Control and Forwarding Plane
Control and Forwarding Plane
Synchronization 1) 100-Mbps fxp1 Ethernet link is used between RE and PFE 2) For M320 case, 100-Mbps Ethernet switch is being used to provide a dedicated link to each FPC. For RE, these links are presented at bcm0 3) Fxp0: management interface 4) Fxp2: communication between Primary RE and backup RE 3) Forwarding table (FT) can hold over 800,000 routes.
Copyright 2007 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net
www.juniper.net
System storage
3 types of storages: 1) Compact Flash(ad0) : built-in at the board. 2) Hard Drive(ad1) 3) External storage -PCMCIA card(da0??) -USB(da1??)
www.juniper.net
www.juniper.net
www.juniper.net
Change the candidate configuration. Examples: - set alarm sonet lol red - delete alarm sonet pll Display difference between the candidate and active configurations: At the current statement-path, show | compare Viewing difference in files. Example: - file show filename1 | compare file filename2 - show configuarion | compare rollback number Removing statements: delete Delete the statements and all its subordinate statements and identifieres.
Wildcard delete. Example: wildcard delte interfaces fe-* Ignore portion of the configuration hierarchy: deactivate / activate Disable an interface: set disable interface Delete and disabled interface: delete interface <interface-name> disable
www.juniper.net
www.juniper.net
www.juniper.net
Master switchover Request chassis cfeb master switch Request chassis routing-engine master switch
Proprietary and Confidential www.juniper.net
www.juniper.net
www.juniper.net
www.juniper.net
Boot image
If you need to reboot from PCMCIA card, you need to copy a special image called jinstallmediaxxxx. Interrupt normal boot Hit space when the system is rebooting until it goes to either boot: or OK prompt. If you get boot: prompt, the loader is not run yet. You need to do this: Boot: /boot/loader Change a boot device at OK prompt Ok nextboot compact-flash Ok reboot
Copyright 2007 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net
Interfaces
Disable(admin down) an interface Admin Link So-0/1/1 down up So-0/1/1.0 up down
Link up
www.juniper.net
Primary coopy of JUNOS resides on the flash memory. Use this command to create a backup copy:
request system snapshot
Mgd manages CLI RE has different versions: RE-333, RE-400, RE-600, RE-1600. Each RE is supported by certain platforms. RE uses Intel processor from P III to P IV. Use this command to find out what RE is being used: show chassis hardware. Hard disk monitoring: Self-Monitoring Analysis and Reporting Technology System(SMART). From 5.5, SMART is enabled by default. To disable:
set system processes disk-monitoring disable Configuration file compression: default starting Release 7.0 (maybe). To enable: set system compress-configuration-file
RE versions RE5(RE-400): only supported in M7i and M10i RE4(RE-600): All M and T series. Except M7i/M10i/M320. The only RE to have flash memory upgrade RE3 (RE-333): M5/10/20/40/40e, and M160 RE-1600: M320 and T320/T640. Using Broadcom chipset for Ethernet connectivity to PFE. While used on M320, the GE link is supported as bcm0. While on T-series, 100Mbps is supported(???)
www.juniper.net
www.juniper.net
T320: 3 SIBs with 2 are active. SIB 1 and 2 are active, SIB0 is standby. SIB0 has only one high-speed line (HSL) connected to FPC. SIB1 and SIB2 has 2 HSL. So when SIB0 becomes active, system performance is degraded.
T640: 5 switch fabric cards or SIBs, 4 are active, 1 standby. Something like Ciscos GSR. M320: 4 SIBs. M320 FPC1: use single I chip M320 FPC2: dual I chip, thus two PFE M320 FPC3: dual J chip, thus two PFE
www.juniper.net
www.juniper.net
www.juniper.net
Enhanced System Boards: - 2nd generation Internet Processor II ASIC (not on M5/10 and M7i/10i) - support 840K routing entries, double from old board 420K. - Double on-chip memory to 16MB on IP II - CPU memory 128 M for M40, 256M for M20, M40e and M160. - Increased CPU speed to 256 MHZ. - First shipped with JUNOS 5.5 Sep 2002.
www.juniper.net
IP II ASIC
Performance: 40 Mpps, 40 byte with 80K prefixes at routing table. Packet processing features: Filtering, sampling, logging, counting, load balancing All M-series have enhanced S-board which as IP II ASIC. M5/10 doesnt have enhanced S-board.
