[AusNOG] srx 110 networking issue

Peter Brown rendhalver at gmail.com
Fri Oct 26 11:42:47 EST 2012

Hi everyone,

This is going to be a bit of a rambling brain dump so please bear with me.

I had the strangest issue with my srx110 yesterday afternoon just
before I went home.
For some as yet undetermined reason my network basically died.
I was in the middle of configuring some new nat and security rules but
hadn't committed them.
The only thing I had changed since the day before was starting to add
some nat rules for my pbx.

It started when nagios informend me my WAP wasn't responding to pings.
I thought there was something wrong with it but the rest of the
network seemed to be still working (I think but can't be sure because
i haven't had the time to setup network monitoring)
I couldn't ping the WAP so I connected my desktop's network to it
(sadly no console port) and could see it's web interface but from
there i couldn't ping my srx.

I thought rebooting the WAP would help but it didn't.
I also thought rebooting the SRX would help but that just seemed to
make things worse.

I rebooted the SRX from console and did notice these as it was booting
and have no idea whether they are relevent.
veriexec: cannot verify /packages/junos-11.2R3.3-domestic.sig: ERROR:
Failed signature check of junos-11.2R3.3-domestic
Additional routing options:kern.module_path:
/boot//kernel;/boot/modules ->
/boot/modules;/modules/ifpfe_drv;kldload: Unsupported file type

Once it had rebooted It appeared to have connected to internode and
got my static ip and I could ping it's uplink (probably the wrong word
but you probably know what i mean)
I had to switch the nameservers to something outside my failing
network so i could get some idea of what was happening.
I used Internodes nameservers and i could ping them but couldn't
resolve and hosts.
I could also ping our external servers so it seemed the network was
working properly but the internal network was still not working.

I then decided I should setup my fritx box as the dsl and router for
the office and then it was 5pm.
I really had no idea what had happened and it made no sense to me at all.
All I can think of is it was the srx was refusing host inbound traffic
which makes no sense because that has been working fine since i got it
working a few weeks ago and hadn't changed the config for it.

I think I had the same issue while I was doing my initial setup of the srx.
I was setting up security zones and policies and thought I had it
setup right and committed it and every device i tried to connect to it
failed to get an ip.
At the time I had no idea what to do so I reset it to factory defaults
and started again.
I also had no idea how to save the config off and thought starting
again was the best idea.

I checked my nagios alerts this morning and i see a string of hosts
dropping off the network.

Has anyone seen this sort of thing before?
I was wondering if it was some kind of problem with my licence or
something (I am trying not to think it's a hardware issue but i am not
going to rule that out).

Any thoughts or pointers appreciated.
I thought doing a "request support information" was a good idea so i
have that and my config directory saved off to a usb stick.
(I can see me owing a bunch of you beer so I guess I better show up to
the next conference if i can make it)

Thanks in advance.

