[AusNOG] srx 110 networking issue

Cooper Ry Lees me at cooperlees.com
Tue Oct 30 08:20:10 EST 2012 

Hi James,

I would log a JTAC call for that bug and see if there is a PR for that.

Ta,
--
Cooper Ry Lees
[e] me at cooperlees.com
[m] +61 403 739 446
[w] http://cooperlees.com/


On Tue, Oct 30, 2012 at 7:49 AM, James Baker <james at jgbaker.co.nz> wrote:

> Hijack time
>
> Has anyone seen an issue with a SRX110 where the ADSL will not negotiate
> unless you restart FPC 1 which has the ADSL module?  This happens on boot
> and if the DSL drops. When I say negotiate I mean the AT-1/0/0.1 interface
> is up but no PPP. Restart the FPC and it will start working.
>
> I've seen this on 11.3r,11.4r2-4 and 12.1r1
>
>
> /hijack over
>
>
> Thanks
>
>
> -----Original Message-----
> From: ausnog-bounces at lists.ausnog.net [mailto:
> ausnog-bounces at lists.ausnog.net] On Behalf Of Tom Storey
> Sent: Tuesday, 30 October 2012 1:01 a.m.
> To: Peter Brown
> Cc: ausnog at lists.ausnog.net
> Subject: Re: [AusNOG] srx 110 networking issue
>
> I have had a couple of issues with my SRX100 where it stops forwarding
> traffic. Nothing seems to bring it back except a reboot.
>
> Would notice it when I get home and I have no Internet. Cant SSH in or
> ping through it to another subnet in a different VLAN, so I break out the
> USB-Serial adaptor. PPPoE has dropped and no amount of clearing PPPoE
> sessions would make it come back.
>
> Seems to be running fine now that I have updated to 12.1R3.5, which also
> fixed a "bug" where SNMP would just stop returning current values. It would
> return the same values over and over, so SNMP itself hadnt broken, just not
> current ones.
>
> Tom
>
>
> On 29 October 2012 01:32, Peter Brown <rendhalver at gmail.com> wrote:
> > Hi,
> >
> > I got it all working again and have turned off the trace options and a
> > few other redundant settings in the process.
> > It seems to have been a strange failover issue where it booted into
> > it's backup partition and loaded an old broken config.
> > I git it upgraded too which is nice.
> >
> > On 29 October 2012 09:05, Daniel Polidori
> > <Daniel.Polidori at computershare.com.au> wrote:
> >> Hey Peter,
> >>
> >> I am new to this so all if I do something wrong please just let me know.
> >>
> >> I am pretty sure I remember looking through your config you uploaded in
> a previous thread and I remember seeing you had a lot of Trace Options
> turned on.
> >>
> >> Trace Options should only be used when trying to debug and should not
> be left turned on.  The behaviour you are describing sounds like the
> firewall cannot process the traffic it is receiving.
> >>
> >> If you would like to upload your config again I would be happy to
> confirm my suspicions but if you do have trace options turned on in
> multiple sections of the config and are not filtering very much then all
> traffic that passes through the firewall will have to be processed by trace
> options which would be using a lot of the firewalls resourcing.
> >>
> >> If you like you don't have to delete the trace options but just
> "disable" the trace options you have turned on and see if that helps.
> >>
> >> Hope this is useful.
> >>
> >> Cheers
> >>
> >> Daniel Polidori
> >> Computershare
> >> Senior Network Engineer > Technology Services P +61 3 9907 7856  M
> >> +61 466 089 582  F +61 3 9473 2441 Yarra Falls, 452 Johnston Street
> >> Abbotsford VIC 3067, Melbourne, Australia www.computershare.com.au
> >>
> >> -----Original Message-----
> >> From: ausnog-bounces at lists.ausnog.net
> >> [mailto:ausnog-bounces at lists.ausnog.net] On Behalf Of Peter Brown
> >> Sent: Friday, 26 October 2012 11:43 AM
> >> To: ausnog at lists.ausnog.net
> >> Subject: [AusNOG] srx 110 networking issue
> >>
> >> Hi everyone,
> >>
> >> This is going to be a bit of a rambling brain dump so please bear with
> me.
> >>
> >> I had the strangest issue with my srx110 yesterday afternoon just
> before I went home.
> >> For some as yet undetermined reason my network basically died.