T-series might contain as many as 16 IP II ASIC. Each FPC has one or two PFE which contains its own IP II ASIC.
www.juniper.net
Craft Interface
What is it? Collection of mechanisms on M-series and T-series View System status messages Trouble shooting Where is it? On the front of the chassis What does it have? System status LEDs FPC/PIC online/offline buttons. LCD screen provide status reporting for the entire system. What alternatives on other platforms? M7i: FIC (Fixed Interface Card)provide PIC offline/online buttons M10i: HCM (High-Availability Chassis Manager) Card provide PIC offline/online bottons.
Proprietary and Confidential www.juniper.net
Password recovery
Connect to console Power cycle the RE and watch it booting up Enter a space character at the boot loader quick help manue to get a command prompt (dont enter space too quickly) Enter boot s When system boots up, answer recovery to recover password Follow the on-screen steps to change password Commit the change Reboot the system again.
www.juniper.net
www.juniper.net
www.juniper.net
www.juniper.net
www.juniper.net
www.juniper.net
www.juniper.net
www.juniper.net
www.juniper.net
2) For some freaking .tgz file, you need to do this gunzip < cosd.core-tarball.0.tgz.2 | tar -xvf Using GUI
http://jtac-tools.juniper.net/crashdecode/coredump.html
Using Manual methods: Step 1: Using Jdebug to find out the stack traces. jdebug='/volume/buildtools/bin/jdebug /volume/buildtools/bin/jdebug <core_file name> Examples: The core file is saved at /volume/ftp/pub/incoming/2008-0104-0511/core-SSB0.core.0 Step 2: Use query-pr to find out the possible PRs based on the stack trace. query-pr -m "thread_debug" -m "sched_suspend_thread" summary
www.juniper.net
So the whole path is: /volume/nfsbuild40/pgoyette/VZ-8.2-20071012/src/juniper/pfe/obj-scb Step 2: Find out the *.elf file. In the above case, it is scb.elf under the above path.
www.juniper.net
lab@iggy> show version brief | grep packet JUNOS Packet Forwarding Engine Support [4.0-20000608s22432] (From above number I dont know where to get the jpfe file) single% tar zxfv jpfe-4.0-20000608-regressed-debug.tgz +CONTENTS +COMMENT +DESC +INSTALL +REQUIRE usr/share/pfe/scb.jbf usr/share/pfe/scb.sym usr/share/pfe/scb.elf fpc.sym M20/M40 fpc stack traces usr/share/pfe/fpc.jbf fpc160.sym M160 fpc stack traces usr/share/pfe/fpc.sym sbr.sym M5/M10 stack traces usr/share/pfe/fpc.elf usr/share/pfe/sfm.jbf scb.sym M40/M20 S-Board traces usr/share/pfe/sfm.sym sfm.sym M160 SFM traces. usr/share/pfe/sfm.elf usr/share/pfe/fpc160.jbf usr/share/pfe/fpc160.sym usr/share/pfe/fpc160.elf
Copyright 2007 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net
www.juniper.net
Find out where is the symbol file by using what. Ex: /volume/nfsbuild40/pgoyette/VZ8.2I20071212_2313/ship/ jkernel8.2I20080311_1541_jtac-builder-debug.tgz
copy the jkernel file to your home directory and unzip it. Ex: gunzip < jkernel-8.2I20080311_1541_jtacbuilder-debug.tgz | tar -xvf Debug the vmcore.0 file Ex: gdb -k kernel.debug vmcore.0
www.juniper.net
www.juniper.net
2702
2703 2704
}
if (ifd_has_ieee_classifier) {
2705 cos_ifd->if_flags |= COS_IFD_CONF_F_IEEE_CLASSIFIER; 2706 2707 2708 2709 /* * in commit check, cosd hasn't built its interface data }
www.juniper.net
www.juniper.net
Example: mpc106 machine check caused by error on the Processor Bus < reported by Processor Bus mpc106 error detect register 1: 0x04, 2: 0x00 mpc106 error ack count = 0 mpc106 error address: 0x02f39e18 mpc106 Processor bus error status register: 0x72 transfer type 0b01110, transfer size 2 mpc106 error detection reg1: memory parity/ECC error < parity error. mpc106 PCI status reg: parity error
Copyright 2007 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net
Example: mpc106 machine check caused by error on the Processor Bus < reported by Processor Bus mpc106 error detect register 1: 0x04, 2: 0x00 mpc106 error ack count = 0 mpc106 error address: 0x02f39e18 mpc106 Processor bus error status register: 0x72 transfer type 0b01110, transfer size 2 mpc106 error detection reg1: memory parity/ECC error < parity error. mpc106 PCI status reg: parity error
Copyright 2007 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net
Monitoring - logs
Step 1: configure logging file Example: isis { traceoptions { file mike-isis; flag state; flag error; flag spf; flag lsp receive detail; } Step 2: monitor start <log-file-name>
Booting up system
request system snapshot partition as-primary request system media usb request system reboot media usb - when reboot from another media, all
the file systems will be under this media.
