on local routing
engine. You do not see packet which transit through the router (received on
one interface and send via other)
2007/9/5, M.Mihailidis <[EMAIL PROTECTED]>:
>
> hello guys i want to monitor a interface to see what source add
typo:
'monitor traffic interface a/b/c' or 'monitor traffic interface
a/b/c.x' command.
Sorry for multiple emails,
Erdem
On 9/5/07, Erdem Sener <[EMAIL PROTECTED]> wrote:
> Hi,
> If you are pinging _from the router_, you should be able to see your
> icmp traffic with 'monitor traffic a/b/c.x' c
Hi,
If you are pinging _from the router_, you should be able to see your
icmp traffic with 'monitor traffic a/b/c.x' command.
If rip updates are all you see, I'd say you're using another egress
interface than ge-0/0/1 for your destination.
You may check this with show route x.x.x.x and see you
hello guys i want to monitor a interface to see what source address it is
using when i try to ping a certain address
i used "monitor traffic interface ge-0/0/1 extensive"
and all i got was the rip routing updates as output.
any suggestions?
___
juniper
n Behalf Of Jose Nuñez
> |Sent: Thursday, March 22, 2007 8:31 AM
> |To: juniper-nsp@puck.nether.net
> |Subject: [j-nsp] MONITOR TRANSIT TRAFFIC ON A LOGICAL TUNNEL INTERFACE
> |
> |Hi,
> |I would need to monitor transit traffic on a logical tunel
> |interface ( lt ) in a logical r
Hi,
I would need to monitor transit traffic on a logical tunel interface ( lt ) in
a logical router in Juniper M7i router with AS PIC.
I'm trying with port-mirroring with no luck.
My configuration:
interfaces {
lt-1/2/0 {
unit 64 {
encapsulation vlan;
vlan-i
47 matches
Mail list logo
