[AusNOG] srx 110 networking issue
Peter Brown
rendhalver at gmail.com
Mon Oct 29 12:32:13 EST 2012
Hi,
I got it all working again and have turned off the trace options and a
few other redundant settings in the process.
It seems to have been a strange failover issue where it booted into
it's backup partition and loaded an old broken config.
I git it upgraded too which is nice.
On 29 October 2012 09:05, Daniel Polidori
<Daniel.Polidori at computershare.com.au> wrote:
> Hey Peter,
>
> I am new to this so all if I do something wrong please just let me know.
>
> I am pretty sure I remember looking through your config you uploaded in a previous thread and I remember seeing you had a lot of Trace Options turned on.
>
> Trace Options should only be used when trying to debug and should not be left turned on. The behaviour you are describing sounds like the firewall cannot process the traffic it is receiving.
>
> If you would like to upload your config again I would be happy to confirm my suspicions but if you do have trace options turned on in multiple sections of the config and are not filtering very much then all traffic that passes through the firewall will have to be processed by trace options which would be using a lot of the firewalls resourcing.
>
> If you like you don't have to delete the trace options but just "disable" the trace options you have turned on and see if that helps.
>
> Hope this is useful.
>
> Cheers
>
> Daniel Polidori
> Computershare
> Senior Network Engineer > Technology Services
> P +61 3 9907 7856 M +61 466 089 582 F +61 3 9473 2441
> Yarra Falls, 452 Johnston Street
> Abbotsford VIC 3067, Melbourne, Australia
> www.computershare.com.au
>
> -----Original Message-----
> From: ausnog-bounces at lists.ausnog.net [mailto:ausnog-bounces at lists.ausnog.net] On Behalf Of Peter Brown
> Sent: Friday, 26 October 2012 11:43 AM
> To: ausnog at lists.ausnog.net
> Subject: [AusNOG] srx 110 networking issue
>
> Hi everyone,
>
> This is going to be a bit of a rambling brain dump so please bear with me.
>
> I had the strangest issue with my srx110 yesterday afternoon just before I went home.
> For some as yet undetermined reason my network basically died.
> I was in the middle of configuring some new nat and security rules but hadn't committed them.
> The only thing I had changed since the day before was starting to add some nat rules for my pbx.
>
> It started when nagios informend me my WAP wasn't responding to pings.
> I thought there was something wrong with it but the rest of the network seemed to be still working (I think but can't be sure because i haven't had the time to setup network monitoring) I couldn't ping the WAP so I connected my desktop's network to it (sadly no console port) and could see it's web interface but from there i couldn't ping my srx.
>
> I thought rebooting the WAP would help but it didn't.
> I also thought rebooting the SRX would help but that just seemed to make things worse.
>
> I rebooted the SRX from console and did notice these as it was booting and have no idea whether they are relevent.
> veriexec: cannot verify /packages/junos-11.2R3.3-domestic.sig: ERROR:
> Failed signature check of junos-11.2R3.3-domestic Additional routing options:kern.module_path:
> /boot//kernel;/boot/modules ->
> /boot/modules;/modules/ifpfe_drv;kldload: Unsupported file type /modules;
>
> Once it had rebooted It appeared to have connected to internode and got my static ip and I could ping it's uplink (probably the wrong word but you probably know what i mean) I had to switch the nameservers to something outside my failing network so i could get some idea of what was happening.
> I used Internodes nameservers and i could ping them but couldn't resolve and hosts.
> I could also ping our external servers so it seemed the network was working properly but the internal network was still not working.
>
> I then decided I should setup my fritx box as the dsl and router for the office and then it was 5pm.
> I really had no idea what had happened and it made no sense to me at all.
> All I can think of is it was the srx was refusing host inbound traffic which makes no sense because that has been working fine since i got it working a few weeks ago and hadn't changed the config for it.
>
> I think I had the same issue while I was doing my initial setup of the srx.
> I was setting up security zones and policies and thought I had it setup right and committed it and every device i tried to connect to it failed to get an ip.
> At the time I had no idea what to do so I reset it to factory defaults and started again.
> I also had no idea how to save the config off and thought starting again was the best idea.
>
> I checked my nagios alerts this morning and i see a string of hosts dropping off the network.
>
> Has anyone seen this sort of thing before?
> I was wondering if it was some kind of problem with my licence or something (I am trying not to think it's a hardware issue but i am not going to rule that out).
>
> Any thoughts or pointers appreciated.
> I thought doing a "request support information" was a good idea so i have that and my config directory saved off to a usb stick.
> (I can see me owing a bunch of you beer so I guess I better show up to the next conference if i can make it)
>
> Thanks in advance.
> Pete.
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
> ---
> This email may contain confidential information and is for the sole use of the intended recipient(s). Any unauthorized use or disclosure of this communication is prohibited. If you have received this email in error please delete it and notify sender.
>
More information about the AusNOG
mailing list