request system snapshot part as-primary media compact-flash request system reboot media compact request system software add /var/tmp/junojseries-8.4R2.4domestic.tgz no-validate Request system snapshot -- make a image at another storage(if you request system software delete backup
are using disk, this will mirror the image to CF. If you are using CF, this will makes an image at disk.
Tools and quick reference http://clie.juniper.net /volume/build - junos releases and source code. After 8.4, go to extra hierarchy /volume/build/junos. For example: /volume/build/junos/8.4/release/8.4R2.4/ship http://jam.jnpr.net http://www-in.juniper.net/eng/cvs_pdf/ https://deepthought.juniper.net/app/ http://cvs/cgi-bin/viewcvs.cgi/ http://confluence.jnpr.net/ /volume/current - cvs functional specs /volume/labcores http://rogers.jtacemea.jnpr.net/wiki/index.php?title=Enginee
Proprietary and Confidential www.juniper.net
www.juniper.net
USER
..... root USER .....
CMD
mib2d CMD
PID FD MOUNT
INUM MODE
SZ|DV R/W
8302 17* local stream faab6c80 <-> fab03e60 PID FD MOUNT INUM MODE SZ|DV R/W
root
snmpd
3. Then, check the socket data. root@Kelly_RE0% netstat -Aan | egrep -i "mib2d|snmpd|Send" PCB PCB Proto Recv-Q Send-Q Local Address Proto Recv-Q Send-Q Local Address Inode Conn 0 0 0 0 0 0 0 0 0 0 faad35a0 0 faa47aa0 0 fab67dc0 Foreign Address Foreign Address (state) (state)
Address Type Recv-Q Send-Q f5f4e6c0 stream f5f4b300 stream f5f4fc20 stream
How to do RMA?
1. Logistics
csr-apac(emea, usa)
www.juniper.net
show lchip [x] lout hw nlif show lchip [x] stream [stream_#] show lchip [x] lout registers lsif lsif [stream_#]
www.juniper.net
start shell
su vty fpc[x] show sys mess show nvram show lchip ifd show ifl brief show lchip [x] error show lchip [x] lout stat show lchip [x] lout sw lsif show lchip [x] lout sw desrd
(where [stream_#] is the stream you have seen on the "show lchip ifd"
Show chassis fabric topology Show chassis show lchip [x] stream [stream_#] fabric sibs Show chassis fabric fpcs show lchip [x] lout registers lsif lsif [stream_#]
Proprietary and Confidential www.juniper.net
rtsockmon -c mib2d rtsockmon -ge mib2d show snmp statistics extensive netstat an show system virtual-memory [edit snmp] lab@Johnny-re1# show community public; traceoptions { file test size 10m; flag all; }
Copyright 2007 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net
FPC7(FED1DSRJ01-LAB-re0 vty)# show route ip prefix 192.12.1.2 IPv4 Route Table 0, default.0, 0x0: Destination NH IP Addr Type NH ID Interface --------------------------------- --------------- -------- ----- -------192.12.1.2 Hold 716 ge-7/0/4.0
www.juniper.net
install@FED1DSRJ01-LAB-re0> show route forwarding-table destination 192.12.1.2 Routing table: inet Internet: Destination Type RtRef Next hop Type Index NhRef Netif 192.12.1.2/32 dest 1 192.12.1.2 hold 716 2 ge-7/0/4.0
Routing table: __juniper_private1__.inet Internet: Destination Type RtRef Next hop Type Index NhRef Netif default perm 0 rjct 116 1 Routing table: __juniper_private2__.inet Internet: Destination Type RtRef Next hop Type Index NhRef Netif default perm 0 rjct 196 1 Routing table: FED1J1MIS.inet Internet: Destination Type RtRef Next hop Type Index NhRef Netif default perm 0 rjct 521 1 Routing table: TEST-L3VPN.inet Internet: Destination Type RtRef Next hop Type Index NhRef Netif default perm 0 rjct 530 1
www.juniper.net
ge-7/1/0.0
em0.0 ge-7/0/5.0
www.juniper.net
ge-7/1/0.0
em0.0 ge-7/0/5.0
www.juniper.net
www.juniper.net