> >> I was in the middle of configuring some new nat and security rules but
> hadn't committed them.
> >> The only thing I had changed since the day before was starting to add
> some nat rules for my pbx.
> >>
> >> It started when nagios informend me my WAP wasn't responding to pings.
> >> I thought there was something wrong with it but the rest of the network
> seemed to be still working (I think but can't be sure because i haven't had
> the time to setup network monitoring) I couldn't ping the WAP so I
> connected my desktop's network to it (sadly no console port) and could see
> it's web interface but from there i couldn't ping my srx.
> >>
> >> I thought rebooting the WAP would help but it didn't.
> >> I also thought rebooting the SRX would help but that just seemed to
> make things worse.
> >>
> >> I rebooted the SRX from console and did notice these as it was booting
> and have no idea whether they are relevent.
> >> veriexec: cannot verify /packages/junos-11.2R3.3-domestic.sig: ERROR:
> >> Failed signature check of junos-11.2R3.3-domestic Additional routing
> options:kern.module_path:
> >> /boot//kernel;/boot/modules ->
> >> /boot/modules;/modules/ifpfe_drv;kldload: Unsupported file type
> >> /modules;
> >>
> >> Once it had rebooted It appeared to have connected to internode and got
> my static ip and I could ping it's uplink (probably the wrong word but you
> probably know what i mean) I had to switch the nameservers to something
> outside my failing network so i could get some idea of what was happening.
> >> I used Internodes nameservers and i could ping them but couldn't
> resolve and hosts.
> >> I could also ping our external servers so it seemed the network was
> working properly but the internal network was still not working.
> >>
> >> I then decided I should setup my fritx box as the dsl and router for
> the office and then it was 5pm.
> >> I really had no idea what had happened and it made no sense to me at
> all.
> >> All I can think of is it was the srx was refusing host inbound traffic
> which makes no sense because that has been working fine since i got it
> working a few weeks ago and hadn't changed the config for it.
> >>
> >> I think I had the same issue while I was doing my initial setup of the
> srx.
> >> I was setting up security zones and policies and thought I had it setup
> right and committed it and every device i tried to connect to it failed to
> get an ip.
> >> At the time I had no idea what to do so I reset it to factory defaults
> and started again.
> >> I also had no idea how to save the config off and thought starting
> again was the best idea.
> >>
> >> I checked my nagios alerts this morning and i see a string of hosts
> dropping off the network.
> >>
> >> Has anyone seen this sort of thing before?
> >> I was wondering if it was some kind of problem with my licence or
> something (I am trying not to think it's a hardware issue but i am not
> going to rule that out).
> >>
> >> Any thoughts or pointers appreciated.
> >> I thought doing a "request support information" was a good idea so i
> have that and my config directory saved off to a usb stick.
> >> (I can see me owing a bunch of you beer so I guess I better show up
> >> to the next conference if i can make it)
> >>
> >> Thanks in advance.
> >> Pete.
> >> _______________________________________________
> >> AusNOG mailing list
> >> AusNOG at lists.ausnog.net
> >> http://lists.ausnog.net/mailman/listinfo/ausnog
> >>
> >> ---
> >> This email may contain confidential information and is for the sole use
> of the intended recipient(s).  Any unauthorized use or disclosure of this
> communication is prohibited.  If you have received this email in error
> please delete it and notify sender.
> >>
> > _______________________________________________
> > AusNOG mailing list
> > AusNOG at lists.ausnog.net
> > http://lists.ausnog.net/mailman/listinfo/ausnog
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20121030/3c69287c/attachment.html>

More information about the AusNOG mailing list