[AusNOG] srx 110 networking issue
Gavin Tweedie
gav at narx.net
Tue Oct 30 12:25:04 EST 2012
You should be able to pickup TAC help for your home gear for as little
as about $40-$60 a year on a SRX110 - lookup part codes "SVC-CP-SRX110"
& "SVC-COR-SRX110".
Gav
On 30/10/2012 5:28 AM, James Baker wrote:
> Yeah I would but it’s my home gear so no go there
>
> *From:*ausnog-bounces at lists.ausnog.net
> [mailto:ausnog-bounces at lists.ausnog.net] *On Behalf Of *Cooper Ry Lees
> *Sent:* Tuesday, 30 October 2012 10:20 a.m.
> *To:* ausnog at lists.ausnog.net
> *Subject:* Re: [AusNOG] srx 110 networking issue
>
> Hi James,
>
> I would log a JTAC call for that bug and see if there is a PR for that.
>
> Ta,
>
> --
> Cooper Ry Lees
> [e] me at cooperlees.com <mailto:me at cooperlees.com>
> [m] +61 403 739 446
> [w] http://cooperlees.com/
>
> On Tue, Oct 30, 2012 at 7:49 AM, James Baker <james at jgbaker.co.nz
> <mailto:james at jgbaker.co.nz>> wrote:
>
> Hijack time
>
> Has anyone seen an issue with a SRX110 where the ADSL will not
> negotiate unless you restart FPC 1 which has the ADSL module? This
> happens on boot and if the DSL drops. When I say negotiate I mean
> the AT-1/0/0.1 interface is up but no PPP. Restart the FPC and it
> will start working.
>
> I've seen this on 11.3r,11.4r2-4 and 12.1r1
>
>
> /hijack over
>
>
> Thanks
>
>
>
> -----Original Message-----
> From: ausnog-bounces at lists.ausnog.net
> <mailto:ausnog-bounces at lists.ausnog.net>
> [mailto:ausnog-bounces at lists.ausnog.net
> <mailto:ausnog-bounces at lists.ausnog.net>] On Behalf Of Tom Storey
> Sent: Tuesday, 30 October 2012 1:01 a.m.
> To: Peter Brown
> Cc: ausnog at lists.ausnog.net <mailto:ausnog at lists.ausnog.net>
> Subject: Re: [AusNOG] srx 110 networking issue
>
> I have had a couple of issues with my SRX100 where it stops
> forwarding traffic. Nothing seems to bring it back except a reboot.
>
> Would notice it when I get home and I have no Internet. Cant SSH in
> or ping through it to another subnet in a different VLAN, so I break
> out the USB-Serial adaptor. PPPoE has dropped and no amount of
> clearing PPPoE sessions would make it come back.
>
> Seems to be running fine now that I have updated to 12.1R3.5, which
> also fixed a "bug" where SNMP would just stop returning current
> values. It would return the same values over and over, so SNMP
> itself hadnt broken, just not current ones.
>
> Tom
>
>
> On 29 October 2012 01:32, Peter Brown <rendhalver at gmail.com
> <mailto:rendhalver at gmail.com>> wrote:
> > Hi,
> >
> > I got it all working again and have turned off the trace options
> and a
> > few other redundant settings in the process.
> > It seems to have been a strange failover issue where it booted into
> > it's backup partition and loaded an old broken config.
> > I git it upgraded too which is nice.
> >
> > On 29 October 2012 09:05, Daniel Polidori
> > <Daniel.Polidori at computershare.com.au
> <mailto:Daniel.Polidori at computershare.com.au>> wrote:
> >> Hey Peter,
> >>
> >> I am new to this so all if I do something wrong please just let
> me know.
> >>
> >> I am pretty sure I remember looking through your config you
> uploaded in a previous thread and I remember seeing you had a lot of
> Trace Options turned on.
> >>
> >> Trace Options should only be used when trying to debug and
> should not be left turned on. The behaviour you are describing
> sounds like the firewall cannot process the traffic it is receiving.
> >>
> >> If you would like to upload your config again I would be happy
> to confirm my suspicions but if you do have trace options turned on
> in multiple sections of the config and are not filtering very much
> then all traffic that passes through the firewall will have to be
> processed by trace options which would be using a lot of the
> firewalls resourcing.
> >>
> >> If you like you don't have to delete the trace options but just
> "disable" the trace options you have turned on and see if that helps.
> >>
> >> Hope this is useful.