FFPC7(FED1DSRJ01-LAB-re0 vty)# show route ip prefix 192.12.1.2 IPv4 Route Table 0, default.0, 0x0: Destination NH IP Addr Type NH ID Interface --------------------------------- --------------- -------- ----- --------192.12.1.2 192.12.1.2 Unicast 716 ge-7/0/4.0 FFPC7(FED1DSRJ01-LAB-re0 vty)# show route ip lookup 192.12.1.2 Route Information (192.12.1.2): interface : ge-7/0/4.0 (87) Nexthop prefix : 192.12.1.2 Nexthop ID : 716 MTU : 1514 Class ID :0
FFPC7(FED1DSRJ01-LAB-re0 vty)#
Proprietary and Confidential www.juniper.net
www.juniper.net
Agilent Router Tester. Remote access: Top 3 chassis: 172.19.59.28 Bottom 3 chassis: 172.19.58.12 User name: Administrator Password: n2x Launch pad Create new session For FE, need to config SFP
IXIA: VNC 172.19.58.2 (SV) 172.25.84.219(HD) ixia-2.jtac-west IXIA application server: 172.19.58.17
Proprietary and Confidential www.juniper.net
Lab stuff
www.juniper.net
www.juniper.net
Ethernet OAM
Ethernet OAM types
In short, there are two types of Ethernet OAM: 1. Ethernet OAM as defined by 802.3ah This is referred as LFM (Link Fault Management) and are identified by the ether-type 0x8809 (slow protocol type packets), sub-type 3. 2. Ethernet OAM as defined by IEEE 802.1ag This is referred as CFM (Connectivity Fault Management) and can be by the ether-type 0x8902.
Ethernet OAM implementation in JunOS Ethernet OAM is implemented using the RE user space daemons "lfmd" and "cfmd". Also, both "lfmd" and "cfmd" use the "ppmd" daemon on the PFE for some periodic packet processing. There is a packet processing path in the RE kernel as well in addition to the daemons mentioned above.
www.juniper.net
Ethernet OAM
Ethernet OAM for regular Ethernet interfaces
Both 802.3ah (LFM) and 802.1ag (CFM) type Ethernet OAMs are supported in JunOS for the regular Ethernet interfaces with the following restrictions. 802.3ah (LFM) type OAM can be configured only on the Ethernet IFDs and NOT on the Ethernet IFLs. Also, these packets are always VLAN untagged.
However, 802.1ag (CFM) type OAM can be configured either on an Ethernet IFD or IFL. If this is configured on an IFD, the packets will be always VLAN untagged. If this is configured on an IFL, it will be either VLAN tagged or untagged based on the "vlantagging" keyword configuration on an Ethernet IFD.
www.juniper.net
Ethernet OAM
Link Monitoring Link monitoring in Ethernet OAM detects and indicates link faults under a variety of conditions. Link monitoring uses the event notification OAMPDU and sends events to the remote OAMentity when there are problems detected on the link. The error events include the following: Error Symbol Period (error symbols per second)The number of symbol errors that occurred during a specified period exceeded a threshold. These errors are coding symbol errors. Error Frame (error frames per second)The number of frame errors detected during a specified period exceeded a threshold. Error Frame Period (error frames per n frames)The number of frame errors within the last n frames has exceeded a threshold. Error Frame Seconds Summary (error seconds per m seconds)The number of error seconds (1-second intervals with at least one frame error) within the last m seconds has exceeded a threshold. Since IEEE 802.3ah OAM does not provide a guaranteed delivery of any OAM PDU, the event notification OAM PDU may be sent multiple times to reduce the probability of a lost notification. A sequence number is used to recognize duplicate events
Copyright 2007 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net
Ethernet OAM
Ethernet OAM for regular Ethernet interfaces
Both 802.3ah (LFM) and 802.1ag (CFM) type Ethernet OAMs are supported in JunOS for the regular Ethernet interfaces with the following restrictions. 802.3ah (LFM) type OAM can be configured only on the Ethernet IFDs and NOT on the Ethernet IFLs. Also, these packets are always VLAN untagged.
However, 802.1ag (CFM) type OAM can be configured either on an Ethernet IFD or IFL. If this is configured on an IFD, the packets will be always VLAN untagged. If this is configured on an IFL, it will be either VLAN tagged or untagged based on the "vlantagging" keyword configuration on an Ethernet IFD.
www.juniper.net
www.juniper.net
www.juniper.net
1. 2. 3.
lab@slayer-re1# set class-of-service copy-plp Default forwarding class: Queue Forwarding-class 0 best-effort 1 Assured-forwarding 2 expedited-forwarding 3 network-control
www.juniper.net
www.juniper.net
The mapping of alias to EXP code point is at next slide. Same thing to look up alias to DSCP code point.
www.juniper.net
www.juniper.net
www.juniper.net
Problem
Customer Cox was seeing an increase of NonReal-Time class traffic in the network when replacing IQ2 10GE PICs by 10GE XENPAK (nonIQ2) PICs. Hard to isolate as there was a mix of traffic from different sources. Initially though the problem was due to missclasification.
www.juniper.net
Topology
LSP
IP unlabeled Traffic
xe-0/1/0
IP unlabeled Traffic
Copyright 2007 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net
www.juniper.net
NON-REAL-TIME-af11 001;
INTERACTIVE-af21 010; REAL-TIME-af31 011; VIDEO-af41 100; VOICE-ef 101; NETWORK-CONTROL-nc1 110; }
www.juniper.net
VIDEO-af41 100;
VOICE-ef 101; NETWORK-CONTROL-nc1 110;
www.juniper.net
}
forwarding-class INTERACTIVE { loss-priority low code-point INTERACTIVE-af21; loss-priority high code-point INTERACTIVE-af21; } forwarding-class REAL-TIME { loss-priority low code-point REAL-TIME-af31; loss-priority high code-point REAL-TIME-af31; } forwarding-class VIDEO { loss-priority low code-point VIDEO-af41; loss-priority high code-point VIDEO-af41; } forwarding-class VOICE { loss-priority low code-point VOICE-ef; loss-priority high code-point VOICE-ef; }
forwarding-class NETWORK-CONTROL {
loss-priority low code-point NETWORK-CONTROL-nc1; loss-priority high code-point NETWORK-CONTROL-nc1; } Copyright 2007 Juniper Networks, Inc.
Proprietary and Confidential www.juniper.net
PLP handling
IQ2 PIC
Simple Filter
Lin
Jtree Lookup
Lout
MF Classifier
Rewrite Rule
BA Classifier
Non-IQ2 PIC
PIC
www.juniper.net
Which PLP ?
The L to N notification cell contains two bits (three with tri-color marking) of interest: The pseudo-plp bit: This is bit 2 of the QoS field (6-bits), and its used by the Lin BA Classifier and Rewrite rules The real plp bit: this is a separate bit, see the Lin functional description for location.
www.juniper.net
PLP On LMNR
www.juniper.net
www.juniper.net
Contd
# show class-of-service classifiers inet-precedence CLASSIFY-IPP forwarding-class BEST-EFFORT { loss-priority high code-points 000; } # show class-of-service forwarding-classes queue 0 BEST-EFFORT; queue 1 NON-REAL-TIME; queue 2 INTERACTIVE; queue 3 REAL-TIME; queue 4 VIDEO; queue 5 VOICE; queue 6 NETWORK-CONTROL;
Copyright 2007 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net
Ctd
Because this packets real-plp bit will remain 0, RED will treat it as such. If we have the following rewrite rule: apena@austinp-re0# show class-of-service rewrite-rules exp WRITE-EXP { forwarding-class BEST-EFFORT { loss-priority low code-point 000; loss-priority high code-point 000; <<<< }
#
www.juniper.net
www.juniper.net
Workaround:
Use compatible markings Enable copy-plp hidden knob. Enable tri-color marking
www.juniper.net
www.juniper.net
www.juniper.net
protocol esp;
authentication-algorithm hmac-md5-96; encryption-algorithm 3des-cbc;
policy ny2ny02jt-payload {
mode main; proposals rivlet; pre-shared-key ascii-text "$9$O4v9BEyleWXxd"; ## SECRET-DATA
anti-replay-window-size 1024;
} } match-direction input; }
Copyright 2007 Juniper Networks, Inc.