> >>
> >> Cheers
> >>
> >> Daniel Polidori
> >> Computershare
> >> Senior Network Engineer > Technology Services P +61 3 9907 7856
> <tel:%2B61%203%209907%207856> M
> >> +61 466 089 582 <tel:%2B61%20466%20089%20582> F +61 3 9473 2441
> <tel:%2B61%203%209473%202441> Yarra Falls, 452 Johnston Street
> >> Abbotsford VIC 3067, Melbourne, Australia
> www.computershare.com.au <http://www.computershare.com.au>
> >>
> >> -----Original Message-----
> >> From: ausnog-bounces at lists.ausnog.net
> <mailto:ausnog-bounces at lists.ausnog.net>
> >> [mailto:ausnog-bounces at lists.ausnog.net
> <mailto:ausnog-bounces at lists.ausnog.net>] On Behalf Of Peter Brown
> >> Sent: Friday, 26 October 2012 11:43 AM
> >> To: ausnog at lists.ausnog.net <mailto:ausnog at lists.ausnog.net>
> >> Subject: [AusNOG] srx 110 networking issue
> >>
> >> Hi everyone,
> >>
> >> This is going to be a bit of a rambling brain dump so please
> bear with me.
> >>
> >> I had the strangest issue with my srx110 yesterday afternoon
> just before I went home.
> >> For some as yet undetermined reason my network basically died.
> >> I was in the middle of configuring some new nat and security
> rules but hadn't committed them.
> >> The only thing I had changed since the day before was starting
> to add some nat rules for my pbx.
> >>
> >> It started when nagios informend me my WAP wasn't responding to
> pings.
> >> I thought there was something wrong with it but the rest of the
> network seemed to be still working (I think but can't be sure
> because i haven't had the time to setup network monitoring) I
> couldn't ping the WAP so I connected my desktop's network to it
> (sadly no console port) and could see it's web interface but from
> there i couldn't ping my srx.
> >>
> >> I thought rebooting the WAP would help but it didn't.
> >> I also thought rebooting the SRX would help but that just seemed
> to make things worse.
> >>
> >> I rebooted the SRX from console and did notice these as it was
> booting and have no idea whether they are relevent.
> >> veriexec: cannot verify /packages/junos-11.2R3.3-domestic.sig:
> ERROR:
> >> Failed signature check of junos-11.2R3.3-domestic Additional
> routing options:kern.module_path:
> >> /boot//kernel;/boot/modules ->
> >> /boot/modules;/modules/ifpfe_drv;kldload: Unsupported file type
> >> /modules;
> >>
> >> Once it had rebooted It appeared to have connected to internode
> and got my static ip and I could ping it's uplink (probably the
> wrong word but you probably know what i mean) I had to switch the
> nameservers to something outside my failing network so i could get
> some idea of what was happening.
> >> I used Internodes nameservers and i could ping them but couldn't
> resolve and hosts.
> >> I could also ping our external servers so it seemed the network
> was working properly but the internal network was still not working.
> >>
> >> I then decided I should setup my fritx box as the dsl and router
> for the office and then it was 5pm.
> >> I really had no idea what had happened and it made no sense to
> me at all.
> >> All I can think of is it was the srx was refusing host inbound
> traffic which makes no sense because that has been working fine
> since i got it working a few weeks ago and hadn't changed the config
> for it.
> >>
> >> I think I had the same issue while I was doing my initial setup
> of the srx.
> >> I was setting up security zones and policies and thought I had
> it setup right and committed it and every device i tried to connect
> to it failed to get an ip.
> >> At the time I had no idea what to do so I reset it to factory
> defaults and started again.
> >> I also had no idea how to save the config off and thought
> starting again was the best idea.
> >>
> >> I checked my nagios alerts this morning and i see a string of
> hosts dropping off the network.
> >>
> >> Has anyone seen this sort of thing before?
> >> I was wondering if it was some kind of problem with my licence
> or something (I am trying not to think it's a hardware issue but i
> am not going to rule that out).
> >>
> >> Any thoughts or pointers appreciated.
> >> I thought doing a "request support information" was a good idea
> so i have that and my config directory saved off to a usb stick.
> >> (I can see me owing a bunch of you beer so I guess I better show up
> >> to the next conference if i can make it)
> >>
> >> Thanks in advance.
> >> Pete.
> >> _______________________________________________
> >> AusNOG mailing list
> >> AusNOG at lists.ausnog.net <mailto:AusNOG at lists.ausnog.net>
> >> http://lists.ausnog.net/mailman/listinfo/ausnog
> >>
> >> ---
> >> This email may contain confidential information and is for the
> sole use of the intended recipient(s). Any unauthorized use or
> disclosure of this communication is prohibited. If you have
> received this email in error please delete it and notify sender.
> >>
> > _______________________________________________
> > AusNOG mailing list
> > AusNOG at lists.ausnog.net <mailto:AusNOG at lists.ausnog.net>
> > http://lists.ausnog.net/mailman/listinfo/ausnog
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net <mailto:AusNOG at lists.ausnog.net>
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net <mailto:AusNOG at lists.ausnog.net>
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
>
>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
More information about the AusNOG
mailing list