www.juniper.net
mtu 9192;
unit 1 { description ipsec-vpn-inside; family inet; service-domain inside; } unit 2 { description ipsec-vpn-outside; family inet; service-domain outside; }
} }
retain;
2) IGP 3) BGP
www.juniper.net
www.juniper.net
www.juniper.net
www.juniper.net
+
-
}
family vpls { policer { input LIMIT_10M; output LIMIT_10M; } }
www.juniper.net
Generally, there are four things that you must configure in an L2 environment: Interfaces and virtual LAN (VLAN) tagsL2 interfaces are usually various type of Ethernet links with VLAN tags used to connect to customer devices or other bridges or routers. Bridge domains and virtual switchesBridge domains limit the scope of media access control (MAC) learning (and thereby the size of the MAC table) and also determine where the device should propagate frames sent to broadcast, unknown unicast, and multicast (BUM) MAC addresses. Virtual switches allow for the configuration of multiple, independent bridge domains. Spanning Tree Protocols (xSTP, where the x represents the STP type)Bridges function by associating a MAC address with an interface, similar to the way a router associates an IP network address with a next-hop interface. Just as routing protocols use packets to detect and prevent routing loops, bridges use xSTP frames to detect and prevent bridging loops. (L2 loops are more devastating to a network because of the broadcast nature of Ethernet LANs.) Integrated bridging and routing (IRB)Support for both Layer 2 bridging and Layer 3 routing on the same interface. Frames are bridged if they are not sent to the router's MAC address. Frames sent to the router's MAC address are routed to other interfaces configured for Layer 3 routing.
Proprietary and Confidential www.juniper.net
} interfaces ae1 {
encapsulation extended-vlan-bridge; vlan-tagging; unit 100 {
vlan-id 100;
} unit 200 {
vlan-id 200;
}
Copyright 2007 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net
domain-type bridge; vlan-id 100; interface ge-2/2/1.100; interface ae1.100; interface ae2.100;
} vlan200 {
domain-type bridge; vlan-id 200; interface ge-2/2/1.200; interface ge-2/2/6.200; interface ae1.200; interface ae2.200;
}
}
Copyright 2007 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net
www.juniper.net
}
Copyright 2007 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net
www.juniper.net
bridge-domains { vlan-100 { domain-type bridge; vlan-id 100; interface gefamily inet { address 10.0.1.2/24 { vrrp-group 1 { virtual-address 10.0.1.51; priority 254; } }
} irb {
unit 0 {
2/2/2.100; interface ae1.100; interface ae3.100 routing-interface irb.0; } vlan-200 { domain-type bridge; vlan-id 200; interface ge3/3/3.200; interface ae1.200;
#
virtual-address 10.0.2.51; priority 100;
}
unit 1 {
family inet { address 10.0.2.2/24 { vrrp-group 2 {
} }
} }
www.juniper.net
lab@Atlas_re0# show interfaces ge-5/0/4 encapsulation ethernet-bridge; unit 0 { family bridge; } [edit] lab@Atlas_re0# show interfaces ge-0/0/4 encapsulation ethernet-bridge; unit 0 { family bridge; } Bridge-domain{ vlan333 { domain-type bridge; vlan-id 333; interface ge-5/0/4.0; interface ge-0/0/4.0; } }
Copyright 2007 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net
Firewall Troubleshooting
lab@slayer-re1> show firewall filter logas0.0-i
Filter: log-as0.0-i Counters: Name Packets rsvp-as0.0-i 0 ospf-as0.0-i 0 bgp-as0.0-i 0 all-as0.0-i 99975614
Copyright 2007 Juniper Networks, Inc.
Bytes 0
0
0
149963421000
#
www.juniper.net
Bytes 0
0
0
149963421000
#
www.juniper.net
Bytes 0
0
0
149963421000
#
www.juniper.net
Bytes 0
0
0
149963421000
#
www.juniper.net
Bytes 0
0
0
149963421000
#
www.juniper.net
http://cvs.juniper.net/cgi-bin/viewcvs.cgi/swprojects/platform/atlas/pegasus/pegasus_unit_tes t_plan.txt?rev=1.3&view=markup
7. Speed/Duplex selection from RE CLI - 100m/full-duplex Goal: Test configuration of speed, link-mode from RE CLI Test Steps: 1. Issue the below command on RE CLI -> set interfaces ge-x/y/z speed 100m link-mode full-duplex -> commit 2. Issue the below command on DPC console -> "show bcm5466 registers y z" 3. Compare the values from "MII Control Register" with Broadcom 5466 data sheet. 4. Issue the below command on DPC console -> "show npez y rgmii z" Success Criteria: Description in the Data sheet should match with the values read. From output of step 4 verify rgmii rate Result: PASS Output: Step 2: MII Control Register (0x00) : 0x3100 Step 4: The rate of the RGMII port is 100Mb
www.juniper.net
www.juniper.net
www.juniper.net
www.juniper.net
start shell vty fpc6 sh nvram sh syslog messages FFPC4(cer-core-01 vty)# show pfe statistics traffic FFPC4(cer-core-01 vty)# show pfe statistics notification FFPC4(cer-core-01 vty)# show icmp statistics Show chassis fpc (to find out fpc cpu utilization)
Proprietary and Confidential www.juniper.net
start shell vty fpc6 sh nvram sh syslog messages FFPC4(cer-core-01 vty)# show pfe statistics traffic FFPC4(cer-core-01 vty)# show pfe statistics notification FFPC4(cer-core-01 vty)# show icmp statistics Show chassis fpc (to find out fpc cpu utilization)
Proprietary and Confidential www.juniper.net
interface as0.0 {
level 2 metric 10;
labeled-unicast {
explicit-null; } } peer-as 100; neighbor 4.4.4.4; }
address 99.1.1.1/24;
} } }
www.juniper.net
group to_PE2 {
type external; local-address 8002::2; family inet6 { unicast; } export policy1; peer-as 100;
}
} } lo0 { unit 0 { family inet { address 127.0.0.1/32; } family inet6 { address 9001::5/128; } } }
Copyright 2007 Juniper Networks, Inc.
neighbor 8002::1;
} } }
www.juniper.net
MPLS Auto-bandwidth
Auto-bandwidth configuration
mpls { apply-groups [ lspHigh-common lspStnd-common lsp-optimize-timer ]; path-mtu { rsvp mtu-signaling; label-switched-path lspStndT6toT1 {
to 166.34.95.71;
optimize-timer 60; node-link-protection; adaptive; auto-bandwidth { adjust-interval 300; adjust-threshold 10; minimum-bandwidth 100k; maximum-bandwidth 10g; adjust-threshold-overflow-limit 5; } primary use-ge-620; } path use-ge-620 { 192.100.36.37; }
}
statistics { file mpls.stat size 300k files 20 world-readable; interval 300; auto-bandwidth; display-id;
}
traceoptions { file mpls.log size 10m files 21 world-readable; flag error; flag state; flag cspf;
flag connection;
flag graceful-restart; } }
Copyright 2007 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net
show /var/log/mpls.stat
139233752 Byte
Oct 30 15:41:21 trace_on: Tracing to "/var/log/mpls.stat" started 132491 pkt Oct 30 15:41:21 2008 UTC Total 2 sessions: 1 success, 0 fail, 1 ignored Oct 30 15:43:09 trace_on: Tracing to "/var/log/mpls.stat" started to_PE2 auto-bw 132491 pkt 0 pkt 139233752 Byte 0 Byte 0 pps 0 Bps
Oct 30 15:43:09 2008 UTC Total 3 sessions: 2 success, 0 fail, 1 ignored Oct 30 15:44:19 trace_on: Tracing to "/var/log/mpls.stat" started auto-bw 0 pkt 0 Byte 0 pps 0 Bps Util 0.00%
lab@Magenta> file show /var/log/mpls.log Oct 30 15:48:20 trace_on: Tracing to "/var/log/mpls.log" started Oct 30 16:03:09.172425 RPD_MPLS_PATH_BANDWIDTH_CHANGE: MPLS path (lsp auto-bw) bandwidth changed, path bandwidth 4140760 bps Oct 30 16:03:10.173337 RPD_MPLS_LSP_BANDWIDTH_CHANGE: MPLS LSP auto-bw bandwidth changed, lsp bandwidth 4140760 bps Oct 30 16:08:09.173234 RPD_MPLS_PATH_BANDWIDTH_CHANGE: MPLS path (lsp auto-bw) bandwidth changed, path bandwidth 1000 bps Oct 30 16:08:10.174771 RPD_MPLS_LSP_BANDWIDTH_CHANGE: MPLS LSP auto-bw bandwidth changed, lsp bandw
www.juniper.net
5.5.5.1(Label=3)
90 Oct 30 17:27:24.553 CSPF: computation result ignored[5 times] 89 Oct 30 17:23:09.175 Record Route: 5.5.5.1(Label=3) 88 Oct 30 17:23:09.175 Up 87 Oct 30 17:23:09.175 Automatic Autobw adjustment succeeded
www.juniper.net
NAT stuff
To enable random port allocation, user has to configure "set services nat pool <pool-name> port automatic randomallocation" or "set services nat pool <pool-name> port range low <low-portnum> high <high-port-num> random-allocation".
www.juniper.net
Background
Kernel Interrupt Idle Model Serial ID Start time Uptime Load averages:
0 percent
2 percent 0 percent 97 percent RE-A-2000 9009002764 2008-11-18 08:15:10 PST 8 hours, 54 minutes, 29 seconds 1 minute 5 minute 15 minute 0.06 0.10 0.05
Proprietary and Confidential www.juniper.net
!
interface ATM1/0/0.1 point-to-point description Link Google_Akwan (50Mbps)*5531004003 bandwidth 50000 ip address 200.162.89.161 255.255.255.252 no ip redirects no ip unreachables no ip directed-broadcast no ip proxy-arp no atm enable-ilmi-trap snmp trap link-status pvc 5531004003 2/901 vbr-nrt 55209 55209 1 no ilmi manage oam-pvc manage oam retry 10 5 1 encapsulation aal5snap ! !----------------------------
www.juniper.net
interfaces {
at-0/3/0 { atm-options { pic-type atm2; vpi 2; } unit 1 { encapsulation atm-snap; point-to-point; no-traps; vci 2.901; shaping { vbr peak 55209000 sustained 55209000 burst 1; } oam-period 10;
oam-liveness {
up-count 10; down-count 5; } family inet { address 200.162.89.162/30;
Copyright 2007 Juniper Networks, Inc.
www.juniper.net
www.juniper.net
T1 / T3 trouble shooting
1. Loopback testing http://www.juniper.net/techpubs/software/erx/erx41x/swconfigphysical-link/html/t1-e1-ji-config8.html Either Local loopback or remote loopback can be configured at any given time. For local loopback, best use an external loopback plug because it can also tests the PICs transmit and receive circuitry.
Configuration:
sonet-options { loopback local/remote;
Copyright 2007 Juniper Networks, Inc.
www.juniper.net
www.juniper.net
*****New Way to config***** unit 4000 { description "Lab - Todd SPN Test 1"; encapsulation vlan-ccc; vlan-tags outer 4000 inner-range 1-4094; input-vlan-map { swap; vlan-id 1101; } output-vlan-map swap; }
vlan-id 25;
input-vlan-map { swap; vlan-id 1212; } output-vlan-map swap; }
www.juniper.net
www.juniper.net
www.juniper.net
www.juniper.net
lab@blackjack-re0> show chassis fpc-feb-connectivity FPC FPC type FPC state 0 1 2 cFPC cFPC Type 3 Online Online Online 1 0 Connected FEB FEB state Online Online OK OK Link status None
3
4 5
Type 2
Type 2 Empty
Online
Online 5
3
4 Online
Online
Online
OK
OK
www.juniper.net
RFEB0(blackjack-re0 vty)# show ichip ifd I-chip global information: ICHIP 0: Initialized, Version 2,
www.juniper.net
KA_BCNTR
Discard counters: Counter Name WAN_DROP_CNTR FAB_DROP_CNTR KA_DROP_CNTR HOST_DROP_CNTR
0
Total
0
Rate
0
Peak Rate 7582075 0 0 0 0 0 # 11888478
www.juniper.net
RFEB0(blackjack-re0 vty)# jsim reset full 0 6) Find out the interface ifl ( here it is 73) we will bind to JSIM lookup
VLAN Tagged
Unspecified
Unspecified
0x0000000000000052
www.juniper.net
www.juniper.net
www.juniper.net
On m-series: with sp-mtu of 1440, the max IP payload size that is 8 byte aligned is 1416, adding 20 bytes of IP header len results in 1436.
On j-series: with mtu of 1446 (tunnel-mtu-ipsec overheads), the max IP payload size that is 8 byte aligned is 1424, adding 20 bytes of IP header len becomes 1444.
www.juniper.net
www.juniper.net
149 #